Boing Boing Founder Warns of "Internet AIDS"

An anonymous reader writes "Cory Doctorow, founder of Boing Boing, says he doesn't have a problem in principle with the automated network defense systems that guard the Internet against malware, spamigation bots, and other network nasties. However, in his article 'The Future of Internet Immune Systems,' he bemoans the problems caused by 'Internet autoimmune disorder' — where the network defenses designed to block network attacks are automated and instantaneous, but the systems in place to reverse erroneous lockdowns are manual and unresponsive."

Internet AIDS

[Anonymous Coward]

All that sex it has sure would give it AIDS

Re:

[ackthpt]

All that sex it has sure would give it AIDS

It's your pr0n collection what done it! Shoulda got one of them keyboard covers.

Keep Your Tubes AIDS-free

[sanman2]

We have to keep the AIDS out of the tubes that are the internet

Re:

[ultranova]

All that sex it has sure would give it AIDS

Maybe, but what the summary describes is an autoimmune syndrome and has nothing to do with AIDS. This, of course, raises the question of why AIDS was even mentioned in the subject.

Could someone go and see the article ? I'd rather not do so myself, because of the Firefox CPU/memory consumption bug would make restarting the browser a neccessity afterwards, and I have a lot of tabs already open.

AC Post is from Family Guy!

[Z34107]

Since when is Family Guy "off-topic"?

Oh, wait, that's the entire premise behind most of their humor, isn't it?

Re:

[ThePengwin]

"yeah about quarter past 5"

automation is only one-way

[andreyvul]

We still need humans on the other end to fix automation's bugs; algorithms cannot bypass themselves.

Re:

[Anonymous Coward]

That's not what this is about. Automated processes exist to put IP ranges on blacklists. For example, if an IP address sends SPAM, it is quickly blacklisted by a range of DNSBL operators. This happens automatically. But there is no automated process to get IP ranges unblocked again. That's not a matter of bypassing the blocking algorithm. If an IP range owner corrects the problem or if an IP range changes owners, the blacklist operators don't automatically remove the block. If you want your IP off anti-spam

Re:

[stonecypher]

algorithms cannot bypass themselves

Skynet would tend to disagree.

Re:

[ultranova]

algorithms cannot bypass themselves

/blockquote>

Skynet would tend to disagree.

What do you mean ? Skynet functioned exactly within its design parameters: it detected America's enemies and executed them with the most efficient method at its disposal. It goes like this:

US is waging a War on Terror -> you're either with us or you're with the terrorists -> giving money or training to terrorists makes you an enemy of the US -> US gave money and training to many terrorist organizations during t

This already exists

[Bryansix]

When my company moved we had to get new IP addresses. This meant changing MX records and all of that fun. Anyways, the problem came with sending email out. It turns out that like a billion spam catched had caught email from the IP range and so it was not blocked. These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

Re:This already exists

[pclminion]

These various Spam Blocking Lists (or SBLs) are almost all automated. A few of them let you push a button and get removed. However some of them require manually emailing an explanation and still others try to extort money from you to speed up the unblocking process. We didn't even send any spam. The previous owners of the IP did.

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

There is no such thing as an "evil IP address" any more than there is an "evil house." These systems are technically, logically, as well as ethically flawed. Anybody who buys into blacklist-based technology is a reactionary and a bigot.

Blacklists

[Z34107]

There is no such thing as an "evil IP address" any more than there is an "evil house." These systems are technically, logically, as well as ethically flawed. Anybody who buys into blacklist-based technology is a reactionary and a bigot.

And you're a poopy-head!

If you're getting hammered with DoS attacks, spam, interweb herpaids or whatever TFA is about, you block the source. Blocking an IP address has nothing to do with some irrational fear of 32-bit numbers - it blocks the person using that number fro

Re:Blacklists

[s7uar7]

Fine, block it for the duration of the attack, but don't keep it permanently on the list. Most spam and DoS attacks originate from hijacked PCs on dynamic IP addresses, so you're not only blocking the PC that's been hijacked, but also the guy who happens to get that IP address next, and the one after, and the one after that, etc, etc.

Re:

[mlts]

That is definitely the best compromise. It doesn't take much to block immediately, but have a timeout on IP addresses which are blocked, so after a certain time (hours/days for DoS attacks, weeks/months for repeat spam addresses) they are delisted. Perhaps weight the algorithm as well, so if an IP range keeps triggering the blacklist code, it is blacklisted for a longer and longer time, although the time is always finite.

Blacklist timeouts

[CustomDesigned]

I keep IP blacklists and domain blacklists. IPs are blacklisted for 7 days. I experimented with various settings, measuring the diminishing returns (in saved bandwidth) from keeping them blacklisted longer and longer. 7 days is pretty optimal with about 500000 IPs blacklisted at any one time. This keeps spam bandwidth down to a continuous 100Kbps (400000 messages / day - for a one user domain!). Domains are auto-blacklisted based on reputation: total spams/total hams over the last 1024 messages. Repu

Re:

[mlts]

That is excellent information. It is sort of a guessing game on how long to set a blacklist period. Too short, and you will get hit multiple times by the same perps. Too long, and it hurts someone if the IP block or domain changes hands.

What might be an idea, although this is abusable, would be some way of having a site collect info from others. Say domains A, B, and C are getting hit from the same IP range and blacklist it. They communicate that to some server, so domain D and E would either blacklist

Re:

[CustomDesigned]

What might be an idea, although this is abusable, would be some way of having a site collect info from others. Say domains A, B, and C are getting hit from the same IP range and blacklist it. They communicate that to some server, so domain D and E would either blacklist or use tarpits/QoS or other precautionary measures until their spam/DoS filters get triggered.

I do this for domains using the GOSSiP protocol as implemented by pygossip. Each MTA consults a gossip server for reputation, and provides spam/ham feedback on specific messages. The gossip server maintains its own reputation database, and also queries peers for their opinion of a domain, and combines scores to get a reputation and a confidence.

Re:

[Z34107]

Blame the man who let his PC get infected; not the poor server op who has to deal with the attacks.

Besides, I don't know of any systems that keep individual IPs permanently blocked; the perma-bans seem reserved for troubled subnets. Very rarely does an entire network change hands; and TFA is complaining not about permanence, but that manual response is "too slow."

Re:

[oglueck]

I guess you mean permanent null-routing of the DROP list for instance. Should be done on your ISP's router.

Re:

[oglueck]

hijacked PCs on dynamic IP addresses

You can safely block those for quite long. Those IP ranges must not send email directly, ever. They must relay through their ISP's smarthost. Even if they are running their own MTA. It doesn't matter if the current user of that IP spams or not.

Re:

[orangesquid]

What RFCs say that, and does it just apply to dynamic addresses, or also to having a static IP but being just a common customer of an ISP? Or, is it based on who handles the reverse lookup or routing for an address?
For a lot of broadband, dynamic lease times are a year or longer, and I would argue that, on the Internet (where an ISP's standard mail servers might be replaced with newer machines that occupy different IP addresses once or twice a year), a year is a semi-permanent amount of time...

If I want to

Re:

[oglueck]

I don't know if there is an RFC that mandates a static address for an MTA. But in current practice an MTA with a dynamic address is considered "rogue" by recieving MTAs. On a dynamic address you will also have a hard time to get a proper reverse DNS entry. If you want to run your own MTA, get a static address with proper reverse DNS entries. You can moan that your setup doesn't violate any RFC, but nobody will listen. SMTP was invented before SPAM. So don't be surprised that it doesn't work the same as 20 y

Re:

[pclminion]

If you're getting hammered with DoS attacks, spam, interweb herpaids or whatever TFA is about, you block the source. Blocking an IP address has nothing to do with some irrational fear of 32-bit numbers - it blocks the person using that number from destroying your network.

Key point being the word "your" in "your network." Do whatever the hell you want on your own network. That's not what I'm talking about. I'm talking about ISPs who take it upon themselves to filter the email to their own users based on

Re:

[statemachine]

I have. I couldn't email several important people because their ISPs started using various RBLs.

I've been in your shoes with large e-mail service providers. One in particular (let's call it Company Y) treated my e-mail in each of the following ways over the course of a year: spam box (slightly tolerable), blackhole (never got delivered), and just plain rejected at the MTA level. I made an effort to contact them about whitelisting my domain (as I was not on any known blacklist), but it seemed to fall on deaf

Re:

[Just Some Guy]

I'm talking about ISPs who take it upon themselves to filter the email to their own users based on criteria the users have no say over and probably zero knowledge of.

My favorite related personal anecdote:

My ISP acquired some new netblocks and was migrating customers into them. When they moved my /28 and I had problems, I tried to email them but it bounced: my new netblock was on a RBL that their server used to reject messages.

One quick phone call and all was resolved, but it was annoying (and amusing) for a day or two.

BTW, there are two ISPs in my city and this was the good one. My alternatives for getting "better" access consisted solely of moving to another

Re:This already exists

[RazzleDazzle]

Well then you obviously are not on the receiving end of millions of spam emails every day that *COULD* have been rejected outright if only you'd been using an SBL. Or you have so much free time to delete all of the junk emails, in which case where do you work? I would like a job? The whole basis of your argument gives no explanation as to how block lists are flawed morally. Technically flawed, yes. Morally flawed, I'd say no. Why should I waste all of my time looking and and handling spam emails I never wanted, requested, or occasionally specifically asked to not to receive? Just so I can be morally superior to spammers?

Let's pretend I agree that SBL's are immoral, I'd gladly take the hit to my moral standing if it means the (even less moral) spammers can't get as much of their crap to my inbox.

No one sane has ever said that block lists are the ultimate solution for the fight against spam, it is a very useful and very effective supplement to other measures. If something better comes along, I'd gladly use it.

If you don't like block lists, don't use them.

Re:

[pclminion]

Well then you obviously are not on the receiving end of millions of spam emails every day that *COULD* have been rejected outright if only you'd been using an SBL. Or you have so much free time to delete all of the junk emails, in which case where do you work?

I use a Bayesian filter, perhaps you've heard of it? It filters about 300 messages a day. That's down, from about 3000 a day a year ago. Filter the content, not the source.

Why should I waste all of my time looking and and handling spam emails I

Re:

[RazzleDazzle]

I use a Bayesian filter, perhaps you've heard of it? It filters about 300 messages a day. That's down, from about 3000 a day a year ago. Filter the content, not the source.

Good for you. Bayesian filters work great for some scenarios, but they do not work well for everyone. Do you think companies like Yahoo, Gmail, MSN, etc can use Bayesian filters? They have to be trained by the end user which is not an easy task or even possible in some cases like where people outsource their anti-spam to other companies

Re:

[statemachine]

Every time I see these arguments against spam blacklists, I roll my eyes. On my mailserver, I've carefully selected blacklists that either periodically scan suspected hosts for open proxies or infections, or simply list based on a spam coming from that IP address. And in all cases, these selected blacklists allow quick delisting.

True, the blacklists have blocked some of a large e-mail provider's servers (because spam was indeed sent from those compromised servers), which has inconvenienced me, but at the sa

Re:

[brass1]

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is.

It's a strong argument for changing providers more than anything else. The abuse department that found and killed the previous customer should have done a sweep of those IPs with all the usual places then get them removed. For professional abuse departments this is a matter of doing business, and is unfortunately part of what makes the Internet go 'round whether anyone likes it or not.

A black list is a list of domain or IPs the provider of the black list wishes to list. The provider of the list gets to

Re:

[Danny Rathjens]

That reminds me of that lady who had her house vandalized because she was a "paediatrician" because they thought it sounded too much like "paedophile". Some blacklists are based on having letters like "dsl" in your DNS PTR records. :)

The Upgrade that Wasn't

[beadfulthings]

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

Yeah, they're unethical and sleazy, and yeah, I held out for as long as I could, but I'm only one person. I'm part of a small group of like-minded business people, and when we got fed up with "ho

Re:

[McDutchie]

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

If this isn't hysterical hyperbole, I don't know what is. What's happening is that he is having trouble getting a few emails delivered. No one is getting "targeted".

There is no such thing as an

Re:

[pclminion]

Wah wah wah! Grow up. You sound like a spammer.

A spammer who published a paper [usenix.org] on automated classification of spam, and devised a neural network/information clustering technique which was shown to be even more effective than Bayesian filtering -- in fact, more effective than ANY other known content-based method at the time? Yeah, okay, chief. So tell me, what the hell have YOU been doing to combat the spam problem, aside from widesweeping, ill-advised, technically flawed, misanthropic methods?

Filter t

Re:

[pclminion]

I would not have even posted if I hadn't been accused of being a "spammer," which is the typical response when I criticize RBL. This happens so often that by default I give a pointer to our paper. The point is, there is no reason to give up our freedom on the Internet because of a few dickheads. I believe this fervently enough that I've done research work on the topic to try to improve the situation. Am I overly opinionated? Probably. But I see absolutely no reason why normal Internet users should be victim

Re:

[Technician]

Anybody who buys into blacklist-based technology is a reactionary and a bigot.

Or simply buried in spam so e-mail isn't functional. Blacklisting China, Amsterdam, and Russia lightened my load considerably.

The problem with blacklists is the re-assignment of an IP address does not clear up the black ball. There should be a way to have blacklists auto-check the MX record for new ownership.

Re:

[Fred_A]

If this isn't a strong argument that blacklisting systems are unethical, I don't know what is. Imagine being targeted by vigilantes because you bought a house which was previously occupied by a sex offender and so the addreess is listed on the local sex offender registry. That's essentially what's happening here.

Except that on the network, whole subnets are written off because of one or two addresses.

One house shouldn't be equal to a whole block (class C) or a whole town (class B) even though it makes life easier for the RBL maintainers.

Re:

[pclminion]

If you think blacklisting is unethical, then you must think that ignoring something for any reason(or for no reason at all) is unethical. I doubt you actually believe this.

Not an equivalent for comparison. It's not ME who chooses to ignore something. It's a piece of software on a server that I have no control over. My mom didn't have a choice when her ISP started blocking my emails. Except of course to change ISPs to one which has a sane policy. And I'm not switching hosting services just because my IP

Re:

[ultranova]

Some mail server administrator who thinks he's God decided that he should get to choose which mail gets delivered and which doesn't.

Holy exaggeration, Batman ! Well, I guess animistic faiths could incorporate gods of e-mail servers for various domains. Sure would make an impressive title for your CV, too ;).

But seriously, in what way does deciding not to receive (not deliver; receive) an e-mail mean you've got delusions of grandieur ? And do I have such delusions if I put "no junk mail" sticker on my

Re:

[lena_10326]

The instant that a single local sex offender can assault one million people in an hour, I will agree with you.

A spam email is equivalent to getting molested or raped? Hmm. Your cerebral prioritization algorithm is broken.

Re:

[Bryansix]

Our email suffered because other people implemented SBL. Also, nobody is comparing it to AIDS. The summary mistakenly made that analogy but the article used a different analogy.

More like metapHorrible

[The Amazing Fish Boy]

AIDS already exists, too. A frightening real disease which ought not be compared to issues of whatever internet posse comitatus happens to rain the occasional parade for those networks who voluntarily implement SBL, et al.

Oh, don't be such a comparison Nazi!

Re:

[Fred_A]

AIDS isnt even all that bad anymore. You take some pills.

Not that bad as in *if* you're in a rich country you can get a treatment that's quite uncomfortable and has lots of not very nice side effects and while it leaves you still alive (and therefore free to do science if you like), still leaves you with a depressed immune system which means you still have to take lots of silly precautions.
So while I suppose that people with AIDS are happy not to be dead, it's still not a very comfortable illness to have. Not to mention that there's apparently still a heavy soci

Trigger trippers

[ackthpt]

the systems in place to reverse erroneous lockdowns are manual and unresponsive.

Yep, almost as bad as trying to get set up with service in the first place.

I guess the way to foil these critters is to try to trip as many as possible. Then again, the intarweb mischief-makers will probably do just that.

Please stay on the line, your call is important to us.

Automatic Forgiveness in Autonomic Systems...

[nweaver]

For a lot of autonomic systems, you need the blocking, but a little automatic forgiveness goes a long way.

EG, in a scan detector, forgive 1 scan per minute/hour and eventually release the block. This saves a call to tech support, and papers over a lot of sins when building an automatic system.

Re:

[photon317]

I do this in all of my active defense systems for production sites. I tend to make the firewall rules reasonably aggressive at detecting anything that looks remotely like attack traffic (connections on ports that neither us or customers are ever supposed to use but do see attack traffic (22, 139, etc...), tcp flag combos common in stealth scanners, certain known exploit string matches on port 80 traffic, etc), but the offending IPs are only blacklisted for a few minutes at first, ramping up to perhaps half

Re:

[jamesh]

I've implemented a similar but much simpler thing on a linux router using ipt_recent. It stops ftp/ssh scans very quickly. I have about 32 addresses in a /24 that aren't used and if hit will trigger this blocking behaviour. Ditto for a bunch of ports (1434, 445, etc).

What are you using to implement this?

same thing happens with p2p blocklists

[leuk_he]

p2p applications use peergaurdian or other ip filters by bluetack that increase in size, but getting removed form such a ip blocklist is hard.

Auto-immune != immuno-deficient

[ChameleonDave]

The summary title is stupid.

AIDS is not auto-immune; it is immuno-deficient. The FA doesn't mention AIDS. Try this [wikipedia.org].

Re:

[Raffaello]

Exactly. Summary should have said "Internet Lupus" or "Internet Multiple Sclerosis" etc.

Re:Auto-immune != immuno-deficient

[ColdWetDog]

It's kind of a dumb rant - automatic systems are cheap and fast, manual (meat space) systems are slow and expensive. If he is trying to make some analogy between the Internet and the Immune System, well, you can do it but it's pretty crude. The immune system in a human, for example, is a complex and delicate balance between acceptance and destruction.

There are many, many examples of problems when that balance is disrupted. AIDS on one hand when you don't have enough of an immune response, Lupus when your immune system is too jazzed up. Furthermore, the immune system is incredibly complex and has layers and layers of feedback systems, redundancies, control loops and things we really don't understand well. I suppose AIDS would be a Windows box hooked up to a cable modem. Not long for this world.... Lupus might be what Doctorow is complaining about - too much "immune" activity.

Unlike the Internet, the immune system has had millions of years to evolve to it's present state - and it is still hardly a perfect system. Perhaps some up and coming "Internet Immunologist" might start out with this course [mit.edu] to take advantage of those millenniums of experiments

Or perhaps we should just chuck the immune system thing and try to come up with a car analogy.

Re:

[gad_zuki!]

>It's kind of a dumb rant

What? Youre saying a science fiction author who has never worked with large scale networking has invalid opinions about network security and his proposed fix-all is questionable musings? Say it aint so!

Re:

[fm6]

Just to make your point a little clearer: "auto" here means "self" not "automatic". Auto-immune diseases are ones where the immune system attacks the very cells it's supposed to protect.

Re:

[veganboyjosh]

Perhaps the car analogy the sibling post was talking about is in there somewhere...

Re:

[fm6]

In that sense, there is no auto-immunity. Slashdot is a U.S.-centric board.

Glad someone spotted this

[mutube]

AIDS = ACQUIRED Immune Deficiency Syndrome. That is the immune system gets knackered by the virus and packs in.

Auto-immune means that the body's immune system starts to attack itself, a condition which is largely incompatible with the one mentioned. AIDS deals with the destruction of the immune system by outside causes (whatever they may be). Autoimmune diseases cover the body's own immune system going haywire and destroying the body.

Analogy: AIDS is a demolition crew, Auto-immune is "Extreme Makover: Home

Re:

[Creepy Crawler]

I love that analogy!

mmmMMMMMMMmmmm cooked long pig.

Allergic reaction

[Kelson]

Yeah, I would've compared it to an allergy, in which the immune system starts fighting off an otherwise harmless substance as if it were a foreign invader... and the response ends up being worse than the "attack" would have been.

Bunch of cash

[moogied]

I will wager a bunch of cash that he is selling a product that will fix whatever he says is broke.

Re:

[NoMaster]

I will wager a bunch of cash that he is selling a product that will fix whatever he says is broke.

No, no - he's writing a story about it.

The hero is a neckbeard, it's set in a world where everything wants to be free, and the main part of the action takes place in Disneyland. Oddly and unbelievably, the author will not understand the ironic incongruity of that...

Not AIDS

[supahdren]

Maybe I'm just not seeing it, but this article doesn't mention any comparison to "AIDS." This is good, because AIDS isn't an autoimmune disease. The article's comparison of evolving security responses to an autoimmune reaction is apt, but a comparison to AIDS/HIV wouldn't be.

Not AIDS

[mr100percent]

It wouldn't be internet AIDS. Wouldn't that be Internet Lupus [google.com]?

Re:Not AIDS

[Hatta]

It's not lupus, it's never lupus.

Re:

[antibryce]

Maybe it's Cushing's?

Re:

[Loke the Dog]

Is that you, Cameron?

hmm

[theMerovingian]

the systems in place to reverse erroneous lockdowns are manual and unresponsive

Anyone who is married knows how much of a dilemma this presents...

Guess we'll have to...

[oahazmatt]

Guess we'll have to line the tubes with latex.

Re:

[Bryansix]

Don't you mean KY Lube?

Pardon my naivety

[zappepcs]

but if all that could be done successfully, wouldn't it already exist as a set of ruby on rails scripts?

Seriously, I believe that until processors/hardware works with the OS to sandbox applications correctly, there is no really effective way to sanitize the Internet, and there are some really good reasons for not doing so.

At least some malware uses the OS features to hide itself, and propagate itself. Much of the rest of it relies on users to initialize it locally. Tell me how that will automatically be rem

Re:

[Bryansix]

Couldn't Microsoft just release patches for Windows 95? I mean they released the buggy software so they should fix it.

That's not AIDS

[Punto]

It's Lupus.

Re:

[jalefkowit]

No it isn't. [itsnotlup.us]

Re:

[pclminion]

Foreman, you idiot!

Re:

[Punto]

It's NEVER Lupus.

where is your god now?

I've had this experience

[kwerle]

I had a bad encounter with an RBL a few years back (late 90's, I think). I had installed some web proxy on my machine and opened it up so I could use it from outside my firewall. I never considered that it cold proxy to my machine itself. These were the bad middle days when packages could get away with shipping in not-quite-idiot-proof configuration. I later argued with the package maintainer that the proxy should disable local referrals by default. They didn't agree, and it wasn't my package.

Anyway. It turns out that spammers could blindly use my webproxy to push email to my local port 25 and send mail using it. Damn clever spammers. I figured it out after my email system croaked and I looked at the logs and mailq. (crap, 1000 spam messages in the outbox, originated on my system).

So I'd been a tool, and used, and it was my damn fault. I fixed it (uninstalled the proxy) and started to repair the damage.

One of the items of fallout was that the RBL lists had nailed my IP address as a spammer. Fair enough. But getting them to turn it off was a royal pain in the ass and took days - even though their notes described exactly how the spam was delivered through my system and it was easily verifiable that it was no longer an issue.

It left me pretty peeved, and I've never used an RBL since.

The pool is closed!

[Anonymous Coward]

Due to AIDS!

Whitelists and Blacklists

[Doc Ruby]

The solution to the complex access problems is, as usual, distributed social trust networks. But we're still so primitive that I can't even find a whitelist/blacklist plugin for my Evolution.

There probably is one, but it's hidden behind an opaque trust network of people who know about it, but who I don't know, though we have that SW relationship (need/have) in common. Let's see if the manual broadcast still works.

Cory's not a BB founder, nor is AIDS

[yourpusher]

anywhere near an appropriate analogy.

that's the second article i read today

[circletimessquare]

that had a misleading title, suggesting disease from internet content

"Lust, Caution" prompts virus, medical warnings [reuters.com]

although this was quite the amusing bit:

"Most of the sexual maneuvers in 'Lust, Caution' are in abnormal body positions," the report quoted Yu Zao, a deputy director at a women's hospital in southern Guangdong province, as saying.

"Only women with comparatively flexible bodies that have gymnastics or yoga experience are able to perform them. For average people to blindly copy them could lead to

Doctorow not a founder of BoingBoing

[Anonymous Coward]

I don't know how many times I've heard Doctorow say in interviews that he is not a founder of BoingBoing. Fraunfelder is the only founder still involved with BoingBoing (I think he is also the only current contributor who was around when BoingBoing was in print before it went electronic).

Credit card lockdown

[pclminion]

My wife and I drove over three hours to a different state to buy furniture. On the way, we stopped at a gas station and bought gas. Apparently, our credit union doesn't believe in such things as traveling from state to state, and flagged this is a suspicious transaction. Nevermind that we go to this neighboring state regularly and their "system" has never seen this as unusual. Of course, the card was silently suspended. This has happened a few times in the past, but we'd always received a phone call within minutes of it happening. No such call, so we remained oblivious and continued on.

Proceeded to drive to our destination, spent a few MORE hours picking out furniture, went to pay, and... Whoops. Luckily I managed to dig out a credit card from the depths of my wallet that I'd forgotten about, and which still worked, luckily. But it easily could have been a completely wasted day.

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

Imagine that. People occasionally drive into a neighboring state and... buy gas on the way! If that's not suspicious, what the hell is, right?

Re:

[gclef]

Actually, it's very suspicious to the credit card companies.

When a card is stolen, the thief will often follow a predictable pattern: a small, relatively anonymous purchase (like gas), to confirm that the card works, followed shortly by a large transaction (like, in your case, furniture). Gas stations are the perfect place for that first transaction: if the card is cancelled, no one's at the pump to call the card company or rat them out.

When the credit card companies see transactions that fit that pattern,

Re:

[SuperBanana]

Of course, calling the credit union about it didn't help. They aren't open on the weekends. They can shut your account down kid, but they won't turn it back on again.

You don't call your credit union. You call the credit card company.

I belong to a credit union too, and I have a CC issued by my credit union. I bought an expensive piece of electronics, first major purchase on the card. On a Sunday afternoon, no less. That went through...but 30 minutes later, another transaction was declined. The cred

Okay, other side of the story

[SmallFurryCreature]

Didn't happen to me, I was just a witness. I was at a police station to sign a statement regarding an attempted burglary the night before, they asked me to wait as they had to deal with a woman who was a bit upset. Privacy? Not when you are so loud you are overpowering my iPod.

Her story? Money had been withdrawn from her debit account (Postbank for dutch readers) and she wanted to report it, she had already contacted the bank and been told the money had been widthdrawn from spain, this was in the summer an

Welcome to racial profiling

[DysenteryInTheRanks]

He mentions having his debit card cut off every time he leaves the country; the same thing happened to me.

Ater specifically notifying B of A I was going to France, and asking them to raise the limit, because I would be withdrawing a lot of cash, my card was suspended.

Suspiciously, someone was withdrawing a lot of cash. In France.

This is basically the price we pay for weak law enforcement. There are laws against spam, and phishing, but no money to prosecute, so we end up with flawed automated systems.

There a

Waiting for Total Collapse

[rueger]

Sigh, neither Doctorow's article nor the bizarre summary offer much hope. He is right on some points though.

More and more it is left to the end user or consumer to battle their way though e-mail and voice systems to undo the damage inflicted by automated systems. To add insult to injury it seems that the blame for these problems is always placed on the customer, not on bad system design. I guess that this is all part of the "Leave you bag at the door" attitude that assumes that every customer is a shop

Simple rule

[pclminion]

It should be a simple rule, really: Do not automatically disable anything that can't be automatically re-enabled. Two way street.

A Simple Well Thought Out Solution

[cybereal]

I'll simply get my HERF gun and this time things will not end badly!

(If you think this is OT, you need to read more Doctorow)

Cory's A Cool Guy And All But...

[FrankDrebin]

...he is not *the founder* of Boing Boing. That title goes to Mark Frauenfelder [wikipedia.org]. Cory is a co-editor.

The Internet is closed...

[jblake]

...due to AIDS.

The internet is no longer a series of tubes.

[Trespass]

It's now a pool- and it's closed.

What?

[Nonillion]

"malware, spamigation bots, and other network nasties"

WTF are these terms you are referring to? I run Linux and Unix and I'm unfamiliar with "malware" and "spamigation bots". Are these Windows applications?

Just asking :P

it's more like allergies

[netsavior]

I think it's silly to force a biological metaphor but if you have to:
Allergic reactions are where your body identifies foreign or even native substances as harmful and treats them with hostillity (like by making your eyes water and your nose run to flush them out) This is an immune over-reaction, which is what the article is talking about.

AIDS would be more like the many many viruses that seek to shut down common anti-virus programs. But of course, AIDS is more scary and sensational than histamine

Non-credible source

[sakusha]

I fail to see how anyone could take that rant seriously. I fail to see how anyone could take seriously any technical argument from Cory, who is well known to be a high-school dropout who never produced a line of code in his life.

Cory's specialty is making mountains out of molehills. He whines that he got kicked off his hotel network after playing an online game that taxed their shared resources, and from that he makes sweeping generalizations about overall Internet security. Excuse me if I completely disreg

Re:

[sakusha]

Right, like I said, making mountains out of molehills.

AIDS?

[Pendersempai]

Only if we get to call a tiered internet "Internet racism."

Spam is email that forces itself upon me -- that can be "Internet rape."

What Comcast is doing to bittorrent traffic: "Internet genocide."

And the projected brownouts as described by that other article on the front page right now: "Internet Alzheimer's."

These attention-grabbing headlines are so accurate and informative!

WTF is *A VIDEO GAME* doing a portscan for???

[knorthern knight]

No sympathy here. Cory, you should be yelling and screaming at the fuckwit of a video-game programmer that programmed the video-game to run a port-scan of the local network. How is the admin supposed to tell an "evil port scan" apart from a "benign port scan"? Btw, don't walk into a bank wearing a mask. A teller will push the button that silently alerts the local police station, and you'll spend the next 24 hours trying to raise bail.

If it quacks like a duck
and it flies like a duck
it's damn well going t

Not founder, not AIDS, otherwise, w00t!

[mouthbeef]

Hey there -- I wrote the FA, and for the record:

* I didn't found Boing Boing -- I co-edit it with Mark Frauenfelder (who *did* found it, along with Carla Sinclair), Xeni Jardin and David Pescovitz

* I didn't use the word AIDS in the article, and I don't think that this is comparable to AIDS; I used "autoimmune disorder," as in "allergy" or even "lupus" -- that is, any time when the systems that are supposed to protect you end up attacking you

Otherwise, many w00ts for this making it to the /. front door!

Virus analogy

[marcovje]

Well, one of the less nice properties (and then I'm making an understatement) is that it is euh, viral and contagious.

So this analogy is a bit overdone I guess.