In the Spirit of the Blue Frog
Sat, 2006-12-16 22:44 — james4shari
Oh how I wish that I had technical experience so that I could contribute to the development of the Okopipi Project but I am only a home PC user. I wish Blue Frog had not given up because it, for a time, was the best thing to fight spam with at the source. For a time it was working. Now I am getting flooded with spam again.
Please, in the Spirit of Blue Frog, put this thing together and bring back "The Frog" in the form of Okopipi. Once again we can rejoice every time we "Complain" to a spammer or their advertisement source.
Remember, "one complaint for one spam", "ten thousand complaints for ten thousand spams"? Fair? You bet it is.
- james4shari's blog
- Login or register to post comments
Similar entries
Poll
Do you think Blue Frog was the best or Black Frog is or is going to be better ?
Blue Frog was better
41%
Balck frog is better or is going to be better
59%
Total votes: 70
Recent comments
- PaydayLoans
3 weeks 2 days ago - Online Auto Loans
3 weeks 6 days ago - Re: Instant Cash Advance
6 weeks 3 days ago - Used Auto Finance
7 weeks 4 days ago - Bad Credit Auto Finance
7 weeks 4 days ago - Re: Okopipi was a good idea...! Really!
10 weeks 4 days ago - Re: Myers Briggs Personality Test
10 weeks 5 days ago - Re: Myers Briggs Personality Test
11 weeks 3 days ago - Re: No Credit Auto Finance
15 weeks 3 days ago - Shenanigans !
24 weeks 3 days ago
Syndicate
Comments
Re: In the Spirit of the Blue Frog
I am not an expert and can program little more than a '.bat file...
But anonymizers use proxies, and often a chain of them.
Could you not do that, too?
Have m proxies available, p1, p2, ..., pm and run a subset of n proxies, px, py, ..., pn, every few minutes randomly switching between the m proxies (and maybe switching n, too). Thus there would be no time for crackers to find them out.
Re: In the Spirit of the Blue Frog
I am not an expert and can program little more than a *.bat file...
But anonymizers use proxies, often a chain of them, to pass through the traffic.
Couldn't you use the same thing?
A chain of m proxies p1, p2, ..., pm available and use a subset of n proxies px, py, ..., pn at a time, every few minutes randomly switching between the m available ones (and maybe switching n, too). Thus the chain isn't static, but dynamic, so that there is not enough time for crackers to find them out and interfere.
Sorry, this came in twice since I didn't see it after the first post...
Re: In the Spirit of the Blue Frog
It is not clear to me how you would do that. If you can do it, I'm not convinced that it would solve the problem.
The original proposal did include arrangements to hide important servers and functionaries.
I'm sorry, I appreciate your good intention, but you have to be much more specific.
prototype
NOW ISNT THAT GRAND ,SO IT IS
SCRAPIRON
"Blue Frog"
I share your feelings on this James and I'm a little frustred the way this project is going or better said NOT going, It seems to me that the "powers that be" on this project can't use the same format as Blue Frog, maybe update the language and bring it up to par and then release it, , but your right something needs to be done, Im 70 and would like to see it in my life time :):):)
Scrapiron
I'm working on a prototype
I'm working on a prototype (see this comment), but my work is almost at a standstill until (most likely) February. But by then I should have plenty of time for this work.
My apologies to everyone for not responding when you're worried. It's a difficult time now.
You can help greatly by subscribing to e-mail notifications from our web forum or from our Google Groups, so that you are notified and can help test my prototype when I release it. No experience needed. I would appreciate all such help a lot.
Re: I'm working on a prototype
I don't think you are. If im wrong, prove it and send it out to me and a few others.
Re: I'm working on a prototype
Forgive me for being so extremely unresponsive. Illness and lots of work, both at the same time, conspire to make things very difficult.
This means that in a way you're right. I can't find time and strength for Okopipi right now. But I will get back to it when I can.
However, I'm sorry, I won't send you proof of my efforts. That's because I get the impression that many spammers are part of organized crime syndicates -- that is, people who won't hesitate to use kidnappings and extortion if they think they can profit from it. If I send out my work, and spammers among us analyze it, and conclude that I'm a threat to them, maybe my family or I will be in danger.
It's not worth that risk just for giving proof. Giving proof isn't that important. I prefer the current situation, where the spammers can't know for sure if I really have a solution that can be coded and will work, nor can they know if I know what I'm talking about. They can't know if my confidence is warranted or is just a case of overconfidence.
Also, I'm still hoping that somebody will get impatient enough to start an alternate, competing solution. With two different solutions we would be far less vulnerable than with only one.
I hope that enough people will have patience enough to keep subscribing, either here or in our Google groups, so they can help test my prototype when the time comes. But if people don't have the patience I understand. I suppose that, if necessary, once my prototype is released it can get publicity on a few large sites like Slashdot, so that people can come from these sites and help testing.
However, it's much better if the initial tests are made by dedicated people who have stayed here. Therefore I really appreciate it if people stay! But if that isn't possible, I think word-of-mouth publicity can solve the problem.
Re: I'm working on a prototype
Hey - I can't believe you guys anymore!
Since more than a year you are promising, and NOTHING comes.
Is this in reality a hoax by spammers?
Re: I'm working on a prototype
Personally I have never promised anything here. As a matter of fact, in the beginning I didn't intend to contribute at all. I didn't have time. I only wanted to quietly observe and learn how an open-source project works from the start.
However, as time passed I couldn't stay passive. The project chose solutions that in my opinion led to very complicated problems that would make it all very difficult to code, if at all possible. I also thought that the chosen solutions would be easily overwhelmed by spammers attacking the network, and also that the solutions wouldn't scale. "Wouldn't scale" in this case means that, even if they did turn out to work with a few hundred users, once there were a few tens of thousands the network would be unable to cope and would grind to a halt.
Seeing this, I proposed ideas that I considered improvements, solutions that in my opinion were simpler and more scalable. However, my proposals did not convince the project leaders. On the contrary, they thought that my solutions were more complicated than theirs.
We argued for a while, and I found that convincing them was impossible. I concluded that I my explanations were at fault. I couldn't explain in a way that was easy to visualize and understand. In my opinion my ideas were good, but difficult to convey.
Since I didn't have time for getting involved, I was very reluctant to code my solutions. But in the end I decided to try to find time for coding them.
After that, the rest of the project produced a few papers and then seemed to give up. My guess is that their reason for giving up was that they got stuck in the complications and difficulties that I had seen. That's just a guess, but considering the enthusiasm at the start, I'm sure they had some good reasons.
If I remember correctly, at some point somebody said that there were 176 willing volunteers. I can't believe that all 176 just lost interest. They must have had some reasons.
If you're wondering what's the big deal, what makes this project so difficult, note that spammers will attack the network, posing as users and volunteers. They will do everything they can to disrupt communications and sow confusion. They will use their botnets for this, and a botnet can have a hundred thousand zombies. If every zombie emulates just ten users we have a million fake users.
This means that, if our fledgling network has a thousand real users, our real users are outnumbered a thousand to one. We need solutions where our network and our volunteers are neither overwhelmed nor confused by this onslaught.
I think that I have good solutions to this problem. I'm convinced that I was just unable to explain my ideas clearly enough.
But as you see, there is no promise involved here. Quite the contrary, unfortunately. The problem is difficult, and the only remaining coder was unable to convince the others.
I am quite confident that my solutions will work. But only time will tell for sure if my confidence is warranted or if I'm overconfident.
Re: I'm working on a prototype
So what are the project leaders doing?
Discussing various approaches without coming to a solution? Wasting time?
Who can now still believe in this project?
Why don't you guys get together with the Blue Frog people - their approach DID work, and it worked well, and that is why the spammers shot it down (otherwise they wouldn't have cared) - and merely remodel their concept to be safe against attacks? That is: Use that existing and working system and just safeguard it, instead of starting all over again from scratch.
Maybe a chain of randomly changing proxies could make it safe. Just an idea.
And please don't take it personally, it is meant for all involved. You are all sitting in the same boat!
Re: I'm working on a prototype
The core functionality of Blue Frog is quite trivial to re-implement. The fact that Okopipi didn't have access to Blue Security's core functionality code was never seen as a problem. It was discussed briefly a couple of times, but only in passing, since it was such a trivial part of the project compared to the protections against attacks.
Exactly what you're saying, remodeling the Blue Frog concept to be safe against attack, was what the Okopipi project set out to do from the beginning. This was the idea from the very start.
Except there's nothing "merely" about it. It's not something you "just" do. It's a seriously difficult problem.
When the spammers attacked Blue Security, first they bribed an internet backbone insider, who then helped them attack Blue Security from within the internet backbone. In a later attack the spammers unleashed a DDOS attack that was so massive that experts think it would have incapacitated Google, had it been directed at them.
An attack of that magnitude isn't something you "merely" defend against "just" by safeguarding the system.
All ideas and proposals are very welcome! I would love to see an idea that made the problem simpler! And so would everybody else, you can be sure of that!
I don't see how your proposal solves the problem, but maybe you just need to explain better. Maybe it becomes clearer if you analyze and describe your solution in more detail.
What you say sounds like one part of the original approach that turned out to be so complicated. But since you don't explain much I can't be sure.
I'm not in contact with them so I don't know what they do. But I can't blame them for not leading when there is nothing to lead. They did try. Unless I'm mistaken, all the people who understood the problem gave up, except me. Thus it seems there's nobody they could lead except me.
My guess is that among the people who remain, most don't know what to believe, so they don't believe either way, they just stay in case in the end there is a working solution.
I've never really felt that I was "in the same boat" and fully a part of the Okopipi project, as my proposals were rejected and I went my own way.
Of course once I release a nicely working prototype I'll be very much in that boat. But probably not before that.
Re: I'm working on a prototype
Ya know... one thing that programmers/developers might want to try is this:
Create a spam filter program that actually goes through all of the spam looking for URLs. Some spam use images, so OCR might be necessary to glean those URLs. Then, when the filter actually finds a URL in the spam message, go to their website!
Yep, you heard me right - actually set up a spam filter that will go to the spammer's website. That's what the spammers want right? The spammers want all of us to go to their websites and look at their products. So, why don't we? I mean, if you think about it... hundreds of thousands of us visiting the spammers' websites will eat up some serious bandwidth.
Why not take it a step further - have the spam filter crawl through the entire website. Look for links on the spammer's website and visit them all.
How simple and ingenious can that be?! *grin* I don't take credit for the idea (I saw it mentioned on another website) but I think we should take this idea one step further - any websites listed in an Email that a user specifically marks as DEFINITELY spam can be added to a list stored on the user's hard drive and when the user is not busy at their computer then the spam filter will automatically start cycling through the list and visiting the sites positively (and manually) flagged as spam until the site is overloaded to the point that it shuts down.
This is not spamming, it's not sending opt-out requests, or anything of the sort. A spammer has invited us to visit their website, so we're taking them up on that invitation. If they send out a million spams about a particular website and if everyone who gets that Email goes and visits the website and checks out all the different links on that website, then the bandwidth will hopefully overload their servers.
So, does anyone have the ability/desire to write a spam filter that will automate the process of "checking out" spammers' websites? If not, perhaps I'll create a YahooGroup and for those who are interested then we can set up automated script programs that'll do it for us. I'd rather have someone develop a more "slick" and cleaner interface, but for those of us who want to move forward and are tired of waiting - this might be our best option.
Your thoughts?
Re: I'm working on a prototype
i dont think that is a good idea, Blue Frog sent out an email (from each and every user) saying how they could remove BF members from theire spam lists.
with this solution they will have to guess what the heck is happening, before they can do anything about it.
oh and thumbs up poltergeist, iv been checking the site circa once a week to se how things are going, and have been quite dissapointed with the lack of activity. but im glad some1 (thats you, yay ^^ ) is finally doing somthing =) both me and my poor spam box (which recieves +100 spams a day, back in BF days i was down at recieving 5-15 spams a day) i hope you get it done soon! =)
Re: I'm working on a prototype
Thanks for the encouragement! Greatly appreciated!
Here's a tip. There's an easier way to keep track of everything that gets posted in this forum. You can tell the forum to send you an e-mail whenever anything has been posted. To do this, log in, then in the left column click "My account", then at the top click "My notification settings", and then, in the page that appears, enable everything.