Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Boing Boing Founder Warns of "Internet AIDS"

ScuttleMonkey posted more than 6 years ago | from the orwell-was-an-optimist dept.

The Internet 154

An anonymous reader writes "Cory Doctorow, founder of Boing Boing, says he doesn't have a problem in principle with the automated network defense systems that guard the Internet against malware, spamigation bots, and other network nasties. However, in his article 'The Future of Internet Immune Systems,' he bemoans the problems caused by 'Internet autoimmune disorder' — where the network defenses designed to block network attacks are automated and instantaneous, but the systems in place to reverse erroneous lockdowns are manual and unresponsive."

cancel ×

154 comments

Internet AIDS (3, Funny)

Anonymous Coward | more than 6 years ago | (#21413759)

All that sex it has sure would give it AIDS

Re:Internet AIDS (2, Funny)

ackthpt (218170) | more than 6 years ago | (#21413835)

All that sex it has sure would give it AIDS

It's your pr0n collection what done it! Shoulda got one of them keyboard covers.

Re:Internet AIDS (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21413913)

You have AIDS.
Yes, you have AIDS.
I hate to tell you, boy, you have AIDS.
You got the AIDS.
You may have caught it when you stuck that filthy needle in here.
Or maybe all that unprotected sex which we hear.
It isn***t clear, but what we***re certain of is that you have AIDS.
Yes, you have AIDS.
Not HIV, but full-blown AIDS.
Be sure that you see that this is not HIV, but full blown AIDS.
Not HIV, but full-blown AIDS.
I***m sorry, I wish it was something less serious, but it***s AIDS.
You***ve got the AIDS.

AC Post is from Family Guy! (1)

Z34107 (925136) | more than 6 years ago | (#21414691)

Since when is Family Guy "off-topic"?

Oh, wait, that's the entire premise behind most of their humor, isn't it?

Re:AC Post is from Family Guy! (2, Funny)

ThePengwin (934031) | more than 6 years ago | (#21415553)

"yeah about quarter past 5"

automation is only one-way (4, Insightful)

andreyvul (1176115) | more than 6 years ago | (#21413775)

We still need humans on the other end to fix automation's bugs; algorithms cannot bypass themselves.

Re:automation is only one-way (1, Informative)

Anonymous Coward | more than 6 years ago | (#21414231)

That's not what this is about. Automated processes exist to put IP ranges on blacklists. For example, if an IP address sends SPAM, it is quickly blacklisted by a range of DNSBL operators. This happens automatically. But there is no automated process to get IP ranges unblocked again. That's not a matter of bypassing the blocking algorithm. If an IP range owner corrects the problem or if an IP range changes owners, the blacklist operators don't automatically remove the block. If you want your IP off anti-spam DNSBL, you have to plead to the operators of dozens of blacklists, and they often process these pleads manually. There are also lots of local blacklists which you can't plead to be removed from, and you have no idea if you are on these lists and whether there is an automated process which removes your IP if there is no more hostile behaviour.

Re:automation is only one-way (2, Funny)

stonecypher (118140) | more than 6 years ago | (#21414265)

algorithms cannot bypass themselves
Skynet would tend to disagree.

Re:automation is only one-way (1)

tantrum (261762) | more than 6 years ago | (#21414549)

I thought that was exactly what was claimed to be the problem, that people are too slow to fix automated defences when they malfunction.

This already exists (3, Interesting)

Bryansix (761547) | more than 6 years ago | (#21413777)

When my company moved we had to get new IP addresses. This meant changing MX records and all of that fun. Anyways, the problem came with sending email out. It turns out that like a billion spam catched had caught email from the IP range and so it was not blocked. These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

Re:This already exists (0)

Anonymous Coward | more than 6 years ago | (#21414035)

AIDS already exists, too. A frightening real disease which ought not be compared to issues of whatever internet posse comitatus happens to rain the occasional parade for those networks who voluntarily implement SBL, et al.

Re:This already exists (2, Informative)

Bryansix (761547) | more than 6 years ago | (#21414059)

Our email suffered because other people implemented SBL. Also, nobody is comparing it to AIDS. The summary mistakenly made that analogy but the article used a different analogy.

More like metapHorrible (2, Funny)

The Amazing Fish Boy (863897) | more than 6 years ago | (#21414227)

AIDS already exists, too. A frightening real disease which ought not be compared to issues of whatever internet posse comitatus happens to rain the occasional parade for those networks who voluntarily implement SBL, et al.
Oh, don't be such a comparison Nazi!

Re:This already exists (4, Insightful)

pclminion (145572) | more than 6 years ago | (#21414341)

These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

There is no such thing as an "evil IP address" any more than there is an "evil house." These systems are technically, logically, as well as ethically flawed. Anybody who buys into blacklist-based technology is a reactionary and a bigot.

Re:This already exists (0, Flamebait)

minvaren (854254) | more than 6 years ago | (#21414745)

The instant that a single local sex offender can assault one million people in an hour, I will agree with you.

Blacklists (1, Insightful)

Z34107 (925136) | more than 6 years ago | (#21414773)

There is no such thing as an "evil IP address" any more than there is an "evil house." These systems are technically, logically, as well as ethically flawed. Anybody who buys into blacklist-based technology is a reactionary and a bigot.

And you're a poopy-head!

If you're getting hammered with DoS attacks, spam, interweb herpaids or whatever TFA is about, you block the source. Blocking an IP address has nothing to do with some irrational fear of 32-bit numbers - it blocks the person using that number from destroying your network.

I hope you don't use a firewall or have a router, you bigot.

Re:Blacklists (4, Informative)

s7uar7 (746699) | more than 6 years ago | (#21414965)

Fine, block it for the duration of the attack, but don't keep it permanently on the list. Most spam and DoS attacks originate from hijacked PCs on dynamic IP addresses, so you're not only blocking the PC that's been hijacked, but also the guy who happens to get that IP address next, and the one after, and the one after that, etc, etc.

Re:Blacklists (1)

mlts (1038732) | more than 6 years ago | (#21415161)

That is definitely the best compromise. It doesn't take much to block immediately, but have a timeout on IP addresses which are blocked, so after a certain time (hours/days for DoS attacks, weeks/months for repeat spam addresses) they are delisted. Perhaps weight the algorithm as well, so if an IP range keeps triggering the blacklist code, it is blacklisted for a longer and longer time, although the time is always finite.

Blacklist timeouts (2, Informative)

CustomDesigned (250089) | more than 6 years ago | (#21416341)

I keep IP blacklists and domain blacklists. IPs are blacklisted for 7 days. I experimented with various settings, measuring the diminishing returns (in saved bandwidth) from keeping them blacklisted longer and longer. 7 days is pretty optimal with about 500000 IPs blacklisted at any one time. This keeps spam bandwidth down to a continuous 100Kbps (400000 messages / day - for a one user domain!). Domains are auto-blacklisted based on reputation: total spams/total hams over the last 1024 messages. Reputation decays with time, so that a domain that finally purges their 'bot can send mail again in a week or so. Manually blacklisted domains are permanent, but are manually reviewed every year. There are some domain names that only people I don't want to hear from would buy.

The software is pymilter [sourceforge.net] .

Re:Blacklists (1, Insightful)

Z34107 (925136) | more than 6 years ago | (#21415171)

Blame the man who let his PC get infected; not the poor server op who has to deal with the attacks.

Besides, I don't know of any systems that keep individual IPs permanently blocked; the perma-bans seem reserved for troubled subnets. Very rarely does an entire network change hands; and TFA is complaining not about permanence, but that manual response is "too slow."

Re:Blacklists (2, Insightful)

pclminion (145572) | more than 6 years ago | (#21415383)

If you're getting hammered with DoS attacks, spam, interweb herpaids or whatever TFA is about, you block the source. Blocking an IP address has nothing to do with some irrational fear of 32-bit numbers - it blocks the person using that number from destroying your network.

Key point being the word "your" in "your network." Do whatever the hell you want on your own network. That's not what I'm talking about. I'm talking about ISPs who take it upon themselves to filter the email to their own users based on criteria the users have no say over and probably zero knowledge of. Yes, it's a free market, blah blah blah. Let's see how you like changing providers every couple of months because they start using RBL. I take it you've never been on the losing end of an RBL -- I have. I couldn't email several important people because their ISPs started using various RBLs. So I'm in the same net block with a thousand other people, one of whom is maybe a spammer, therefore *I* have to change providers? Fuck you very much.

Re:Blacklists (2, Interesting)

statemachine (840641) | more than 6 years ago | (#21416207)

I have. I couldn't email several important people because their ISPs started using various RBLs.

I've been in your shoes with large e-mail service providers. One in particular (let's call it Company Y) treated my e-mail in each of the following ways over the course of a year: spam box (slightly tolerable), blackhole (never got delivered), and just plain rejected at the MTA level. I made an effort to contact them about whitelisting my domain (as I was not on any known blacklist), but it seemed to fall on deaf ears. However, just recently, I mistakenly used a person's address at Company Y, and it actually landed in the non-spam inbox.

Maybe a few things (in aggregate with other people) caused the problem to be solved:
1) I contacted Company Y and tried not to be an ass.
2) I started directing my friends and family to use the competitor (let's call it Company G), as I wasn't having any problems there. My friends and family listened to me (or at least considered it) because I gave a reasoned explanation, and I tried not to be an ass.
3) I mentioned my problem to an employee (friend of a friend) at Company Y (although this employee did not work with e-mail), gave a reasoned explanation, and I tried not to be an ass. Who knows if any water cooler talk got to the right person.. but it couldn't hurt to try.

Over the years, I've had my domains hosted on various ISPs, but in each case, I've made sure that I was allowed to have a server. In the few cases I wasn't, I had the server hosted elsewhere. I'm not saying you're running a mail server where you're not supposed to (I have no idea), but e-mail coming from a dynamic IP address that is allocated to a provider that prohibits servers is just asking to be flat-out rejected. I see too many attempts from dial-up and home cable providers with obviously bogus sender envelope information to know that this general categorization holds true. If you have a provider that allows e-mail servers, and you're still having problems with certain ISPs/e-mail service providers, and you're sure you're not on any blacklist (try http://www.dnsstuff.com/ [dnsstuff.com] ), then try contacting the ISP like I mentioned above. If the ISP is not willing to help you, there are other e-mail provider services you could recommend to your friends and relatives.

I could go on and on, but it boils down to trying everything you think is possible before you give up. What are the particulars of your domain?

Re:This already exists (3, Insightful)

RazzleDazzle (442937) | more than 6 years ago | (#21414835)

Well then you obviously are not on the receiving end of millions of spam emails every day that *COULD* have been rejected outright if only you'd been using an SBL. Or you have so much free time to delete all of the junk emails, in which case where do you work? I would like a job? The whole basis of your argument gives no explanation as to how block lists are flawed morally. Technically flawed, yes. Morally flawed, I'd say no. Why should I waste all of my time looking and and handling spam emails I never wanted, requested, or occasionally specifically asked to not to receive? Just so I can be morally superior to spammers?

Let's pretend I agree that SBL's are immoral, I'd gladly take the hit to my moral standing if it means the (even less moral) spammers can't get as much of their crap to my inbox.

No one sane has ever said that block lists are the ultimate solution for the fight against spam, it is a very useful and very effective supplement to other measures. If something better comes along, I'd gladly use it.

If you don't like block lists, don't use them.

Re:This already exists (1)

pclminion (145572) | more than 6 years ago | (#21415311)

Well then you obviously are not on the receiving end of millions of spam emails every day that *COULD* have been rejected outright if only you'd been using an SBL. Or you have so much free time to delete all of the junk emails, in which case where do you work?

I use a Bayesian filter, perhaps you've heard of it? It filters about 300 messages a day. That's down, from about 3000 a day a year ago. Filter the content, not the source.

Why should I waste all of my time looking and and handling spam emails I never wanted, requested, or occasionally specifically asked to not to receive?

No idea. Why DO you? I don't.

If you don't like block lists, don't use them.

I was unable to email my own mother for over 3 months because her ISP uses RBL and my IP was in a banned block. So yes, I wasn't using it, but the recipient was, without her knowledge or even informed consent. The fact is, we don't GET a choice. We're at the mercy of rabid sysadmins.

Re:This already exists (1)

statemachine (840641) | more than 6 years ago | (#21414905)

Every time I see these arguments against spam blacklists, I roll my eyes. On my mailserver, I've carefully selected blacklists that either periodically scan suspected hosts for open proxies or infections, or simply list based on a spam coming from that IP address. And in all cases, these selected blacklists allow quick delisting.

True, the blacklists have blocked some of a large e-mail provider's servers (because spam was indeed sent from those compromised servers), which has inconvenienced me, but at the same time, the IP addresses were delisted quickly, and only relisted again because the e-mail provider *did not clean up the servers*. Only when the servers were cleaned up did those IP addresses stop getting listed.

I use blacklists because I don't want to tie up resources with filtering, nor do I feel I should accept the bandwidth costs on my end. Blacklists aren't the only method I use, but all methods I do use end up dropping the connection, instead of accepting everything and sorting it out later, of which the latter is a very bad practice. Though I am a small guppy in a very large ocean, my server rejects 7 to 12 thousand connections a month, with maybe less than 5 e-mails a year ever being false-positives for spam. And today I get between 3 and 6 spams a day that slip through to my public, well-known e-mail address inboxes which have been around since '99.

Say what you will about blacklists, but they work, and they work well. I don't need to receive, store, and filter all that spam. If I did start up a filter, I'd still keep the blacklists since they would greatly reduce the load, and I have several years of logs and e-mails to back up that assertion.

Re:This already exists (2, Interesting)

brass1 (30288) | more than 6 years ago | (#21415003)

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is.
It's a strong argument for changing providers more than anything else. The abuse department that found and killed the previous customer should have done a sweep of those IPs with all the usual places then get them removed. For professional abuse departments this is a matter of doing business, and is unfortunately part of what makes the Internet go 'round whether anyone likes it or not.

A black list is a list of domain or IPs the provider of the black list wishes to list. The provider of the list gets to decide who is listed, why they're listed and under what circumstances under which people get removed. They don't even have to give you any way to know you're on their list. Blacklists do not block mail. They're simply a list. It's a list of people that one party doesn't think other parties should accept mail from. It really nothing more than an opinion. There are of course bad lists and good lists. The fact is, the open market is pretty good at selecting the good ones and weeding out the bad ones.

The consumers of these lists, on the other hand, do have choices. One of them is to choose to not accept your mail for whatever reason they deem fit. Those people, whom you call, "vigilantes," the rest of us call Mail Server Administrators. We use tools such as RBLs, content filters and other other technologies to stop the deluge of bullshit into your mailbox. I will say that blocking any given piece of mail just because it shows up in one black list is probably asking to block mail someone wants. The system administrators run the system, they decide what mail comes in and what goes out. They have to work the tickets if it's broken for everyone or just the handful that got a spammy piece of mail blocked this week.

Anybody who buys into blacklist-based technology is a reactionary and a bigot.
No, I'm a realist who knows from years of experience that they work with a minimum of side effects and do so far more efficiently than a lot of other less effective technologies.

Re:This already exists (1)

maxume (22995) | more than 6 years ago | (#21415069)

If you think blacklisting is unethical, then you must think that ignoring something for any reason(or for no reason at all) is unethical. I doubt you actually believe this.

Re:This already exists (1)

pclminion (145572) | more than 6 years ago | (#21415355)

If you think blacklisting is unethical, then you must think that ignoring something for any reason(or for no reason at all) is unethical. I doubt you actually believe this.

Not an equivalent for comparison. It's not ME who chooses to ignore something. It's a piece of software on a server that I have no control over. My mom didn't have a choice when her ISP started blocking my emails. Except of course to change ISPs to one which has a sane policy. And I'm not switching hosting services just because my IP somehow made it into a blacklist. Believe me, I checked it out and could not ascertain just why in the hell my IP (actually the whole net block) was on the list. The hosting service is outstanding and has very proactive spam measures.

Some mail server administrator who thinks he's God decided that he should get to choose which mail gets delivered and which doesn't. That breaks a fundamental trust between customer and service provider. "We're going to block these mails -- if you don't like it, switch providers." Sounds like blackmail to me. Leveraging the very VICTIMS of spam, taking advantage of their ire, frustration, and helplessness to further your own political goals. It's slime at its lowest.

Being a sysadmin doesn't make you God. Maybe back when we were all 15 and swapping warez over 2400 BPS modems, the sysop was "God." Most of us have grown up since then.

Re:This already exists (1)

Danny Rathjens (8471) | more than 6 years ago | (#21415195)

That reminds me of that lady who had her house vandalized because she was a "paediatrician" because they thought it sounded too much like "paedophile". Some blacklists are based on having letters like "dsl" in your DNS PTR records. :)

The Upgrade that Wasn't (1)

beadfulthings (975812) | more than 6 years ago | (#21415457)

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

Yeah, they're unethical and sleazy, and yeah, I held out for as long as I could, but I'm only one person. I'm part of a small group of like-minded business people, and when we got fed up with "hosting providers," we arranged to share the cost of a "semi managed" Linux/Apache Web server. For my past sins (which involved a lot of servers, none of them running Linux) and for a bit of extra cash, I get to manage the damned thing. I watched in despair as more and more resources, and more and more time, became allocated to processing the mail. Peoples' mailboxes filled up so regularly that it was taking me more human-time to deal with the mess than was worth it to me. Yes, I had qualms, and yes, I gave it some thought. But on the morning when the previous night's backups didn't run til 9:30 a.m., I went in and changed my rules

The result has been six weeks (so far) of relative peace and quiet. The torrent has slowed to a trickle, easily and quickly managed. All those mundane little necessities like the backups are now proceeding when I set them up to proceed. The mail queue is always caught up. The untrained among us are now better able to deal with their own mailboxes. Best of all, the server has plenty of horsepower for now and the foreseeable future. I actually thought we might have to upgrade it. Think of that: Having to upgrade one's server so that it can cope with more and more unwanted, unrequested junk. I'm not willing to pay for that, and I doubt anybody else is, either.

Re:This already exists (1)

Klaus_1250 (987230) | more than 6 years ago | (#21414403)

Blocklists are slowly adapting to this with temporary blocklists. But NEVER EVER accept a new IP-address/block without checking its history. I went through the same ordeal once, finding it really was next to impossible to convince blocklists that ownership had really changed and I wasn't a bad guy (the previous owner had moved ip-addresses, but remained with the same colocation provider which didn't help my case). Worst of all, the colocation provider wasn't helpful at all.

Trigger trippers (2, Interesting)

ackthpt (218170) | more than 6 years ago | (#21413787)

the systems in place to reverse erroneous lockdowns are manual and unresponsive.

Yep, almost as bad as trying to get set up with service in the first place.

I guess the way to foil these critters is to try to trip as many as possible. Then again, the intarweb mischief-makers will probably do just that.

Please stay on the line, your call is important to us.

Automatic Forgiveness in Autonomic Systems... (4, Insightful)

nweaver (113078) | more than 6 years ago | (#21413791)

For a lot of autonomic systems, you need the blocking, but a little automatic forgiveness goes a long way.

EG, in a scan detector, forgive 1 scan per minute/hour and eventually release the block. This saves a call to tech support, and papers over a lot of sins when building an automatic system.

Re:Automatic Forgiveness in Autonomic Systems... (1)

photon317 (208409) | more than 6 years ago | (#21415539)


I do this in all of my active defense systems for production sites. I tend to make the firewall rules reasonably aggressive at detecting anything that looks remotely like attack traffic (connections on ports that neither us or customers are ever supposed to use but do see attack traffic (22, 139, etc...), tcp flag combos common in stealth scanners, certain known exploit string matches on port 80 traffic, etc), but the offending IPs are only blacklisted for a few minutes at first, ramping up to perhaps half a day if they're persistent within the blacked-out time window. This is more than enough to deter most automated (and even a few manual) attackers, assuming you're not protecting super valuable data. Still, there's no excuse not to be proactively checking up on your defenses and making sure things are behaving well.

same thing happens with p2p blocklists (1)

leuk_he (194174) | more than 6 years ago | (#21413795)

p2p applications use peergaurdian or other ip filters by bluetack that increase in size, but getting removed form such a ip blocklist is hard.

Auto-immune != immuno-deficient (5, Insightful)

ChameleonDave (1041178) | more than 6 years ago | (#21413797)

The summary title is stupid.

AIDS is not auto-immune; it is immuno-deficient. The FA doesn't mention AIDS. Try this [wikipedia.org] .

Re:Auto-immune != immuno-deficient (1)

Raffaello (230287) | more than 6 years ago | (#21413865)

Exactly. Summary should have said "Internet Lupus" or "Internet Multiple Sclerosis" etc.

Re:Auto-immune != immuno-deficient (1, Funny)

Anonymous Coward | more than 6 years ago | (#21414385)

>Summary should have said "Internet Lupus"

It's never Internet Lupus.

Re:Auto-immune != immuno-deficient (3, Informative)

ColdWetDog (752185) | more than 6 years ago | (#21413983)

It's kind of a dumb rant - automatic systems are cheap and fast, manual (meat space) systems are slow and expensive. If he is trying to make some analogy between the Internet and the Immune System, well, you can do it but it's pretty crude. The immune system in a human, for example, is a complex and delicate balance between acceptance and destruction.

There are many, many examples of problems when that balance is disrupted. AIDS on one hand when you don't have enough of an immune response, Lupus when your immune system is too jazzed up. Furthermore, the immune system is incredibly complex and has layers and layers of feedback systems, redundancies, control loops and things we really don't understand well. I suppose AIDS would be a Windows box hooked up to a cable modem. Not long for this world.... Lupus might be what Doctorow is complaining about - too much "immune" activity.

Unlike the Internet, the immune system has had millions of years to evolve to it's present state - and it is still hardly a perfect system. Perhaps some up and coming "Internet Immunologist" might start out with this course [mit.edu] to take advantage of those millenniums of experiments

Or perhaps we should just chuck the immune system thing and try to come up with a car analogy.

Re:Auto-immune != immuno-deficient (1)

gad_zuki! (70830) | more than 6 years ago | (#21414819)

>It's kind of a dumb rant

What? Youre saying a science fiction author who has never worked with large scale networking has invalid opinions about network security and his proposed fix-all is questionable musings? Say it aint so!

Re:Auto-immune != immuno-deficient (1)

fm6 (162816) | more than 6 years ago | (#21414433)

Just to make your point a little clearer: "auto" here means "self" not "automatic". Auto-immune diseases are ones where the immune system attacks the very cells it's supposed to protect.

Re:Auto-immune != immuno-deficient (1)

veganboyjosh (896761) | more than 6 years ago | (#21414821)

Perhaps the car analogy the sibling post was talking about is in there somewhere...

Re:Auto-immune != immuno-deficient (1)

maxume (22995) | more than 6 years ago | (#21415149)

Also, Cory Doctorow didn't found Boing Boing, Mark Frauenfelder did.

Glad someone spotted this (2, Insightful)

mutube (981006) | more than 6 years ago | (#21415595)

AIDS = ACQUIRED Immune Deficiency Syndrome. That is the immune system gets knackered by the virus and packs in.

Auto-immune means that the body's immune system starts to attack itself, a condition which is largely incompatible with the one mentioned. AIDS deals with the destruction of the immune system by outside causes (whatever they may be). Autoimmune diseases cover the body's own immune system going haywire and destroying the body.

Analogy: AIDS is a demolition crew, Auto-immune is "Extreme Makover: Home Improvement" where the jacuzzi ends up cooking the family.

Re:Glad someone spotted this (1)

Creepy Crawler (680178) | more than 6 years ago | (#21415857)

I love that analogy!

mmmMMMMMMMmmmm cooked long pig.

Bunch of cash (2, Insightful)

moogied (1175879) | more than 6 years ago | (#21413819)

I will wager a bunch of cash that he is selling a product that will fix whatever he says is broke.

Re:Bunch of cash (1)

NoMaster (142776) | more than 6 years ago | (#21414063)

I will wager a bunch of cash that he is selling a product that will fix whatever he says is broke.
No, no - he's writing a story about it.

The hero is a neckbeard, it's set in a world where everything wants to be free, and the main part of the action takes place in Disneyland. Oddly and unbelievably, the author will not understand the ironic incongruity of that...

Re:Bunch of cash (0)

Anonymous Coward | more than 6 years ago | (#21415785)

Hello, you seem to be capable of independent thought and don't think all "geeks" are selfless information warriors.
Why do you have a slashdot account?

AIDS is not an auto immune disease (0)

Anonymous Coward | more than 6 years ago | (#21413821)

AIDS is not an auto immune disease. He talks about when the immune system attacks normal, healthy cells, not when the immune system fails completely

Stupid slashdot editors.

Not AIDS (2, Informative)

supahdren (559625) | more than 6 years ago | (#21413827)

Maybe I'm just not seeing it, but this article doesn't mention any comparison to "AIDS." This is good, because AIDS isn't an autoimmune disease. The article's comparison of evolving security responses to an autoimmune reaction is apt, but a comparison to AIDS/HIV wouldn't be.

Not AIDS (2, Informative)

mr100percent (57156) | more than 6 years ago | (#21413831)

It wouldn't be internet AIDS. Wouldn't that be Internet Lupus [google.com] ?

Re:Not AIDS (5, Funny)

Hatta (162192) | more than 6 years ago | (#21413975)

It's not lupus, it's never lupus.

Re:Not AIDS (0, Redundant)

j14ast (258285) | more than 6 years ago | (#21414029)

Brought to you by the House(MD) for president council.

Re:Not AIDS (0)

Anonymous Coward | more than 6 years ago | (#21415081)

Neither. It's just a bad analogy. Makes you misunderstand the problem pretty quick.

hmm (5, Funny)

theMerovingian (722983) | more than 6 years ago | (#21413841)


the systems in place to reverse erroneous lockdowns are manual and unresponsive

Anyone who is married knows how much of a dilemma this presents...

Guess we'll have to... (2, Funny)

oahazmatt (868057) | more than 6 years ago | (#21413851)

Guess we'll have to line the tubes with latex.

Re:Guess we'll have to... (1)

Bryansix (761547) | more than 6 years ago | (#21413935)

Don't you mean KY Lube?

Pardon my naivety (0)

zappepcs (820751) | more than 6 years ago | (#21413855)

but if all that could be done successfully, wouldn't it already exist as a set of ruby on rails scripts?

Seriously, I believe that until processors/hardware works with the OS to sandbox applications correctly, there is no really effective way to sanitize the Internet, and there are some really good reasons for not doing so.

At least some malware uses the OS features to hide itself, and propagate itself. Much of the rest of it relies on users to initialize it locally. Tell me how that will automatically be removed from the internet. Try to eliminate all threats is the same whack-a-mole game as trying to stop file sharing outright. Sure, might theoretically be a good idea, but in practice there are some gaping huge holes in the process.

No matter how smart you make the software, the routers, or the Internet in general, there will be some finance guy that thinks he knows IT in a small company that allows his servers to get owned. Thanks to the 1000s like him, the rest of the internet will have to continue fighting the 'malware' forever. False positives aside, the task of eliminating security risks from an Internet where Win95 is still running is a bit more than daunting.

Re:Pardon my naivety (1)

Bryansix (761547) | more than 6 years ago | (#21413967)

Couldn't Microsoft just release patches for Windows 95? I mean they released the buggy software so they should fix it.

principal/principle (0)

Anonymous Coward | more than 6 years ago | (#21413857)

You mean: 'in principle'.

That's not AIDS (2, Informative)

Punto (100573) | more than 6 years ago | (#21413861)

It's Lupus.

Re:That's not AIDS (0)

Anonymous Coward | more than 6 years ago | (#21413929)

It's NEVER Lupus.

Also, internet's closed due to AIDS

Re:That's not AIDS (1)

jalefkowit (101585) | more than 6 years ago | (#21414317)

No it isn't. [itsnotlup.us]

Re:That's not AIDS (1)

pclminion (145572) | more than 6 years ago | (#21414365)

Foreman, you idiot!

I've had this experience (2, Interesting)

kwerle (39371) | more than 6 years ago | (#21413875)

I had a bad encounter with an RBL a few years back (late 90's, I think). I had installed some web proxy on my machine and opened it up so I could use it from outside my firewall. I never considered that it cold proxy to my machine itself. These were the bad middle days when packages could get away with shipping in not-quite-idiot-proof configuration. I later argued with the package maintainer that the proxy should disable local referrals by default. They didn't agree, and it wasn't my package.

Anyway. It turns out that spammers could blindly use my webproxy to push email to my local port 25 and send mail using it. Damn clever spammers. I figured it out after my email system croaked and I looked at the logs and mailq. (crap, 1000 spam messages in the outbox, originated on my system).

So I'd been a tool, and used, and it was my damn fault. I fixed it (uninstalled the proxy) and started to repair the damage.

One of the items of fallout was that the RBL lists had nailed my IP address as a spammer. Fair enough. But getting them to turn it off was a royal pain in the ass and took days - even though their notes described exactly how the spam was delivered through my system and it was easily verifiable that it was no longer an issue.

It left me pretty peeved, and I've never used an RBL since.

The pool is closed! (3, Funny)

Anonymous Coward | more than 6 years ago | (#21413891)

Due to AIDS!

Re:The pool is closed! (0)

Anonymous Coward | more than 6 years ago | (#21413977)

we'll require some serious /b/lackup on this one.

Re:The pool is closed! (0)

Anonymous Coward | more than 6 years ago | (#21414147)

      hh                                  dd
sss  hh       oooo   oooo  pp pp         dd   aa aa
s     hhhhhh  oo  oo oo  oo ppp  pp   dddddd  aa aaa
sss  hh   hh oo  oo oo  oo pppppp   dd   dd aa  aaa
    s hh   hh  oooo   oooo  pp        dddddd  aaa aa
sss                        pp
           hh
ww      ww hh       oooo   oooo  pp pp
ww      ww hhhhhh  oo  oo oo  oo ppp  pp
ww ww ww  hh   hh oo  oo oo  oo pppppp
  ww  ww   hh   hh  oooo   oooo  pp
                                 pp     

Re:The pool is closed! (0)

Anonymous Coward | more than 6 years ago | (#21415275)

nevar forgive

nevar forget

Whitelists and Blacklists (1)

Doc Ruby (173196) | more than 6 years ago | (#21413923)

The solution to the complex access problems is, as usual, distributed social trust networks. But we're still so primitive that I can't even find a whitelist/blacklist plugin for my Evolution.

There probably is one, but it's hidden behind an opaque trust network of people who know about it, but who I don't know, though we have that SW relationship (need/have) in common. Let's see if the manual broadcast still works.

Cory's not a BB founder, nor is AIDS (1)

yourpusher (161612) | more than 6 years ago | (#21413931)

anywhere near an appropriate analogy.

Fortunately there is a cure (0)

Anonymous Coward | more than 6 years ago | (#21413941)

Click here [ubuntu.com] for the cure.

that's the second article i read today (1)

circletimessquare (444983) | more than 6 years ago | (#21413947)

that had a misleading title, suggesting disease from internet content

"Lust, Caution" prompts virus, medical warnings [reuters.com]

although this was quite the amusing bit:

"Most of the sexual maneuvers in 'Lust, Caution' are in abnormal body positions," the report quoted Yu Zao, a deputy director at a women's hospital in southern Guangdong province, as saying.

"Only women with comparatively flexible bodies that have gymnastics or yoga experience are able to perform them. For average people to blindly copy them could lead to unnecessary physical harm," Yu said.


ok, now i HAVE to see this movie

and if you'll excuse me, i have to go wash my hands. because i touched my keyboard. who knows what i will catch

Re:that's the second article i read today (1)

Eevee1 (1147279) | more than 6 years ago | (#21415381)

You might get pregnant by not using protection while typing. So, who's the father?

that's nothing (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21413961)

what about all those linux fags who are spreading real aids?

Re:that's nothing (0)

Anonymous Coward | more than 6 years ago | (#21414775)

It's not even real AIDS, it's a shitty open source knockoff. There isn't even a memorial quilt if you die of OpenAIDS, just a diaper.

Doctorow not a founder of BoingBoing (3, Informative)

Anonymous Coward | more than 6 years ago | (#21413971)

I don't know how many times I've heard Doctorow say in interviews that he is not a founder of BoingBoing. Fraunfelder is the only founder still involved with BoingBoing (I think he is also the only current contributor who was around when BoingBoing was in print before it went electronic).

Not a BB founder (0)

Anonymous Coward | more than 6 years ago | (#21414011)

Boing Boing was founded by Mark Frauenfelder and Carla Sinclair. Small detail, but hey, who needs accuracy in a headline?

Credit card lockdown (2, Informative)

pclminion (145572) | more than 6 years ago | (#21414155)

My wife and I drove over three hours to a different state to buy furniture. On the way, we stopped at a gas station and bought gas. Apparently, our credit union doesn't believe in such things as traveling from state to state, and flagged this is a suspicious transaction. Nevermind that we go to this neighboring state regularly and their "system" has never seen this as unusual. Of course, the card was silently suspended. This has happened a few times in the past, but we'd always received a phone call within minutes of it happening. No such call, so we remained oblivious and continued on.

Proceeded to drive to our destination, spent a few MORE hours picking out furniture, went to pay, and... Whoops. Luckily I managed to dig out a credit card from the depths of my wallet that I'd forgotten about, and which still worked, luckily. But it easily could have been a completely wasted day.

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

Imagine that. People occasionally drive into a neighboring state and... buy gas on the way! If that's not suspicious, what the hell is, right?

Re:Credit card lockdown (1)

gclef (96311) | more than 6 years ago | (#21415425)

Actually, it's very suspicious to the credit card companies.

When a card is stolen, the thief will often follow a predictable pattern: a small, relatively anonymous purchase (like gas), to confirm that the card works, followed shortly by a large transaction (like, in your case, furniture). Gas stations are the perfect place for that first transaction: if the card is cancelled, no one's at the pump to call the card company or rat them out.

When the credit card companies see transactions that fit that pattern, they'll nuke the card first & ask questions later. (After all, your maximum liability is $50, but the merchant and CC bank then have to fight out who eats the rest of the loss if the card's stolen.)

Sucks that you got caught in it, but there is a logical reason why they did it.

mod parent 'overrated.' (0)

Anonymous Coward | more than 6 years ago | (#21415703)

Why are you blogging in my slashdot window?

Welcome to racial profiling (1)

DysenteryInTheRanks (902824) | more than 6 years ago | (#21414189)

He mentions having his debit card cut off every time he leaves the country; the same thing happened to me.

Ater specifically notifying B of A I was going to France, and asking them to raise the limit, because I would be withdrawing a lot of cash, my card was suspended.

Suspiciously, someone was withdrawing a lot of cash. In France.

This is basically the price we pay for weak law enforcement. There are laws against spam, and phishing, but no money to prosecute, so we end up with flawed automated systems.

There are laws against credit card fraud, but it's too expensive to really stop, especially abroad, so we end up with flawed automated systems.

There were all kinds of HUGE clues before the Sept. 11 attacks, but actually reforming the bureaucracy to catch those kinds of clues is too hard, so we have No Fly lists that trap innocent people. Basically a flawed, automated system.

And now it's just assumed that law enforcement will be weak and collectively incompetent, so there's this groundswell of acceptance for racial profiling, as though focusing on arabs (or blacks, latinos and whatnot, depending on the context and crime you're trying to stop) will make us safer -- rather than less safe, since while you're looking for the [arab/black/latino] guy on suspicion of [terrorism/theft/illegal immigration], someone who doesn't fit the stereotype walks right under your nose.

Re:Welcome to racial profiling (0)

Kazrath (822492) | more than 6 years ago | (#21414453)

You know everyone wants profiling to be wrong but the problem is that it has better odds of being correct than a coin flip. Different ethnic groups are drawn to different things. Maybe it is genetic or social it does not really matter. The reason they profile is because it is accurate enough. Think of it in computer terms for a second. If you walk into a server farm and its room tempature or hotter and your troubleshooting an issue with server randomly rebooting what is most likely the first thing your going to check? Maybe lower the tempeture of the room because over heating would be the most likely cause. But lets say by happenstance it turns out that all the failing server are indirectly using the same wall outlet and a short in it was the cause of the issue. Profiling is the obvious and most likely answer but it is not always the right answer.

Re:Welcome to racial profiling (0)

Anonymous Coward | more than 6 years ago | (#21414611)

The reason they profile is because it is accurate enough.

No. Racial profiling is stochastically better than nothing, but not accurate enough. Racial profiling in particular causes feedback loops, so while it does protect you now, it makes the problem worse in the long run.

Re:Welcome to racial profiling (0)

Anonymous Coward | more than 6 years ago | (#21414699)

>>Racial profiling in particular causes feedback loops, so while it does protect you now, it makes the problem worse in the long run.

What, the arabs will start marrying white people to breed a new generation of super-terrorists?

Waiting for Total Collapse (1)

rueger (210566) | more than 6 years ago | (#21414263)

Sigh, neither Doctorow's article nor the bizarre summary offer much hope. He is right on some points though.

More and more it is left to the end user or consumer to battle their way though e-mail and voice systems to undo the damage inflicted by automated systems. To add insult to injury it seems that the blame for these problems is always placed on the customer, not on bad system design. I guess that this is all part of the "Leave you bag at the door" attitude that assumes that every customer is a shoplifter.

I'd say that the bigger threat is the likely collapse of the whole e-mail system. When will things just stop working? When spam accounts for 95% of e-mail? 99.9%? I'd like to hear about people that are developing a replacement for e-mail technology that just doesn't work any more.

Simple rule (1)

pclminion (145572) | more than 6 years ago | (#21414291)

It should be a simple rule, really: Do not automatically disable anything that can't be automatically re-enabled. Two way street.

A Simple Well Thought Out Solution (1)

cybereal (621599) | more than 6 years ago | (#21414455)

I'll simply get my HERF gun and this time things will not end badly!

(If you think this is OT, you need to read more Doctorow)

Cory's A Cool Guy And All But... (2, Informative)

FrankDrebin (238464) | more than 6 years ago | (#21414485)

...he is not *the founder* of Boing Boing. That title goes to Mark Frauenfelder [wikipedia.org] . Cory is a co-editor.

The Internet is closed... (2, Funny)

jblake (162981) | more than 6 years ago | (#21414563)

...due to AIDS.

Stop saying lupus (1)

Thinboy00 (1190815) | more than 6 years ago | (#21414605)

Please stop. It's annoying and redundant and somehow not rated as such (?).

The internet is no longer a series of tubes. (3, Funny)

Trespass (225077) | more than 6 years ago | (#21414681)

It's now a pool- and it's closed.

What? (1)

Nonillion (266505) | more than 6 years ago | (#21414689)

"malware, spamigation bots, and other network nasties"

WTF are these terms you are referring to? I run Linux and Unix and I'm unfamiliar with "malware" and "spamigation bots". Are these Windows applications?

Just asking :P

Boing Boing Founder? (0)

Anonymous Coward | more than 6 years ago | (#21414857)

The founder of Boing Boing is Mark Frauenfelder, with Cory as a co-editor.

Pool's closed? (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#21414863)

We gotta stop the people. Tell them about the AIDS...

it's more like allergies (1)

netsavior (627338) | more than 6 years ago | (#21414885)

I think it's silly to force a biological metaphor but if you have to:
Allergic reactions are where your body identifies foreign or even native substances as harmful and treats them with hostillity (like by making your eyes water and your nose run to flush them out) This is an immune over-reaction, which is what the article is talking about.

AIDS would be more like the many many viruses that seek to shut down common anti-virus programs. But of course, AIDS is more scary and sensational than histamine

Non-credible source (1)

sakusha (441986) | more than 6 years ago | (#21414995)

I fail to see how anyone could take that rant seriously. I fail to see how anyone could take seriously any technical argument from Cory, who is well known to be a high-school dropout who never produced a line of code in his life.

Cory's specialty is making mountains out of molehills. He whines that he got kicked off his hotel network after playing an online game that taxed their shared resources, and from that he makes sweeping generalizations about overall Internet security. Excuse me if I completely disregard his political tirade, and only consider technical arguments by network security professionals.

need safe browsing education (1)

wardk (3037) | more than 6 years ago | (#21415449)

stop the impending pandemic

no more windows, no more ie

AIDS? (5, Insightful)

Pendersempai (625351) | more than 6 years ago | (#21415513)

Only if we get to call a tiered internet "Internet racism."

Spam is email that forces itself upon me -- that can be "Internet rape."

What Comcast is doing to bittorrent traffic: "Internet genocide."

And the projected brownouts as described by that other article on the front page right now: "Internet Alzheimer's."

These attention-grabbing headlines are so accurate and informative!

Strictly speaking (1)

chubbchubbs (1095063) | more than 6 years ago | (#21416161)

Autoimmune diseases arise from an overactive immune response of the body against substances and tissues normally present in the body. while AIDS destroys the immune system. it's a wrong analogy.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...