Re:I have been working on another one
on
Replacing SMTP?
·
· Score: 1
I actually think it will be a combination of technical, social, and legislative. Right now, the technology makes it very difficult for a legislative solution to work. It is already consider highly impolite to send spam, so the social angle is already there.:-)
IMHO, a technological solution should make what spammers do easy to track down, and obviously wrong. That makes it possible for a legislative solution to further target them with political punishment for their actions.
Re:Are you sure the problem is primarily with SMTP
on
Replacing SMTP?
·
· Score: 1
Because, you can come up with a solution that solves all of these problems for all of the different protocols if you create something that lives beneath them that does those things.
It shouldn't be the responsibility of each individual application to implement this kind of thing. This should be a function of some layer of your protocol stack that's shared by multiple applications.
Re:Will receive email for work.
on
Replacing SMTP?
·
· Score: 1
I was thinking about that. An ISP could provide the service of solving the problem for you, for a price. I think ISPs that cater to spammers would be much less likely to put huge CPU workfarms on the line for them.
Even if they did, my method would still disallow forged headers.
The upgrade path issue weighs heavily on my mind too.:-) See my other post here on this topic.:-)
Re:I have been working on another one
on
Replacing SMTP?
·
· Score: 1
Those are interesting ideas that I'm going to have to think on a bit. It's similar to what I intend, but not exactly the same. I do want to exploit network effects on a person-to-person basis, whereas you want it on an ISP-by-ISP basis.
I expect your technique would more powerfully exploit network effects, but mine has a host of other side benefits for users, like being able to move their email to a different ISP without having to directly inform everybody and rely on them to update their address books.
Re:I have been working on another one
on
Replacing SMTP?
·
· Score: 1
It's an anagram, and it's a joke. The project itself is serious, but the acronym is intentionally a very stretched, silly acronym.:-)
Re:Will receive email for work.
on
Replacing SMTP?
·
· Score: 1
Using a secure whitelisting system, this could be OK, even for fairly slow machines.
I have been working on another one
on
Replacing SMTP?
·
· Score: 4, Insightful
Actually, I've been working on a broader based piece of infrastructure than a new mail protocol, but the first problem I intend to attack is mail.
RFC 822 is fine for messages, but the transport needs a big upgrade. Also, envelope senders and receivers are non-verifiable, and therefor broken. One day, spammers are going to start using mailing lists and message boards to construct a profile of people you talk to, and send you mail that appears to come from them, thereby making whitelists useless.
The basic premise of my general transport is that all messages are addressed to a public key and come from a public key. All messages are signed by their supposed source ID, and most messages are encrypted to the destination ID.
A public key ID plays a similar role to an IP address in an IP packet. There will be distributed databases that hold (signed) mappings between public key IDs and their locations using other networking mechanisms.
I'm trying to design this protocol and its implementation so its easy to encapsulate it in almost anything. My first connection to an outside protocol will be IMAP/SMTP.
It's far from being ready for even a public alpha yet, but I do have preliminary code for creating certain kinds of messages at https://svn.generalpresence.com:5131/repos/trunk/C ++/pract_crypto/. I'm borrowing heavily from Bruce Shcneier and Niels Ferguson's latest book, Practical Cryptography. The initial implementation is in a mix of Python and C++. It requires Swig and the GMP library. I haven't designed the implementation itself to be in the least robust against attacks by someone who has root on your machine.
I am calling the protocol 'CAKE' for now. CAKE stands for Key Addressed Crypto Encapsulation. It is a layered protocol, since I intend it to be layered on top of any other protocol you can think of.:-)
One intention of mine is to publish a hash collision problem along with information mapping a public key to a mailbox. First time senders will have to solve the hash collision problem to avoid having the mail thrown away. I'm planning on simply wrapping an RFC 822 message in a CAKE shell.
Actually, it seems to me that if Intertrust wins, the patent situation either changes for the better or stays about the same, and Microsoft is forced to cough up a whole bunch of cash for licensing. And if Microsoft wins, the patent system stays the same, and Microsoft has to cough up no money. So, I vote for Intertrust winning, even though they are evil patent holding scum.
Yes, this is exactly the sort of thing I'm talking about. I'm more of a researcher than a business person, though I make it a point to have some understanding of business concerns. This might be kind of a fun thing to do.
Why doesn't it? It seems like an excellent idea to band together for things you all need, but aren't central to your business. After all, it already happens if several of them use the same software vendor.
No, he's not. What he's saying is that your product will not suddenly stop working or stop being in demand because some single other company you're depending on decides they like someone else better.
Your statement makes no sense. And you don't suck if you support MS, you're simply locking yourself into a model where the very existence of your business is at the whim of a single corporation. Doesn't sound to me like much of an existence at all actually.
Feel uncomfortable when your subservience is pointed out huh? Don't like having it shoved in your face that you're putting your business in the hands of Microsoft whenever you develop for their platform?
You could point out to the people that they're sharecropping bigtime, and that they should seriously consider getting together with other companies and funding an Open Source effort to replace their software. It's really a huge risk for them to be dependent on a particular vendor. If talk about risks and costs, I bet they'd get it.
If they weren't so tied to Microsoft, they would never have brought up the SCO case at all. The SCO case simply allowed them to avoid stating what their real reasons for refusing the job were. They wanted to refuse the job in a way that made the Linux people look bad and made them not look bad.
The SCO case is still having an effect, but that effect isn't as strong as people here are making it out to be. It's probably still actionable under libel laws though.
It's a fine thing, and when another 25% of the country (or more) is in jail, I hope you're happy that your authoritarianism has created such a large class of people you now have to pay money to support.
War on copyright violators is going to be much worse and more nasty than a war on drugs. No amount of this suing behavior on RIAA's part is going to stop it. Copyright is no longer a set of laws that fit the way people want to do things. It needs to change.
Those are what as known as submarine patents. The entity getting the patent purposely manipulated the patent process so that the patents were granted long after the application was filed, giving an effective patent lifetime far in excess of that normally granted by the patent system.
Patents should be granted from the date of filing, not the date of issue. Submarine patents are a nasty abuse of the system.
I wouldn't. I like the pressure it puts on companies to Open Source their stuff. Non-Open Source software is inherently untrustworthy because you can't get an independent review of exactly what it's doing.
I don't want to end up with a security nightmare like you have on Windows desktops where it seems like every other program has some kind of call home feature that essentially turns the program into a trojan.
This doesn't at all explain why on earth all of their nForce2 drivers are closed source. I don't care what argument they can come up with, they don't need to close source the ethernet and audio drivers for that chipset. It's ridiculous.
I consider any closed source code to be untrustworthy and suspicious. Too much of it sends infrmation back to the company that made it, which is a security breach. Also inadvertant bugs that I can't do anything about may also compromise the security of my system.
Running someone else's code on your system when you have no means of reviewing that code is asking for security problems.
You're right, there was more chance of trademark confusion from FreeCraft to WarCraft than from freeciv to civiliation I, II, and III.
The C&D letter of course, complained about more than just the name. And there are ways of asking nicely instead of starting things off with a scary legalistic cease & desist letter.
So, why hasn't FreeCiv been sued out of existence then? Seems to me that there was some precedent to a game calling itself 'FreeSomething' and it being OK.
Because others were forced to create incompatible formats to compete with them. A situation that's bad for consumers and for all the companies involved. The formats have no particular technical advantages or disadvantages, they're just different.
Slashdot Mirror
I actually think it will be a combination of technical, social, and legislative. Right now, the technology makes it very difficult for a legislative solution to work. It is already consider highly impolite to send spam, so the social angle is already there. :-)
IMHO, a technological solution should make what spammers do easy to track down, and obviously wrong. That makes it possible for a legislative solution to further target them with political punishment for their actions.
Because, you can come up with a solution that solves all of these problems for all of the different protocols if you create something that lives beneath them that does those things.
It shouldn't be the responsibility of each individual application to implement this kind of thing. This should be a function of some layer of your protocol stack that's shared by multiple applications.
I was thinking about that. An ISP could provide the service of solving the problem for you, for a price. I think ISPs that cater to spammers would be much less likely to put huge CPU workfarms on the line for them.
Even if they did, my method would still disallow forged headers.
The upgrade path issue weighs heavily on my mind too. :-) See my other post here on this topic. :-)
Those are interesting ideas that I'm going to have to think on a bit. It's similar to what I intend, but not exactly the same. I do want to exploit network effects on a person-to-person basis, whereas you want it on an ISP-by-ISP basis.
I expect your technique would more powerfully exploit network effects, but mine has a host of other side benefits for users, like being able to move their email to a different ISP without having to directly inform everybody and rely on them to update their address books.
It's an anagram, and it's a joke. The project itself is serious, but the acronym is intentionally a very stretched, silly acronym. :-)
Using a secure whitelisting system, this could be OK, even for fairly slow machines.
Actually, I've been working on a broader based piece of infrastructure than a new mail protocol, but the first problem I intend to attack is mail.
RFC 822 is fine for messages, but the transport needs a big upgrade. Also, envelope senders and receivers are non-verifiable, and therefor broken. One day, spammers are going to start using mailing lists and message boards to construct a profile of people you talk to, and send you mail that appears to come from them, thereby making whitelists useless.
The basic premise of my general transport is that all messages are addressed to a public key and come from a public key. All messages are signed by their supposed source ID, and most messages are encrypted to the destination ID.
A public key ID plays a similar role to an IP address in an IP packet. There will be distributed databases that hold (signed) mappings between public key IDs and their locations using other networking mechanisms.
I'm trying to design this protocol and its implementation so its easy to encapsulate it in almost anything. My first connection to an outside protocol will be IMAP/SMTP.
It's far from being ready for even a public alpha yet, but I do have preliminary code for creating certain kinds of messages at https://svn.generalpresence.com:5131/repos/trunk/C ++/pract_crypto/. I'm borrowing heavily from Bruce Shcneier and Niels Ferguson's latest book, Practical Cryptography. The initial implementation is in a mix of Python and C++. It requires Swig and the GMP library. I haven't designed the implementation itself to be in the least robust against attacks by someone who has root on your machine.
I am calling the protocol 'CAKE' for now. CAKE stands for Key Addressed Crypto Encapsulation. It is a layered protocol, since I intend it to be layered on top of any other protocol you can think of. :-)
One intention of mine is to publish a hash collision problem along with information mapping a public key to a mailbox. First time senders will have to solve the hash collision problem to avoid having the mail thrown away. I'm planning on simply wrapping an RFC 822 message in a CAKE shell.
Why every 45 minutes, 36 seconds?
It's not like Reiser4 isn't aimed towards servers. XFS is actually the only real competition with Reiser.
Actually, it seems to me that if Intertrust wins, the patent situation either changes for the better or stays about the same, and Microsoft is forced to cough up a whole bunch of cash for licensing. And if Microsoft wins, the patent system stays the same, and Microsoft has to cough up no money. So, I vote for Intertrust winning, even though they are evil patent holding scum.
Yes, this is exactly the sort of thing I'm talking about. I'm more of a researcher than a business person, though I make it a point to have some understanding of business concerns. This might be kind of a fun thing to do.
Why doesn't it? It seems like an excellent idea to band together for things you all need, but aren't central to your business. After all, it already happens if several of them use the same software vendor.
No, he's not. What he's saying is that your product will not suddenly stop working or stop being in demand because some single other company you're depending on decides they like someone else better.
Your statement makes no sense. And you don't suck if you support MS, you're simply locking yourself into a model where the very existence of your business is at the whim of a single corporation. Doesn't sound to me like much of an existence at all actually.
Feel uncomfortable when your subservience is pointed out huh? Don't like having it shoved in your face that you're putting your business in the hands of Microsoft whenever you develop for their platform?
You could point out to the people that they're sharecropping bigtime, and that they should seriously consider getting together with other companies and funding an Open Source effort to replace their software. It's really a huge risk for them to be dependent on a particular vendor. If talk about risks and costs, I bet they'd get it.
If they weren't so tied to Microsoft, they would never have brought up the SCO case at all. The SCO case simply allowed them to avoid stating what their real reasons for refusing the job were. They wanted to refuse the job in a way that made the Linux people look bad and made them not look bad.
The SCO case is still having an effect, but that effect isn't as strong as people here are making it out to be. It's probably still actionable under libel laws though.
It's a fine thing, and when another 25% of the country (or more) is in jail, I hope you're happy that your authoritarianism has created such a large class of people you now have to pay money to support.
War on copyright violators is going to be much worse and more nasty than a war on drugs. No amount of this suing behavior on RIAA's part is going to stop it. Copyright is no longer a set of laws that fit the way people want to do things. It needs to change.
Those are what as known as submarine patents. The entity getting the patent purposely manipulated the patent process so that the patents were granted long after the application was filed, giving an effective patent lifetime far in excess of that normally granted by the patent system.
Patents should be granted from the date of filing, not the date of issue. Submarine patents are a nasty abuse of the system.
I wouldn't. I like the pressure it puts on companies to Open Source their stuff. Non-Open Source software is inherently untrustworthy because you can't get an independent review of exactly what it's doing.
I don't want to end up with a security nightmare like you have on Windows desktops where it seems like every other program has some kind of call home feature that essentially turns the program into a trojan.
What a blatant troll. It contains several obvious falsehoods all designed to stir people up into a frothing mass. *sigh*
This doesn't at all explain why on earth all of their nForce2 drivers are closed source. I don't care what argument they can come up with, they don't need to close source the ethernet and audio drivers for that chipset. It's ridiculous.
I consider any closed source code to be untrustworthy and suspicious. Too much of it sends infrmation back to the company that made it, which is a security breach. Also inadvertant bugs that I can't do anything about may also compromise the security of my system.
Running someone else's code on your system when you have no means of reviewing that code is asking for security problems.
You're right, there was more chance of trademark confusion from FreeCraft to WarCraft than from freeciv to civiliation I, II, and III.
The C&D letter of course, complained about more than just the name. And there are ways of asking nicely instead of starting things off with a scary legalistic cease & desist letter.
So, why hasn't FreeCiv been sued out of existence then? Seems to me that there was some precedent to a game calling itself 'FreeSomething' and it being OK.
There was no chance of trademark confusion here.
Because others were forced to create incompatible formats to compete with them. A situation that's bad for consumers and for all the companies involved. The formats have no particular technical advantages or disadvantages, they're just different.