No, but I have been doing it since I started on forums in 1981 or so. That said, I now do it to annoy you.

                    -Charlie

Sure, I know and like DNSBLs including Spamhaus's, but this is a distinct application from XBL. Specifically, removal needs to be rapid in order for it to be useful for rejecting customer Web traffic. That's an engineering requirement that email anti-spam systems don't have, since SMTP is designed to retry for days if necessary to get a message through. Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests; and even though email admins are frequently dense, unresponsive, or victim-blaming, they're still a level above typical users in knowing what the fuck is going on with their computer.

One approach would be to have each DDoS victim continually (e.g. every hour) assert which addresses were attacking it, and only list those addresses which are currently attacking. This way, as soon as a host stops attacking, it will drop off the list. This has weaknesses — for instance, an attacker can use your host all night while you're not using it, without you noticing — but it's still an improvement over what we have today. And it still depends on each subscribing site having a good enough backchannel to the listing service to stay open during the DDoS. Back in the day we'd do it with a dedicated modem line — the bandwidth requirements are really quite minimal — but nobody knows what that is any more.

Sites under DoS attack should publish (through a channel not congested by the attack) a list of the IP addresses attacking them, through some trustworthy third party. Then, other sites should subscribe to that list and refuse service to those addresses until they clean up and stop attacking.

For instance, consider your uncle who uses AOL. His computer is infected with botnet garbage and is participating in a DoS attack against (say) Slashdot. Slashdot sends a list of attacking IPs, including your uncle's, to Team Cymru (the third party). Cymru aggregates these and publishes a list, updated every three hours. AOL subscribes to that list. When your uncle goes to check his AOL email, he gets an error: "We regret to inform you, your computer has been hacked, and is being used by criminals to break the Internet. You can't get to your AOL email until you kick the criminals off by installing an antivirus program and running a full scan. Click here to install Kaspersky Antivirus for free. Thank you for helping keep criminals from breaking everyone's Internet. Sincerely, Tim Armstrong, CEO, AOL."

Then your uncle gets mad and calls up AOL and complains. They try walking him through using the antivirus program, but he just curses them out and says he'll go to Hotmail instead. He tries ... but Hotmail also subscribes to the same list and tells him the same thing: "Your computer is infected with malware and is being used to attack other sites on the Internet. You cannot obtain a Hotmail account until your computer is clean. Click here to install Microsoft Antivirus." He gives up and calls AOL back, and they help him get his computer cleaned up. Within half an hour, it's off the botnet; and within three hours, it's off the list of attacking hosts, and your uncle can get his AOL email again.

"Frankly there are so many alternatives to sending mass mail from your own system, only highly suspicious people want to go around this."

I am a journalist, and I know what the laws are around email, subpoenas, (lack of any) protections under the (US) law, and the cost of lawsuits. I keep my own server, on my own premises, and keep logs only long enough for diagnostic purposes. All email is deleted after 2 weeks unless it is specifically moved to a location meant to be saved for the same reasons. I have been doing this, or parts of it, since before my ISP offered mail services, over 20 years now FWIW. Some people call me paranoid, I point to things like MegaUpload and call them ignorant. I guess that I would be considered "highly suspicious" according to many government agencies.

So there you go, there is at least one good reason to do the above, although I rarely send out mass mailings, probably less than one a year.

As for the rest of your points, I totally agree. Thanks for trying to stop the spam.

                      -Charlie

They've done dozens of events at Apple Stores, including the huge Apple store about 100 metres from this Microsoft store.

"free enough to be distributed with the Linux kernel sources"

the firmware files are typically under a license that prohibits modification and even redistribution.

> A desktop os needs a browser (Firefox), text editor (vim), office suite (OpenOffice), PDF reader (evince), window manager (kde), etc

Browser: GNU Icecat, text editor: emacs, office suite: GNOME Office, PDF reader: GNU PDF, window manager: GNOME.

I found its actually hard to get a machine that's decent these days, unless you're prepared to put up with a bit of crap.

The solution is to build your own custom laptop -- http://www.avadirect.com/gaming-laptop-configurator.asp?PRID=25095

If you go for the "VISIONTEK Killer" wireless card, it has an Atheros chipset, so you can distro-hop to your hearts content. They also ship it with no OS if you like.

"For corporate users, doctors offices, plant floor, I think you will be surprised. There is more software written for x86 Wintel than all other platforms put together."

And how much of it is written to be aware of the new UI? And if you have to port your stuff to use that abortion of a GUI, why would you NOT go to an iThingy or Android? Last time I checked, most doctors, corporate users, coffee shop poseurs etc, had iSomethings, not Windows. Think TAM, not sales pitches when you develop your platform strategy or you are not going to sell very many.

                  -Charlie

You have obviously not used Windows lately, or any other Microsoft product if you say such abjectly ignorant things. You may laugh, but those of us who have to support Microsoft products know the truth, and how wrong you are. Microsoft-level quality products are indeed expensive, and for good reason too, do you have any idea how much it costs to support this crap? How hard it is to keep up and running? Clean it up after the latest security breach? Preventing breaches is a fools errand, give it up.

All this costs money, lots and lots of money. Initial purchase price may be low compared to everything but FOSS, but that is only the beginning. If you calculate TCO, you will see exactly how expensive this poorly coded pile of outdated security holes really is. It ain't cheap.

      -Charlie

[Yes, this may look like sarcasm, but sadly it is not]

Rip it all and then use something like beats to figure out the audio fingerprinting and correctly tag things for you.

More puzzling still is not just what appears to be letters on the sample, but the fact that they indicate "cool ranch", a flavor of Doritos that has been depricated for over a year now. The creation museum has a crack team of acolytes studying this amazing discovery now.

                -Charlie

If you press stop twice, then hit play, you can generally skip that stuff.