Forwarding is wrong. Always has been. Re-mailing is what should be done in the majority of cases. Mailing lists won't have any problem because the mailing list itself can be the return address, thus not invoking an SPF lookup on the poster herself. Private forwarding is the big issue (e.g. like bigfoot.com) and in these cases SRS and backtracking can be used.
Now do you a constructive suggestion of an alternative to SPF that both supports the kind of forwarding you want to do, and still informs those who participate that no mail server but mine (or which I say) are valid for sending mail addressed as from my domains?
No! It's suppressing anything (such as kiddie porn) in such a poorly thought out way that ends up resulting in massive collateral damage in the form of depriving many of their right to free speech... that violates the first amendment. It's one thing to decide whether something is, or is not, protected by the first amendment. It's something entirely different to impose a means of enforcement that has major serious side effects. Imagine if, because some unidentified person in your neighborhood robbed a bank, that the police decided to round up everyone in the whole neighborhood and put them all in jail, just to make sure they got the right guy.
The real problem is that we are letting those who are not knowledgeable enough about how the internet really works (e.g. lawyers) make decision not about what will be censored, but how any censorship is to be implemented and deployed. What really needs to happen is that those who are making the laws should be required (on pain of death penalty for failure to do so) to hire a staff of geeks (those who want to censor the same things, of course) to figure out how to make it actually work (or report just how well it could ever work).
A few years ago I had a chance to carry on a few months long email exchange with the CEO of a large growing ISP. He was also a strong believer in stopping pornography, and child porn in particular. He was in fact ready to make some suggestions directly to the US Congress. During the course of our exchange, I discovered that he was trying to dig deeper into the technology that his technical knowledge should have allowed. In particular, he wanted to collect a list of domain names where child porn sites were, and have them blocked at the router (perhaps not unlike the silly PA law). I just had to call him on the phone and explain to him the difference between DNS servers and routing tables and such. I swear I heard a jaw hit the floor. One comment was "oh, so that's what those are for". I guess his own sysadmin never took the time to explain any of this. He wasn't a dumb person... he just was too busy doing financial and marketing deals to spend the time learning technology. Now this was the CEO of an ISP. Imagine how much technical knowledge you'd have in a lawyer who got himself elected to the state legislature or Congress.
There still can be an epoch problem, but only with external code not following RFC1035 to the letter. Given the lack of tools to make the wrapping comparison correctly, there are probably a lot of bad programs around. What I did on my DNS servers to eliminate the year 2038 (or 2106 for unsigned) impact is define the SOA as the system time divided by 4. So my servers won't have this impact until 2242-03-16 12:56:28 (or 2514-05-30 01:53:00 for unsigned), as long as there is a better source of system time from which to derive that number after 2038.
Earthlink sues spammers that hit their service, and their customers, from outside. I suppose they may also sue a spammer that operates from within, but I've not heard of such cases. I have, and still continue to get, spam from Earthlink customers. It gets reported and I still get more spam than replies.
Sorry, I cannot agree that the first step is to have an AUP... that is, written available terms that tell a customer what they can, or cannot, do with the service. Too many providers, including Savvis, have AUPs and do not enforce them. No, the first step is to have a "we will not support spammers" attitude. Whether that is spelled out to customers or not is secondary (presumably a few borderline customers may end up choosing not to spam based on that).
Well, it seems you beat me to the internet by a year. But even NSF's prohibition didn't technically apply to the first spam I got, which was a chain letter asking people to send a get well card to a sick kid in a hospital in the UK somewhere, which in all likelihood was not really there. Of course that wasn't spam in the sense of one entity sending millions to others.
In much the same way that a spammer can spoof the RFCx822 headers, as well as the information exchanged via SMTP, and even the PTR record in reverse DNS, provider can spoof the AUP. They can also selectively apply the AUP against small time customers that are not a significant revenue source (a home user with a dedicated ISDN access), while ignoring it for a customer with a pink contract operating several/24 LANs worth of servers at their colo center, who is not only a significant customer, but probably is also paying an extra premium for the provider to look the other way.
My idea of a covenant against spammers, which I would want to see there before any AUP, would give me (and other customers) the right to sue the ISP if they fail to keep their address space, and their services, clean of spammers. Think of it as an AUP in reverse... instead of giving the ISP the right to sue the spammers, it gives the customers the right to sue the ISP. It should be part of the QoS terms, but spelled out as a legal covenant.
Now don't be giving any spammers any ideas... oh wait... what a wonderful way to get some publicity for my pills:-)
With respect, I would strongly suggest that AUPs are very meaningful in the sense that they constitute a contract that may be enforced in a court of law.
The point is, as you say, that they may be enforced. But that does not mean that they will be enforced. Since I am not a spammer, the fact that they may enforce those anti-spam terms means nothing to me; I won't be violating them. The point is, these terms do not tell me if it is OK to choose this provider or not. The terms that I want are that the provider will enforce those terms against any and every customer, whatsoever, that spams.
I understand what you are talking about where the AUP terms protect the ISP in court in case the spammer tries to sue them for termination. But this just isn't good enough. There needs to be a covenant from the provider to all customers that they will keep the network clean of all spammers. Then they can add that AUP for their own CYA purposes.
AUPs mean nothing at all. Actions mean something. And maybe eventually Savvis will start taking action. We'll see.
What would be of value is not an AUP that prohibits spam, but rather, a covenant that commits the provider to each customer that the network will stay spam-free. I'll believe a Savvis turnaround if they do that.
I believe in forgiveness. I'm willing to unblock Savvis. But only after Rob McCormick calls me up and asks for forgiveness. Then I'll wait 10 days before unblocking them.
I haven't seen very many false positives in SPEWS. I recall one earlier this year, but it was deleted very quickly. When I saw the posting I checked for myself and it was gone. And I verified in my archives of SPEWS data that it in fact was there the day before.
Perhaps what you mistakenly believe to be false positives and collateral damage is the listings of spammer harboring ISPs. Those listings are entirely intentional, and have been useful in getting many ISPs turned back away from the dark side. It takes the threat of losing their customers in too many cases to get them to deal with it.
If you have a particular listing in mind you think is a false positive, let me know and I'll check on it for you.
You forget... these are managers and corporate executives we're dealing with... very clueless about internet stuff (even the ones that run internet companies).
If you haven't heard about it, then you must not be very much in touch with what is going on in network administration and mail server administration. But then, over 2/3 of administrators are out of touch, so we could hardly expect managers to have a clue. You'd have known they were a spam haven if you had checked up on them. Did you? You know their sales people are certainly not going to tell you that in their sales pitch (unless, perhaps, you are a spammer, which I don't presume you are). To their benefit, Savvis isn't the worst out there, and most of what they are dealing with now is the result of the C&W acquisition. Probably the worst right now is MCI/UUnet (in the USA).
So, just how many "decision makers in large companies" would know about this stuff if you didn't? What can be done to inform them (without spamming them, of course)?
He's had plenty of time to know who the spammers are and what services are provided. Why not shut them down today? Why is he waiting 10 days? I'd like to see Savvis clean up, but this 10 day wait tells me that Rob McCormack still doesn't get it. Of course this is better than keeping the spammers, but it just isn't good enough for me to lift the blocks at this time because I do not see an anti-spam attitude from Savvis, yet. When I see that attitude, or when they are no longer listed in any major spam list for at least 3 months, then I will unblock them.
Why should ever company have problems just because they are large? If they are 10 times as large, they should have 10 times as many good people handling things. Unfortunately, the reality is, larger companies tend to have way fewer people, and as a result, poorer service.
I've talked to real people at many companies before. But they are usually people who still don't have the authority to fix the problem. How many of these real people at Savvis that you talked to could fix the spam problem and get your IP addresses out of the blacklists? Answers are nothing. Actions count. Maybe we'll start seeing some actions after the spammers get 10 days of spam runs?
As a stockholder, have you read Savvis' SEC filings, and in particular, read the disclosure of the financial risk they face due to their practice of harboring spammers? Did they even disclose that fact at all?
BTW, you didn't help with this problem. But if you, and many more other people, had canceled service and dumped stock sooner, then the problem would have been fixed sooner.
I guess the geek in me got the better of me. When I read the story title, I thought it meant that NIH was going to mandate that scientists receiving funding from them use open source software. And of course, it would make sense as it would mean more money spent on actual research. Now if only...
Let them cry entrapment. The real idea is to have so many sites just flooded with these filenames that they would have to be sending out C&D by the millions. These letters do cost them money to send. The more noise there is, the more any signals are drowned out. They'll have to go back to pretending to be pimply faced kids in chat rooms to find where the real stuff is, while their spiders get stuck in tens of thousands of crawler traps, generating gigabytes of likely matches.
I'm going to be putting back a spider trap I used to have a long time ago. There will be a posted warning not to enter in the form of a standard "robots.txt" file. That will keep out any spiders that follow the rules, which I suspect MPAA and RIAA will not be following.
The thing to do is set up a site which has a few subdirectories for a spider to crawl through and find bunches of files that really do look like what they are wanting to find. Have everything, HTML pages as well as data files, accessed through a script that strips off the leading directory path for any request. But generate all the links with a generated leading directory that encodes in some non-obvious way the IP address the hit came from. Then when you get your C&D letter(s), reverse the encoding of the file path given to find where they came from to see the file. Then put that information out to the world. And make sure they, and only they, get the famous goatse.cx picture captioned "better check in here, too".
Time to put back my spider death pit script. Every file can also be found in any of billions and billions of randomly generated directories. There would be one particular directory that would work, though:-)
I can't say about Australia, but the principle of Free Speech in the United States does not extend to giving people the right to steal (or do any other harm) in order to carry out that speech.
1. What if I were to come onto the property of your home and spray paint my important non-commercial politcally-oriented message in reverse image on the outside of your living room window so you could easily read it from the inside? Would my free speech rights still be protected?
2. What if I were to crack into your office network and plant trojan programs that would ensure my important non-commercial politcally-oriented message regularly pops up on everyone's computer screen? Would my free speech rights still be protected?
Of course you can put up defenses to physically prevent me from doing this. But I doubt you'd want a barbed wire electric fence in front of your home. So you are going to trust that reasonable people would never do this, and that law enforcement would deal with it (e.g. because it is illegal) if anyone does exercise their free speech rights at your expense.
Likewise, we would not want to have to put up such defenses on mail servers, either. Just as it would be a big hassle for your friends and invited guests to enter your home with all that barbed wire fencing and the machine-gun toting guards checking identity, it would also be a big hassle for the equivalent to be done on the input side of mail servers. We don't want to go that way at all, now do we.
So can we come to an agreement that Free Speech is a good thing, but it does not justify or permit the utilizing, taking, damage, or destruction of the property of others to carry out this Free Speech, without their consent?
Well, at least we've finally reached the point where we know our fundamental disagreement: whether end to end will happen.
Actually, interoperability is not hard at all. The reason difficulties happen is because people get in the way of interoperability. The solution is to just shove them back out of the way. We need to do that more often.
Will we be able to accomplish end to end voice communications? Technologically, we can already do it today. What is needed is to make it as easy to use as the POTS phone is now. That can be accomplished through a kind of directory search. Google and others can get into the act and provide that service. Once someone is found, they can be communicated with (if they accept), whether that communication is voice, video, file transfer, or whatever.
Whether it will happen depends on vision. There will be someone with vision who says "I can free people from the lock of carriers by giving away my voice software, and charging for directory lookup services". It's not much different a business model than Kazaa is now. In fact, it would not surprise me if Kazaa ends up doing it. Of course, while this is end to end, it can also be proprietary. But if the vision comes from standards groups who accept the end to end model and create an open standard, then we can avoid the proprietary, and directory services will have to compete on quality and/or price, not on vise grips.
Competition doesn't always require innovation. It can be more quality for less price. Innovation can exist in the value add ons as well, which can still work on an open standard (but we have to create that open standard now).
Moore's law was supposed to break down 10 years ago. We'll see.
It's point to point AND end to end. That means the digitization... and thus the place to do the encryption, is at each customer. All that providers will see is packets with destination headers, ports, flags, and a payload of gibberish bits. The carriers are no longer involved other than as internet providers passing traffic as addressed.
My whole point is that the current setup, where a telco carrier is doing the interface between VoIP and POTS is an interim business model only. It will go away in a few years, maybe 10, 15 at most. You get a connection to the net and it serves all your needs. To "call" someone, you speak or type their name, and it's looked up in your "bookmarks" or whatever kind of search system you want to use. The end result is a DNS name which then results in am IP address (perhaps IPv6). You also get their certified or privately conveyed public key, and make the encrypted and verified connection. No POTS carrier is ever involved. No one but the you and who you call has the clear unencrypted information. And that channel can be used to not only speak, but watch, and transfer the new Linux 4.2.16 kernel source code in an instant.
In summary, my point is that the outside world will eventually change to be this. Sure, any communication to the stragglers that still depend on a company hanging on to a then obsolete business model will be tappable where the company transitions it to POTS. But in several years, POTS will be a minority.
Carriers not want to allow it? They won't have a choice. Bandwidth will be sufficient by then to watch several movies (paid for or ripped off) in real time for most, and sufficient for voice for virtually all the rest. We're already at that point for lots of internet users (just not enough to create the VoP2P critical mass just yet in 2004). All we need are standards to find people (multiple services are likely to provide this), and communicate. We can nearly do that now. POTS is for inside the box thinking.
I guess you just didn't understand the question. I was referring to whenever the world gets to the point where (nearly) all the calls are end-to-end over IP (and thus can be end-to-end encrypted). If the local cops and EMS want to stay in the dark ages, then I guess VoIP can still work. Who cares if the spooks listen in on the 911 calls. The issues for security are not with the 911 calls.
Maybe they aren't doing it now, or who knows, maybe they are. Tools already exist in various non-standard ways to do end-to-end IP-to-IP or VoP2P voice calls. But the terrorists (the ones the spooks are really after) will evetually be doing their communications that way. Eventually the masses will, too. Sure, unencrypted calls can be made, but so can encrypted ones. The ability to communicate binary end-to-end means the most sophisticated encryption can be done. While a few countries will outlaw that, it will be hard to do in most, and harder still to enforce.
And pizza delivery will end up beating dentists at being able to communicate over VoP2P.
I'm all for choosing the right tool for the job. But there are still a couple problems with this. First, there are plenty of valid choices to make for modern applications, which are so often web based these days. Second, the choices being made are done by business managers without consulting the technical staff, often before they've even hired any. Java seems to be the most common choice among the business people, with Perl and PHP coming in a distant second and third. The reason I believe so much Java is being chosen is not because of any technical value (which it does have), but because it is being sold to managers by sales people from companies like Sun and IBM. In other words, the decisions are being made "behind the backs of real programmers", despite the fact that in most cases Java would be a fine choice (as would a few others), anyway. It seems to me that there is some resentment against having non-technical people forcing a technical decision, made for non-technical reasons, on technical people.
So how would this "feature" work when the world finally reaches the level where there is sufficient IP bandwidth everywhere (it's getting close) and a standard whereby people can be found under a hierarchical identity in DNS or the like, and connect their "voice agent" to a "voice daemon" at the other end via IPv6 addresses (found via that DNS lookup), and transfer everything encrypted with triple-AES and verified with 4K PKC on an end-to-end basis?
Exactly. The future is definitely Voice over Peer-To-Peer (VoP2P if you need a distinguishing acronym), which will, of course, be digital, and can also be encrypted on each end, with everyone in the middle doing nothing more than shuffling (routing, quality of service, etc) bits around. DNS can be used to find people. I just hope they decide to do it via IPv6 so it's a lot easier for everyone to have distinct IP addresses rather than try to juggle with port numbers and such. But people won't need permanent IP addresses, just permanent identities in DNS or whatever is used to find their voice daemon.
Forwarding is wrong. Always has been. Re-mailing is what should be done in the majority of cases. Mailing lists won't have any problem because the mailing list itself can be the return address, thus not invoking an SPF lookup on the poster herself. Private forwarding is the big issue (e.g. like bigfoot.com) and in these cases SRS and backtracking can be used.
Now do you a constructive suggestion of an alternative to SPF that both supports the kind of forwarding you want to do, and still informs those who participate that no mail server but mine (or which I say) are valid for sending mail addressed as from my domains?
No! It's suppressing anything (such as kiddie porn) in such a poorly thought out way that ends up resulting in massive collateral damage in the form of depriving many of their right to free speech ... that violates the first amendment. It's one thing to decide whether something is, or is not, protected by the first amendment. It's something entirely different to impose a means of enforcement that has major serious side effects. Imagine if, because some unidentified person in your neighborhood robbed a bank, that the police decided to round up everyone in the whole neighborhood and put them all in jail, just to make sure they got the right guy.
The real problem is that we are letting those who are not knowledgeable enough about how the internet really works (e.g. lawyers) make decision not about what will be censored, but how any censorship is to be implemented and deployed. What really needs to happen is that those who are making the laws should be required (on pain of death penalty for failure to do so) to hire a staff of geeks (those who want to censor the same things, of course) to figure out how to make it actually work (or report just how well it could ever work).
A few years ago I had a chance to carry on a few months long email exchange with the CEO of a large growing ISP. He was also a strong believer in stopping pornography, and child porn in particular. He was in fact ready to make some suggestions directly to the US Congress. During the course of our exchange, I discovered that he was trying to dig deeper into the technology that his technical knowledge should have allowed. In particular, he wanted to collect a list of domain names where child porn sites were, and have them blocked at the router (perhaps not unlike the silly PA law). I just had to call him on the phone and explain to him the difference between DNS servers and routing tables and such. I swear I heard a jaw hit the floor. One comment was "oh, so that's what those are for". I guess his own sysadmin never took the time to explain any of this. He wasn't a dumb person ... he just was too busy doing financial and marketing deals to spend the time learning technology. Now this was the CEO of an ISP. Imagine how much technical knowledge you'd have in a lawyer who got himself elected to the state legislature or Congress.
There still can be an epoch problem, but only with external code not following RFC1035 to the letter. Given the lack of tools to make the wrapping comparison correctly, there are probably a lot of bad programs around. What I did on my DNS servers to eliminate the year 2038 (or 2106 for unsigned) impact is define the SOA as the system time divided by 4. So my servers won't have this impact until 2242-03-16 12:56:28 (or 2514-05-30 01:53:00 for unsigned), as long as there is a better source of system time from which to derive that number after 2038.
Earthlink sues spammers that hit their service, and their customers, from outside. I suppose they may also sue a spammer that operates from within, but I've not heard of such cases. I have, and still continue to get, spam from Earthlink customers. It gets reported and I still get more spam than replies.
Sorry, I cannot agree that the first step is to have an AUP ... that is, written available terms that tell a customer what they can, or cannot, do with the service. Too many providers, including Savvis, have AUPs and do not enforce them. No, the first step is to have a "we will not support spammers" attitude. Whether that is spelled out to customers or not is secondary (presumably a few borderline customers may end up choosing not to spam based on that).
Well, it seems you beat me to the internet by a year. But even NSF's prohibition didn't technically apply to the first spam I got, which was a chain letter asking people to send a get well card to a sick kid in a hospital in the UK somewhere, which in all likelihood was not really there. Of course that wasn't spam in the sense of one entity sending millions to others.
In much the same way that a spammer can spoof the RFCx822 headers, as well as the information exchanged via SMTP, and even the PTR record in reverse DNS, provider can spoof the AUP. They can also selectively apply the AUP against small time customers that are not a significant revenue source (a home user with a dedicated ISDN access), while ignoring it for a customer with a pink contract operating several /24 LANs worth of servers at their colo center, who is not only a significant customer, but probably is also paying an extra premium for the provider to look the other way.
My idea of a covenant against spammers, which I would want to see there before any AUP, would give me (and other customers) the right to sue the ISP if they fail to keep their address space, and their services, clean of spammers. Think of it as an AUP in reverse ... instead of giving the ISP the right to sue the spammers, it gives the customers the right to sue the ISP. It should be part of the QoS terms, but spelled out as a legal covenant.
Now don't be giving any spammers any ideas ... oh wait ... what a wonderful way to get some publicity for my pills :-)
The point is, as you say, that they may be enforced. But that does not mean that they will be enforced. Since I am not a spammer, the fact that they may enforce those anti-spam terms means nothing to me; I won't be violating them. The point is, these terms do not tell me if it is OK to choose this provider or not. The terms that I want are that the provider will enforce those terms against any and every customer, whatsoever, that spams.
I understand what you are talking about where the AUP terms protect the ISP in court in case the spammer tries to sue them for termination. But this just isn't good enough. There needs to be a covenant from the provider to all customers that they will keep the network clean of all spammers. Then they can add that AUP for their own CYA purposes.
More likely it was the DoS attack against your mail server.
AUPs mean nothing at all. Actions mean something. And maybe eventually Savvis will start taking action. We'll see.
What would be of value is not an AUP that prohibits spam, but rather, a covenant that commits the provider to each customer that the network will stay spam-free. I'll believe a Savvis turnaround if they do that.
I believe in forgiveness. I'm willing to unblock Savvis. But only after Rob McCormick calls me up and asks for forgiveness. Then I'll wait 10 days before unblocking them.
I haven't seen very many false positives in SPEWS. I recall one earlier this year, but it was deleted very quickly. When I saw the posting I checked for myself and it was gone. And I verified in my archives of SPEWS data that it in fact was there the day before.
Perhaps what you mistakenly believe to be false positives and collateral damage is the listings of spammer harboring ISPs. Those listings are entirely intentional, and have been useful in getting many ISPs turned back away from the dark side. It takes the threat of losing their customers in too many cases to get them to deal with it.
If you have a particular listing in mind you think is a false positive, let me know and I'll check on it for you.
You forget ... these are managers and corporate executives we're dealing with ... very clueless about internet stuff (even the ones that run internet companies).
If you haven't heard about it, then you must not be very much in touch with what is going on in network administration and mail server administration. But then, over 2/3 of administrators are out of touch, so we could hardly expect managers to have a clue. You'd have known they were a spam haven if you had checked up on them. Did you? You know their sales people are certainly not going to tell you that in their sales pitch (unless, perhaps, you are a spammer, which I don't presume you are). To their benefit, Savvis isn't the worst out there, and most of what they are dealing with now is the result of the C&W acquisition. Probably the worst right now is MCI/UUnet (in the USA).
So, just how many "decision makers in large companies" would know about this stuff if you didn't? What can be done to inform them (without spamming them, of course)?
He's had plenty of time to know who the spammers are and what services are provided. Why not shut them down today? Why is he waiting 10 days? I'd like to see Savvis clean up, but this 10 day wait tells me that Rob McCormack still doesn't get it. Of course this is better than keeping the spammers, but it just isn't good enough for me to lift the blocks at this time because I do not see an anti-spam attitude from Savvis, yet. When I see that attitude, or when they are no longer listed in any major spam list for at least 3 months, then I will unblock them.
Why should ever company have problems just because they are large? If they are 10 times as large, they should have 10 times as many good people handling things. Unfortunately, the reality is, larger companies tend to have way fewer people, and as a result, poorer service.
I've talked to real people at many companies before. But they are usually people who still don't have the authority to fix the problem. How many of these real people at Savvis that you talked to could fix the spam problem and get your IP addresses out of the blacklists? Answers are nothing. Actions count. Maybe we'll start seeing some actions after the spammers get 10 days of spam runs?
As a stockholder, have you read Savvis' SEC filings, and in particular, read the disclosure of the financial risk they face due to their practice of harboring spammers? Did they even disclose that fact at all?
BTW, you didn't help with this problem. But if you, and many more other people, had canceled service and dumped stock sooner, then the problem would have been fixed sooner.
I guess the geek in me got the better of me. When I read the story title, I thought it meant that NIH was going to mandate that scientists receiving funding from them use open source software. And of course, it would make sense as it would mean more money spent on actual research. Now if only ...
Let them cry entrapment. The real idea is to have so many sites just flooded with these filenames that they would have to be sending out C&D by the millions. These letters do cost them money to send. The more noise there is, the more any signals are drowned out. They'll have to go back to pretending to be pimply faced kids in chat rooms to find where the real stuff is, while their spiders get stuck in tens of thousands of crawler traps, generating gigabytes of likely matches.
I'm going to be putting back a spider trap I used to have a long time ago. There will be a posted warning not to enter in the form of a standard "robots.txt" file. That will keep out any spiders that follow the rules, which I suspect MPAA and RIAA will not be following.
The thing to do is set up a site which has a few subdirectories for a spider to crawl through and find bunches of files that really do look like what they are wanting to find. Have everything, HTML pages as well as data files, accessed through a script that strips off the leading directory path for any request. But generate all the links with a generated leading directory that encodes in some non-obvious way the IP address the hit came from. Then when you get your C&D letter(s), reverse the encoding of the file path given to find where they came from to see the file. Then put that information out to the world. And make sure they, and only they, get the famous goatse.cx picture captioned "better check in here, too".
Time to put back my spider death pit script. Every file can also be found in any of billions and billions of randomly generated directories. There would be one particular directory that would work, though :-)
I can't say about Australia, but the principle of Free Speech in the United States does not extend to giving people the right to steal (or do any other harm) in order to carry out that speech.
1. What if I were to come onto the property of your home and spray paint my important non-commercial politcally-oriented message in reverse image on the outside of your living room window so you could easily read it from the inside? Would my free speech rights still be protected?
2. What if I were to crack into your office network and plant trojan programs that would ensure my important non-commercial politcally-oriented message regularly pops up on everyone's computer screen? Would my free speech rights still be protected?
Of course you can put up defenses to physically prevent me from doing this. But I doubt you'd want a barbed wire electric fence in front of your home. So you are going to trust that reasonable people would never do this, and that law enforcement would deal with it (e.g. because it is illegal) if anyone does exercise their free speech rights at your expense.
Likewise, we would not want to have to put up such defenses on mail servers, either. Just as it would be a big hassle for your friends and invited guests to enter your home with all that barbed wire fencing and the machine-gun toting guards checking identity, it would also be a big hassle for the equivalent to be done on the input side of mail servers. We don't want to go that way at all, now do we.
So can we come to an agreement that Free Speech is a good thing, but it does not justify or permit the utilizing, taking, damage, or destruction of the property of others to carry out this Free Speech, without their consent?
Well, at least we've finally reached the point where we know our fundamental disagreement: whether end to end will happen.
Actually, interoperability is not hard at all. The reason difficulties happen is because people get in the way of interoperability. The solution is to just shove them back out of the way. We need to do that more often.
Will we be able to accomplish end to end voice communications? Technologically, we can already do it today. What is needed is to make it as easy to use as the POTS phone is now. That can be accomplished through a kind of directory search. Google and others can get into the act and provide that service. Once someone is found, they can be communicated with (if they accept), whether that communication is voice, video, file transfer, or whatever.
Whether it will happen depends on vision. There will be someone with vision who says "I can free people from the lock of carriers by giving away my voice software, and charging for directory lookup services". It's not much different a business model than Kazaa is now. In fact, it would not surprise me if Kazaa ends up doing it. Of course, while this is end to end, it can also be proprietary. But if the vision comes from standards groups who accept the end to end model and create an open standard, then we can avoid the proprietary, and directory services will have to compete on quality and/or price, not on vise grips.
Competition doesn't always require innovation. It can be more quality for less price. Innovation can exist in the value add ons as well, which can still work on an open standard (but we have to create that open standard now).
Moore's law was supposed to break down 10 years ago. We'll see.
It's point to point AND end to end. That means the digitization ... and thus the place to do the encryption, is at each customer. All that providers will see is packets with destination headers, ports, flags, and a payload of gibberish bits. The carriers are no longer involved other than as internet providers passing traffic as addressed.
My whole point is that the current setup, where a telco carrier is doing the interface between VoIP and POTS is an interim business model only. It will go away in a few years, maybe 10, 15 at most. You get a connection to the net and it serves all your needs. To "call" someone, you speak or type their name, and it's looked up in your "bookmarks" or whatever kind of search system you want to use. The end result is a DNS name which then results in am IP address (perhaps IPv6). You also get their certified or privately conveyed public key, and make the encrypted and verified connection. No POTS carrier is ever involved. No one but the you and who you call has the clear unencrypted information. And that channel can be used to not only speak, but watch, and transfer the new Linux 4.2.16 kernel source code in an instant.
In summary, my point is that the outside world will eventually change to be this. Sure, any communication to the stragglers that still depend on a company hanging on to a then obsolete business model will be tappable where the company transitions it to POTS. But in several years, POTS will be a minority.
Carriers not want to allow it? They won't have a choice. Bandwidth will be sufficient by then to watch several movies (paid for or ripped off) in real time for most, and sufficient for voice for virtually all the rest. We're already at that point for lots of internet users (just not enough to create the VoP2P critical mass just yet in 2004). All we need are standards to find people (multiple services are likely to provide this), and communicate. We can nearly do that now. POTS is for inside the box thinking.
But can they block the spam before it even uses any network bandwidth?
I guess you just didn't understand the question. I was referring to whenever the world gets to the point where (nearly) all the calls are end-to-end over IP (and thus can be end-to-end encrypted). If the local cops and EMS want to stay in the dark ages, then I guess VoIP can still work. Who cares if the spooks listen in on the 911 calls. The issues for security are not with the 911 calls.
Maybe they aren't doing it now, or who knows, maybe they are. Tools already exist in various non-standard ways to do end-to-end IP-to-IP or VoP2P voice calls. But the terrorists (the ones the spooks are really after) will evetually be doing their communications that way. Eventually the masses will, too. Sure, unencrypted calls can be made, but so can encrypted ones. The ability to communicate binary end-to-end means the most sophisticated encryption can be done. While a few countries will outlaw that, it will be hard to do in most, and harder still to enforce.
And pizza delivery will end up beating dentists at being able to communicate over VoP2P.
I'm all for choosing the right tool for the job. But there are still a couple problems with this. First, there are plenty of valid choices to make for modern applications, which are so often web based these days. Second, the choices being made are done by business managers without consulting the technical staff, often before they've even hired any. Java seems to be the most common choice among the business people, with Perl and PHP coming in a distant second and third. The reason I believe so much Java is being chosen is not because of any technical value (which it does have), but because it is being sold to managers by sales people from companies like Sun and IBM. In other words, the decisions are being made "behind the backs of real programmers", despite the fact that in most cases Java would be a fine choice (as would a few others), anyway. It seems to me that there is some resentment against having non-technical people forcing a technical decision, made for non-technical reasons, on technical people.
So how would this "feature" work when the world finally reaches the level where there is sufficient IP bandwidth everywhere (it's getting close) and a standard whereby people can be found under a hierarchical identity in DNS or the like, and connect their "voice agent" to a "voice daemon" at the other end via IPv6 addresses (found via that DNS lookup), and transfer everything encrypted with triple-AES and verified with 4K PKC on an end-to-end basis?
Exactly. The future is definitely Voice over Peer-To-Peer (VoP2P if you need a distinguishing acronym), which will, of course, be digital, and can also be encrypted on each end, with everyone in the middle doing nothing more than shuffling (routing, quality of service, etc) bits around. DNS can be used to find people. I just hope they decide to do it via IPv6 so it's a lot easier for everyone to have distinct IP addresses rather than try to juggle with port numbers and such. But people won't need permanent IP addresses, just permanent identities in DNS or whatever is used to find their voice daemon.