Gremlin does not like spam. He does not like it on the train, he does not like it on the plane. Gremlin uses Spam hole. It is a hole for spam. If you ever come across some kind of service on the net that requires your email address and you know it only wants it so it can slam you with a few more terabytes (that's 1024 gigabytes, by the way) of spam, just go to http://www.spamhole.com and create a spamhole temporary email redirect address for just an hour or 2. For the time period you specify email going to your username@spamhole.com address will be redirected to your real email address, so that you can respond to those pesky confirmation emails and receive your confirmation codes from the site to prove to them you have given them a valid email address that they can spam and spam and spam, but just wait til they try... and get nothing but bounces... yeah! spammers hate that.

-Gremlin

Spam Hole

] There's a new form of spam. Many blogs allow people
] to add comments. Spammers have begun to add "comment
] spam". These are comments that have nothing to do
] with the blog. The comments are the usual set of spam
] porn, various drugs, and so on.

[IP] Spam attacks on blogs

] The recent explosion of e-mail spam is beginning to take its toll on
] the Internet world. A new nationwide survey shows that 25
] percent of America's e-mail users say they are using
] e-mail less because of spam. Within that group, most say
] that spam has reduced their overall use of e-mail in a big way.

[IP] Interesting statistics about spam

This is probably the scariest Microsoft related footage that I have ever seen. Its called Dance Monkey Boy.

Steve Ballmer: When marketing goes too far... [MPG]

Lauren Weinstein and Peter Neumann start cranking their own propaganda machine. Short, well produced audio commentary on current computer events. Nothing new for anyone here, but these shorts might come in useful, for example for those of us running (clears throat) radio shows. :)

Fact Squad Radio: We don't have an agenda... no... really...

] He added, "It's not like people are reading these memos
] in order to steal Diebold's election system. (The company
] is) trying to use this law, and specifically the
] mandatory take-down section, to conceal flaws that
] directly affect the validity of election results. This is
] a threat to our democracy."

Wired News: Students Fight E-Vote Firm

] Telco giant AT&T (Quote, Chart) on Wednesday rushed to
] withdraw two notices sent to business partners and
] customers asking for the IP addresses of all outbound
] SMTP (define) servers because of a "human error" gaffe.

And I was so excited about this. Apparently it was nothing...

Human Error Leads to AT&T's Anti-Spam Gaffe

] Security is always a trade-off: How much security am I
] getting, and what am I giving up to get it? These
] "data-mining" programs are not very effective.
] Identifiable future terrorists are rare, and innocents
] are common. No matter what patterns you're looking for,
] far more innocents will match the patterns than
] terrorists because innocents vastly outnumber terrorists.
] So many that you might as well not bother. And that
] assumes that you even can predict terrorist patterns.

Schneier takes an admittedly unacademic swipe at TIA/CAPPS programs. Basically the idea is that profiling doesn't work regardless of how much data you are looking at. Proving this, unfortunately, requires a TIA project.

Newsday.com - Terror Profiles By Computers Are Ineffective

] This (imaginary) company has a simple business model. It
] operates a really big password-protected SMTP relay. It
] sends email from anybody to anybody for 1¢ ($0.01) each.
] You open an account with them, drop in say $10 and
] you've bought the rights to send 1,000 emails. Or you
] could set up a monthly billing with your credit card, or
] whatever. You can't send more than 100 emails in a day
] without an (email) exchange to verify that everything's
] all right.
]
] Every email that it sends it signs digitally. Then, you
] set up your email client to send all email that hasn't
] been signed by SMTP4All or one of its competitors (there
] couldn't be more than a couple of hundred) to the junk
] folder. Then you tell your friends to go and sign up with
] one of these guys if they want you to get their mail.

Comments? I don't like his answer for mailing lists... Need to rethink that part a little bit...

Another Whack at Spam

] Host Identity Protocol [3] (HIP) defines a mechanism that
] decouples the transport layer from the internetworking
] layer, and introduces a new Host Identity namespace. When
] a host uses HIP, the transport layer sockets and IPsec
] Security Associations are not bound to IP addresses but
] to Host Identifiers. This document specifies how the
] mapping from Host Identifiers to IP addresses can be
] extended from a static one-to-one mapping into a dynamic
] one-to-many mapping. This enables end-host mobility and
] multi-homing.

Abaddon and I spent some time last summer working on a protocl called Adaptive Addressing Protocol (AAP). It was an attempt to make Mobile IP less silly by allowing hosts to change their IP addresses without dropping connections. It did so by associating connections with a unique identifier, secured by a Diffie Hellman key exchange. Last night, Jeremy points me at this. This is APP, basically. Its amazing how close our designs are. Its also *really* frustrating. We were going to have a working demo this weekend for Phreaknic.

I'm going to read through this stuff and see if there are any design decisions that we made that might be of value to this working group. Having said that, its worth memeing this documentation. This is the right answer for mobile IP and it will probably be the answer we end up with for multihoming of small networks because deploying something like this is less expensive then renumbering the internet geographically.

Host Identity Protocol