A more apt analogy would be you, parking your car, locking it like you think you should, going inside, coming out the next day and finding it stolen. The thief broke in, hotwired it, and drove it away.
Would you tell the victim, "You should have secured the ignition wiring better!"?
While those savvy in cars might recognize the vulnerability and do something about it to make the thief's job harder (maybe even be l33t enough to install a hidden kill switch), your average user is going to go simply by what the vendor recommends, and what globally recognized best practices are (locking your car).
I do not recall any Microsoft announcements involving the default state of the Messenger service and its ability to receive unsolicited traffic from the Internet.
Let's think about this in a little more realistic light, yah?
What if the "legitimate request" comes from a teenager who is lying?
Have the library issue "adult" and "child" library cards. When you feel your child has matured to the point where filtering can be removed, go in with them and get them an adult card.
Requiring them to purchase & maintain new software will likely lead to many canceling Internet Access altogether.
I agree that requiring them to implement filtering is a bad idea, but I don't think we should prohibit them from enacting filtering if that's what the local community wants. Arguably the best approach is a separate bank of systems, one for children, another for adults (or children that have the permission of their parents).
Funding issues are local issues. Take them up with your local government.
As far as your five year old, isn't she a little young to be wandering around the library by herself?
I disagree.. I think a library should be the type of place we encourage our kids to explore on their own. If it's the human body they're curious about, and they just don't want to admit it, I would just rather them find a book on biology than a stack of porn.
If I felt that my child was mature enough to have access to areas of the library that had more mature topics, the library should be willing to honor my request that my child have access to that information. Print or Internet.
Children should be encouraged to explore the library without a parent standing over their shoulder. It encourages natural curiosity and allows a child to satisfy that curiosity in their own way in their own time. If a child is curious about the human body, let them find an anatomy text or biology book and learn these things in a mature way, and not through porn.
In the past, libraries had "child" library cards that would only allow them access to materials that the local library figured they should access. Let the child roam around the library with this restriction (which, since it's local, means it's a restriction that I have input on). If their parent wants them to explore everything the library has available, the parent can either accompany him, or get the child their own adult library card.
Parents can't (and shouldn't) be there to supervise every move their child makes within a library. Let them explore and learn, but let's do it in a way that I can still feel safe about letting them do it.
Now don't get me wrong, I'm not advocating a lack of parenting here. I just think there is such a thing as too much parenting. Children should be encouraged to be independent, so long as they can show they're responsible.
Just playing the devil's advocate, a child of suitable maturity would look upon that exactly as you and I do: distasteful. They'd look at it, and immediately look away and say, "oh, gross."
And hopefully they will learn something from that experience: don't do whatever it was that brought them there. Learning is still a good thing, even if they have to "burn their hand" to do it.
But on the flip side, sites like this do not generally fall under constitutionally protected free speech in the US. Nobody would care if this site were blocked. But if you start blocking here, where do you draw the line?
However, I am in complete agreement about the adult vs. child bank of computers (and arguably sections of the library). I do not, though, think that this should be a universal mandate any more than global filtering software requirements. The decision to filter (or provide segregated access) should be a local decision with input from local citizens.
Bind's target audience is the professional, enterprise-scale DNS infrastructure. If that's not you, then by all means consider something a little simpler.
Heterogenous environments are usually more secure/robust anyway.
I declined to put this contact information in my P3P policies and the sites that I did this for validate fine with w3c's validator. As near as I can tell, they don't appear to be mandatory. You might have to read the spec closely to see if that's accurate or not.
Remember, P3P is just a web recommendation. It's neither a standard nor law. There's nothing legal or illegal at this point about the contents of these policies (or lack thereof), except perhaps if you deliberately lie and say you aren't doing something that you really are doing.
Apart from unethical, in many countries other than the US, it is also outright illegal to do so.
I would view it no differently from a company posting a readable privacy policy on their site saying they don't sell your information. If they sell it, that should be against the law.
At a minimum, one might assert that the privacy policy is part of a contract I'm agreeing to by providing them with my personal information. If I provide that to them because they lied in their privacy policy, I might have grounds to sue.
I'd be interested in a real lawyer's take on this..
I agree with this, but just as much from the server side as the client side.
If every Joe Website has to spend a half-hour either reading through the formidible XML specification, or filling out 16 pages of a web application to generate a P3P policy, nobody is going to do it. The "compact" policy is a step in the right direction, but still either requires a significant amount of up-front investment reading and learning P3P or the same 16-page online P3P generator process.
It's annoying, especially when your site doesn't really deal much with user data. Why should I spend so much of this time just to document the fact that yes, I collect HTTP server logs, and yes, I run them through a log analysis system?
For the users, it's the same. For those that bother to look at their browser settings, in IE it's just "low", "medium" or "high". If the setting looks OK, that's what they pick. But then things break for them and they don't know why, and that trivial privacy setting turns out to be a little more restrictive than they really care about, so they set it lower or turn it off.
The vast majority of people just don't care, and those that do care find that few web sites volunteer their privacy information with P3P anyway, except those that make a business out of tracking people with cookies. They almost certainly have P3P policies already, but who knows if they're truthful or accurate?
The best server logs can do is tie an IP address to a referring URL, which in the case of banner ads, is no new information. (The advertiser has to know what site the banner ad is on so that they can collect their revenue.) This information is probably encoded in the URL itself.
While in some cases, an IP address might be sufficient to tie one person from one site to another, it can neither be trusted to be persistent nor unique. Users may be re-assigned a new dynamically-allocated IP address from one hour to the next, and multiple users may share a single HTTP proxy (or NAT system). How many AOL users share a common set of HTTP proxies?
7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.
I'm not sure if I like this.. If the user is specifying a pixel size instead of a point or 'em' size, he's probably doing that for a reason. Personally, I think it's kind of brain-dead to use pixel sizes for fonts in the first place, but if a content author is going to do it, don't "scale" fonts with pixel sizes unless you're prepared to scale everything on the page defined with pixel sizes (like images).
Taking this a step further, users that routinely need to "zoom in" probably just don't have their DPI settings correct in their windowing system. A typical 21" monitor at 1280x1024 is probably working at closer to 110dpi instead of the default (92?) dpi. Simply making that adjustment could increase the readability of most everything rather significantly.
But if you created a similar legal document on your web site that users had to click through to get to your site's content, and that agreement says that by clicking through, they owe you a million dollars, you have just as much of a right to enforce that as the airline does in this case.
Perhaps a test case like this is what we really need to get these kinds of things nullified.
This is precisely why intent does and should matter!
It is up to the prosecution to prove that not only did the user facilitate copyright infringement, but they did so knowing that there was copyright infringement going on. If they did not know that (as in your example), then they are doing nothing wrong!
This is also why we, in the US, have "Cease and Desist" orders. These are carefully worded letters that are intended to inform parties that they are indeed breaking the law. If someone then ignores this letter and continues in their actions, it can then be argued in court that they did it knowing they were breaking the law. If they respect the letter, and stop what they're doing, the copyright holder (or whatever) has no case against them, unless they want to try and push for damages anyway.
Google will give me links to the DeCSS code if I want them, but it would be ridiculous and very bad for the internet to hold them responsible for it.
What you have failed to see from my previous post is that intent does matter. Google is a search engine. It indexes what it sees without regard to content. It does not "intend" to facilitate copyright infringement. Those posting DeCSS links, or deliberately compiling links to warez, on the other hand, cannot claim ignorance. They know what they're doing, and this is why the law applies differently to them.
The judge's opinion on the whole 2600 thing seemed quite logical to me, even though I was on 2600's side initially. If someone is distributing a link with the intention of distributing copyrighted materials illegally, then they are breaking the law. The issue with HTML and program code is not that it can't be considered speech (and be protected by the first amendment), it's that it isn't just speech: it has a functional role. The fact that its expression does have a functional role means that that functional role can have more stringent rules applied to it.
They may not be hosting the copyrighted works, but on the Interweb, the act of distribution involves not just hosting, but communicating that address to those seeking it.
Just because you're quoting a link someone else gave you does not mean you're in the clear here. The Slashdot editors made the conscious decision to make that quote and provide that link to users. If I were to make my own site and just "quote" 2600 and its links to DeCSS software, should I be treated any differently from 2600? That's silly.
I don't think it's the act of modifying your hardware, or even the possession of modified hardware, that's illegal. When you use that hardware to take advantage of a service (be it satellite TV or avoiding a bandwidth cap), you break the law.
Actually, on the contrary, my cable provider has offered to sell me my modem
How does this make my statement false? Many cable providers allow users to use their own equipment. I was referring to this specific case. Or do you live in Omaha and get service from the same provider described in this article?
So it would be, at that point, MY modem.
Groovy, but still irrelevant as I explained in my previous post.
They are different problems with different solutions.
They are only different problems because you've chosen to take your accounting to the IP layer. A bandwidth cap would be most effective on the ISP side of the link layer. Then it wouldn't matter how many IP addresses you faked.
But I think we're both in agreement that this isn't practical on most cable networks. I agree that IP-layer work is probably the only way this can be easily done, and we seem to both be in agreement that this solution alone is not sufficient to curb all forms of this type of abuse.
you can prevent them from dhcp leasing extras by watching the ethernet MACs of the lease requests. ...but won't prevent someone from statically plugging in another "known good" but not DHCP-assigned IP address. I know of a few packet kiddies that use this technique here where I live.
Your other points are good ones.
The main problem is that most cable companies don't bother to build an effective infrastructure, simply because they are used to the CATV way of doing things.
I agree, 100%!
Cable companies do have some technological measures to combat this type of abuse, but it requires additional investment and training on their part to do it, because of the way cable networks work (they're a shared medium at the link level). DSL providers, by contrast, have a direct (usually ATM) connection between their equipment and the customer's, so it's fairly trivial to get the level of accounting they need, and they can very easily filter without relying on the customer's equipment to be trustworthy.
Anyhow, please don't confuse CATV over fiber networks, and data over fiber networks. They are different animals that play in the same meadow.
I completely agree. This isn't satellite where you can't prevent the user from seeing the signal. There should have been nothing stopping the cable company from physically disconnecting the user. I don't really understand it either.
That may work for television, where the communication is only one way, but for IP to work there must be a network wide unique IP at each customer location.
You are confusing the IP layer with the link layer.
Ethernet is the same way: all ethernet clients receive ethernet frames from everyone else on the same wire. This is why switches were invented: to isolate individual ethernet clients from one another, effectively putting them all on their own separate ethernet mini-segment.
If all of your accounting and authorization lives at the IP layer, what's to stop a user from claiming 10 different IP addresses and multiplexing traffic across all of them, pretending to be 10 different hosts?
I do agree, though, that implementing measures like IP traffic shaping should help curb the abuse, but it will not eliminate it unless other measures are taken along with it.
I wonder, though, if IP is the only protocol allowed over cable modems, though? Is it possible to use another protocol to share data with a neighbor?
And on top of that, the technology to provide bi-directional cable (for modems and even set-top boxes that don't need to dial in) does indeed require packet switching,
I did not claim that all cable networks were incapable of individually addressing a piece of hardware, I just said that many were one-to-many.
Keep in mind also that there is a difference between equipment that can be individually addressed and equipment that has its own dedicated, switched pipe to the cable company's hardware. Normally cable equipment shares one pipe, and only picks out frames that are addressed to it, ignoring the rest. This is not a dedicated, isolated connection, it's still shared, but filtered by client hardware so that it all seems point-to-point.
If bidirectional cable networks are capable of giving each customer his own dedicated data connection, why is it that cable companies have to go out to the pole to install RF filters to keep you from getting HBO or some other channel they don't want you to have? Couldn't they just flip a switch at a central office and omit that data stream? No, they have to either filter the data, or send a message to your addressable set-top-box and *ask* it to stop showing that channel.
It's not uncommon for new technologies to be implemented with the languages and on the platforms used by those that frequently implement new technologies: geeks.
I read another comment that Mozilla is already trying to implement something similar.
Don't worry, these things will eventually end up suitable for the masses. In the mean time, it's suitable for geeks. Most geeks know what Perl is and how to set up an environment that Perl scripts can run in. Other geeks may choose to port it to a language or platform more familiar to them. I believe something similar is already out there for Python.
This is OpenSource, after all, not a commercial product. If you don't like it, don't use it.
Please read the article. Classification of messages is done by you. If you are routinely receiving pitches that you both solicit and arrive unsolicited, it might have a hard time differentiating, sure, but keep in mind that spam filtering is just one form of classification that can be performed here.
If you choose to set up a spam classification, and routinely file penis enlargement ads, the system will quickly learn that e-mails with words common to penis enlargement ads are generally going to always be classified as spam, and will file it as such. Other pieces of e-mail that share content with "legitimate" ads may be misfiled in your "legitimate pitches" folder.
You can set this up however you want it. It learns by remembering the words in messages you manually classify, so you are not taking their definition of "spam". You are setting up a classification that you call "spam" and it's keeping track of the types of things you put in there. It will then apply that to future messages.
Slashdot Mirror
A more apt analogy would be you, parking your car, locking it like you think you should, going inside, coming out the next day and finding it stolen. The thief broke in, hotwired it, and drove it away.
Would you tell the victim, "You should have secured the ignition wiring better!"?
While those savvy in cars might recognize the vulnerability and do something about it to make the thief's job harder (maybe even be l33t enough to install a hidden kill switch), your average user is going to go simply by what the vendor recommends, and what globally recognized best practices are (locking your car).
I do not recall any Microsoft announcements involving the default state of the Messenger service and its ability to receive unsolicited traffic from the Internet.
Let's think about this in a little more realistic light, yah?
The issue before the court is requireing libraries to implement nanny software, not allowing them to, isn't it?
Yep, which I think is bad. Don't require it to begin with, and especially don't require a poor implementation. I agree.
What if the "legitimate request" comes from a teenager who is lying?
Have the library issue "adult" and "child" library cards. When you feel your child has matured to the point where filtering can be removed, go in with them and get them an adult card.
Requiring them to purchase & maintain new software will likely lead to many canceling Internet Access altogether.
I agree that requiring them to implement filtering is a bad idea, but I don't think we should prohibit them from enacting filtering if that's what the local community wants. Arguably the best approach is a separate bank of systems, one for children, another for adults (or children that have the permission of their parents).
Funding issues are local issues. Take them up with your local government.
As far as your five year old, isn't she a little young to be wandering around the library by herself?
I disagree.. I think a library should be the type of place we encourage our kids to explore on their own. If it's the human body they're curious about, and they just don't want to admit it, I would just rather them find a book on biology than a stack of porn.
If I felt that my child was mature enough to have access to areas of the library that had more mature topics, the library should be willing to honor my request that my child have access to that information. Print or Internet.
Children should be encouraged to explore the library without a parent standing over their shoulder. It encourages natural curiosity and allows a child to satisfy that curiosity in their own way in their own time. If a child is curious about the human body, let them find an anatomy text or biology book and learn these things in a mature way, and not through porn.
In the past, libraries had "child" library cards that would only allow them access to materials that the local library figured they should access. Let the child roam around the library with this restriction (which, since it's local, means it's a restriction that I have input on). If their parent wants them to explore everything the library has available, the parent can either accompany him, or get the child their own adult library card.
Parents can't (and shouldn't) be there to supervise every move their child makes within a library. Let them explore and learn, but let's do it in a way that I can still feel safe about letting them do it.
Now don't get me wrong, I'm not advocating a lack of parenting here. I just think there is such a thing as too much parenting. Children should be encouraged to be independent, so long as they can show they're responsible.
Just playing the devil's advocate, a child of suitable maturity would look upon that exactly as you and I do: distasteful. They'd look at it, and immediately look away and say, "oh, gross."
And hopefully they will learn something from that experience: don't do whatever it was that brought them there. Learning is still a good thing, even if they have to "burn their hand" to do it.
But on the flip side, sites like this do not generally fall under constitutionally protected free speech in the US. Nobody would care if this site were blocked. But if you start blocking here, where do you draw the line?
However, I am in complete agreement about the adult vs. child bank of computers (and arguably sections of the library). I do not, though, think that this should be a universal mandate any more than global filtering software requirements. The decision to filter (or provide segregated access) should be a local decision with input from local citizens.
Bind's target audience is the professional, enterprise-scale DNS infrastructure. If that's not you, then by all means consider something a little simpler.
Heterogenous environments are usually more secure/robust anyway.
I declined to put this contact information in my P3P policies and the sites that I did this for validate fine with w3c's validator. As near as I can tell, they don't appear to be mandatory. You might have to read the spec closely to see if that's accurate or not.
Remember, P3P is just a web recommendation. It's neither a standard nor law. There's nothing legal or illegal at this point about the contents of these policies (or lack thereof), except perhaps if you deliberately lie and say you aren't doing something that you really are doing.
Apart from unethical, in many countries other than the US, it is also outright illegal to do so.
I would view it no differently from a company posting a readable privacy policy on their site saying they don't sell your information. If they sell it, that should be against the law.
At a minimum, one might assert that the privacy policy is part of a contract I'm agreeing to by providing them with my personal information. If I provide that to them because they lied in their privacy policy, I might have grounds to sue.
I'd be interested in a real lawyer's take on this..
I agree with this, but just as much from the server side as the client side.
If every Joe Website has to spend a half-hour either reading through the formidible XML specification, or filling out 16 pages of a web application to generate a P3P policy, nobody is going to do it. The "compact" policy is a step in the right direction, but still either requires a significant amount of up-front investment reading and learning P3P or the same 16-page online P3P generator process.
It's annoying, especially when your site doesn't really deal much with user data. Why should I spend so much of this time just to document the fact that yes, I collect HTTP server logs, and yes, I run them through a log analysis system?
For the users, it's the same. For those that bother to look at their browser settings, in IE it's just "low", "medium" or "high". If the setting looks OK, that's what they pick. But then things break for them and they don't know why, and that trivial privacy setting turns out to be a little more restrictive than they really care about, so they set it lower or turn it off.
The vast majority of people just don't care, and those that do care find that few web sites volunteer their privacy information with P3P anyway, except those that make a business out of tracking people with cookies. They almost certainly have P3P policies already, but who knows if they're truthful or accurate?
The best server logs can do is tie an IP address to a referring URL, which in the case of banner ads, is no new information. (The advertiser has to know what site the banner ad is on so that they can collect their revenue.) This information is probably encoded in the URL itself.
While in some cases, an IP address might be sufficient to tie one person from one site to another, it can neither be trusted to be persistent nor unique. Users may be re-assigned a new dynamically-allocated IP address from one hour to the next, and multiple users may share a single HTTP proxy (or NAT system). How many AOL users share a common set of HTTP proxies?
7-8. MSIE does NOT adjust font sizes if the CSS specifies it in pixels. Mozilla does.
I'm not sure if I like this.. If the user is specifying a pixel size instead of a point or 'em' size, he's probably doing that for a reason. Personally, I think it's kind of brain-dead to use pixel sizes for fonts in the first place, but if a content author is going to do it, don't "scale" fonts with pixel sizes unless you're prepared to scale everything on the page defined with pixel sizes (like images).
Taking this a step further, users that routinely need to "zoom in" probably just don't have their DPI settings correct in their windowing system. A typical 21" monitor at 1280x1024 is probably working at closer to 110dpi instead of the default (92?) dpi. Simply making that adjustment could increase the readability of most everything rather significantly.
The patent was specific in that a CRT had to be used, not a generic "video monitor".
No, of course not.
But if you created a similar legal document on your web site that users had to click through to get to your site's content, and that agreement says that by clicking through, they owe you a million dollars, you have just as much of a right to enforce that as the airline does in this case.
Perhaps a test case like this is what we really need to get these kinds of things nullified.
The license not only prohibits hyperlinks to the site, but references of any kind to the site. So yah, they are breaking the law. :)
they willfully aided copyright infringement
This is precisely why intent does and should matter!
It is up to the prosecution to prove that not only did the user facilitate copyright infringement, but they did so knowing that there was copyright infringement going on. If they did not know that (as in your example), then they are doing nothing wrong!
This is also why we, in the US, have "Cease and Desist" orders. These are carefully worded letters that are intended to inform parties that they are indeed breaking the law. If someone then ignores this letter and continues in their actions, it can then be argued in court that they did it knowing they were breaking the law. If they respect the letter, and stop what they're doing, the copyright holder (or whatever) has no case against them, unless they want to try and push for damages anyway.
Intent makes a huge difference, and rightly so.
Google will give me links to the DeCSS code if I want them, but it would be ridiculous and very bad for the internet to hold them responsible for it.
What you have failed to see from my previous post is that intent does matter. Google is a search engine. It indexes what it sees without regard to content. It does not "intend" to facilitate copyright infringement. Those posting DeCSS links, or deliberately compiling links to warez, on the other hand, cannot claim ignorance. They know what they're doing, and this is why the law applies differently to them.
The judge's opinion on the whole 2600 thing seemed quite logical to me, even though I was on 2600's side initially. If someone is distributing a link with the intention of distributing copyrighted materials illegally, then they are breaking the law. The issue with HTML and program code is not that it can't be considered speech (and be protected by the first amendment), it's that it isn't just speech: it has a functional role. The fact that its expression does have a functional role means that that functional role can have more stringent rules applied to it.
They may not be hosting the copyrighted works, but on the Interweb, the act of distribution involves not just hosting, but communicating that address to those seeking it.
Just because you're quoting a link someone else gave you does not mean you're in the clear here. The Slashdot editors made the conscious decision to make that quote and provide that link to users. If I were to make my own site and just "quote" 2600 and its links to DeCSS software, should I be treated any differently from 2600? That's silly.
I don't think it's the act of modifying your hardware, or even the possession of modified hardware, that's illegal. When you use that hardware to take advantage of a service (be it satellite TV or avoiding a bandwidth cap), you break the law.
Actually, on the contrary, my cable provider has offered to sell me my modem
How does this make my statement false? Many cable providers allow users to use their own equipment. I was referring to this specific case. Or do you live in Omaha and get service from the same provider described in this article?
So it would be, at that point, MY modem.
Groovy, but still irrelevant as I explained in my previous post.
They are different problems with different solutions.
...but won't prevent someone from statically plugging in another "known good" but not DHCP-assigned IP address. I know of a few packet kiddies that use this technique here where I live.
They are only different problems because you've chosen to take your accounting to the IP layer. A bandwidth cap would be most effective on the ISP side of the link layer. Then it wouldn't matter how many IP addresses you faked.
But I think we're both in agreement that this isn't practical on most cable networks. I agree that IP-layer work is probably the only way this can be easily done, and we seem to both be in agreement that this solution alone is not sufficient to curb all forms of this type of abuse.
you can prevent them from dhcp leasing extras by watching the ethernet MACs of the lease requests.
Your other points are good ones.
The main problem is that most cable companies don't bother to build an effective infrastructure, simply because they are used to the CATV way of doing things.
I agree, 100%!
Cable companies do have some technological measures to combat this type of abuse, but it requires additional investment and training on their part to do it, because of the way cable networks work (they're a shared medium at the link level). DSL providers, by contrast, have a direct (usually ATM) connection between their equipment and the customer's, so it's fairly trivial to get the level of accounting they need, and they can very easily filter without relying on the customer's equipment to be trustworthy.
Anyhow, please don't confuse CATV over fiber networks, and data over fiber networks. They are different animals that play in the same meadow.
Conceded, thanks.
I completely agree. This isn't satellite where you can't prevent the user from seeing the signal. There should have been nothing stopping the cable company from physically disconnecting the user. I don't really understand it either.
That may work for television, where the communication is only one way, but for IP to work there must be a network wide unique IP at each customer location.
You are confusing the IP layer with the link layer.
Ethernet is the same way: all ethernet clients receive ethernet frames from everyone else on the same wire. This is why switches were invented: to isolate individual ethernet clients from one another, effectively putting them all on their own separate ethernet mini-segment.
If all of your accounting and authorization lives at the IP layer, what's to stop a user from claiming 10 different IP addresses and multiplexing traffic across all of them, pretending to be 10 different hosts?
I do agree, though, that implementing measures like IP traffic shaping should help curb the abuse, but it will not eliminate it unless other measures are taken along with it.
I wonder, though, if IP is the only protocol allowed over cable modems, though? Is it possible to use another protocol to share data with a neighbor?
And on top of that, the technology to provide bi-directional cable (for modems and even set-top boxes that don't need to dial in) does indeed require packet switching,
I did not claim that all cable networks were incapable of individually addressing a piece of hardware, I just said that many were one-to-many.
Keep in mind also that there is a difference between equipment that can be individually addressed and equipment that has its own dedicated, switched pipe to the cable company's hardware. Normally cable equipment shares one pipe, and only picks out frames that are addressed to it, ignoring the rest. This is not a dedicated, isolated connection, it's still shared, but filtered by client hardware so that it all seems point-to-point.
If bidirectional cable networks are capable of giving each customer his own dedicated data connection, why is it that cable companies have to go out to the pole to install RF filters to keep you from getting HBO or some other channel they don't want you to have? Couldn't they just flip a switch at a central office and omit that data stream? No, they have to either filter the data, or send a message to your addressable set-top-box and *ask* it to stop showing that channel.
It's not uncommon for new technologies to be implemented with the languages and on the platforms used by those that frequently implement new technologies: geeks.
I read another comment that Mozilla is already trying to implement something similar.
Don't worry, these things will eventually end up suitable for the masses. In the mean time, it's suitable for geeks. Most geeks know what Perl is and how to set up an environment that Perl scripts can run in. Other geeks may choose to port it to a language or platform more familiar to them. I believe something similar is already out there for Python.
This is OpenSource, after all, not a commercial product. If you don't like it, don't use it.
Please read the article. Classification of messages is done by you. If you are routinely receiving pitches that you both solicit and arrive unsolicited, it might have a hard time differentiating, sure, but keep in mind that spam filtering is just one form of classification that can be performed here.
If you choose to set up a spam classification, and routinely file penis enlargement ads, the system will quickly learn that e-mails with words common to penis enlargement ads are generally going to always be classified as spam, and will file it as such. Other pieces of e-mail that share content with "legitimate" ads may be misfiled in your "legitimate pitches" folder.
You can set this up however you want it. It learns by remembering the words in messages you manually classify, so you are not taking their definition of "spam". You are setting up a classification that you call "spam" and it's keeping track of the types of things you put in there. It will then apply that to future messages.