LOAF - Distributed Social Networking Over Email

FamousLongAgo writes "LOAF (List Of All Friends) is an extension to email that lets you send out address book data without compromising your privacy. LOAF appends a hash-like data structure to each outgoing email, and collects similar attachments from the people who write to you. These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them. LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents. And as a decentralized application, LOAF offers an interesting alternative to current social networking sites like Orkut or Friendster."

Please go outside

[revscat]

Ok, I've had it with Friendster, Tribe, and all this social networking crap. Go to a bar, go to a park, hell go to a freaking CHURCH or something but if you want to make friends then for the love of Augusta Jane Chapin STEP AWAY FROM THE BLOODY COMPUTER. People are better grokked in person, and this virtual hooey is way overrated and ultimately unsatisfactory. If you're fat and ugly, go hang out with other fat and ugly people. Whatever you are comfortable with. But you just can NOT get the same social dynamics online as you do in the real world.

Why do you think people are such assholes online? You know, like me. Because the social dynamics are different and don't match reality. People don't have to be polite online, and you don't get to practice communications skills that make you successful in the real world.

And since the eventual goal is to get laid the physical verbal interactions are kind of important.

Having said that, this seems like an interesting technology, and doesn't seem as inherently annoying as Friendster. When the FAQ has stuff like this in it:

The false positive rate for Bloom filters is determined by the number of hashing functions, the size of the filter, and the number of entries in the filter, given by the approximate formula:

( 1 - e^(kn/m) )^k

It makes me go all warm and fuzzy.

Re:Please go outside

[AuMatar]

If you don't like them, don't use them. I don't myself. That being said, I know a lot of ways they're superior to real life:

*Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher
*Ability to hold multiple conversations. I can hold 4 or 5 simultaneous text conversations, only 1 oral one.
*Ability to talk asynchronousl. I can post something, he can read it later. A bar doesn't do that
*Ability to talk to people when on the road
*Ability to talk to people whatever the distance

Thats a few of the advantages. Real life has its own set of advantages. Neither is obviously better than the other. Nor is either exclusive- you're allowed to do both.

Re:Please go outside

[over_exposed]

I agree with you completely, but I'm not sure that's the only application/purpose of this concept. I see this as more of a spam filtering tool (at least for those with near average intelligence). If it has a subject line with RE: in it and it's not from anyone you know or anyone that knows someone you know, it's probably safest not to open it. In fact, why not expand on this technology and have the e-mail client smart enough to warn the (sub average intelligent) user that this isn't a response to anything you've sent out and is most likely not a safe e-mail to open.

Re:Please go outside

And since the eventual goal is to get laid the physical verbal interactions are kind of important.

I'm mute you insensitive clod.

Re:Please go outside

[eln]

And since the eventual goal is to get laid the physical verbal interactions are kind of important.

I think that pretty much says everything we needed to know about you.

I don't go in for these sites either, but to say that personal relationships online are any less valid than personal relationships in any other setting is ludicrous. Just because your only goal in life is to get laid doesn't mean that's the case with everyone else on the planet. Sometimes, we like to talk to people because we find them interesting, not because we think we might be able to score with them.

You're right that the social dynamics online are different, but you can't completely dismiss a manner of human interaction because it's different than what you're used to. But then, if all you're after is picking up drunk women in bars, then you can go ahead and spend your life doing that. You would have to be pretty shallow to consider that kind of lifestyle anything but "ultimately unsatisfactory" though.

Of course, there's a certain irony in your comment coming from a Slashdot subscriber.

Re:Please go outside

[greg_barton]

But you just can NOT get the same social dynamics online as you do in the real world.

I think that's the point. Maybe some people don't WANT the same social dynamics you get in the real world.

Re:Please go outside

[MarsDefenseMinister]

How ironic. Rev Scat bitching about something called LOAF.

Re:Please go outside

[revscat]

"And since the eventual goal is to get laid the physical verbal interactions are kind of important."

I think that pretty much says everything we needed to know about you.

Which is what, exactly?

You're right that the social dynamics online are different, but you can't completely dismiss a manner of human interaction because it's different than what you're used to.

I don't. But I do think that some are better than others. When comparing Friendster to the real world, the real world wins hands down. Is this a 100% rule, applicable to all of humanity for all time? No. It's a generalization, and as such falls flat in the face of specific instances. But it is true, I believe, for the majority of the cases.

Of course, there's a certain irony in your comment coming from a Slashdot subscriber.

I don't pay for Slashdot in order to make friends, I pay because I would otherwise feel like a big leech.

Re:Please go outside

[Bri3D]

I think everything that we need to know about eln is that he has no sense of humor. The parent was FUNNY, eln!

Re:Please go outside

Why do you think people are such assholes online? You know, like me.

If you're an asshole online, you're an asshole; you're just more able to or more motivated to hide it when you're not offline.

And if lots of people really act like that, I've never heard a better reason to meet people online first.

Re:Please go outside

you don't get to practice communications skills that make you successful in the real world.

Hmm, yes. Today in the real world I practiced controlling the system that makes a face (in this case mine) smile in front of a mirror in order to be better prepared to unconsciously automagically smile into some blurbs face while thinking he is an asshole.

Re:Please go outside

[foobsr]

If you're an asshole online, you're an asshole; you're just more able to or more motivated to hide it when you're not offline.

Freudian slip ??? Unable to even think 'o_f_f_l_i_n_e' ??? :)

CC.

Re:Please go outside

[Loco3KGT]

*Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher

I wouldn't call that person a friend, then.

Re:Please go outside

[C10H14N2]

On the other hand, in business communications at least, I find myself editing my words FAR more carefully in electronic form than in spoken form or face-to-face. The slightest poor word choice or unfamiliar syntax can inadvertently piss people off in text when the same misstep would go without consequence in person.

But, at base, I couldn't care less if someone has exchanged email with my parents, the President or the Pope -- they're still strangers to me, so this has no value for the stated purpose.

Re:Please go outside

[shadowmatter]

Indeed, Bloom Filters are the shit.

These days, in my spare time, I'm writing a p2p program -- think of it as a swarm-download system, like BitTorrent, on an overlay network topology, like eMule (only eMule uses Kademlia, and I'm using Pastry). It has been shown, here and here, that Bloom Filters can drastically reduce the traffic generated when searching peer to peer networks. I recently coded a Java implementation of a Bloom Filter for my p2p program, and it works great in testing. (But the p2p program isn't anywhere near done, so don't ask about it ;)

Furthermore, Bloom Filters can be compressed -- see Michael Mitzenmacher's work here. The idea that you can compress a Bloom Filter is a little counter-intuitive, because the size of the bit vector and the number of hash functions are derived using calculus to maximize the compactness of the set, for a given false positive rate -- thus, in this state, it is non-compressable (it is "already compressed" by simply being an optimal Bloom Filter). To compress a bloom filter, you must choose a large bit vector, and a non-optimal number of hash functions, then apply the compression algorithm (typically arithmetic coding). Because the bit vector is so large, it is sparsely populated -- and so compression works.

Often you can save 10% and 20% on the size of your bloom filter, while having a lower false positive rate. Score!

A very nice, very interesting survey of all the applications of Bloom Filters can be found here.

- sm

Re:Please go outside

[kid-noodle]

*Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher Personally, most of my friend are more likely to be at the bar.... Which is what happens when you use AA for social networking.

Re:Please go outside

[AuMatar]

I was using the definition the original poster was using- comparing bars vs electronics. If I go to a bar and hope to find someone specific, its a crap shot. With a computer, your adds are better (the chance someone is at home is greater than the chance of being at bar X at some random time. Unless you have a lot of drunkard friends).

Re:Please go outside

[smitty45]

I think you're missing the point of Friendster.

for example, let's compare something like finding a roomate to share an apartment with.

In real life, or without social networking, it's like this:

-have to bother all of your friends, over email, on the phone, at a party, etc. to spread the word. that means *requiring* your friends/family to keep an ear out for you, which they might not remember.

-go thru craigslist and spend days interviewing freaky random people who might not turn out to be good roomate material after all

WITH social networking, you can peruse people who you know through your friends, post a bulletin board for only your 2nd degree friends to see, and possibly find someone that has more real-life vouching (i.e. you can ask your friends about them before you commit living with them) than the random people you see on something like craigslist.

Re:Please go outside

[EvilTwinSkippy]

As I sit here slashdotting in one hand and playing interference with my infant on the other, I contemplate the social scene for new dads.

(Tends to screaming kid.)

Well I guess I could hire a sitter. (No sweety, not the iBook!!!!) a;dfogadlogjs;ldug wsorutspritgsagu9o uapouigfa oczvj zfj jozdo zdzolaeroprasjo; jgd oj j drg

Re:Please go outside

>*Ability to hold multiple conversations. I can hold 4 or 5 simultaneous text conversations, only 1 oral one.

It's also easier to cybersex with many men at once.

Re:Please go outside

[Q+Who]

You know about this thing called "phone", right?

Re:Please go outside

[millermj]

I gave up on all of the online dating personals sites. Never could get any quality responses anyway, and I'm a member of Friendster, Orkut, Yahoo Personals, etc. etc.

I'm a big fan of meeting people through volunteer work. At least if you don't meet someone, you're still giving back to the community. Meeting For Good is one such service, serving the San Francisco/San Jose bay area, and I've been very pleased with the opportunities and the results.

Having said that, this is a promising technology, and after having my information from the beforementioned services lifted from those services for spam lists, I'd much rather use something like LOAF than those other services if I had to return to the dating scene! ...but again, singles community service groups are so much better. Wow, real, normal humans!

Re:Please go outside

[smitty45]

"When comparing Friendster to the real world"

that was your first mistake. your second was not having enough out-of-box brains to see what social networking is about.

here's some help:
it's not MEANT to replace the real world. it's meant to make it BETTER.

here's another hint to help you:
like a TELEPHONE does, like a yellow pages does.

think of friendster as being an insanely detailed and annotated grouping of all your friend's Rolodex's, and you're halfway there.

Come on, don't be afraid....connect the dots, and you'll see that social networking isn't for people to MAKE FRIENDS OUTSIDE OF THE REAL WORLD.

bonehead.

Re:Please go outside

In a bar, my friends can offer me a bier :-P

Re:Please go outside

[Bronster]

In fact, why not expand on this technology and have the e-mail client smart enough to warn the (sub average intelligent) user that this isn't a response to anything you've sent out and is most likely not a safe e-mail to open.

Some of us already have whitelists that do that (Ok, so I only actually use a regex on in-reply-to to match things that are generated by the couple of different clients I use, but you get the point).

It's an obvious first-pass check, though not necessarily enough...

Re:Please go outside

[Julia+Cameron]

• I think that's the point. Maybe some people don't WANT the same social dynamics you get in the real world.

You got that right.

At a boring party a while back this older guy approached me.

• The Guy...trying to look cool: "Hey, little lady, what's your sign?"
• 
  Me...being my usual geeky self: "Linux."

Re:Please go outside

[localman]

Thanks for setting everyone straight. I'm sure they'll all be much better off if they used your value system and life goals.

Personally I can't find much use in friendster. But I don't see why some people are so outraged by it's usage by others. There's a billion people doing things that I think are a waste of time. But if they're enjoying themselves and not hurting anyone in the process... well... live and let live.

Cheers.

Re:Please go outside

Please tell me that you don't actually open emails as anything other than plain text ? I've never heard of plain text screwing up your comp@%@#%@$#^#$@#$@@

NO CARRIER

Re:Please go outside

(mumbles.../me looking at list)

-phd - check!
-1st place in science fair - check!
-think of one's self as a mental giant - check!
-avoid real people - check!
-pimples - check!
-iq over 140 - check!
-slashdot freak - check!

yes. my life is complete. you may now shoot me in the the head.

Re:Please go outside

Of course, there's always the option of sending him an IM "Let's go down to Moe's"

Re:Please go outside

[jnana]

Maybe he said sine? Shorthand for, what's your favorite sine-computing continuous fraction that can be parallelized on a beowolf cluster of slashbot brains in a vat--and also be redundantly, steganographically stored in said distributed 16-year old brains in vats--and before I come on to you anymore, would you like to soviet rush me?

Re:Please go outside

[Errtu76]

Although i agree with you on the point "if you dont like it, dont use it", i have to disagree on these things (and excuse me if it seems sarcastic, this is not my intention

*Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher

Let's see if i get this right: you have a friend who is either at the bar or at his computer? And he doesn't have a (mobile) phone?

*Ability to hold multiple conversations. I can hold 4 or 5 simultaneous text conversations, only 1 oral one

I agree with you here. Up to a point. You see, the reason why you can hold so many different conversations at the same time online is because no matter how fast you type, it still is slower than speech. If i talk to you really slowly, and pause after each sentence and wait patiently until you respond, i can hold 4-5 'speech' conversations at the same time as well.

*Ability to talk asynchronousl. I can post something, he can read it later. A bar doesn't do that

*cough* "Hey, bartender! Can you give my friend this message?".

On the last 2 things i agree with you, and i could also add things like:

* it's a great tool for shy people
* remain anonymous
* you don't have to shower!! (okay, this was lame :P)

Re:Please go outside

[tehcyder]

if all you're after is picking up drunk women in bars, then you can go ahead and spend your life doing that

Quoth the virgin nerd in the corner.

Re:Please go outside

[EggZact]

AMEN!

Re:Please go outside

[TheSync]

Can you hear anyone at a bar these days? The music is so dang loug...better off IMing on your PDA or texting on your cellphone...

Re:Please go outside

[Loco3KGT]

And I was making a joke.

Much like:

A friend is a person you call to bail you out of jail.
A true friend is the person sitting next to you IN JAIL saying "DUDE! THAT WAS AWESOME!"

Re:Please go outside

[superflippy]

People are better grokked in person, and this virtual hooey is way overrated and ultimately unsatisfactory.

I'd say that depends on where you hang out online. There's a forum I frequent where members make an effort to periodically get together in real life. I've met some really neat people that way, and made friends in places that I might not normally visit. Now if I ever have to go to Greenville or Newfoundland or Israel, I know I've got friends there.

Of course, the purpose of this forum is to discuss a common interest, not to meet people. I think it makes it easier for online relationships to translate to offline when you already know that you've got a few things in common.

Re:Please go outside

[bhima]

Spam filtering was the first thing that popped in my mind, I'm surpirsed no one else has really mentioned it...I guess going outside sounds much worse than spam.

Re:Please go outside

[Julia+Cameron]

• Maybe he said sine? Shorthand for, what's your favorite sine-computing continuous fraction that can be parallelized on a beowolf cluster of slashbot brains in a vat--and also be redundantly, steganographically stored in said distributed 16-year old brains in vats--and before I come on to you anymore, would you like to soviet rush me?

Erm... I don't think so. He was dressed like Disco Stu.

Bad timing today.

[kiltedtaco]

These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them.

Or so they thought, untill they heard about the sha vulnerability.

Re:Bad timing today.

[42forty-two42]

Okay, I'll bite. It's impossible to reverse a hash function which accepts an input larger than its output - the number of possible results, in an ideal hash with an unrestricted input size, is infinite. Hashes may, however, be vulnerable to collisions, where just one input data is found that produces a given output data. This may or may not be the original input (probably not), but it doesn't matter for many cryptographic uses - it's broken all the same.

Re:Bad timing today.

[flonker]

Get one of those "1 million email adresses" CDs they keep emailing me about, and check each one to see if it's in the list.

What is the expected benefit of "These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them. " again?

Re:Bad timing today.

[psetzer]

Well, you'd get a string that maps to the same hash. The chances of it being a real email address is pretty close to no chance in hell.

Re:Bad timing today.

[AntonyBartlett]

Easier when you know what you're brute-forcing is an e-mail address. I don't know how big the DNS system is, but I'd hazard there are only 4 bytes of entrophy in it (domain's are not the same as IP addresses, but that's what I'm basing my estimate on).

For example, if you count everything from the @ sign in your e-mail address as being only 4 bytes, there are only 11 bytes total, so it is NOT impossible that, say, a 16 byte MD5 hash of your e-mail address could be reversed (still very hard, though)

Yeah, right..

[MisanthropicProgram]

is an extension to email that lets you send out address book data without compromising your privacy.

How long before someone hacks this?!?

Re:Yeah, right..

[Nos.]

I'll believe it can't be hacked when its been in wide spread use for several years, and has been the subject of crypto seminars. Until then, I'm going to assume the spammers will break it.

Re:Yeah, right..

[AuMatar]

If they're doing it the right way, it can't be. For example, you could assign every address a random but calculatable value (for the hell of it, lets use the value of the product of all the ascii characters in their name). Thats a pretty random variable. You can check if an address matches it by caluclating its value and comparring, but you cannot reverse the process (due ot multiple possible matches). The cost you pay is that false positives are possible. In the above example, with 32 bit values, you have a 2^-32 chance of a false positive.

Re:Yeah, right..

[Short+Circuit]

due ot multiple possible matches

That's something that's bugged me. I don't think people realize that "multiple possible matches" doesn't make any difference if you can run validity checks on each returned value.

Eject everything that can't be an email address, for example. Send emails to all the rest, and record the ones that don't bounce.

Re:Yeah, right..

Actually, depending on the hash function used, the probability of a false positive can be much smaller.

For instance, the hash function you designed (product of all characters) can suffer a false positive for any rearrangement of the characters in the person's E-mail address, because multiplication is commutative.

Re:Yeah, right..

[Agilus]

Er, rather much larger.

Re:Yeah, right..

[ShallowThroat]

Tell me about it. "they can't be reverse-engineered" riiiiiiiiiight.... give that a couple weeks in the hands of spammers and we'll see about that.

Re:Yeah, right..

[j1m+5n0w]

Bloom filters have been around since 1970 (link to acm digital library - you probably need a subscription to get in), and can be based on any crytographic hash function, such as sha-1.

Bloom filters tell you if something is (probably) a member of a set. If you know an email address, you can ask "is this email address in this address book?", but you can't ask "what are all the email addresses in this address book?" without guessing every address. Essentially, if a spammer already has you email addrees, he can verify that it's actually in use, but if he doesn't already have it, guessing it is likely to be fairly hard (unless it's something like bob@hotmail.com, or if loaf uses a weak cryptographic hash function).

In other words, loaf is as difficult to break as reversing a hash of your email address. The longer your email address is, the safer you are.

-jim

Re:Yeah, right..

you could assign every address a random but calculatable value

here in the south, we call that a calculable value.

saying calculatable will earn you a beating, or get you a date, with another man...whatever floats your bot(sic).

Re:Yeah, right..

Why bother when they can just hack the address book?
(The one in windows anywys)
Wouldn't this web of trust be threatened by the lack of effective filtering of its source?

Re:Yeah, right..

[cryptor3]

For example, you could assign every address a random but calculatable value

You mean like say, a hash function?

Spam blocking uses?

[LoudMusic]

I've refreshed the /. page a few times and still see no comments. How strange.

Anyway, how would something like this hold up in a spam blocking function? How easy would it be to get onto the LOAF list? And if the contents can't be listed, how are you to know that it's not chalk full of the bad stuff? How do you know that you aren't emailing to people whom you don't wish to receive your mails?

Re:Spam blocking uses?

[Sparr0]

There is no central list. The concept is that you append a list of YOUR friends to the end of each email you send. No one can read the list alone, but they can check if specific addresses are in it. So when someone new emails you, you check their address against all the known-good LOAF hashes youve recieved, this will tell you if they are a friend of a friend of yours.

Re:Spam blocking uses?

how would something like this hold up in a spam blocking function?

At the least it would make a perfect addition to spam filters. There is a big diffrence between geting an e-mail from somone you know or from someone known to someone you know to getting mail from somebody nobody ever heard of. It is unlikely that you would get an e-mail from someone who is in most of your friends addres books *and* sells certain enlargement products.... that is, with most friends.

How easy would it be to get onto the LOAF list?

Presumably as easy as getting added to someones addres book.

How do you know that you aren't emailing to people whom you don't wish to receive your mails?? And if the contents can't be listed, how are you to know that it's not chalk full of the bad stuff?

Well how do you know the real world "list of friends" of someone isn`t chalk full of bad stuff? You will have to trust a person. It works nice with the pgp web of trust, why not here? If the standard isn`t cast in stone yet maybe there is room for adding s/mime and gpg/pgp public keys.

Downside: Worms, this trick might mean bigger addres list of people with common interests, which may be people with common mail clients...

Re:Spam blocking uses?

[Bingo+Foo]

Correct, And since your List Of All Friends is appended as a hash and not plaintext, no one can "pinch" your LOAF, so to speak.

Re:Spam blocking uses?

[theLOUDroom]

Anyway, how would something like this hold up in a spam blocking function?

That's the first thing I though when I read this too.

This would be a GREAT antispam tool.

The implementation would take a little thought I bet if you were to combine a tool like this with a bayesian filter, one could an order of magnitude reduction in the spam that make it past the filter.

Some of the detail though would require a weighting mechanism for "people". This would be necessary to deal with people smart enough to use major ISP's newsletter address to spam with.

Probably the best solution would add PGP encryption/signing to the hashing. This would prevent me from claiming to be a good buddy or a major internet newsletter, for example.

Of course the downside of all of this is that it requres action on the part of the sender, not the receiver. That could make it pretty tough to reach any sort of critical mass.

Nice username BTW :)

Re:Spam blocking uses?

[M.+Silver]

Anyway, how would something like this hold up in a spam blocking function?

Ultimately, not all that well: if everyone could go to a perfect whitelist, with user-transparent verifications and all that hoohah, all that would happen would be that spammers would start forging the addresses of real people onto their spams.

You'd have to start combining that with SPF and perhaps some even more restrictive confirmations to really make it effective.

(And BTW, as long as I'm already replying: the phrase you wanted was "chock full.")

Re:Spam blocking uses?

[complete+loony]

Still, you should be careful who gets a copy of your LOAF list. A spammer *could* hash their address books and use some of your published friends against you by pretending to be a friend of yours. Or simply copy and paste a few of the entries to get on your whitelist.

Re:Spam blocking uses?

[Macgrrl]

...and suddenly the obscure English/Australian saying of "Use your LOAF[1]" takes on a whole new meaning...

[1]Loaf = head (as in thinking), e.g. that was a particularly stupid thing to do and you really should have thought about it first you nong.

Re:Spam blocking uses?

[Just+Some+Guy]

So, you're saying that you can pinch your friends, and you can pinch your LOAF, but you can't pinch your friend's LOAF?

sigh...

Just another technology that 3v1L coporations will turn into a weapon of mass annoyance.

Spam filter?

[Daniel_Staal]

Could this be used in a spam filter? A somewhat adaptive whitelist?

Not that it would solve anything, but it could be useful...

Re:Spam filter?

[edrugtrader]

nope. i would hope your friends and friends friends who you speak to are already on your white list.

the spam filters' biggest challenge is letting legitimate emails from people you have NO connection with through. this doesn't solve this, so we are just taking a step sideways.

Re:Spam filter?

[Otter]

I was thinking about how it could be used to block those Windows viruses and worms that send you mail from a third party's address. Except that this works almost the same way those Melissa-ish viruses do, so your "whitelist" would probably include most of the incoming faked addresses...

Re:Spam filter?

[Vega043]

Exactly my thoughts. This could help to expand your white list drastically by establishing a 'web of trust'. Plus it doesn't invade anyone's since it can't be can't be 'reverse-engineered'.

Re:Spam filter?

[Soko]

Hmmm... Mail Expurgated Against Tenative List Of All Friends - MEATLOAF!!!

MEATLOAF - the Anti-SPAM!

Yech. Time to go home.

Soko

Re:Spam filter?

[Julia+Cameron]

• MEATLOAF - the Anti-SPAM!

Two outta three ain't Baaad!

Re:Spam filter?

[JavaNerd]

IMHO, I think it could be easily spoofed as described in the paper by tricking the user into accepting a bloom filter with all or most of the bits activated. Bingo! now you know everyone :( Another variant is a list loaded with spam spewing addresses and complementary spyware to load it.

Can't is such a strong word

[over_exposed]

How can tehy say it can't be reverse engineered? Didn't they say taht about DVD encryption? How can someone be so certain that it's impossible?

Re:Can't is such a strong word

[happyfrogcow]

they might have well just said, "We dare you to try to reverse engineer this."

Re:Can't is such a strong word

[xsupergr0verx]

They say that about nearly every protection/security scheme. And I can only think of a handful that really are "unhackable"

Re:Can't is such a strong word

[bsdfish]

You generally reverse engineer it because there is fundamental information loss in the hashing process. However, there are caveats.

For example, lets consider a really primitive hashing function: we add up the ascii values of all the letters in the the email address and that is the hash value. However, foo@bar.com and bar@foo.com obviously have the same hash in this case, so knowing that the sum is 1234, you can't determine which the address is.

Now if the hash is long and very good at avoiding collisions, you may actually be in more trouble than when using a weak hash, because the very rarity of hash collisions reduces the information loss (maybe there's only one string that includes an @ sign and is shorter than 40 characters that hashes to that value!) So, if we have some way of generating a string, fitting a specific template, that evaluates to a particular hash (and so far, the found SHA-0 collision is nothing of this sort), we can just generate all short strings that match that hash and look for one that could be an email address. However, a weaker hash would result in many plausible email addersses hashing to the value, which would increase false positives, but reduce the risk of finding the original addresses.

DVD encryption was reverse engineered because all the information was preserved. As long as the hashing function looses enough information, there is no way to recover the original email.

Re:Can't is such a strong word

[Iamnoone]

Because it allows false positives, it is pretty lossy and loses a lot of info upon encoding.

An (bad) example would be that the "encoding" function is the ascii values for the first and third character before the @ and the first character after the @ - those bits of a 128 bit Bloom filter are "lit up" for your address, so that means:

akbar@anon.com
a1babe@all4you.com
asbackwards@aw crap.uk

all map to the same bits being lit up in the bloom filter, there is no real way to "reverse engineer" it and since it does not assume no collisions (unlike MD5 and SHA*) it is not expected to have unique mappings - that's a feature, as they say.

Re:Can't is such a strong word

[pavon]

Reverse-engineer is the wrong word. Nothing about this process is hidden, so there is nothing to reverse engineer. This simply hashes or "encrypts" the data using a one way function called a bloom filter. One way functions are easy to compute in one direction, but are extremely computationally intensive to compute in the other direction, for example multiplying c=a*b is easy, factoring c into a and b is hard. They are a cornerstone of cryptography, and all of the important, widely used types of one-way functions have been studied extensively by the some of the most brilliant mathmaticians in the world so we have a pretty good handle on how long it will take to break anything encrypted with them. However, they are not loth, and occasionally do suprise us with new findings.

However, this is quite different than DeCSS, which was fundamentally insecure, as they distributed the key with every single DVD player in existence, and relied on people just not looking. I don't know much about Bloom filters in specific, so I can't comment on this implementation, but methods like it are employed everyday to keep password secure, when sending across the internet, or storing it in the server.

Re:Can't is such a strong word

loses

Re:Can't is such a strong word

Because they aren't completely fucking retarded like you.

LOAF

anyone else think linux on a floppy when they saw this?

Re:LOAF

Excuse me while I pinch a LOAF. You know, drop a few kids off at the pool?

Re:LOAF

[mangu]

anyone else think linux on a floppy when they saw this?

Yes, I did. And I can't understand WTF all those "get a life" posts mean. I DO have a life, and it's Linux and the like. Why should some other form of life, e.g. interacting with the local drunks at the local bar or church or club, be any superior to the life we, Linux hobbyists, have?

Re:LOAF

[Erik+Hollensbe]

Well I guess it poses the question, are you interested in being well-rounded 30 years from now when linux is dead and fading, or do you want to be the comic book guy from the simpsons, ranting on how great this and that was, and being alone because the only conversation you can have with someone is about dead, 30 year old technology?

Not that these conversations are bad, but plenty of interesting people are in the world that don't even use computers (*gasp*) - and there are so many walks of life that I would hope you are not so infected with geek tunnel-vision that you would find at least a small portion of them interesting as well.

Dictionary attack?

[Sheetrock]

Create a huge (a@a.com, b@a.com, c@a.com, etc.) list of 'friends' and check the hashes in that list against everything you receive via LOAF?

You don't need to reverse it if you can brute force it.

Re:Dictionary attack?

Wouldn't this essentially be a form of the Microsoft payment idea, expect in this case a bandwidth payment?

Re:Dictionary attack?

[GillBates0]

RTF About Page

They've included a nice analysis of the types of attacks including the Ex-Girlfriend attack, Marc Canter attack, and Dictionary Attacks in the writeup

The configurable false positive rate can make Bloom filters resistant to dictionary attack, but it also renders them less useful. Given a false positive rate of c, and a dictionary with k elements, a dictionary attack will result in ck false hits. This rate goes down if you can collect multiple filters from the same user that are either 1) of different length, or 2) use different hash functions (salts, in our implementation). False positives in either case will be different, so for n filters the false positive rate will drop to c^n.

This implies that the truly paranoid should use a presized filter large enough to contain as many correspondents as they ever expect to have on record, and an invariant set of salts. Under those conditions, collecting multiple filters will not change the false positive rate. A mostly empty large filter might have an unacceptably low false positive rate, so you would want to pad the list of real emails out with random data, to maintain a constant ratio of on/off bits as well.

The tradeoff with a high false positive rate is that the filter will be less useful to legitimate recipients. An intriguing possibility is that of sending out very inaccurate filters that are updated on a regular basis (for example weekly) so that a user has to accumulate a certain number of the filters in order to run queries with a good degree of certitude. This spreads private information over several filters and ensures that an eavesdropper who intercepts only one file will find it of very limited value.

And most importantly they say: Of course, the truly paranoid would be crazy to use LOAF.

Re:Dictionary attack?

[JohnFluxx]

of course! How stupid of these people.
I'm sure that with email addresses being around 15 characters, with around 40 different letters, that's only 40^15 different emails to try.
That's 1 million million million million combinations.
Shouldn't take too long to try.

Re:Dictionary attack?

That's 1 million million million million combinations.

That's 1 septillion for the non-kindergarteners among us. ;)

...or quadrillion if you're British.

Re:Dictionary attack?

[mdfst13]

Or the spammer could just use their existing lists of however many emails and look to see if any of those emails are in the list. Virus infected zombie machines would be exceptionally good at this, as it allows them to email not only everyone in your address book but everyone in the address books of those who email you.

Re:Dictionary attack?

[JohnFluxx]

So... the viruses could email everyone in your email list, plus everyone that is in your email but also in someone elses email address?
You do realise that this isn't going to make the list of possible email addresses any bigger right?

Re:Dictionary attack?

[syousef]

They've included a nice analysis of the types of attacks including the Ex-Girlfriend attack, Marc Canter attack, and Dictionary Attacks in the writeup

Oh don't be ridiculous! The ex-girlfriend attack is irrelevant. Few enough slashdot users have had 1 girlfriend, and almost none have had 2. ;-)

Re:Dictionary attack?

[forgotten_my_nick]

Maybe I am just a newbie, but what is to stop me from just cut and pasting the signature of someone you do know and faking the email address? Or have my spam tool spam everyone in your address book with your details. Failing that, the spammer steals your key and address.

Re:Dictionary attack?

[darksaber]

All these posts about brute force and "multiple possible matches" are missing the point, and didn't RTFA. I've done research with Bloom filters.

The fact that they give false positives (aka multiple possible matches) means that you can take all billion or so VALID email addresses which actually accept emails and have a live human being reading them, test every single one of them, and have say, 10 million matches in the Bloom filter. That's hardly cracking the scheme. Sure, you can start using outside knowledge, e.g. billg@microsoft.com is probably not really on my buddy list, but that's a different matter, and hardly a crack of the scheme.

That said, Bloom filters are very neat, older than most slashdot posters, and would be good dupe detectors. (Just kidding on the last one, editor mispellings would confuse the hash functions.)

Re:Dictionary attack?

[Geoff-with-a-G]

Of course, the truly paranoid would be crazy to use LOAF.

Aren't the truly paranoid already crazy based on their being truly paranoid?

just hope your name isn't

a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762 24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439 4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185 f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4 35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d

(http://www.mail-archive.com/cryptography%40metzdo wd.com/msg02554.html

Re:just hope your name isn't

[Alsee]

Nope, my name is:
a766a602 b65cffe7 73bcf258 26b322b1 d01b1ad7 2684ef51 be3b4b7f d3fe3762
a4c08e45 e959b2fc 3b519880 39286528 a47d110d 70f5c5e0 34590ce3 755f52fc
6ffd4c8d 668de875 329e603e 451e7f02 d45410d1 e71d108d f5a4000d cf20a439
4949d72c d14fbb01 45cf3a69 5dcda89d 198f8755 ac9a58b1 3dc38481 5e4771c5
796e68fe bb0025d0 52b69edd a17241d8 7688b41f 6b9b4911 7be696f5 c57ab399
a1e1d719 9f89de86 57e8613c ec9e3b26 a879d498 783b2d9e 29935ea7 a6a72980
6edfc503 37e69330 3e976010 4c5dfe5c 14c4c689 51db3ecb a4438a59 209b5db4
35563e0d 8bdf572f 77b53065 cef31f30 dc9dbae0 4146261c 1994bd5c 50758e3d

-

What about people who don't use address books?

[Wtcher]

Hmm. Too bad I don't use electronic address books. Would I be excluded from e-mailing someone who uses LOAF then?

Re:What about people who don't use address books?

[Sparr0]

no, you wouldnt. if someone accepts LOAF-ish emails only, you would simply have to have a mutual friend who DOES use LOAF. If you are bob's friend, and bob is tom's friend, then tom's master LOAF hash will include all of bob's hashes, which will include your email address.

Re:What about people who don't use address books?

[stefanlasiewski]

Too bad I don't use electronic address books.

Yeah, back in my day we didn't have fancy electronic address books.

We only had paper address books. If I ran into a stranger, I would take my address book and smear it across his face one page at a time. If the ink rubbed off, then I knew they were a friend of one of my friends, and I could trust 'em.

And then we could drink beer together. But we didn't have carbonation back then so we used straws to blow bubbles. There wasn't any plastic back then neither, so we had to find a swamp and cut some reeds...

Re:What about people who don't use address books?

I could see where you would want to have two separate TURDs (Thoroughly Useless Recursive Directories), one that you add addresses to whom you send/receive directly and one that you would add other people's incoming LOAFs to. That way you could query them separately to see the degrees of separation.

Further, you could create a multilayer DUMP system where people forward their direct and 2nd degree LOAFs as separate bloom filters, so you would add their direct LOAF to your 2nd degree TURD and their second degree LOAF to your 3rd degree TURD. Now since you have a 3rd degree TURD, you can send out 3 LOAFs and so on and so on.

Now that might be interesting...

Re:What about people who don't use address books?

It's gotta be asked-- are you retarded?

You have a computer right in front of you and you're spending your time getting email addresses to and from a physical, paper book? Or do you just have so few friends that you remember all their email addresses?

Vocabulary mixup

[xsupergr0verx]

This is giving a new meaning to my hobby of loafing around at work.

Now people will think I am using some goofy friendfinder software, instead of cool non-work activities.

Now I should start working.

Re:Vocabulary mixup

No kidding ... I mean, I know some of these articles are crap, but come on, do we really need /. to

pitch [a] loaf?

Thank you.

Re:Vocabulary mixup

Damn, 3 previous scat references and no mention of "pitch" ... could it be that I need to run a dictionary search before attempting to post bad puns?

Mea Culpa.

FWD:FWD:FWD:FWD: LOAF !

[lateralus_1024]

Send this email to your LOAF within 3 minutes or suffer a tragic loss next week!

Maybe I'm Skeptical/Paranoid/Cynical...

[idontgno]

by why does this feel vaguely like "Send $1 to the last ten people on this e-mail, add your e-mail address to the end of this e-mail, and forward to someone"?

It's a spammer's dream.

[techno-vampire]

All you need to do is join a few mailing lists with people on it that use this. Then, you run you CD of email address through it, looking for hits. This gives you a much smaller list, but they're all confirmed, known good addresses. The cool thing, from the spammer's perspective is that you don't have to go out and harvest, people go out of their way to give you their friend's email addresses.

Re:It's a spammer's dream.

[cmowire]

True, but does this actually *help* them?

It's much faster to just send out to a plasuable set of addresses than to actually try to check for them actually being "good". So they generally don't wory about that sort of thing.

They, of course, still claim that their lists are good addresses who have "opted in" to their list. But that's just salesmanship.

Re:It's a spammer's dream.

[Elwood+P+Dowd]

It looks like LOAF is still kindof limited. However, they recognize this concern. The technology could allow for a configurable false-positive rate, which could reduce the effectiveness of a dictionary based attack.

Re:It's a spammer's dream.

[gold23]

Argh. RTFA. There is a configurable false-positive value that would make this kind of attack less than useful.

Re:It's a spammer's dream.

[Chalex]

But when the spammer sends you an e-mail and their return e-mail isn't on any of your friends' LOAFs, you can mark their e-mail down as "spam".

Re:It's a spammer's dream.

[ornil]

You may be right, but consider this:

you also know the name of at least one person who they know, so you can fake the From: field to be that person, and that will improve the chances they read the email by a lot.

Virii and worms

[grahamsz]

It doesn't seem like it'd be hard to have a worm write an arbitrary address into your address book.

Then LOAF would propogate that address to your friends, and then spammers could use the address programmed into the worm as the from address.

On the whole though this seems like a really nice addition to existing spam blocking systems.

Unfortunately the cases where i recieve email from a friend of a friend are relatively rare - but that's just me.

It also does have some privacy issues - since it'd essentially enable me to check if one of my friends happens to have my wife in his address book...

Re:Virii and worms

We try to make it hard for worms to get to our address books. Myself, I don't expect a worm to execute in mutt on NetBSD (let alone your platform).

Please don't say virii. Viruses is the accepted plural. Even viri is not right. Virii is unquestionably wrong.

Re:Virii and worms

[ryanmfw]

A couple months ago there was a thread on what the correct form of viruses in latin. To sum it up, vira was what they decided it to be.

not much use against spam so what's it for?

[dash2]

As an anti-spam technology, I don't see it. Quite often one gets legit email from perfect strangers.

Apart from that... I still don't really see it. You can only check for two levels of separation.

I like the general idea of decentralized social networking, though. The semantic web seems more hopeful than email.

Re:not much use against spam so what's it for?

[Boronx]

Related LOAF as spam filter, a quick look into Bloom filters suggests that it might be trivially easy to creat a LOAF hash that returns a positive for all email addresses.

Re:not much use against spam so what's it for?

[drawfour]

Yeah, like the legit email I received just the other day. Some guy came across like 10 million dollars and needed my help to get it out of his country. For my part in helping him, I'm receiving 5 million. Not too shabby. I can retire now!

You clicked/deleted WHAT?!?

[Donoho]

LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents.

What's the difference? Some of my most trusted confidants have systems riddled with spyware and viri. They're great people but Horrible users. I rarely give out my real email address for that very reason.

0wned Machines & LOAF-OKed viruses

[G4from128k]

LOAF sounds wonderful until someone creates a LOAF-exploiting virus. If a friend becomes infected, their 0wned machine can send virus messages (with the friend's LOAF signature) that have a very high chance of being read and thus spreading through a LOAF network.

The challenge with any computer-based social network is not the "do I trust my friend" question but the issue of "do I trust my friend's computer that is sending me this message"? Perhaps all computers need a tamperproof hash that encodes their OS patch/AV update/spyware/firewall defense state. That way the message recipient can assess the trustworthyness of the sending machine.

Re:0wned Machines & LOAF-OKed viruses

[danharan]

LOAF sounds wonderful until someone creates a LOAF-exploiting virus

Well, this doesn't create much more incentive than already exists...

Perhaps we could use this to change user culture a bit? People that would use LOAF might come to expect that their friends be patched, and put social pressure (shame) those whose computers get 0wned.

Re:0wned Machines & LOAF-OKed viruses

[jerometremblay]

You cannot enforce anything you receive from the wires. :)

Re:0wned Machines & LOAF-OKed viruses

[Elwood+P+Dowd]

I don't think the vulnerability that you describe is related to LOAF. The attached LOAF is not what provides trust. It's previously acquired LOAFs that can be used to provide trust to an incoming email. And nobody's computer has to be compromised in order to exploit that: anyone can say their email is from YourFriend@hotmail.com

This isn't a replacement for Sender-ID or SPF or whatever. It's just a relatively safe way to see which of your acquaintances know each other.

Oh Great

[data64]

Now you want to tell people to "Go ahead and open all those emails with attachments" ?

Not as useful now as in the good old days...

With various schemes for tagged/one time/disposable/encoded to/from email addresses this type of system is less useful than it was back before spam.

It might be cool for sharing info about overlaping URL bookmarks or something where the names are more stable.

Slightly OT: I love that there are still cool, new data strucutures that are coming into more common useage - Bloom filters, Judy arrays, etc.

Open ya EYES!

Doesn't that go without saying? Whoring for karma, are you?

Re:Open ya EYES!

[Wtcher]

No. What would be the point of that?

Linux On A Floppy

[zoloto]

For a minute there, I thought this was an actual readable article about a distro that was once fairly useful L.O.A.F. and its revival.

Guess not.

Re:Linux On A Floppy

[wmaker]

Not there... here, oh wait, floppy... what's that?

Re:Linux On A Floppy

[Halfbaked+Plan]

A floppy is the data transfer medium that gets used on many computers that do real work. You know, like the machines in the test lab where I'm working now. It's a big messy, noisy place and it'd be impossible to reliably network all those data acq. computers on rolling carts in the middle of all that noisy (acoustic and electrical) equipment.

Probably not something you have in the laptop you flaunt at the coffee house, of course.

Re:Linux On A Floppy

[wmaker]

First of all I don't drink coffee, I drink White Russians/Club Specials/Beer(a lot)/coke... see google. Next of all I work in a lab and havn't ever used a floppy. so stfu.

-will

Re:Linux On A Floppy

[Halfbaked+Plan]

Lots of people work in labs.

Yours doesn't use floppies. So what?

And you reveal your age with a 'haven't ever used a floppy' comment. Shit. I worked in a lab at one point where the machines with the 8" floppy drives were the 'new up and coming thing.'

Goddamn kids these days...

Oh, come on.

[Short+Circuit]

Being online give you freedom. Manners, grammar and spelling aren't eliminated, they become a choice. And as a choice, they can become something to be proud of.

Interacting with other people online has allowed me to get to know people from other countries and cultures, instead of being limited to a west Michigan culture where it's sometimes hard to find other people interested in the same things I am.

Finally, things like email and online forums allow me to communicate and cooperate with people in other time zones. I don't have to be awake for my message to reach my buddy in Mexico. Or my friends in Africa, Europe or Asia.

Re:Oh, come on.

[Nurgled]

There are plenty of interesting people to meet online. I've met a whole load of people from different places in various "community"-type sites like the various "blogging" communities and even slashdot. However, I've not met anyone on Friendster or Orkut; there it seems a bit "forced". While on LiveJournal and its clone sites the social networking is just a side-effect, on Orkut it is all there is to it. There is no other reason for it. I stopped logging in a month or so after I signed up just because there was nothing left to do on there but delete all of the community spam.

This LOAF thing isn't really anything to do with social networking, though, having said all that. It seems more like a way of "rating" people who send messages do you by favouring those that are once-removed from your circle of friends. In the long run this might help you meet new people since these new people are of course emailing you something, but that is not really the point of it.

Something similar for AIM?

[adamh526]

This sounds like an interesting idea. I wonder if it'd be possible for someone to come up with something similar for AIM? Even though I don't like only allowing people on my buddy list to IM me, it think I'd rather only get IMs from someone who has some sort of connection to someone else on my list. That way I wouldn't have to keep turning down and blocking SnowJen15, SnowJen16, SnowJen17... SnowJen55, etc.

Re:Something similar for AIM?

here it is: http://www.buddyzoo.com/

Re:Something similar for AIM?

[Motherfucking+Shit]

That way I wouldn't have to keep turning down and blocking SnowJen15, SnowJen16, SnowJen17...

Gentlemen, at last we have found Justin Timberlake's secret Slashdot identity!

Limits

[glpierce]

What you call "superiority" others would call "limiting". All of your "advantages" involve speaking to a small group of known people anywhere/anytime. In the physical world, you meet new people. New people bring new ideas, perspectives, activities, etc.

Re:Limits

and new numbers. :)

(bars last night went well)

Re:Limits

[Class+Act+Dynamo]

I don't like the idea of being able to reach someone at any time or to be reached at any time. Obviously, this becomes a necesity for some jobs, but when I am home, I don't necesarily want to be able to 'always' be reached. I think the limit of these things is they go from being useful to pervasive.

Re:Limits

[AuMatar]

And what you would call "advantages" many would call "limiting". I for one don't tend to like meeting random people, I want to meet highly intelligent, thoughtful people. There tends to be a limited number of those per geographic area. Those limitations are removed online. And meeting them online at least has an automatic intelligence filter- if they can't type english, they can be ignored as morons (or foreigners, but if they can't use english I won't be able to communicate with them in person either).

Like I said- both have advantages and disadcantages. Thats why both exist. Use the one you want, or both of them. But don't insult someone else for prefering one over the other.

Re:Limits

[kin_korn_karn]

You know who hangs out at bars? Drunks. I don't want a social circle of drunks.

It's also a hell of a lot harder to make friends without a huge common ground. If you are in college and at a bar in town you run into someone around your age in that bar, they most likely go to school and you can talk about that. When everyone works different jobs with different lives and families are scattered it's really freakin' hard to meet new people. My wife and I are dealing with this right now and it's not a minor issue.

I've thought about trying the Friendster thing... but usually shit like that ends up being used to arrange hookups for wannabe swingers and gay men, regular people seem to be getting results, though.

Re:Limits

[FirstTimeCaller]

You know who hangs out at bars? Drunks. I don't want a social circle of drunks.

That's OK. We don't want you either.

Re:Limits

[glpierce]

"Elitist" is the word.

If you wouldn't "lower" yourself to speaking to anything but the-best-and-the-brightest, you're not going to learn appropriate social skills for dealing with "regular" people, which are what you're normally going to deal with in the physical world. Also, there are many places to meet "intelligent, thoughtful people"; try a bookstore, coffee shop, etc. instead of a bar, and you might find different sorts of people.

Re:Limits

[AuMatar]

I don't want to interact with "regular" people more than I have to. They bore the shit out of me. "Regular" people are the people you see working McDonalds and who think that a grocery store clerking job are a career. I have little in common with them, and prefer to talk to those whom I have more in common with.

Maybe you do. Thats great, go hang out with them. I never said you shouldn't. But don't belittle other people's preferences, just because you don't share them. If you want to talk about elitism- thinking your way is better because its your way, now THATS elitism.

Re:Limits

[AuMatar]

So, people in a bar? So you mean people to stone drunk to have a conversation with in the first place?

I've made friends online, I've made friends in the real world, I've made friends at school, and I've made them at work. All methods have pluses and minuses. All are useful. If you prefer the real world method, go for it. Just realise that prefering another option is just as valid.

Re:Limits

I'm curious why you think you're so great. Please list degrees earned (and please specify the college), scores on all standardized tests you've taken, and any other notable achievements you've accomplished. Thanks prick. My guess is that you're nothing special, and have severe anxiety about your pedestrian lifestyle.

Re:Limits

[TheRealMindChild]

The world needs ditch diggers too.

Re:Limits

Trust me, they're more bored by you then you by them.

Re:Limits

[glpierce]

"If you want to talk about elitism- thinking your way is better because its your way, now THATS elitism."

Elitism:
1. The belief that certain persons or members of certain classes or groups deserve favored treatment by virtue of their perceived superiority, as in intellect, social status, or financial resources. 2a. The sense of entitlement enjoyed by such a group or class. b. Control, rule, or domination by such a group or class.
(The American Heritage® Dictionary of the English Language: Fourth Edition. 2000.)

You're free to disagree with my opinion, but words have established definitions. By the way - I don't think "my way" is "better," I just prefer it (I'm also morally opposed to "your way").

Re:Limits

[AuMatar]

I fail to see how my behavior falls under that title either. I don't believe intelligent people deserve more rights or rule. I just prefer to spend my time with people who are more intelligent. Unless you think hanging out with me is social status, in which case thanks for the compliment, as backhanded as it may be.

You are definitely falling into elitism however. You are pinning negative social status on people who prefer computer based means. Thats sounds like textbook elitism to me.

Re:Limits

"And" "I" "think" "all" "these" "quote" "marks" "make" "you" "all" "sound" ""elitist."" :P

Re:Limits

[AuMatar]

I don't know why I'm biting, but

BS in Computer Engineering, UIUC. No masters, I'm applying for phd programs next fall
1580 SAT
34 ACT
1510 GRE (out of 1600). Writing score unavailable, I'm waiting for the score report
National AP Scholar (requires completing 8 full semester equivalent AP tests while in high school, and getting a minimum score of 4/5 on all of them. A 4 is equivalent to an A in a college course)
National Merit Finalist
ACM Member of the Year, UIUC branch. Awarded for my work on the tutoring program
2nd place biology and 5th place computers JETS Illinois State championship
3rd place biology and 5th place computers WYSE Illinois State Championship (they renamed it my second year)

I'm sure I could drag up more, but this will do for now.

And your own? My guess is you're just jealous, and are making up for it by being hostile.

Re:Limits

It's not elitism to want to meet intelligent people.

You're just looking for a way to attack this guy. Let up.

And think about it -- there are people you don't want to interact with because they're moronic. Do you understand now?

I think AuMatar's points are perfectly valid. And he acknowledged your argument for the values of meatspace. You make no room because of simple antagonism and stubbornness and it hurts both your credibility and reasoning.

Re:Limits

[theLOUDroom]

"Elitist" is the word.

Sorry, wrong. It's just a simple reailty.
You can't just walk into a coffee shop and find someone to talk to about digital FIR filters, for example. There just aren't people like that everywhere.

It's not that I won't talk to normal people about normal things, but when you want to talk find out about adjusting your sway bar end-links for zero preload, most people just nod and smile.

One of the great things about the internet is to make it easy to find people to talk to about these things. Maybe there are only 100 people who know much about the ECU in an Mazda RX-7, but chances are, you be able to find some of them online and have a real, meaningful conversation on the subject, rather than some idiot going "Wow! That's like in 2F2F!"

It's not elitist, to not want to waste your time and someone else's time having a one-sided discussion they won't understand. Some people just aren't that interesting to certain other people. That's just the way it is. It not because the other person considers them to be a less person, IT'S BECAUSE THE HAVE NOTHING IN COMMON, NOTHING TO TALK ABOUT.

Re:Limits

[Halfbaked+Plan]

My oh my.

I hope you never get a flat tire. You'll be bored to death by the nice 'ordinary' guy who helps fix it.

Naw, you'd probably nail him with your stun gun while waiting for the truck you ordered on your cellphone to arrive.

Re:Limits

[Halfbaked+Plan]

Heck, you're not even a very intelligent troll.

Wallowing in your conceit isn't that impressive, dude.

And shouldn't you be at your MENSA tea party right now??

Re:Limits

[mewphobia]

Holy crap I can't believe i'm hearing this. Haven't you ever seen the matrix? The physical world IS virtual. Hanging out on the net lets us give the proverbial finger to our robotic overlords because if we do it enough, neo will contact us and we'll get into the real world.

Re:Limits

[Halfbaked+Plan]

Ah, so you're just a clueless young pratt fresh out of High School.

I was an Idiot (a different flavor, though) at that age, too.

We'll just hope you grow out of it.

Re:Limits

[AuMatar]

You obviously missed the degree at the top. I've been out of college and in the working world for a few years now.

Re:Limits

[haluness]

Not really wanting to get into this pissing contest - but do you really think that a list of degrees and awards means anything? The previous reply to this post mentions that you're just out of high school. As you point out, the BS implies thats not true.

Unfortunately, you sound like you just got out of high school.

Re:Limits

[jskiff]

BS in Computer Engineering, UIUC. No masters, I'm applying for phd programs next fall
1580 SAT
34 ACT
National AP Scholar (requires completing 8 full semester equivalent AP tests while in high school, and getting a minimum score of 4/5 on all of them. A 4 is equivalent to an A in a college course)
National Merit Finalist
ACM Member of the Year, UIUC branch. Awarded for my work on the tutoring program
2nd place biology and 5th place computers JETS Illinois State championship
3rd place biology and 5th place computers WYSE Illinois State Championship (they renamed it my second year)


Job outsourced to India: Priceless...

Re:Limits

Oof, you're ironic.

Re:Limits

[stuph]

Brother!

Re:Limits

BS in Computer Science, Perdue
MBA, Harvard
PHD Psychology, Capella
1590 SAT
etc etc etc - the above should prove my intelligence without going into a shopping list of shit most people don't care about (Like your little computer award)

I'm 25.

I'm also very lonely - I've done nothing in my life. I didn't go places, I didn't see the world. I don't have a lot of friends, love interests are one night stands found via dating sites.

All my life, I was the nerd - the one who wouldn't go out with the pretty girl who asked me because A. I was to dense to understand and B. I always had to work on something - had to keep those grades up! I graduated HS at 17 (Well, graduated isn't really the right word - in my home state there's a program that allows students with the right aptitude take college full time in junior and senior grades, earning credits for both HS and college - so I graduated with a HS Diploma, as well as an AS) - I didn't have much time to grow up.

What do I do now? I work in light-industrial, assembling signs for businesses and the like. The pay is horrible, but I love it and the friends I'm making from it. I don't even need the cash, I made a good killing during the dot com days, and with some careful investments don't have to worry about money at all.

There's more then test scores junior - maybe you'll learn.

Re:Limits

if parent is real. this is the kind of person i could have a beer with, or go see some live music, or just cut up.

cutting up is far more amusing when done with intelligence AND social flare.

Re:Limits

Since when does a computer science degree count for anything?

Re:Limits

[greg_barton]

In the physical world, you meet new people.

In the virtual world I meet many new people.

I'll meet you, if you e-mail me and we chat a bit. Or I could look at your post history and get to know your opinions and expression style, and you could do likewise.

See? Isn't that easy?

Re:Limits

[glpierce]

I was referring to the parent's particular point; I was not calling everyone who talks to people through the internet "elitist." I completely agree with you regarding rare hobbies/interests, however I disagree with the parent's refusal to speak with people they consider less intelligent than themself.

Re:Limits

[Erik+Hollensbe]

Sigh.

I work with a couple of people like you!

I can't stand them.

I am a "highly intelligent" person (don't ask me, ask the people I know, who also happen to be "highly intelligent").

A lack of diversity can almost be directly equated to a lack of knowledge. I fail to see how your approach to so-called "stupid people" is any different than a racist bias.

Who defines intelligence? At least racists made it clear who they hated - but you provide nothing more than a loophole which you can manipulate to your will.

"I don't like him; he must be an idiot".

Heck, if you wanted to say you didn't like hanging out with uninteresting people, that would make sense. Heck, I'm not fond of uninteresting people either, but my definition of uninteresting is different than yours.

But trying to plant your statement as objective when it's obviously subjective is some kind of logical fallacy (and if it isn't, I'll be taking my nobel prize now), one which I can't remember at this time.

What's funny, is that most of the job skills that I apply today that really make me stand out (other than my technical skills), are the skills I learned working jobs for shit pay like being a clerk at a convenience store or *gasp* working at McDonalds.

Some of the smartest people I know are engineers. They are also spend 90% of their time trying to avoid work, never apply themselves to their fullest potential and occasionally outright refuse to work with team or accept team members' ideas.

Nothing requires you to learn these skills when your technical knowledge and ideas are put on a pedestal. On the flipside, everyone knows how to flip a burger or work a cash register - you are competing for something significantly more real (like your cash flow) and might actually learn a thing or two.

P.S, did you know that there are Truck Drivers that are in MENSA? Don't believe me? Look at their Web Site, here's the quote:

As far as occupations, the range is staggering. Mensa has professors and truck drivers, scientists and firefighters, computer programmers and farmers, artists, military people, musicians, laborers, police officers, glassblowers--the diverse list goes on and on. There are famous Mensans and prize-winning Mensans, but there are many whose names you wouldn't know.

Get real.

Re:Limits

[Erik+Hollensbe]

Don't know what to talk about?

Try listening.

And the fact that you seem so quick to label all bar patrons as "Drunks" seems to tell me than engaging in conversations with people that you don't know is the least of your problems.

Re:Limits

[Omestes]

For awhile I had the same outlook as you, if people couldn't talk about "deep" matters, well then, screw 'em. Then I realized that I was actually a snob.

Everyone has something in common, the only barriers are linguistic. If you don't talk to common man, you loose social skills, and become disconected from the reality that most of the world lives in. Plus, it is always good to get new views on things, even if you find them ignorant, or against your own.

Thats one thing I have against cell-phone culture, everyone is talking to someone they know, and thus never meet different people, with varying POVs. A democracy thrives on interaction.

There are some very interesting people out there, who don't know a lick about tech, but know a great deal about things you don't, like farming, waiting tables, living in a card board box.

Re:Limits

[Omestes]

I actually spend most of my time sitting on the patio of a local bar, reading and doing work. It's a nice laid back bar frequented by college students. They have really good food too. I only get smashed their on weekends.

Nothing quite like sitting outside, reading good books, and drinking a pint of stout, munching on pizza chips.

At another local bar there is a philosophy circle, we meet every weekend, listen to the house jazz, and discuss things. Pretty good for a bunch of drunks.

Re:Limits

[matithyahu]

perdue? do you mean Purdue? if this is not bullshit (who knows) then you could at least spell the university right!

Re:Limits

[Wordsmith]

Why don't you guys all meet up somewhere and talk this over. I'm sure the in-person interaction would be better. Or maybe worse. Or maybe better. Or maybe ...

Re:Limits

[drsquare]

Of course, you'll be the first one complaining on Slashdot when you end up being managed by someone who is far less skilled than you, but actually bothered to learn how to interact with people. I suppose you'll be able to content yourself by putting up Dilbert cartoons on the walls and reminding yourself how intelligent and great you are.

Re:Limits

Wow, how much you've unintentionally revealed about yourself by listing your criteria for accomplishment. Yes, the parent is elitist, but your so-called 'notable accomplishments' are laughable and revealing of a shallow, spoon-fed conception of success. Real-life accomplished people do more interesting things than graduate from an Ivy or score 99th percentile on some standardized test.

Re:Limits

And I got my BS in CS from Harfard and a 1600 on the SIT. I didn't learn to spell iether.

Re:Limits

[davesag]

I don't want a social circle of drunks.

but perhaps you do want a social circle of coctail waitresses.

Re:Limits

[Negatyfus]

I don't think your behavior is elitist as much as it is limiting. You assume the only interesting people you'll ever meet are those who are at an intellectual level comparable to yours. I think this is a mistake. In my opinion, you should pat yourself less on the back and start having more fun. But to each his own...

Re:Limits

[CoolVibe]

I recommmend a good Pub as well. In a good Pub, the staff is talkative and friendly, the people are diverse, the beer is nice and tasty and the food is palatable. (just like you said), but, I just as easily whip out my laptop + wifi _in_ that same pub to talk to people I know on IRC.

Best of both worlds.

Re:Limits

[OP_Boot]

Ouch! I used to do that in my old place. Funy how I don't feel the need to now.

Re:Limits

Wow. You've made a really good case for not wanting to meet you. If all you can talk about is your car, then I'll pass. I can talk intelligently about the Wankel, but I also like to talk about other things. Apparently, you have a very limited range. So, yes, stay at home. Please.

Re:Limits

[Bitsurfer]

Don't belittle othere preferences?

How about not reaming people over the 'dead end jobs'?

You know, that 'loser' serving you your supersized value meal is know different than you right?

get a clue my friend

Re:Limits

dude, the ac he replied to specifically asked him for these figures. he just answered offhand with them.

Re:Limits

[chaoticset]

All of your "advantages" involve speaking to a small group of known people anywhere/anytime.

Yeah, because there's only a handful of people using the internet.

In the physical world, you meet new people.

They've just been created. They're called babies. They don't have a lot to say. Or, did you mean strangers? Oh, right, you meant strangers. Yeah, it's fun to get knifed and robbed by new people!

New people bring new ideas, perspectives, activities, etc.

Yeah, because nothing new ever gets talked about on the internet.

Re:Limits

[chaoticset]

"Elitist" is the word.

To which I can only quote Get Your War On:

If 'elitist' just means 'not the dumbest motherfucker in the room,' I'll be an elitist!

To All Loaf Users: +1, Informative

Instead of trying lame ways to get laid, why don't you
read newspapers (hard copy or webbified) and participate in the
detention, extradition, trial, conviction, and sentencing of
United States War Criminals

Patriotically as always,
Kilgore Trout

P.S.: Buck Fush In 2004

STFU, Hippy.

[PeelBoy]

meh

No good for business

[waterwheel]

Can't use this for business. The last thing I want is my customers (or anyone else for that matter) being able to query to see if I have other specific emails in my list. Even worse, a competitor gets their hands on it, and just hammers emails at it, looking for positives.

Not necessarily more polite in person

[TWX]

I've noticed that computer-types are usually not necessarily polite in public. Specifically I've encountered real shitheads at coffeehouses who rudely butt in to tech discussions that I'm having with friends. These aforementioned shitheads like desparaging people, claiming that others really don't know what one is talking about, or like to just stir up trouble.

Yes, get out into the real world, but don't socialize with just other computer types, role players, math geeks, gamers, or any single stereotype. Just go meet people. Go dancing. Go bowling. Go hang out in a bar somewhere. One might actually get laid that way.

Re:Not necessarily more polite in person

[tabrnaker]

I happen to butt into tech conversations every once in a while. I only do it because usually the person speaking really does not have a clue what they're talking about. I can't stand to see people getting the wrong information. I'm not saying this is the case for what you've encountered but it is a possibility. Then again, i mainly do it at places like futureshop/london drugs/etc... where stores sell over priced electronics by people whose knowledge is limited to what they can read off the sales tag.

Re:Not necessarily more polite in person

[TWX]

Well, situations like that which I've encountered are when a bunch of Linux users are chatting, knocking about the virtues and vices of a particular daemon, text editor, init style (BSD vs. SysV), type of encrypted network tunnel, or whatnot. I've been using Linux since 1996, and many of my friends have been at it for at least four years solidly. We don't take kindly to people deciding to chide us when they're not part of the conversation.

A particular offender at a coffee house that I frequent is about to earn a chai tea on his head if he keeps it up.

but, what if..

[Keruo]

you don't have any friends?

Re:but, what if..

[nkh]

I'm your friend, you can send me everything you want on my mailbox: me@privacy.net, I'll reply as soon as possible.

Re:but, what if..

[bbdd]

BREADSTICK?

(you know, a very small loaf. laugh, it's funny.)

Re:but, what if..

[Ian+Bell]

shortbread surely

Sorry...

[MisanthropicProgram]

but what the fuck did you say?

Please, in English. Please, give me an argument for my fellow P.H.B.'s

Re:Sorry...

> Please, give me an argument for my fellow P.H.B.'s

Work, Cost, Money!
Money Money, Cost, Slavelabour, Microsoft.

Mail worms

[gmuslera]

... they are sent from an address the infected person knows or at least have stored in a way or another to another address he have too. This factor should be taken in account when evaluating how "trustable" is the info or in how it could be used, else it could become useless or irrelevant.

But....

[oO+Peeping+Tom+Oo]

If they release a worm, we'll finally know which ones of our friends were dumb enough to open attatchments :p

Vulnerable to Dictionary Attacks

[christo]

Hmm.

So someone precomputes the hashes for every single
email address at yahoo/hotmail/gmail.. or for
a single company that you're trying to find info
about.

Just as you don't want to give someone your /etc/passwd file, in case they run a brute force search, wouldn't you not want to reveal the email address of all your friends?

Not that strong...

[ikegami]

You don't need to extract every email in it to break it...

For example, if your employer got their hands on your list, they could check if you've been in contact with people at your competitors.

It's even worse if they try and get a false positive!

Re:Not that strong...

No, the false positives just make for plausible deniability.

what mail client(s) is this talking about?

[frovingslosh]

OK, I've read the article, and I still can't determine just what they are talking about. They use the term "address book" like there was some sort of one size fits all address book that all e-mail clients use. Such is certainly not the case; I use several e-mail clients and each has it's own address book (a sad fact that is even delaying my switch to Thunderbird on my desktop). What address book or address books does this thing use? What client(s) does it support?

While IM was never mentioned in the article, my fear is that something like this is more likely aimed at IM users than others; quite an oximoron for an application designed to promote privacy and security. Also, since it seems to be based on a friend-of-friend approach, it would have to support the address book format of every friend that I excahange e-mail with, would it not? This all seems to be ignored in the article.

Re:what mail client(s) is this talking about?

[FamousLongAgo]

"Address book" is a misnomer - what this is based on is email addresses you have sent email to (or specifically imported into LOAF). The app monitors your outbound mail (through a sendmail wrapper, for example) and adds all new addresses to its list of seen recipients.

Right now there is a reference implementation for Pine/procmail, we are hoping for help with implementations for Outlook, Mail.app, and other clients.

Not possible to reengineer?

[alexborges]

BAH....
Spammers will have a field day with this thing.

No need to reengineer it, theyll just fill it up with likely addresses and it will be shot into the ground and spit on.

Social Networks are good

I can see that the social network concept is very useful sometimes and allows alternatives to the "real" social networks....but then if you have a real life with a real network/s you dont really have time to create, mantain and post everyday some stuff for people that you dont know/dont care about.

heh

[kin_korn_karn]

you can try LOAF, I'm gonna pitch it.

Re:heh

Good sir, I believe you're looking for "pinch", which does not lend itself nearly so well to quips on the topic.

Hmm...

[Hobbex]

A ``me too'' attack consists of taking someone else's filter and claiming it as your own. This does not help you get recognized by other correspondents - that determination is made by comparing your email address against their list of stored filters - but once you are 'in', it will make you appear to share many contacts with people you actually don't know well at all.

Why not just salt the SHA1 function with the filter owners email address? That way somebody could never take my filter and claim it as their own, since the bloom filter won't match anything when the hash values are produced with their email address as the salt.

Am I missing something?

Re:Hmm...

[squidgyhead]

Reverse-hashing a known email address isn't hard - it's trivial. In the case where the attacker knew the email address of the person from whom he stole the filter, he could just reverse the hash and replace it with his own email address.

Re:Hmm...

[FamousLongAgo]

No, you're right on the money. In fact this is the approach the authors (self included) do take - the email of the owner is hashed in as one of the keys, to prevent filter theft.

Re:Hmm...

[FamousLongAgo]

The owner's email is hashed in with each of the keys. Go read the about page if that doesn't make sense to you.

List Of All Foes

[jabber01]

How about turning that frown upside-down, and setting up a mutually-learning system based on the addresses of everyone I filter/block?

exactly....

[zogger]

...what I thought. and they had the acronym first, the new guys need to get a different one. I was hoping it was some new whizzbang release, like a full desktop GUI distro on a single floppy, that would have been cool...if possible.....

Re:exactly....

[Halfbaked+Plan]

Depends on what your idea of a GUI desktop is.

Remember, in the old days a multiuser UNIX system was a PDP-11 with 16K of RAM and maybe a slow tape drive for storage.

An old 386sx laptop can be a hell of a workstation if you know how to productively use the old software power tools.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Oh Boy, Longer Emails!

[tarsi210]

Gee...hasn't anyone else noticed what else we get with LOAF? Longer shit on emails!

Unless the application (which it might, I haven't checked) filters the LOAF signature, we'll have a nice influx of three-word emails with 25 lines of crap at the end of each, plus headers, plus the 50-line signature that I flamed you about last week, plus your cutsey signoff, plus the last 14 messages you've quoted in the discussion thread because you were too fucking lazy to edit them off, plus a poorly-rendered ASCII-art picture of Britney Spears showing her hot grits, plus...

Well. You get the picture. I can't wait until I can be on mailing lists that have 95 LOAF signatures at the end of each email because they were running Outlook and it couldn't filter them out.

Any way to stick those babies in a header? At least they can be hidden, then. The bandwidth is just a victim anyway.

Re:Oh Boy, Longer Emails!

[Alsee]

Gee...hasn't anyone else noticed what else we get with LOAF? Longer shit on emails!

Unless the application (which it might, I haven't checked) filters the LOAF signature, we'll have a nice influx of three-word emails with 25 lines of crap at the end of each, plus headers, plus the 50-line signature that I flamed you about last week, plus your cutsey signoff, plus the last 14 messages you've quoted in the discussion thread because you were too fucking lazy to edit them off, plus a poorly-rendered ASCII-art picture of Britney Spears showing her hot grits, plus...

Well. You get the picture. I can't wait until I can be on mailing lists that have 95 LOAF signatures at the end of each email because they were running Outlook and it couldn't filter them out.

Any way to stick those babies in a header? At least they can be hidden, then. The bandwidth is just a victim anyway.

Me too.

-

SPAM Application

[xombo]

What would be great is to use this as a SPAM fighting measure. Just apply fewer points to a message that comes from a "real person" or "friend" on the network based upon their closeness to you in the social network thus reducing the possibility of the message going into the Junk box. Or, why not use the same concept to create "networks" of Spammers. So when you get a message, add them to the spam network and apply points to the message to consider it SPAM that way there's a global list spammers that could potentially weed them all out.

Re:SPAM Application

[dodobh]

Until your email address is forged as the spam sender. The only thing you can trust in your recieved headers is the recieved line from your mail server.

automatic intelligence filter

And meeting them online at least has an automatic intelligence filter- if they can't type english, they can be ignored as morons

[...]

Like I said- both have advantages and disadcantages.

Guess you have a point there.

Re:automatic intelligence filter

[AuMatar]

There's a difference between a single typo (in other words, an honest mistake) and not being able to type english. An example of the later would be:

ths is how u tipe no englis. a/s/l

Re:automatic intelligence filter

does it make you sweat at night to know that there are plenty of intelligent people who find you dull, unexceptional and a complete limpwrist?

and these are people who have seen your face.

Thunderbird extension

[Guillermito]

Looks somewhat interesting.

I would try it myself when/if someone writes a Thunderbird/Mozilla extension for it.

(Before you ask. No, it's not interesting enough for ME to write a thunderbird extension myself)

Just what we need

[BCW2]

Give everyone of us another reason/method/way to LOAF!

Web of trust

[s4ltyd0g]

Similar to signing your mail with gpg no?

I hear that a lot

[PatientZero]

I don't like the idea of being . . . reached at any time.

This is a constant complaint given to cell phones -- usually from random people but even sometimes from my friends. And the thing is, I still don't get it. I understand the sentiment of not wanting to be reachable 24x7; what I don't get is how having a cell phone makes you so reachable.

You can always turn your cell phone to vibrate mode, or simply turn it off. Bingo, you are now unreachable, yet you maintain the ability to connect with people if you so choose. Problem solved.

Does your work insist you keep it on and be reachable at all hours? No problem. When it rings, check the caller ID. Is it work? No? Don't answer the freakin' phone! Once again, problem solved.

The mere knowledge that someone is calling you does not somehow commit you to speaking with them. Everyone has voicemail and email. Unless it's an emergency -- and then you should have a signal worked out with those that you care about -- it's okay to ignore the phone entirely.

Re:I hear that a lot

[Class+Act+Dynamo]

I understand and completely agree with you. I did not mean to sound like I was helpless. I mean only that I never want to be like that. I have one friend who, no matter what, will answer his cell phone and talk incesantly, even if we are at dinner or something. My meaning was that I don't want to let the stuff control me like some do, nor do I want others to have the expectation that I am always available. I definitely check my cell phone caller ID and don't answer when I am busy or don't feel like it.

Re:I hear that a lot

[TedCheshireAcad]

I'm one of those people who doesn't like the idea of people being able to reach me all the time. And to the argument of turning it off:

Boss: "I called your cell phone but you didn't pick up."
Me: "Yeah, I turned it off. I didn't want to be reached."
Boss: "Why do you have a cell phone, then?"

-Or: My Way-

Boss: "I called your cell phone but you didn't pick up"
Me: "I don't have a cell phone..."
Boss: "Oh. I guess I am a blithering idiot and need to commit suicide so I don't reproduce and pollute the gene pool."

See, our argument does have a positive side.

Re:I hear that a lot

[Darren+Winsper]

Would it really be that hard to say "Because I don't have it turned off all the time?"

my prediction ...

[mark9white]

Think Bluetooth ... At some point something like this will be a killer app on mobile phones (who needs the 'Do You Know' game when all the answers are already in your phone)

It will work for a while - degrees of seperation

[dbIII]

It will work for a while, then someone you know will get Kevin Bacon on their list you'll be able to get emails from anyone.

Perhaps limit it to a couple of steps away.

LOAF stands for....

[Halfbaked+Plan]

...Linux On A Floppy. It has for a long time. Almost certainly longer than this upstart project has been using the acronym.

Re:I suspect LOAF will take off...

that was very insightful.

now i need to go pinche off a loaf...

Comment removed

[account_deleted]

Comment removed based on user account deletion

It's simple, really.

[Dwonis]

If you're the type of person who would use something like Friendster (and not the type of person who would go to a bar very much), then you are more likely to meet people like yourself using Friendster than going to a bar.

LOAF vs FOAF

FOAF Whitelists

Been there, seen this.

Exac^H^H^H^HUmm...

I was going to replay saying "Exactly! Finally someone sees things they way I do", but then I realized that would make me an unsocialable, disconnected, ignorant snob.

muttloaf

so hungry

number of sexual encounters...

[benzapp]

zero...

further proof that the higher the intelligence, the lower the reproductive potential.

Re:number of sexual encounters...

[winkydink]

True of you're a geeky, introvert who spends all of your time online. Not true if you're intelligent and moderately ougoing, witty, happy, friendly, etc...

If the only blind date one has ever had is closing one's eyes while one burps the worm, one needs to work on the aforementioned other qualities.

Re:number of sexual encounters...

[benzapp]

Also, excellent advice.

Sad state of the Interweb....

[mat+catastrophe]

I'm not sure if anyone else has posted this idea yet, 'cause I'm way too lazy and tired to read the whole discussion, so I'm just throwing this out there....

It seems kind of sad and pathetic that we need something that "checks incoming mail against the address books of your friends" in an effort to get rid of email from complete strangers....

The internet was supposed to, among a thousand other things that are now long forgotten, get strangers together who shared common bonds of interest or study. Hobbies, ideas, whatever...

Bloom::Filter ...

[Zwoop]

I tested this Perl module a while ago, and it has truly abysmal performance, giving a bad rep for Bloom Filters. I've been using an implementation written in C++, with a Perl XS API (thanks Tim!) and there's no comparison. Well, I guess there is a comparison, like this (for a set of 4.5M entries):

Inserts ("add"): 10/sec .vs. 172,000/sec
Memory usage: 200MB .vs. 18MB

(first numbers are for Bloom::Filter, second number for "doctor" Sturge's C++ Bloom filter implementation).

I haven't spent a lot of time looking at the Perl code, but it's clearly doing some very suboptimal bitmap operations, and it's certainly not memory efficient at all (which is the main reason to use Bloom filters). Granted, this should be easy to fix.

-- Leif

Re:Viruses and worms

[grahamsz]

That's security through obscurity. If mutt became as popular as outlook then works would look at your address book.

Like hell it would...

[Garridan]

This would make a horrible SPAM-sink. Spyware could grab lists of lists of addresses. Once downloaded, addresses could be brute-forced out of the lists. Furthermore, they could use names of friends to send email, and completely bypass any blocking measures.

Better use

[spectrokid]

Couldn't this be used as a way of keeping your adress book up to date? Encode a persons name, his email adress and the last time you received a mail from him (adress confirmed good). Send it out to everybody you know. If I receive a different email adress than the one in my contact list and it is more up-to-date then mine, I know the person changed email adress.

Why not use pgp/gpg ?

[v1z]

You sign all your messages, you sign the keys of those you trust -- and if someone sends you a signed e-mail, you can check if someone you already trust has signed their key.

It's not quite the same, but it offers a lot more than "ho-hum, someone I know, knows this email". And while keys can be stolen, it is far easier to forge sender addresseses, and most spammers/"phishers" do that autmatically -- AND with a high probability of using a from-address you already know (Same domain (work), compromised computer (friends address book) or simple harversting (friends/employers/club web page).

Barcom

[sita]

If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher

Well, that certainly depends. If you are a regular at your computer, your friends are probably regular at theirs. If you're a regular at the pub, chances are your friends also are.

And, after a few pints, some people do indeed talk to people not present at the bar...

I can post something, he can read it later. A bar doesn't do that

Oh, yes, there are a few ways to do that, at least if you are a regular. If you need some theory on how it works, try following a tv series located in a bar or pub, within short, someone's wife is bound to leave an asynchronous message with the bar man!

Real life has its own set of advantages. Neither is obviously better than the other.

That's a subjective statement, of course, but taken to the extreme (that you really have to choose), I have to disagree.

Alternatively...

[arafel]

Of course, it's possible you should also find something else to talk about. :)

Even if people do understand what you're talking about - which I do - it's not really something I find interesting enough to have a conversation about. There's more to life than computers. ;-)

Care for SPAM with your LOAF

[tod_miller]

Is it just me or does LOAF sound like a cure for SPAM? Cure... spam... cured... meat... blah.

Hash codes that you can query, and find out if you know that person, who knows that person...

As you grow your 'friends' you can highten your spam security...

just a thought...

good one

[chrisranjana.com]

sounds like a good networking tool indeed

About social networks (Re:Please go outside)

[bogado]

I am a Brasilian, and as you probably have heard we had invaded orkut. :-) We do love social networks, we are very social, even the most nerd ones here do go out and meet people in bars (ok Brasil is very big, and my experience is most with Rio).

We also love the internet and every new gadget or service. This does not stop us from meeting in bars and in person, just the oposite, I've seen Orkut making people more social and meet more people in person in a few months then in years I have known them. I myself have been put in contact with people I barely seen before, in a way that we can get out more.

All that said is just to show that the problem you're ranting about, witch I do believe it is a real problem, is not the fault of social networks or intenet chats that help people meet on-line, but really more of a cultural or even a personal problem (some people simply are afraid of meeting other people).

Ps. I hate orkut, it is buggy as hell and almost useless. The only good thing it has is the mass of people they have. Otherwise it is a really crap, almost aways out of service.

Computers are a tool

to get stuff done,
no more - and no less.

any other ideology is just a cop out.
getting a life, really isn't that hard.

go do a course.
learn something...

do something you're interested in.
and meet people.

Simple in it.

anything else is just a cop out.
christ all this armchair politics bollocks

Sucks ass.
Later, Losers.

vira?

[AmbyVoc]

Was it? Damn... Gotta be changing the sig soon anyway..

Re:vira?

[ryanmfw]

Certainly, Vira with vira with vira with vira with vira with vira with vira with vira.... with vira with vira with vira.... :-)

Babytop

[pforhan]

My 10-month-old daughter cries loudly if the laptop is open and she can't play with it. Her favorite button is the lid-close button, which blanks the screen when she presses it. My wife is trying to get her to love horses instead, but I think it's too late.

obligatory slashdot joke

[Geoff-with-a-G]

I want to meet highly intelligent, thoughtful people. There tends to be a limited number of those per geographic area. Those limitations are removed online.

You must be new here.

10 Million

[BubbaThePirate]

I want it...

Gimme my 10 Millionth

[BubbaThePirate]

It's mine!

Why bother?

[hcdejong]

In the 8 years that I've had Internet access, I've had exactly zero messages from 'friends of a friend' (out of the ~100 e-mails I receive daily). I'm not running whitelist spam filtering either, so it's useless for that as well.
So what's the point?

Comment removed

[account_deleted]

Comment removed based on user account deletion

orkut

[nazsco]

"Distributed Social Networking Over Email" ...and just how is this different from orkut you said?