It's_deja_vu_all_over_again

title: It's deja vu all over again date: 2004-12-23 23:39:56

Holy crap:

IP addresses are easy to fake as well. The design principles of TCP/IP allows the sender of a packet to specify its IP address. The message will still be routed to its destination using the fake origin address. Return packets would be mis-routed, however, because TCP/IP would send responses to the true location of the IP address rather than where it actually came from. This means that IP spoofing is ineffective in situations where you need to interact with a remote server, but very effective in a one-way conversation. I can't retrieve a Web page using a spoofed IP address because I need to make the request and then have the server send me the page. But I can send requests all day long if I don't care about the response.

I thought this was just a slight muddying of the waters. But no. The VERY NEXT PARAGAPH:

Posting a comment (or TrackBack) doesn't require interaction. I can send a comment in a POST or GET message and not worry about the response if I don't care about receiving acknowledgment that it was successful.

...what, has Apache moved to UDP all of a sudden? Sweet Zombie Jesus! (And don't talk to me about guessing SYN numbers; that is not what this idiot is talking about.) (Although to give him his due, he is talking about this in an article explaining why blocking IP addresses from blogs won't work, and he comes up with a great summary: "This [approach] is fundamentally flawed because it assumes IP addresses are both unique and hard to come by.") (But oh, this is a very painful case of bending over backwards to be fair.) And then:

Now spammers have turned their attention to weblogs and comment forms. In order to increase search engine rankings you are posting advertisements to our Web pages. What you failed to understand is that bloggers are smarter, better connected, and more technologically savvy than the average email user. We control the medium that you are now attempting to exploit. You've picked a fight with us and it's a fight you cannot win. Bloggers will track you down and notify your hosting providers about your activities. We will tell your ISPs what you are using their connections for. We will let the makers of the products you are advertising know of your despicable sales methods. We will hit you where it hurts by attacking your source of income. You can move to a new host, find a new ISP, or sign up for a different affiliate plan. The end result will be the same. Each time you rise out of the muck we will strike you down and send you back to the hole you crawled out of.

Do you smell that? That is the sound of sweet, virgin superiority, fresh and and naive and unmingled. This is from Dive Into Mark. I quoted it before, but here's a bit more context:

If you want to be an anti-spam advocate, if you want to write software or maintain a list or provide a service that identifies spam or blocks spam or targets spam in any way, you will be attacked. You will be attacked by professionals who have more money than you, more resources than you, better programmers than you, and no scruples at all. They want to make money, this is how they have decided to make money, they really can make a lot of money, and you're getting in their way. This is old hat to anyone whos been involved in anti-spam efforts in other domains (Usenet and email spring to mind), but just like everything else, the weblogging community seems intent on (a) thinking they're special and unique and nobody has ever had their problems before, and proceeding to (b) ignore all the work that has come before and reinventing the wheel. [....]Someone challenged me, Well, how am I supposed to continue hosting these low-barrier discussions? I'm sorry, but I don't know. To quote Bruce Schneier, "I feel rather like the physicist who just explained relativity to a group of would-be interstellar travelers, only to be asked, 'How do you expect us to get to the stars, then?' I'm sorry, but I don't know that, either." The low barrier is exactly the problem here. We got away with it (please, come post random links on my site which is well indexed, poorly managed, and open to unlimited anonymous contributions!) because we were collectively very young and naive and thought no one could hurt us. Now it's like were turning 30 and being told we need to go on a diet and asking, "Well when can I go back to my old eating habits?" Um, you can't. Your old eating habits don't work anymore. Weblogging is growing up. Oh wait, you thought that would be a good thing? You must still be young.

It is still worth reading every single depressing and true sentence in there, if only to keep yourself from being drowned in bullshit, nonsense and fairy tales.