572 posts • joined 9 Apr 2007
All your attentions are is belonging to the google
The real motto of today's google is "All your attentions are is belonging to the google", but I didn't realize it until dinner and drinks with a former coworker who defected to the google a while back. I already knew that the "Don't be evil" slogan had become a sick joke, but that was just by watching the biggest growth industry on the Internet, the cybercriminals.
It's hard to point at proof of the google's support of the criminals, but there are just TOO many places where it is obvious that the google could make things better. However, what bothers me most is the victims such as naive children visiting YouTube. I just don't feel as sorry for bank and credit card customers who get phished, but maybe I should be more interested. After all, it is the money that drives it, and the children don't have much of their own to be robbed of.
As regards the lobbying efforts discussed in this article: Old news. Most businesspeople are fine and upstanding folks and they just want to play by the rules. The problem is the rules of the game are crooked, especially in America. The laws are written by the most easily bribed politicians who are working for the greediest, least ethical, and most short-sighted businessmen. Of course you can maximize your profits by focusing on rigging the game rather than playing it on the square.
Relative profits, not gross sales
I think the article is misguided and uninformative. The real concern is relative profitability, not the raw sales data. Having said that, I haven't seen any data to indicate the storage business is outstandingly profitable.
Re: who do we sue?
Tell it to the Microsoft. This idea of no-liability software is probably their ONLY innovation.
It's the funding model, stupid!
I've said this before, so I guess I'm wasting time to say it again, but bad software with a good financial model wins. Look at Microsoft, Google, and Apple, just to limit it to three especially egregious examples.
My suggestion is to fund OSS with 'charity shares' where the project will have a PLAN, a BUDGET, and sufficient TESTING. Dare I say it? There should be success criteria so the donors will know if their money went to a good cause.
Why should small donors (like me) be treated with perfect contempt? Because the financial model stinks, that's why.
In a twisted way, you can mostly blame Microsoft again. The key to their EVIL financial model is that no matter what happens from their most awful software, there isn't any financial liability on Microsoft. That's the only part of the financial model that applies to OSS, and look how it worked out this time.
Obvious solution: Funding Model Tab
If the google wasn't so EVIL these days, they would solve some of these problems. Broken funding models have a rather simple and obvious approach. Just disclose some additional information that would help us in "following the money" to assess whether or not an app is legit. This is not the only way it could be done, but just one form to make the suggestion more concrete.
There could be a "Funding" tab that would describe the funding model used by the developer of the app. Most of the common options would be boilerplates that a developer could select. The most obvious options (for free apps) would probably be "Ad supported" and "Limited-function version to promote paid version". That part would be under each developer's control, and should even include free text options if the developer wants to say more.
At the bottom of the Funding tab would be Google's part, which would not be accessible to the developer. Maybe the google can't say anything, in which case it would say "We have no evidence to support the claims made in the developer's financial model above." It might say "This developer is earning advertising revenue in the top quartile of app developers" or "This developer also produces <full product name>, so please see that page to learn more about the funding."
Having offered that suggestion, I have to admit that it may not have done much good in this specific case because the financial model was pretty clear, and it was just the big lie. However, I think the reality was that the other anti-virus companies should have shot this one down quite quickly. Obviously, they should have downloaded the new competitor, and as soon as they tested it, they would have discovered it did nothing. Hmm... Now that I think about it, that's probably how this scam collapsed.
Another way it might have collapsed is if the google is checking for sock puppets, as suggested by another commenter (who I can't see now). Again, obvious, but I think the google is too EVIL to be bothered.
I hate shopping with a gun pointed at my head. Hello, it's you, Microsoft?
You didn't make your case for killing XP very persuasively. What I will say based on several years of post-XP experience on 4 or 5 machines and over 30 years in the industry is that I see no compelling reason to switch EXCEPT for the gun that Microsoft is pointing at me. Pay up, or take your chances, and you certainly know how small they are based on Microsoft's security track record.
I think the economics are highly debatable. It is not like Microsoft is desperate for cash and couldn't afford the minor charity. It's simply that Microsoft wants to force us to newer OSes, and I feel no real sense of security with ANY of Microsoft's OSes. The basis of the problem is actually the reverse of following the money. No matter what damage Microsoft's errors inflict upon you, it's just too bad and by opening the shrink-wrap and accepting the EULA you have agreed to it. If Microsoft agreed to continue support for XP, at least I would think they had some confidence they can secure it, but the added complexity of post-XP OSes merely makes it that much easier for the real experts to pwn me without my ever detecting it. At least that's how it feels to me.
Unfortunately, Microsoft's business model is excellent, no matter how flawed their software is, and they have established that standard for the entire industry. Can you imagine how software would be designed if the company selling the software was actually liable for the abuse? Hint: DEFENSIVELY and CAREFULLY.
Sorry, but Linux is not the solution. Linux is more like a possible answer in desperate need of an effective business model.
Looking for what isn't there?
I'm still doubtful there is any debris to find... I'm increasingly convinced one of the pilot's murdered the other one, then asphyxiated the passengers and ditched the plane intact. Maybe the sunken plane will finally break up under the pressure, though I also think he would have cracked some doors to make sure it flooded and sank properly...
If my theory is even approximately correct, I gladly admit that I cannot understand the insanity that motivated the pilot who did it. However, what I absolutely cannot understand is the crazy lack of continuous and uninterruptable remote telemetry from such planes. Even if the only bits of data they were transmitting was the current location of the black box, that would be a vast improvement. Can anyone count how many times they have had these desperate (and expensive) searches for the black boxes?
Google? Protect copyright?
That's a screaming laugh. YouTube? Protect copyright?
Why don't you go to YouTube right now and try a search for the name of any popular TV program name. You will see vast numbers of hits.
Now focus on the ones that have shortcut links in the descriptions, The vast majority of those are recruiting suckers' computers for zombie networks. I'm not brave enough or lack sufficient hubris regarding my technical skills, so I haven't done the tests, but I'd bet you are between one and three clicks away from being completed pwned. Thanks, google.
Remember the corporate motto. "All your attentions are belong to the google." Why the google shares any of the attention with the criminals is beyond my ken.
Mass murder and elaborate suicide...
I'm inclined to this theory, which is probably on the southern arc. I think one of the pilots killed the other one, and then took the plane high enough to suffocate the passengers and flight crew. I'm guessing he was able to cut off their oxygen, too. After that, he flew to some distant location and carefully ditched the plane. If the plane didn't leak enough after the ditching, then he helped it along, perhaps by cracking the doors open, until the plane sank. No wreckage, no life rafts, no survivors.
If it was just an elaborate suicide, then he presumably went down with the plane. If 'only' a mass murder, then he might have ditched near land and tried to make it to shore.
Horrifying and insane. I remain unable to comprehend the lack of continuous and uninterruptable telemetry on all large planes.
My latest google Android experience
Over the weekend I tried to report a Android bug to the google. The bug must involve privilege escalation. The google was not interested. (Actually, it's an old bug and I'd probably tried to report it before.)
Can you think of any reason why any legitimate app should ever destroy or reconfigure other apps resources? Me neither.
For the sake of research, I encourage you to post your similar experiences here. I don't want to give it away, so to speak, but let me hint that the bug I spotted involved widgets.
The google's response was useless and apparently witless, but I want to include the part that most offended me from a programmer's perspective. The only reason I have any specific suspicions about the candidate apps is because I do not allow automatic upgrades. Therefore I think I know that this OS-level bug must be related to one of a small number of apps. The google rep suggested that I enable automatic updates.
Now let's assume the google doesn't care about security. If not, they are certainly fooling me right proper. Now let's assume some criminal hacker finds a bug in the Android OS, heaven forbid. The criminal creates a plausible and harmless app and uploads it to the Google Play website. Many people download and install this app.
Now let's add in the automatic update feature. The criminal creates a dangerous version of the app that exploits the bug. This is posted on the Play website and is automatically distributed to all of the victims who are foolish enough to permit automatic update. The app attacks all of the victims. Now the criminal prepares another version without the attack and uploads that one. Poof, all of the evidence disappears as quickly as the automatic update can propagate.
I'm not sure exactly what damage can be done, but it is certainly possible that a privileged bug could attack all of the other apps on the phone, eh?
This actually reminds me of some related but ancient news. Probably at least a year ago by now. The local police arrested a gang of criminals. Part of their scam involved poisoned Android apps that harvested personal data from the smartphones. I wasn't particularly surprised that the local police wouldn't know anything about the details, but I was surprised that the google denied any knowledge. I really would have liked to know whether or not I had downloaded any of the affected apps. Even if that entire gang of criminals is still in jail, it's possible or even likely that they had sold copies of some of their ill-gotten data.
I voted in favor of that proposal, but also for strengthening it. Two easy suggestions:
(1) Any article that includes paid contributions should have a tag at the top. I think this is likely to be quite prevalent for articles with any commercial impact, and in that sense it's just a reminder to be sensible about things.
(2) Any article that is involved in an infraction should get a permanent and indelible tag to that effect. In other words, your company can permanently taint your corporate reputation by trying to cheat. In contrast to Suggestion (1), for which you could remove that tag by just deleting all of the contributions from the paid contributor, this should be a permanent letter of the scarlet type. After all, if you've tried to cheat in the past, you're liable to cheat in the future. Maybe you think there should be a statute of limitations here, but I disagree. Even the permanent mark of shame isn't strong enough for my taste. It's not that I think Wikipedia's reputation is that magnificent, but I'd like them to aim high, and they do have a pretty good reputation so far.
(3) Is a messy suggestion that is probably beyond the scope of current technology, but... I think they should try to analyze contributions for patterns that suggest bias, especially bias of the motivated commercial sort. I think that commercial bias may actually be easier to detect. Unfortunately, this goes back to the notion of identity, which is NOT one of Wikipedia's strengths. Just to provide the obvious example, it might be easy to detect that a particular user is consistently criticizing (tilting articles against) several companies except for one that he is always praising (tilting in favor of), but not so easy if he uses separate accounts. Have you ever seen both of them logged into the same room at the same time, as the joke goes?
When you threaten Meetup, it's blackmail...
Some DDoS scammer has been attacking Meetup, and we properly call that blackmail, but when Microsoft threatens you, it's just good business practices. Does anyone else think there's something wrong in this picture?
Slightly substantive comments:
(1) Since Windows XP is quite adequate for my computing needs, I would not have upgraded any machine except for the threats from Microsoft.
(2) If Microsoft were actually held liable for the damage done by their mistakes (including bad design decisions), then you can be certain they would design their software in an extremely different way.
(3) I still expect Microsoft to offer some form of XP support. Not because they think it's a good thing or the moral thing or anything along those lines, but just because there's too much money still left on the table.
Re: Steven Colbert at RSA ..
Thanks for the attempt, but... Apparently a smartphone video and he wasn't sitting close enough to any of the speakers to get a good recording? The snippets prove that a better recording exists, but I've also failed to find the full version...
Ridiculous reactions of Reg readers to ridiculous article
Blaming the victims again.
The NSA was going to do it anyway, and the specific excuse is just a bad joke.
Brave words from a chickenshit coward who doesn't have to wonder which way the wind is blowing. Yeah, I live within a few hours of the mess should the #4 building collapse (which is still possible and which is still packed with nuclear fuel rods). Yeah, it does depend on the wind direction, but unlike this moron Paige or Page or whatever, I'd actually have to live with it. Or maybe die.
I have a feature request for the Register. There are certain authors who write nothing but tripe. There should be a filter to render their blather invisible.
P.S. Actually, I'm not sure his blather had any pretense of bravery to it. I only saw about 7 of his words. That was all it took to confirm it was the usual tripe.
Is there anyone left who reads a word past that byline? I think I saw two or three, but I'm obviously commenting for the sake of NOT having to read farther. Hmm... Maybe I should peek at some of the other comments to see if any of them did read farther, and even more amusingly, if any of them found anything interesting or amusing in the rest of the tripe.
Re: It's not a feeder for Windows Phone
I've actually seen someone who has a Windows Phone. It might even be 10% of the phones and tablets he has. Something of a hardware phreak, always playing with his latest phones, tablets, WiFi hubs, and sometimes even computers. I think he has at least one contract with each of the local carriers, and is constantly playing games with his SIM cards.
But at least one of those phones is a Windows Phone.
Much as I dislike Facebook, I wish...
I actually wish that Facebook hadn't dropped the ball on this one. All they needed to do was offer a superior email alternative.
Hint: Less SPAM.
What if Facebook had offered an integrated anti-spam fighting system? Not a lynch mob tool per se, much as the spammers deserve it, but just a way to help with the best targeting of the anti-spam countermeasures. Don't you wish you could help break ALL of the spammers' infrastructure? Help pursue ALL of the spammers' accomplices? Help protect ALL of the spammers' victims (from their own stupidity in giving money or personal info to spammers)? No, we can't eliminate spam, but with better tools we could reduce the spammers' profits. The spammers still wouldn't become decent human beings, but they would move under less visible rocks.
Too bad. Facebook actually had a chance to make the world better, in stark contrast to whatever it is they think they are doing now.
Who said spamming doesn't create corporate value?
Me, that's who, but maybe I was wrong. Am I the only one who recognizes this company name solely from the spam? Even if it's a Joe job, and even if their software works, and even if they actually have lots of real users (rather than just a lot of email addresses from spammer CDs), even if ALL of these favorable conditions are true, then you still can't convince me this company is worth $19 billion, now or in the foreseeable future.
Hey, but as the Zuck says, if you got it, flaunt it, and right now Facebook can flaunt $19 billion.
Me? If I was a betting man, then I would be betting that the due diligence is about to explode in Facebook's face.
Re: What now for the Spammers ?
Mostly just a "Me, too" message about spam from this company.
I would not be at all surprised to discover that most of the claimed users are just email addresses from spammer CDs. If so and Facebook doesn't know it, then the due diligence is about to explode in their face. On the other hand, if so and Facebook does know it, then they are suffering from delusions of convertibility, even if the company does have functional software. Much of my obvious spam already has "Facebook" written on it, and I hate all of it already. They are NOT going to convert me or get me to accept another intrusion into my privacy and limited attention.
The motto of Facebook should be "Wholesale "friendship", but FAKE", to be compared with the motto of "All your attentions are is belongs to the google." (The link is BeenVerified, another spam operation that is probably being driven by addresses leaked from the Google Play. Their scam is some kind of LinkedIn scam.)
I'd kill my Facebook account, but I'm trying to be polite to some actual friends of the old kind. However, their lack of concern about their privacy is something of a strain on our relationship. Or perhaps I should just call it naivety of the non-charming sort?
As previously noted, I still think that most businesspeople are fine and upstanding folks. Unfortunately they have no effect on the actual rules of the game, which are written by the most cheaply bribed professional politicians working for the greediest and least ethical businessmen.
Are they REALLY so utterly clueless?
Just got an email claiming to be from Forbes, but two of the three domains mentioned are not forbes.com. I'd like to think that all new domains including "forbes" are being watched carefully, but there are lots of nice-to-think things that aren't the way things actually are.
I think the real blame is mostly with Forbes itself. The spammers are just helpless sociopathic criminals doing what comes naturally. In contrast, Forbes has helped defined the rules of the game under which the criminals flourish. To facilitate their own cancerous money-uber-alles business models (extended to all the big corrupt companies that bribe the cheapest politicians), they have created economic models that fundamentally support spammers and their cancerous business models.
If the biggest companies were actually liable for the negative ramifications of their software and systems, you can be assured that they would design and implement their products differently. Of course Microsoft is the superstar here. They certainly create lousy and buggy software, but no matter what happens to you because of Microsoft's products, there is nothing you can do about it. Just check your "friendly" EULA if you don't believe me. (However, I actually realized ow bad it was in conjunction with Adobe stuff, though they are the much smaller sinner. Microsoft might claim to have some substantive defense in that their software does a lot of important stuff, whereas almost everything Adobe's software does is just for the sake of flashier presentations.)
All your attentions is belongs to the google
That's google's excuse for abuse. What was that old slogan about EVIL again? ROFLMAO.
Anyway, on this article, if it wasn't a cheap political game then he would have included some neo-GOP defendants such as the big dick Cheney and the big don Rumsfeld. I can see forgetting about the little Dubya, since he was only liable in the peculiar technical sense, while not actually knowing or caring about anything. I agree that Obama should be sued, but NOT without the actual instigators. This has become a bipartisan crime, but suddenly the Bible has been updated so the world was created in 2009.
Remember, Rand Paul is supposed to be one of the most principled neo-GOP politicians. So much for principles, eh? Just more proof that today's neo-GOP is NO relation to the original liberal and progressive Republican Party of Abe Lincoln or even the GOP of Ike and Teddy. Talk about your dead brand.
Is he a slumming producer from FAUX "news"?
Whenever I see such a moronic comment, I wonder who's paying him to be so stupid.
The actual way the system works in today's America is that most businesspeople are fine and upstanding folks who just want to play by the rules. Unfortunately, they don't write the rules.
The rules of the business game in America are encoded as laws. The laws are written by the most cheaply bribed professional politicians. The pols are working for the least ethical and greediest businessman. These are basically sociopathic human scum who could NEVER have enough money and whose only interest in peasants, bums, and assorted poor people is whether any more blood can be squeezed from the turnips. Their only interest in middle class people is in turning them into poor people.
What they pay the politicians for are laws that support a cancerous model of growth. Unfortunately, cancer is NOT a sustainable business model, but they don't care, since their only objective is to have more toys next quarter.
IBM used to stay above this sort of thing, and the company nearly collapsed, at least as Wall Street saw things. Wall Street now thinks that IBM has gotten better, but I have my doubts. However, I think the best model of death by "doing the right thing" was actually Sun. Oracle is still choking on the corpse, but Ellison is too greedy to write off $9 billion the way the google recently did. I insist that cancerous greed is NOT a long-term survival strategy. It always ends with the death of the host--and the death of the cancer, too.
You want security? Follow the MONEY!
The data that I most want in terms of assessing apps is the financial model that the developer is using. If the google wasn't EVIL and greedy, and therefore most concerned about protecting their own privacy, then they would see the obvious need for such a tab in the Google Play Store. In other words, a developer doesn't have to say anything about the money, but if the developer is willing to trust us first by telling us at least something about how the money flows, then we would have the most important data we need to decide whether or not it's a legitimate app or some kind of scam.
In support of this approach, the google could provide some kind of supporting or assessing statement, still without revealing the exact details. For example if the app says it is getting revenue from Google ads, then the google doesn't have to say exactly how much money (unless the developer feels like sharing that level of detail). The google could just offer something like "This developer has received significant advertising revenue" or "Though this developer says the financial model will be advertising based, no significant revenue has yet been generated."
Re: I've been helping friends (and businesses) upgrade from XP to ...
Do you have any specific Slackware experience with a ThinkPad X61? Most of my recent Linux experience has been with Ubuntu, but they have developed serious delusions of grandeur and can't be bothered with little old machines these days.
P.S. My usual evaluation of Linux is "Superior software, inferior business model."
Register needs an alternative funding model and #MDFC
As #MDFC (More Democratic Funding Campaign) could apply to the Register, this article would have various related campaign options towards which I could 'pledge' part of my subscription payment (with no risk to the Register, insofar as they are already holding the money). The Reg's favorite options would obviously include 'virtual sponsorship' of this article (no real cost, since they've already published it, but effectively freeing up discretionary funds as a reward for publishing what I want to read) or further investigations (which they would only commit funds to after lots of readers agreed with me) or external campaigns (within limits, since the Reg does need to make it's own budget, after all).
My primary interest in external campaigns related to Snowden would actually be to investigate critical journalists who are piling on Snowden in apparent contradiction to their previously expressed journalistic principles. My own theory is that some of those so-called journalists are actually knuckling under to blackmail, but the possibility of independent outside investigations might be sufficient to break the threat. Some of them might be able to respond along the lines of "Yes, I understand that you represent certain parties who are highly concerned about my sympathetic coverage of Edward Snowden as a whistleblower, and I also understand that these parties are in possession of certain highly embarrassing information about me, flawed human that I am. The problem is that my reading your script attacking Snowden might trigger an investigation that would reveal my secrets anyway. Since you can't protect me from awkwardly human reality, perhaps you should just run along and let me do my journalistic thing for now?"
Which is more secure? REALLY?
Am I the only person wondering if Windows post-XP any-version is actually more secure? I admit that's not the only criterion to look at, but it has clearly become the blackjack Microsoft is using to effectively blackmail people into 'upgrading' from XP. My perverse theory is that if Microsoft wasn't waving the death-and-destruction flag, Windows XP would still be dominating the market. Because it works.
What are the other criteria that might justify the upgrade? Faster booting? Slightly nice, but I bet XP would boot nearly as quickly on the faster machines, and even more to the point, Microsoft could fix that if they wanted to. Faster execution of software? Sorry, but the machines already run quite a bit faster than I need them to. Pretty rare that I'm waiting for any computation to complete in contrast to network or disk delays. More functionality? I actually know of one or two new features in Windows 7 that require non-Microsoft add-on software in Windows XP, but it turns out that I'm not actually using any of those features. Even worse, the fact that those features are now part of the OS means that they are bigger and more attractive targets for hackers, which to my way of thinking actually makes the OS less secure in exchange for no practical benefit. I may not use the new features, but the black hat hackers are quite eager to do so.
Risky prediction time? I predict Microsoft is going to back down and offer a paid continuation option for people who would rather pay for XP than switch. Shades of the ancient cigarette commercial? However, it's an economic model that will work for profit, and Microsoft has always put profit ahead of superior software, even if I were willing to concede that post-XP Windows was superior (for my real world user-level needs--and I am not making that concession).
Re: "So we need to have strong, principles-based legislation"
Possession is nine points of the law combined with the 4th and 5th Amendments of the American Constitution ought to suffice. Let me clarify:
You should be able to possess your person, including your personal information. Any personal information about you should be stored in a place that YOU control, possibly even on your own personal hardware. You should be able to decide when anyone can use that information, and when that usage is completed, they should not be allowed to retain that personal data. Combined with the requirements of search warrants for ACTUAL crimes based on ACTUAL causes and the protection against self-incrimination, that would be sufficient.
Let me offer a concrete example of bank records. That personal data could be stored on your machine with suitable checksums to prevent your tampering with. The storage policy could even specify redundancy and backup policies without revealing the decryption keys. When your bank needs to check something about your account or record additional transactions, they would ask your computer (or other specified storage location) to provide the data. Your computer should confirm their identity and routinely grant the request--but it would be your decision. If you change your mind, for ANY reason, then the nine points of the law would be on YOUR side, since you would have possession of your data.
This is NOT as radical as it might seem. For example, in the days before all of this was computerized, you might get in a dispute with another person and have to present your evidence that you were telling the truth and your opponent was in the wrong. However, you didn't have to, and that could not be taken as proof of your guilt or liability.
Freedom is about meaningful and unconstrained choice. These days people seem incredibly naive about protecting their freedom. It isn't just the negative information that can be used to threaten and blackmail you, though it is true that all of us are humans and we've all made mistakes. It is also that your positive information, your strengths and interests, that can be turned against you to manipulate you and remove your freedom.
Have a nice day, eh?
Reactive filtering: FAIL
This article is an excellent example of why reactive filtering is something the spammers can live with.
Why don't ANY of the major email providers get serious about breaking the spammers' business models? Imagine an iterative tool that would let you help cut the spammers away from their money. On the automatic side, the system would break the spam into categories that you would confirm on the human side, and after two or three rounds the system would know EXACTLY what the spam was and how to most effectively target the responses. Remember the spammers can't obfuscate beyond the decoding capacity of their human victims, and those victims are certainly not the brightest light bulbs in the barrel of monkeys, so to speak.
If we disrupt ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and protect ALL of the spammer's victims (mostly from themselves), it will not turn the spammers into decent human beings or stop all of the spam. However, it will reduce their profits and cause many or most of them to crawl under less visible rocks.
Yeah, but the spammers were there first
Not sure if these particular sociopathic scumbags started their careers as spammers, but I think that most of them start there. I even lost an old friend that way. It isn't exactly the moral equivalent of a gateway drug, but similar. Some people actually are conned into becoming spammers or accomplices of spammers...
Ergo, I'll repeat that I think we should go more aggressively after the business models of the spammers. Reactive filtering is obviously something the spammers can live with, but if we cut off their money, most of them would crawl under less visible rocks.
I think the large email providers should provide some interactive crowd-based tools so that wannabe spam fighters could at least help with the targeting against the spammers' infrastructure. In addition, we should pursue ALL of the spammers' accomplices and try to protect ALL of the spammers' victims, mostly from their own gullibility and stupidity. Yeah, the suckers lose the money to the spammers, but the rest of us lose even more. The spammers are destroying the value of email for everyone and utterly wasting vast amounts of OTHER people's valuable time and attention. Worth mentioning that many of the victims are also innocent corporations whose valuable reputations are exploited by spammers in their desperate search for credibility.
Scope of the damage? Statistics?
The website is pretty tricky to use, but I wish there was some way to assess the risk. From a statistical perspective, what percentage of email addresses might be included? That should also depend on the domain. For example, if Yahoo Japan has been heavily compromised, it may tell me how hard to sweat...
As it stands now, this website doesn't seem that helpful. I have quite a number of email addresses... I don't even want to try and count how many websites I've logged into over the years...
This is an OUTRAGE!
Everyone knows "All your attention is belongs to the google!"
My take on Facebook is that they have one redeeming feature. At least I can't recall they ever pretended to such a motto as "Don't be evil." Still, I wish Facebook was a little more honest about the real deal: Facebook will let you pretend to be friends with lots of people on a wholesale basis, and in exchange Facebook gets to rape your personal information.
So why do I exist in any way on Facebook? Because I didn't want to be rude to some old friends who asked me to use it.
There's also a funny minor reason: I don't mind if old friends want to look me up and Facebook has become a major mechanism for that sort of thing. However, I mean REAL friends of my younger days, not Facebook so-called Friends.
Most particularly, my time is already too limited and pressed and I have no urge to "recruit" new friends on Facebook. The main feature I want on Facebook is a customizable contact warning. As customized, mine would say something like: "If you are an old friend, please feel free to contact me. If you have a GOOD and SUBSTANTIVE reason for contacting me, then you may do so, but you better explain why. If you are ANY kind of SPAMMER, then you contact me at your own risk, because I would dearly love to nuke every spammer account on Facebook."
I guess it's my #2 feature request, but it would be like notches on my gun so that I could know how many spammers I had helped nuke.
P.S. Apparently I'm a controversial poster. The register just said my posts had around 1,500 votes, but almost balanced. It appears I offend about as often as I please, but I certainly hope the spammers are most offended by my fixation against them...
New motto: All your attention is belong to the google
Just so, child. Since your effective search query should hint what kind of information you want, then it obviously optimizes the experience from the google's perspective if you get the answer immediately--as long as you still see some paid-for ads. In fact, I'd wager that they strongly optimize the ads around their guess of what information you want, and this would greatly increase the likelihood of your clicking through on an ad as soon as you know the answer to your actionable question.
Is this EVIL? Actually, I think so. Serendipitously, I just finished writing a blog on the topic. It probably won't come up on the google search engine, and given that the blog website is probably owned by the google, I better make a local copy, too, just in case of an accidental data loss.
Too much time protecting too little
There is no such thing as perfect security, but we are spending more and more energy and time in pursuit of that perfection. At least that's how it seems to me as part of the food chain of one of the biggies. We need to rethink the problem in more flexible terms of limiting the exposure of truly important information while still making it possible to do our jobs, and insofar as our jobs differ, they also call for differing tools and for corporate flexibility in allowing for the use of those tools. The alternative is to gradually sink to the smallest set of tools that can be adequately "secured". Unfortunately, that weak set of tools seems to be where we are headed--and we STILL can't get that perfect security.
By the way, I looked at the survey, and it was way too long. I suggest you break it into pieces. For example, you could put the most interesting piece first, ending with an option to receive the later small pieces on some reasonable schedule, perhaps weekly or twice a week over the next month.
Re: EVIL is as google does
Whops, I forgot to note the obvious EVIL in this particular imposition from the google. It goes back to the new motto:
"All your attention is belong to the google."
We do not need more email (even apart from the increased spam), or tools to handle larger volumes of email, even though the google wants to use that email to demand larger amounts of our attention for more ads. What we most need now are better tools to take control of our own time, and dare I saw it, LIMIT the amount of email we have to deal with.
EVIL is as google does
Remember the corporate motto: "All your attention is belong to the google."
There was once a time when the google did not seem EVIL, but the love of money has clearly gotten to them and there is almost no pretense left. Yes, I'm still using the google for certain things, but it's for the same reason I use some Microsoft software: Lack of freedom to do otherwise. Here are my latest formulations of the problem that drives large American corporations to EVIL:
free = (meaningful + unconstrained) choice
time > money
I need to write it up at more length, but don't worry, you're unlikely to see it. Even if it isn't in a webpage under the google's control, the search that doesn't lead you there is NOT the path to Tao. However, here's a short explanation, just for amusement:
Starting with the inequality: Economists are lazy and incompetent fools, so they look for the missing valuables where the light is better, not where the value is. Money is conveniently countable, but time is too hard to measure, even though it's the truly valuable and limited resource.
The equation is just my biased American fixation on freedom, though there is increasing evidence (in China) that maybe the competitive advantage is with highly limited freedom and fake democratic 'reforms'. Obviously, from a corporate perspective, they want to constrain your choices to whatever that corporation is selling, and the only meaning they are interested is whatever means more profit for that selfsame corporation.
Proof of the proposition "Google is EVIL": As it has worked out in America, most businesspeople just want to play by the rules, but the game is defined by laws written by the most cheaply bribed professional politicians working for the greediest and least ethical businessmen. Google is now the leading lobbyist among high-tech companies. QED. (Yeah, the bit about most businesspeople, though true, is an extra premise.)
In ultimate conclusion, the most likely resolution of the Fermi Paradox is human extinction. Or, as Bruce Stirling put it in "The Swarm", there is no evidence that intelligence is a survival trait.
Have a nice day--on the short term.
Re: What Google wants.. Google gets.
Actually, from the bean counters' perspective, it's the only smart way to capture technology. There are almost always a number of ways to solve the problem, but if you explore it with your own researchers, most of the ways you try are going to be duds. Actually, you can be sure that all but one of them will be inferior to the best solution. Therefore, most of your investment in real research will be wasted.
Much better to let the little guys try out the various solutions. Yeah, your big company needs some so-called researchers to evaluate the solutions. The most important thing nowadays is to recognize the good candidates and get a foothold in those doors, but that's mostly to make sure your big company can buy out the winning technology once you're sure they've gotten enough of the bugs out of it.
Google used to be different and used to be much more creative with their own technologies. Once they reached the critical mass, they stopped having to worry about it so much. The critical mass is actually when your company is big enough to say: "Either you sell out to us now, or we will crush you. We have the resources to dominate the new market even if we have to use second- or third-best solutions, and you have already proven it is possible because your technology works, so you might as well surrender now [Dorothy]." The rest is just haggling over the price, but the google can afford to be generous.
In the name of freedom, this should be illegal, but guess who wrote the rules of the game? It wasn't the butler in the kitchen with the carving knife. It was the most cheaply bribed professional politicians working for the greediest and least ethical big businessmen.
New motto: All your attention is belong to the google
Recently revealed to me by a googler, but perhaps he was intoxicated and exaggerating? However, it certainly looks to me that the google has been captured by the corrupt rules of American business, where the laws are written by the most cheaply bribed professional politicians working for the greediest and least ethical businessmen. I used to think the google was relatively innocent, but then I found out that the google has become the top lobbyist among high-tech companies. Innocent no more.
In the example of this article, the bean counters obviously determined that the amount of attention grabbed was insufficient, possibly in comparison to other google so-called products. What the peasants want? ROFLMAO.
This mostly troubles me because I used to believe that the google was trying to make the world better. Now I think the famous old motto was just a distraction, like the Stalin-era news reports in Pravda. For example, astute readers knew that reports of foreign plane crashes really meant there had been a plane crash in the USSR, and the Russian founder of the google must have been aware that his enterprise would eventually become evil, assuming it wasn't totally evil from the git go.
Re: All men's hands raised against him?
Still waiting for a constructive thought or comment, Mr Ito? Since you are such a superior being, surely you must have something useful to say.. I searched for your other comment, but you are right, it wasn't worth remembering. Obviously, I strongly disagree with you on the relative merits of our positions. However, since you seem to want to persist in the discussion, and since you seem to be having troubles in understanding what I have written, let me try to simplify it for you:
1. Spam is bad. It adds no positive value to the Internet and reducing the amount of spam would be a good thing.
2. The spammers are insane sociopaths, but they are not stupid. They persist in spamming because they are making money.
3. The spammers use a variety of economic models, but each of those models has weaknesses.
4. I would like to have tools to help identify and target those weaknesses. I don't mind that people like you, Mr Ito, would get a free ride if other people actually want to make the world better. I would gladly donate a bit of my time for the cause of less spam.
5. Notwithstanding the perverse peculiarities of so many of the people who write comments on the Register (such as a certain so-called Mr Ito), I think the overwhelming majority of normal human beings would vote with me for less spam.
One of my perversions is that I am resolved to try harder to make the world better.
Another perversion is that I can't understand the perspective of anyone who defends spam or spammers unless I imagine that such a person has a vested interest in sustaining spam, either because they are a spammer or possibly because they are a quasi-opponent of spam. For example, I think there are some postmasters who are basically happy with the way things are and who actually see spam as part of their job security. (Perhaps you have a position on the claim that many computer viruses actually originate with companies that sell virus protection software? I'm still thinking about that one...)
Can we lock up all the spammers?
I like the thought of arresting all of the spammers, but I think it is hard to do, especially considering the problem mentioned earlier in the discussion of defining what spam really is. If you are going to define spamming as a crime, you need to have a really solid definition.
What I am advocating is much more limited: Reduce the spammers' profits by breaking their economic models. Another way to consider it is that the people who don't like spam would be able to vote against the suckers who like it enough to send money. A little harder to describe, but they would also be voting against the right of some really stupid people to be victimized by the spammers. The anti-spam people would do this by getting between the spammers and their victims before the spammers can get the money--but we need better anti-spam tools to do this.
The key of the spammers' economic model is that they can send out billions of messages hoping to find a few suckers. This is sociopathic greed, and it is obviously working--partly because so many people, even the wise readers of the Register, accept it as the way things are. Maybe things are that way, but they don't have to be. Things do change, sometimes just because enough people want them to--and I still insist that the overwhelming majority wants LESS SPAM.
One of the things that mystifies me about the spam problem is that the email providers should be eager to help. They all claim to be as good at filtering spam as the other guys, but the spam continues flowing. It isn't just their email systems that are polluted and devalued, but the entire value of email and the Internet, and even the values of the companies whose reputations are defamed by the spammers. I cannot think of FedEx or Western Union now without thinking "419 spam". If I only had a nickel for each spam message I've received from a so-called bank, I'd be seriously rich--and could start my own email system with the serious anti-spam tools I'm advocating.
Re: DMARC, SPF, DKIM
Validating the sender is not bad, but that won't fix the problem unless we discard SMTP, and that ain't going to happen. I used to advocate for a replacement email protocol with a gateway to SMTP--and I advocated that the gateway would be turned off by default.
Among my other faults, I think it would be good if we lived in a world where we could freely share email addresses without floods of spam. SMTP is not that world.
Re: All men's hands raised against him?
Well, phucking excuse me for still thinking I should try to make the world a better place. A place with less spam.
So exactly what are you doing for anyone, Mr Ito? I suppose you need to rush back to your computer game?
By the way, it's nothing personal, Mr Ito. I'm just taking you as a representative of all the hopeless, non-constructive, and evidently rather feeble-minded critics (named and too-cowardly-to-be-named-even-by-a-Register-handle commenters) that the spammers depend upon to stay in business.
Re: 2013 closes on a joyous news note!
Hadn't heard about that. It's short and to the point, but unfortunately it is not enforceable.
By the way, I also agree that we can't eliminate spam. However I insist that we can make it much less profitable. I also believe that most people are pretty nice, and if you make it easier for them to do nice things (like disrupting the spammers' business models), then more of them will do so.
Let's run through the numbers again. The spammers send billions of pieces of spam. Their response rates are incredibly small. I think it is reasonable to say that ALL of the other recipients dislike the spam, more or less strongly. We don't need for ALL of those offended people to take action against the spammers, but if any measurable fraction, say 1% did sometimes take action, it would completely overwhelm the small number of suckers the spammers are trying to reach so desperately.
I understand that there are people who think it is too much trouble. Fine. They can be free riders benefiting from the reduced amount of spam. Some of these critics apparently don't even watch the Colbert Show, so they must be totally lacking in something...
However, if we took a vote NOW, the "less spam" side would win overwhelmingly. That is the side I stand on, and I wish (in public even) I had better anti-spam tools to make it so.
Re: On the subject of spam - and if that's not 'optional'!
While it is important and useful to consider the sources, SMTP does not actually care. That's why we should look at the spam itself in a more intelligent way. The spammers are NOT expecting to reach their suckers via the email address that originated the spam. That address probably doesn't exist, but even if it was a real address, the spammers reasonably assume it will be nuked before the sucker can reply. The most vulnerable points right now are the dropboxes or websites where the spammer is waiting for a sucker.
The dynamics of spam require a human sucker at the other end, and there will be a delay before that sucker can respond. The supply of suckers is quite small, as measured by the miniscule response rates to spam. That delay before a human can reply is an opportunity for targeting by ANY of the MANY people who dislike spam. I'm suggesting we make it easier for those people to get between the spammer and the sucker so the spammer does NOT get any money. (Yes, the spammers have other objectives such as personal information or fresh spambots--but they still need some HUMAN time for the sucker to rise to the bait.)
Re: 2013 closes on a joyous news note!
The sophistry of appealing to lists of fallacies instead of THINKING.
And I still wonder about anyone who DEFENDS spammers for ANY so-called reason.
Okay, I picked an extreme example with child pornographers. How about Jehovah's Witnesses who knock on doors posted "No solicitors" because they just KNOW that they aren't solicitors? Or maybe you'd prefer to defend the Mormon evangelists?
All men's hands raised against him?
This is the only comment about turning himself in, but it doesn't mention the most interesting aspect of why he did so. Try to imagine how many enemies he has. I can't count that high, because it is potentially EVERY person who has ever been annoyed by spam email.
The vigilante topic has been mentioned briefly in this discussion, but I were a spammer whose picture had just been circulated on the Internet... I'd be kind of desperate for police protection. Fortunately, I don't even own a gun these days, but I can imagine the response of the guy who shot him: "I read that he was an escaped convict and saw his picture in the article, but I missed the part where it said he wasn't violent, so I just felt like I had to shoot him to prevent him from escaping."
Even worse if I was the police officer taking the report: "Good thing you shot him 17 times so he couldn't run away."
That's why I'm only advocating a system to support "target acquisition and tracking". I should not be in a position to actually do anything about it... If you gave me a button to push and told me that each push administered a painful electric shock to a spammer, then I don't see how I could resist the behavioral extreme of pushing it several times a second until I died of starvation... (I've already confessed that I hate spam more than the average bear, and everyone knows that bears are soulless killing machines.)
Re: 2013 closes on a joyous news note!
That triggers my joke about the blame: If the creators of SMTP (including Jon Postel, RIP) had been more aware of the money aspects, then they would have included provisions for accounting in the protocol rather than assuming everyone would be a good sport about it. They were too concerned about just making it work, and insufficiently concerned about the money. Who was taking care of the money? Well, to a large degree it was Al Gore. I respect and admire Al Gore, but still this seems to be a case where his good attentions had problematic results...
Having said that, I also feel that monetary accounting is the wrong way to think about economics, including the spam problem. The truly valuable and ultimately limited commodity is our time. Ultimately our lives are rather finite (at least here on earth, even if you believe in some form of non-Buddhist immortality). To me the greatest crime of the spammers is simply the time they waste--OTHER people's precious and valuable time. It's the attention, stupid!
That reminds me of a recent discussion I had with a googler. He came right out and said that what google wanted was your attention. In other words, your MOST valuable time. The "Don't be evil" motto has been replaced by "All your attention is belong to the google." (Remember Zero Wing!) I was actually shocked by his frankness, but it goes a long way to explaining why Gmail is so spammer tolerant, though you'd think they'd resent the competition with spammers for the suckers' attention.
P.S. Not to say that google is the worst. Yahoo is clearly the spammers' best friend among the major email providers. I also think Microsoft has been the spammers' main adversary, but Microsoft has focused upstream, and I am advocating for downstream measures, mostly because that's where the suckers and victims are concentrated.
Re: 2013 closes on a joyous news note!
I don't think naive timing solutions will scale well, which is why my example was focused on a source-server level. They can provide bad service in eliminating spammers' dropboxes (which is why the spammers select those email services), but that bad service will bounce to their legitimate users, too. If they ultimately lose all of their legitimate users and offer email services only to spammers, then it's not like anyone is going to miss them when the other email systems blacklist them completely...
For what it is worth, in the early public Internet days (at the dawn of perpetual September) I was once the postmaster of what was probably the largest free email system in a large city. We didn't have much of a spam problem at that time, but keeping the email flowing was a high priority, and I was often checking on the servers at odd hours of the day. I am not proposing something that I think would be unlivable. If I'm running a small system and can only check on the spammer complaints a couple of times per day, then my users also have to expect the possibility that their email may be delayed. I tried quite hard to prevent it, but there were a couple of times when it happened, including worst cases when I had to travel to the servers and physically reset things...
Further by the way, my first quasi-commercial email system (registration fee, but unlimited email), used voice validation of all new members before they could have full access. I think that was a responsible way to run things, and I don't my system ever hosted a spammer.
Re: 2013 closes on a joyous news note!
This is part of the reason FOR my proposed solution. The anti-spammer email system I am suggesting should include a testing mechanism for unsubscribe mechanisms. Let me clarify with a thin example of how it could work:
(1) In the first pass of analysis, the webform that is returned to the recipient of the spam would indicate things that seem to be unsubscribe mechanisms, and the response would confirm that they are (or are not) correctly identified. The two most common cases involve websites and unsubscribe addresses.
(2) The server would then do additional processing on the returned form. For example, if it is an unsubscribe website, but the same URL is used elsewhere in the spam, then that is strong evidence that it's a fake unsubscribe link. If it's an email address, the server can send a test unsubscribe message using a honeypot address. If the address has already been tested, then the server has some information on hand for the next round, and for this example I'm going to follow that line.
(3) The next webform would report (for that part of the spam) the unsubscribe address had been tested with a honeypot address, and no responses or other spam had been received in a certain period of time. On that basis, the recipient of the spam could elect to try the unsubscribe option. (This is actually a feature that is crudely incorporated into Gmail, by the way, but in a very ad hoc way.)
(4) If the wannabe spam fighter has requested it, then the server will send the unsubscribe request. This is also part of the distancing mechanism to stay above vigilante problems--the spam fighters should only be helping with the targeting, not pulling the triggers directly.
(5) If you want to get really wrinkly here, then the server could store this spam in addition to the unsubscribe address (which should obviously be tracked). The reason is that the spammer might be relatively clever about detecting some honeypot addresses, but the system can use the copy of the spam to ask the recipient of later spam if there is reason to think the later piece of spam represents the same spammer ignoring the unsubscribe request. Yes, it's a bell and whistle and not really required, but it is the kind of thing that is only possible by taking a higher perspective of the spam.
Re: 2013 closes on a joyous news note!
Regarding filters, the short reply is that the spammers can obviously live with "Live and let spam" with filsters, as proven by the fact that they continue spamming. Remember the spammers regard their marginal cost of an additional million spams as being effectively zero, so why not spam more?
Just a tip of a larger reply: You mention and then ignore false positives. I'm guessing you pay attention to false negatives because they requite a click on a button (for those email systems that implement their adaptive Bayesian filtering in that way). Unfortunately false positives are also a real problem that sometimes should not be ignored. Remember that the spammers are always trying to blur the line between ham and spam. In my own limited sample, I am still looking for false positives on three accounts, and sometimes seeing them, and in at least one recent case it was a moderately important piece of email that was misfiltered, though most of them tend to be legitimate companies that have a legitimate reason or excuse to email me and who will honor my request to stop sending email.
There is MUCH more than could be said. Why don't we try to solve the problem, instead?