I pointed out that if we were to spend a few million to lobby and get heavy tarrifs passed on outsourced labor, the number of new customers we'd gain/save in the next few years would *far* outweigh the money we save outsourcing our QA
You could also lobby the government to make it illegal for other American companies to compete with you. But this line of thinking is very selfish and nearsighted. In the long run, if overseas labor can solve problems cheaper than American labor, this is great for America. It means our companies will have more money left over to spend on other things, their products will be cheaper, etc.
Think about it this way: Suppose a Mexican company suddenly was able to offer a proprietary cell phone service to Americans which cost only a few pennies an hour. This would be great! Not only could everyone talk as long as they want, phone bills would be cut down to almost nothing. If you were paying $50/month, then suddenly you would be $50 richer and could buy pizza or some other good instead.
The only problem is that (under the constraints of this contrived example) a vocal group of American employees in the cell phone industry would be out of jobs. Or, at the very least, they would be assigned to other departments to work on something else. There would be a transitionary period where these people might have to learn new skills, in the same way that typewriter operators and COBOL programmers lost their jobs when something better came along.
But wait! What if we put a 10000% tariff on the Mexican cell phone service? Then nobody could save money by using it, and the market would be frozen, thus saving American jobs from being "stolen" by those damn foreigners!
But... this line of thinking is very selfish and nearsighted.
Heh, "megaejac" at least sounds less dorky than "MEB-bee-bite". On a good day, rewriting English is an uphill battle, but these dorky baby-talk prefixes pretty much guarantee failure. It's like the roadapples who try to coerce ordinary humans into saying "cracker" instead of "hacker" just because some MIT nerds said it in the 1970's. (Cracker = Saltines or Phrozen Crew or George W Bush. What Kevin Mitnick did is called "hacking", for the same reason we aren't all speaking Proto-Indo-European.)
Similarly, everybody knows that binary computers measure using powers of two. Confusion with base-10 only occurs in cases where some marketing person has a motive to deceive. In all other cases, megabyte means 1024*1024, and nobody is confused or inconvenienced by the inconsistency with "megagram" and "megameter".
This clamor for 1000-byte multiples is about the "purity" of the standard, NOT about practical utility. As such, it will be extremely hard to get people to change, and the new names better be at least as cool as the old ones. Sorry guys, but "gibibyte" sounds more like a homosexual mating call than a unit of measurement.
There are very good reasons why Jabber has not become more popular. When I first saw Jabber, I was totally drawn in. It just made sense that IM should (a) utilize openly documented protocols and (b) be decentralized like e-mail (or even be unified with it). In a heartbeat I installed Jabber on our server and set about converting everybody at my company over to using it.
This was in Februrary of 2001. I worked on it for a couple weeks, but the software was just shit. The server crashed all the time. It was a pain to install. The clients were ugly and written by people who didn't understand modern GUI standards. Moreover, there were *way* too many clients to choose from, meaning I would have to install and test 5 or 6 genuinely awful clients to find the 1 usable one.
In the end I gave up and we went back to ICQ. However, the compelling Jabber philosophy stuck with me, and I hoped that these problems would solve themselves with time. I gave it a second chance in October of that same year, but not much had changed. (I mean, HOW HARD is it to send little text packets across the internet? We're not talking about creating a web browser here!)
In retrospect, I think we have moved past the point where internet progress is driven by innovative visionaries who anticipate the future. Rather, progress is driven by brute evolutionary forces selecting software that happens to solve the right problems at the right time. For all its great philosophy, Jabber was just not useful enough to real everyday people. I'm talking here about people whose primary goal is to communicate, not to learn about or participate in a software development project.
I would argue that these same factors are behind similarly mediocre successes like freenet, Miranda, and many others. Here's a link to my frustrated posting on the Miranda forum when I was trying to switch over to it. Note in particular how the community responds by pointing out that the problems are solvable. That's not the point! Real users don't like solving problems, they want it to just work. It's a hard concept for nerds to grasp, but an important one.
I'll concede that my opinions about Jabber are fairly dated. Really, I should give it another shot. However, the fact that Jabber is still unknown to most people on the street gives me a strong clue as to what those results will be.
I'm still amazed that I have to apply for a new mailing address every time I move to a new city. How difficult is it to create a simple layer of indirection? Besides making it easier to find people who want to be found, this feature would *improve* privacy, since you would no longer have to disclose your house address in order to receive a package.
That's the change I want to see. I think something like this is already happening with phone numbers.
Once they've solved the problem, you give them a signed certificate. From that point on, any time they send you mail, they attach the signed certificate proving they have sent you mail before. If that mail was spam, you can revoke their certificate.
This is a good proposal. The idea would be for individual recipients to issue certificates to senders which allow their messages to be delivered. I can think of a variety of ways these certificates could be obtained:
- Through a web page "Turing test" - On a business card - Transitively through a delegate or group membership - As part of signing up for a service
The key feature is that the recipient can easily revoke the certificate at any time if it is abused. It's is similar to the approach where you generate special-purpose e-mail addresses for each sender, except it preserves a consistent address / identity.
But whatever approach is chosen, it has to be standardized and integrated into the mail protocols. It will never work if it's something that individuals must hack together with CGI scripts and procmail, particularly if you want to support legitimate automated e-mail such as mailing lists, e-commerce receipts, newsletters etc. Software implementors must agree on the certificates and interface model in order to interoperate.
My point is that AOL, Hotmail, etc. could do this. These groups control user bases large enough to provide the critical mass for adoption. Without mainstream support, it would just be another obscure entry on freshmeat.net that no one uses.:-)
This is the same as having a national ID. If we implemented this crazy plan, web sites would require you to validate your identity before you could read the news, comment on politics, or listen to music. Federal regulations would make it a felony to forge your identity.
If that were true, then PGP would receive the same criticism as Palladium. Digital certificates can be used for MANY purposes, not just verification of real-life identities.
A better solution is to require the sender to solve a time-consuming problem the first time they send something.
That's a great idea... but how do you identify the "sender"? By their IP address? By their "From:" address? These are easily forged. Digital certificates can be used to verify anything, not just real-life identities. It can be done via a cooperative, decentralized network. It can be done anonymously.
Think about how PGP works. Think about MD5 hashes for Linux packages.
E-mail is an outdated system, and spam is only one symptom of a larger condition which includes forged headers, open relays, viruses, etc. These are not social problems, they are technical ones.
More sophisticated spam filters are NOT the answer! More legislation is NOT the answer!
The solution to spam is a technical one, involving distributed validation of digital certificates. If you think about it, this could be done while still preserving people's privacy, but it would require a few extensions to SMTP. It would also require a little self-regulation by the administrators (similar to relay blacklists). This is not a new idea; it's been suggested many times.
The problem is adoption. It's the same chicken-and-egg problem seen with many other great technologies. For example, I installed PGP once, but it was useless because nobody I know uses it (and most people haven't even heard of it).
So here's my point: Huge providers like Hotmail, AOL, Telstra, etc. are in a unique position to improve the situation. They have the power to solve the chicken-and-egg problem. If a just few of them implemented these superior technologies, the rest of the world would be encouraged to follow. PGP is a great start, but cryptographic sender validation would be even better. It would eliminate the problems of address forgery and spam more effectively than any lawsuit or heuristic or FBI raid.
I have absolutely no interest in sports, especially "football". I'll be writing assembly code tonight, not watching TV. I guess I hail from the old days when "guru programmers" were called "computer nerds", and the group was more homogenous and unified.
Today the term is "geeks", which encompasses a much broader group including poser programmers, web stoolies, misfit girls, overclocking machomen, obsessive-compulsive gamers, "IT" grunts, and even the fratboy network administrator. Ironically, many of these are the same people who pummeled the real nerds back in the old days.
We should have a poll to see how many Slashdot readers are really watching the sports event tonight. TV is for losers! Whoo!:-}
I have used Debian for several years. Although having a sensible installer will encourage more people to try Debian, this is only relevant on day one. I think there are much higher priorities which affect the overall usability of Debian on days besides "Install Day". Some examples:
dselect is just an embarassment. When I first saw it, I almost quit right there. Ironically, what kept me going was the sheer shittiness, which (in my mind) was an assurance that it would have to be fixed soon. No luck so far, although aptitude looks promising.
The packages are seldom up-to-date. This is also a feature, since the stability is rock-solid. My system hasn't been hacked a single time since I switched from RedHat to Debian. But when new features matter (e.g. Perl, Samba, etc.), Debian is always several versions behind. This has been improving, and it wouldn't matter at all if the next problem was solved:
It's impossible to mix+match packages. Debian divides the world into three categories, roughly corresponding to "stable", "hackable", and "malfunctiony." Once in awhile the "malfunctiony" distribution will contain the newer version you want, but it's just there to tease you. If you try to install it, it will attempt to convert your whole system to "malfunctiony" mode. Instead you're supposed to recompile from the sources, but this has its own problems because it creates a missing dependency for other packages. That wouldn't matter, except:
The package system is not flexible. For example, suppose I compile my own Perl and install it, and now I want my custom version to satisfy the Perl dependency. The Debian answer? Create a fake package that provides "Perl" and install it. (Someone even has an automated utility for this stupid idea!) If you want to use the much superior -MCPAN, it becomes even more of a headache, because now you have lots of little fake packages like that. As far as I can tell, there is no equivalent of "provides" in rpmrc.
No support for chkconfig. Managing services in Debian means manipulating stupid symbolic links. This should be centralized.
Of course, I did choose to use Debian. To be fair, I should also mention its strong points:
It's very stable.
Upgrading packages is almost completely automatic, like Windows Update. This makes it easy to stay "current" and secure.
It's easy to install without X-Windows (which I don't need, because my servers don't have keyboards or monitors)
You can export a list of installed packages from one server, and then install this list on other server.
The Debian people aren't conspicuously trying to make you their customer
Debian is impossible for stupid people to use. This dramatically increases the ratio of smart people to stupid people on the newsgroups.:-)
I'd love it if a kernel hacker can provide some more details as to why journaling filesystems can't forceably flush the IDE disk's buffer... I've found many older threads on the issue on the linux kernel list but haven't found any definitive resolution or action items recently.
I can give you a non-hacker rationale: ignoring the "flush" commands probably improves the overall disk performance. If so, then cheap manufacturers would have an incentive to make drives that only pretend to flush. After all, the difference is only noticeable during a power failure.;-)
They were not rhetorical and I welcome your answers. In fact, I'd still like to know whether you think that the junk fax laws should be repealed and why.
Junk fax laws are valid because the technological solution is too complex. Not that it helped me any -- I get several junk faxes per day, and the "removal" numbers are usually bogus.
You seem to believe that normal citizens should invest tens, if not hundreds, of hours each learning about, installing, configuring, and maintaining spam-filtering software
Not true. I'm talking about technological changes that would be transparent to users, like SSL/SMTP or servers that scan for viruses.
There are thousands of marginal candidates that run for offices all over the country. Does each one have a right to spam you?
This is a perfect example of the problems with your laws. Spam is just one of numerous possible types of "bad" e-mail. Under your scheme, you would have to pass a law for each one. You would need increasingly elaborate conditions to differentiate "good" from "bad" to ensure fairness. It would need to be international, or e.g. people could just do their dirty work from Mexico.
Rule-based filters like spamassassin face similar problems. It is the wrong approach. Complex rules are ever-changing and costly to maintain. When they work, it is always at the cost of false positives (i.e. people's freedoms being tramped upon). The correct solution is the transitive trust model, where recipients can decide for themselves what they want to receive.
Well, that's not how e-mail works and it's not going to be changed any time soon -- no matter what hindsight has taught us. We have standards for e-mail in use by millions of users and computers all over the world.
I think this change is inevitable. It's ridiculous that anyone can trivially forge a message from the CEO of any company, when digital signatures are so easy to implement.
If this technology is not implemented by open groups, I guarantee that Microsoft will solve it for you with something like Palladium. They control a huge share of e-mail accounts via hotmail.com and Outlook, and could easily leverage AOL as well. Of course, MS and AOL would choose the centralized trust model (like Verisign) rather than the distributed trust model.
If you're going to spend your effort lobbying for something, pick the least opressive solution. I choose software. Software is the future of everything.
You know, graffiti wouldn't be such a problem if the bulding owners were more proactive about repainting their walls every time some new "art" appears. What? They'd have to buy the paint and sacrifice their own time to redo their walls? Well, that's better than government intervention in your book, isn't it?
You forget that companies are still required to install locks on their doors and put up signs that say "No trespassing". In a few years it will be technologically feasible for the government to have cameras on every lamp post. Then, we won't need locks or keys, or passwords on computers. Forget trivial issues of bandwidth and CPU cycles, you'll be saving serious dollars! All you need is one single security device, the Tattle Button(tm). Admit it -- you voted for Bill Clinton!;-)
The arguments for regulating spam are compelling. Everyone hates spam. But this would be another precedent for the encroaching restrictions of people's freedoms on the internet. The popularity of groups like EFF is not just frontier sentimentality. The internet is not like a physical object or location. It spans the numerous localities, and involves very novel issues of entirely automated processes.
Sending e-mail should not be illegal. Receiving e-mail should not be mandatory.
Using the term "Big Brother" (from Orwell's 1984) is simply inflammatory. From now on, please use "the government" when referring to the government.
Sure. But you have to agree not to use long sequences of rhetorical questions and confusing boldfaced sentences.;-)
So where does all of this end? If they can steal my bandwidth, time, and storage with spam, what's next? Should we repeal the junk fax law so that they can steal my expensive thermal paper, too?
Telephone suffers from specific technical problems that make it difficult to screen without humans continuously expending effort. Even if you have caller-ID and can recognize the name, you still have to get up and look at the box. So, I'll concede that maybe government is the last resort. My point, though, is that with e-mail we have a different situation. Existing systems like spamassassin (which filters over 20 spams a day for me) are proof alone.
The Central Hudson test recognizes the constitutionality of regulations restricting advertising that concerns an illegal product or service, or which is deceptive.
What about when the "product" or "service" is completely free? Spam that attracts visitors to banner-supported web sites, or politically motivated spam?
When a sender falsifies e-mail header information and provides a forged from:/reply-to: address, that's deceptive and passes the aforementioned Central Hudson test as speech which can be constitutionally regulated.
Yes, assuming your particular country has a constitution, ANY problem can be constitutionally regulated. But my argument is that this is only a good idea when there aren't easy alternatives. E-mail needs to be updated from its 1970's design anyway. The fact that senders can be trivially forged is totally unacceptable, in an age where public key cryptosystems are so readily available.
Receiving e-mail should NOT be mandatory. Mail servers should automatically reject messages from unvalidated senders. The technological solution of transitive trust is simple, and it would fix many other problems involving authenticity and content filtering.
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, regulation of e-mail provides yet another disturbing precendent for government control of private communication. Our founding fathers viewed governments as a last resort for problems that cannot be solved locally.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians.
There are very obvious technical solutions to the spam problem involving digital signatures. Consider the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how this concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity.
Basically, various groups would establish public-key databases containing validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or revoking the key. The definition of "offensive" would then be relative to a particular group's interests. A similar scheme could be used for content regulation on web sites, etc. etc.
E-mail has been LONG overdue for incorporation of basic technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other imperial authority.
Sending e-mail should not be a crime! Receiving e-mail should be optional!
Well another weak spot is the implementation. When I used Jabber (a year ago), the server daemon crashed all the time, and was a real pain to configure. The integration with ICQ and other chat systems was very crappy (e.g. file transfers didn't work, etc.). The clients were crappy, too.
Right now I'm using Trillian, but that won't help people w/Linux desktops. Maybe things have changed, but last I checked Jabber is one of those great concepts whose implementation doesn't do it justice. Heh, kind of like Java.
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, federal regulation of e-mail provides yet another disturbing precendent for government control of private communication. It's amazing how quickly the supposedly "lesse fair" Slashdot reader forgets his principles when the heavy hand of Uncle Sam is swinging in his favor.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians in Washington, D.C., USA. If your people group doesn't like receiving certain types of e-mail, then YOU should be taking responsibility for those decisions.
Spammers exploit obvious technical problems with the SMTP protocol, the same problems that make it easy to forge return addresses and read other people's mail. There are very obvious non-political solutions to the spam problem. Think for a minute about the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how the modern concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity and individual liberty.
Basically, various groups could establish public-key databases of validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or rejecting the key. The definition of "spam" would be relative to a particular group. A similar scheme could be used for filtering access to "offensive" web sites.
E-mail has been LONG overdue for incorporation of modern technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other crusty bureaucracy.
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, federal regulation of e-mail provides yet another disturbing precendent for government control of private communication. It's disturbing how quickly the supposedly "lesse fair" Slashdot reader can forget his principles when the heavy hand of Uncle Sam is swinging in his favor.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians in Washington, D.C., USA. If your people group doesn't like receiving certain types of e-mail, then it is YOUR responsibility to band together and do something about it.
There is are very obvious technical solutions to spam based around digital signatures. Think for a minute about the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how this concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity.
Basically, various groups could establish public-key databases containing validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or revoking the key. The definition of "spam" would be relative to a particular group. A similar scheme could be used for content regulation on web sites.
E-mail has been LONG overdue for incorporation of basic technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other imperial authority.
Slashdot Mirror
I pointed out that if we were to spend a few million to lobby and get heavy tarrifs passed on outsourced labor, the number of new customers we'd gain/save in the next few years would *far* outweigh the money we save outsourcing our QA
You could also lobby the government to make it illegal for other American companies to compete with you. But this line of thinking is very selfish and nearsighted. In the long run, if overseas labor can solve problems cheaper than American labor, this is great for America. It means our companies will have more money left over to spend on other things, their products will be cheaper, etc.
Think about it this way: Suppose a Mexican company suddenly was able to offer a proprietary cell phone service to Americans which cost only a few pennies an hour. This would be great! Not only could everyone talk as long as they want, phone bills would be cut down to almost nothing. If you were paying $50/month, then suddenly you would be $50 richer and could buy pizza or some other good instead.
The only problem is that (under the constraints of this contrived example) a vocal group of American employees in the cell phone industry would be out of jobs. Or, at the very least, they would be assigned to other departments to work on something else. There would be a transitionary period where these people might have to learn new skills, in the same way that typewriter operators and COBOL programmers lost their jobs when something better came along.
But wait! What if we put a 10000% tariff on the Mexican cell phone service? Then nobody could save money by using it, and the market would be frozen, thus saving American jobs from being "stolen" by those damn foreigners!
But... this line of thinking is very selfish and nearsighted.
-Gonz
Heh, "megaejac" at least sounds less dorky than "MEB-bee-bite". On a good day, rewriting English is an uphill battle, but these dorky baby-talk prefixes pretty much guarantee failure. It's like the roadapples who try to coerce ordinary humans into saying "cracker" instead of "hacker" just because some MIT nerds said it in the 1970's. (Cracker = Saltines or Phrozen Crew or George W Bush. What Kevin Mitnick did is called "hacking", for the same reason we aren't all speaking Proto-Indo-European.)
Similarly, everybody knows that binary computers measure using powers of two. Confusion with base-10 only occurs in cases where some marketing person has a motive to deceive. In all other cases, megabyte means 1024*1024, and nobody is confused or inconvenienced by the inconsistency with "megagram" and "megameter".
This clamor for 1000-byte multiples is about the "purity" of the standard, NOT about practical utility. As such, it will be extremely hard to get people to change, and the new names better be at least as cool as the old ones. Sorry guys, but "gibibyte" sounds more like a homosexual mating call than a unit of measurement.
-Gonz
This was in Februrary of 2001. I worked on it for a couple weeks, but the software was just shit. The server crashed all the time. It was a pain to install. The clients were ugly and written by people who didn't understand modern GUI standards. Moreover, there were *way* too many clients to choose from, meaning I would have to install and test 5 or 6 genuinely awful clients to find the 1 usable one.
In the end I gave up and we went back to ICQ. However, the compelling Jabber philosophy stuck with me, and I hoped that these problems would solve themselves with time. I gave it a second chance in October of that same year, but not much had changed. (I mean, HOW HARD is it to send little text packets across the internet? We're not talking about creating a web browser here!)
In retrospect, I think we have moved past the point where internet progress is driven by innovative visionaries who anticipate the future. Rather, progress is driven by brute evolutionary forces selecting software that happens to solve the right problems at the right time. For all its great philosophy, Jabber was just not useful enough to real everyday people. I'm talking here about people whose primary goal is to communicate, not to learn about or participate in a software development project.
I would argue that these same factors are behind similarly mediocre successes like freenet, Miranda, and many others. Here's a link to my frustrated posting on the Miranda forum when I was trying to switch over to it. Note in particular how the community responds by pointing out that the problems are solvable. That's not the point! Real users don't like solving problems, they want it to just work. It's a hard concept for nerds to grasp, but an important one.
I'll concede that my opinions about Jabber are fairly dated. Really, I should give it another shot. However, the fact that Jabber is still unknown to most people on the street gives me a strong clue as to what those results will be.
-Gonz
I'm still amazed that I have to apply for a new mailing address every time I move to a new city. How difficult is it to create a simple layer of indirection? Besides making it easier to find people who want to be found, this feature would *improve* privacy, since you would no longer have to disclose your house address in order to receive a package.
That's the change I want to see. I think something like this is already happening with phone numbers.
-Gonz
Once they've solved the problem, you give them a signed certificate. From that point on, any time they send you mail, they attach the signed certificate proving they have sent you mail before. If that mail was spam, you can revoke their certificate.
:-)
This is a good proposal. The idea would be for individual recipients to issue certificates to senders which allow their messages to be delivered. I can think of a variety of ways these certificates could be obtained:
- Through a web page "Turing test"
- On a business card
- Transitively through a delegate or group membership
- As part of signing up for a service
The key feature is that the recipient can easily revoke the certificate at any time if it is abused. It's is similar to the approach where you generate special-purpose e-mail addresses for each sender, except it preserves a consistent address / identity.
But whatever approach is chosen, it has to be standardized and integrated into the mail protocols. It will never work if it's something that individuals must hack together with CGI scripts and procmail, particularly if you want to support legitimate automated e-mail such as mailing lists, e-commerce receipts, newsletters etc. Software implementors must agree on the certificates and interface model in order to interoperate.
My point is that AOL, Hotmail, etc. could do this. These groups control user bases large enough to provide the critical mass for adoption. Without mainstream support, it would just be another obscure entry on freshmeat.net that no one uses.
-Gonz
This is the same as having a national ID. If we implemented this crazy plan, web sites would require you to validate your identity before you could read the news, comment on politics, or listen to music. Federal regulations would make it a felony to forge your identity.
If that were true, then PGP would receive the same criticism as Palladium. Digital certificates can be used for MANY purposes, not just verification of real-life identities.
A better solution is to require the sender to solve a time-consuming problem the first time they send something.
That's a great idea... but how do you identify the "sender"? By their IP address? By their "From:" address? These are easily forged. Digital certificates can be used to verify anything, not just real-life identities. It can be done via a cooperative, decentralized network. It can be done anonymously.
Think about how PGP works. Think about MD5 hashes for Linux packages.
-Gonz
E-mail is an outdated system, and spam is only one symptom of a larger condition which includes forged headers, open relays, viruses, etc. These are not social problems, they are technical ones.
More sophisticated spam filters are NOT the answer! More legislation is NOT the answer!
The solution to spam is a technical one, involving distributed validation of digital certificates. If you think about it, this could be done while still preserving people's privacy, but it would require a few extensions to SMTP. It would also require a little self-regulation by the administrators (similar to relay blacklists). This is not a new idea; it's been suggested many times.
The problem is adoption. It's the same chicken-and-egg problem seen with many other great technologies. For example, I installed PGP once, but it was useless because nobody I know uses it (and most people haven't even heard of it).
So here's my point: Huge providers like Hotmail, AOL, Telstra, etc. are in a unique position to improve the situation. They have the power to solve the chicken-and-egg problem. If a just few of them implemented these superior technologies, the rest of the world would be encouraged to follow. PGP is a great start, but cryptographic sender validation would be even better. It would eliminate the problems of address forgery and spam more effectively than any lawsuit or heuristic or FBI raid.
-Gonz
The average person, which BTW outnumbers the "in-the-know" crowd by about a million to 1, will not care.
:-D
So if there are 290 million people in America, then only 290 of them are "in-the-know"?
Obviously, you are not one of the 290.
-Gonz
I have absolutely no interest in sports, especially "football". I'll be writing assembly code tonight, not watching TV. I guess I hail from the old days when "guru programmers" were called "computer nerds", and the group was more homogenous and unified.
:-}
Today the term is "geeks", which encompasses a much broader group including poser programmers, web stoolies, misfit girls, overclocking machomen, obsessive-compulsive gamers, "IT" grunts, and even the fratboy network administrator. Ironically, many of these are the same people who pummeled the real nerds back in the old days.
We should have a poll to see how many Slashdot readers are really watching the sports event tonight. TV is for losers! Whoo!
-Gonz
Interesting... so it sounds like you just use APT directly, rather than relying on dselect? Maybe that's why nobody has bothered to improve dselect.
Thanks,
-Gonz
- dselect is just an embarassment. When I first saw it, I almost quit right there. Ironically, what kept me going was the sheer shittiness, which (in my mind) was an assurance that it would have to be fixed soon. No luck so far, although aptitude looks promising.
- The packages are seldom up-to-date. This is also a feature, since the stability is rock-solid. My system hasn't been hacked a single time since I switched from RedHat to Debian. But when new features matter (e.g. Perl, Samba, etc.), Debian is always several versions behind. This has been improving, and it wouldn't matter at all if the next problem was solved:
- It's impossible to mix+match packages. Debian divides the world into three categories, roughly corresponding to "stable", "hackable", and "malfunctiony." Once in awhile the "malfunctiony" distribution will contain the newer version you want, but it's just there to tease you. If you try to install it, it will attempt to convert your whole system to "malfunctiony" mode. Instead you're supposed to recompile from the sources, but this has its own problems because it creates a missing dependency for other packages. That wouldn't matter, except:
- The package system is not flexible. For example, suppose I compile my own Perl and install it, and now I want my custom version to satisfy the Perl dependency. The Debian answer? Create a fake package that provides "Perl" and install it. (Someone even has an automated utility for this stupid idea!) If you want to use the much superior -MCPAN, it becomes even more of a headache, because now you have lots of little fake packages like that. As far as I can tell, there is no equivalent of "provides" in rpmrc.
- No support for chkconfig. Managing services in Debian means manipulating stupid symbolic links. This should be centralized.
Of course, I did choose to use Debian. To be fair, I should also mention its strong points:- It's very stable.
- Upgrading packages is almost completely automatic, like Windows Update. This makes it easy to stay "current" and secure.
- It's easy to install without X-Windows (which I don't need, because my servers don't have keyboards or monitors)
- You can export a list of installed packages from one server, and then install this list on other server.
- The Debian people aren't conspicuously trying to make you their customer
- Debian is impossible for stupid people to use. This dramatically increases the ratio of smart people to stupid people on the newsgroups.
:-)
-GonzHere's another one:
http://sourceforge.net/projects/bluelvm/
-Gonz
I can give you a non-hacker rationale: ignoring the "flush" commands probably improves the overall disk performance. If so, then cheap manufacturers would have an incentive to make drives that only pretend to flush. After all, the difference is only noticeable during a power failure.
-Gonz
Junk fax laws are valid because the technological solution is too complex. Not that it helped me any -- I get several junk faxes per day, and the "removal" numbers are usually bogus.
Not true. I'm talking about technological changes that would be transparent to users, like SSL/SMTP or servers that scan for viruses.
This is a perfect example of the problems with your laws. Spam is just one of numerous possible types of "bad" e-mail. Under your scheme, you would have to pass a law for each one. You would need increasingly elaborate conditions to differentiate "good" from "bad" to ensure fairness. It would need to be international, or e.g. people could just do their dirty work from Mexico.
Rule-based filters like spamassassin face similar problems. It is the wrong approach. Complex rules are ever-changing and costly to maintain. When they work, it is always at the cost of false positives (i.e. people's freedoms being tramped upon). The correct solution is the transitive trust model, where recipients can decide for themselves what they want to receive.
I think this change is inevitable. It's ridiculous that anyone can trivially forge a message from the CEO of any company, when digital signatures are so easy to implement.
If this technology is not implemented by open groups, I guarantee that Microsoft will solve it for you with something like Palladium. They control a huge share of e-mail accounts via hotmail.com and Outlook, and could easily leverage AOL as well. Of course, MS and AOL would choose the centralized trust model (like Verisign) rather than the distributed trust model.
If you're going to spend your effort lobbying for something, pick the least opressive solution. I choose software. Software is the future of everything.
-Gonz
If you disagree, and if you are not a hypocrite, give me the parking location and license number of your car -- I have a key and a message for you.
I live on South Arlington Ridge Road, Arlington, Virginia, USA. If you really want to start something, signify your interest by stopping by.
-Gonz
You forget that companies are still required to install locks on their doors and put up signs that say "No trespassing". In a few years it will be technologically feasible for the government to have cameras on every lamp post. Then, we won't need locks or keys, or passwords on computers. Forget trivial issues of bandwidth and CPU cycles, you'll be saving serious dollars! All you need is one single security device, the Tattle Button(tm). Admit it -- you voted for Bill Clinton! ;-)
The arguments for regulating spam are compelling. Everyone hates spam. But this would be another precedent for the encroaching restrictions of people's freedoms on the internet. The popularity of groups like EFF is not just frontier sentimentality. The internet is not like a physical object or location. It spans the numerous localities, and involves very novel issues of entirely automated processes.
Sending e-mail should not be illegal.
Receiving e-mail should not be mandatory.
-Gonz
Sure. But you have to agree not to use long sequences of rhetorical questions and confusing boldfaced sentences. ;-)
Telephone suffers from specific technical problems that make it difficult to screen without humans continuously expending effort. Even if you have caller-ID and can recognize the name, you still have to get up and look at the box. So, I'll concede that maybe government is the last resort. My point, though, is that with e-mail we have a different situation. Existing systems like spamassassin (which filters over 20 spams a day for me) are proof alone.
What about when the "product" or "service" is completely free? Spam that attracts visitors to banner-supported web sites, or politically motivated spam?
Yes, assuming your particular country has a constitution, ANY problem can be constitutionally regulated. But my argument is that this is only a good idea when there aren't easy alternatives. E-mail needs to be updated from its 1970's design anyway. The fact that senders can be trivially forged is totally unacceptable, in an age where public key cryptosystems are so readily available.
Receiving e-mail should NOT be mandatory. Mail servers should automatically reject messages from unvalidated senders. The technological solution of transitive trust is simple, and it would fix many other problems involving authenticity and content filtering.
-Gonz
Hey, no one asked for your opinion you spammer! ;-)
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, regulation of e-mail provides yet another disturbing precendent for government control of private communication. Our founding fathers viewed governments as a last resort for problems that cannot be solved locally.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians.
There are very obvious technical solutions to the spam problem involving digital signatures. Consider the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how this concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity.
Basically, various groups would establish public-key databases containing validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or revoking the key. The definition of "offensive" would then be relative to a particular group's interests. A similar scheme could be used for content regulation on web sites, etc. etc.
E-mail has been LONG overdue for incorporation of basic technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other imperial authority.
Sending e-mail should not be a crime!
Receiving e-mail should be optional!
-Gonz
Well another weak spot is the implementation. When I used Jabber (a year ago), the server daemon crashed all the time, and was a real pain to configure. The integration with ICQ and other chat systems was very crappy (e.g. file transfers didn't work, etc.). The clients were crappy, too.
Right now I'm using Trillian, but that won't help people w/Linux desktops. Maybe things have changed, but last I checked Jabber is one of those great concepts whose implementation doesn't do it justice. Heh, kind of like Java.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians in Washington, D.C., USA. If your people group doesn't like receiving certain types of e-mail, then YOU should be taking responsibility for those decisions.
Spammers exploit obvious technical problems with the SMTP protocol, the same problems that make it easy to forge return addresses and read other people's mail. There are very obvious non-political solutions to the spam problem. Think for a minute about the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how the modern concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity and individual liberty.
Basically, various groups could establish public-key databases of validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or rejecting the key. The definition of "spam" would be relative to a particular group. A similar scheme could be used for filtering access to "offensive" web sites.
E-mail has been LONG overdue for incorporation of modern technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other crusty bureaucracy.
-Gonz
Someone should review that Why People Believe Weird Things book by the guy from the Sceptic Society. -Gonz
Evangelion told this story better.
Lain did it worse.
-Gonz
Please, think carefully before invoking Big Brother to solve your problems! As convenient as it sounds, federal regulation of e-mail provides yet another disturbing precendent for government control of private communication. It's disturbing how quickly the supposedly "lesse fair" Slashdot reader can forget his principles when the heavy hand of Uncle Sam is swinging in his favor.
Think about it. Defining "spam" is about as easy as defining "offensive" content. Subjective decisions about which e-mail messages are deemed worthy to be delivered should NOT be made by politicians in Washington, D.C., USA. If your people group doesn't like receiving certain types of e-mail, then it is YOUR responsibility to band together and do something about it.
There is are very obvious technical solutions to spam based around digital signatures. Think for a minute about the icon at the bottom of your browser, which informs you that an online merchant is "trustworthy" (i.e. their identity has been independently verified). It's not hard to see how this concept of "transitive trust" could be extended to e-mail, while preserving relative anonymity.
Basically, various groups could establish public-key databases containing validated e-mail signatures, and databases could transitively incorporate other databases, similar to DNS. (Most likely, keys would be issued to servers rather than to individuals.) Mail servers could then be configured to reject any e-mail which is not signed with a recognized key. A user could report spam to the approriate *local* group, and they could respond by reprimanding the sender or revoking the key. The definition of "spam" would be relative to a particular group. A similar scheme could be used for content regulation on web sites.
E-mail has been LONG overdue for incorporation of basic technologies like PGP. This is partly because of the perceived cost of implementation, but mainly because of apathy on the part of sysadmins. So, if you sysadmins are finally ready to take action, please do something more proactive than simply deferring to Uncle Sam or some other imperial authority.
-Gonz
But if the billing is by the kilobyte, then this would make it easy to assign accurate cost figures to spam messages. Class action lawsuit anyone?
-Gonz