If, as is expected, the Senate gives final approval and President Bush signs it into law, we may well be witnessing the end of Internet e-mail.
Wow, a prediction of the imminent collapse of (part of) the Net? Isn't that supposed to happen on Thursdays, not Tuesdays?
Seriously speaking, I have absolutely no idea whatsoever why anyone is bothered by spam. My ISP runs SpamAssassin, which spam-scores every inbound message and munges the headers with that score. My procmail sorts anything over a particular score into a spam folder, which I periodically empty, usually with a cursory glance to see if there are any false positives (I haven't seen one for four months, by the way). Anywhere from zero to five spams reach my inbox every day, which I delete; if the number starts to creep higher, I might lower my filter threshold.
And that's it. Total labor input from me is about fifteen minutes a week. I spend more time than that rinsing out the office coffee pot. So why all this outrage and law-making and angst?
Might it be best to make computer owners responsible for all harm caused by their computers, no excuses allowed? People would become much more security conscious. Insurers could include computer liability insurance with home or business coverage, with "good driver"-like discounts if you can show you use proper safeguards.
It's a harsh position, I know, but it seems like it might work.
I think this stinks, too, but I can see where it might make sense to drop Saruman for this movie if the only other choice was to drop something else. After all, once his army is defeated at Helm's Deep and his factories are trashed by the Ents, he's pretty much out of the picture as a major player in the war. Resolution (as Tolkien wrote it) would be nice, but I can't say this is an especially heinous cut.
I worked at a company that got about that much money from Microsoft a few years ago. They aren't around anymore. Back to the underwear-gnome drawning board.
The internet was not then, and will never be, free. Somebody has to pay for all the servers and routers and wires, not to mention the dedicated writers and editors if you want quality content. In the early days of the net, the cost of operation was covered by donations from the government, universities, and large companies, supplemented by a lot of "stolen" labor time, under the management radar. The net has long since outgrown this mode of existence.
That's not to say that advertising is a good or viable way to pay those bills, merely to point out that there's no way back to Eden.
Stating an opinion on this is pretty pointless. The tech has been available for a while, with NAV2004 simply packaging it in a convenient and widely distributed form.
Any business model based on forcing consumers to do anything on the Net is doomed (unless the Net and consumer hardware change a lot, which a number of companies are trying very hard to make happen). Tech will always appear which allows users to circumvent unwanted content.
Sites dependent on advertising can respond by politely asking their users to allow the ads to display (and to read them, and respond to them). Sites can be aware of what ads create special resentment and desire for circumvention (e.g., those horrid moving, floating flash ads) and voluntarily renounce them.
Or, sites can just give in and go for a pay model. A really good site with desirable content can make this work (e.g., Salon, which keeps defying its detractors' predictions by not dying). Of course, even/. is flirting with this model.
Let's be fair to Mr. Gates, for once. If you needed perfect code to achieve security, security would be impossible; I've never seen a nontrivial perfect program. All real-world large projects are going to have errors in them; it's a simple fact of our imperfect world.
Once you recognize this, attention must turn from achieving some mythical perfection to dealing with the probable scope and impact of errors. Just for example, one good thing about languages like (e.g.) Perl and Java is that (absent major kludging) they are incapable of expressing a buffer-overrun bug, a category of possible bug in (e.g.) C which is single-handedly responsible for a majority of significant net security holes.
In other words, once you admit that your code will never be perfect, you are forced to consider how to limit the damage your imperfections can do, and that in turn steers you toward technologies, processes, and practices that help you with that potential-damage reduction goal.
In that sense, Gates is entirely correct that one key to maintaining a secure system is to limit the accessibility of unneeded ports (and the services possibly behind them) from the net at large. Yes, ideally, all those ports and services would be invulnerable to attack. But we know that we're not perfect, so we play it safe and use a firewall. It's classic "belt and suspenders" engineering.
There is certainly a lot to be said about Microsoft's culpability for the low quality of their products, particularly with regard to security. But that doesn't mean Gates was wrong to say what he said.
Would someone please remind me what exactly is going on up there that is worth risking lives and spending money to continue? ISS in its current condition (of repair and staffing) is doing effectively no research or engineering work beyond "Let's put some guys in space and see if they get sick", and that's been done previously and with more functional medical gear.
Yeah, but this is one of those "one thing at a time" situations. Right now, the military or intelligence agencies can keep something classified forever, using the catch-22 of "we can't tell you why it's secret because that's secret too" to avoid congressional or judicial review. Putting a ceiling on it would at least make sure that everything saw the light of day eventually. We can work on cranking down the ceiling, or pushing through earlier-release provisions for most material, once that's in place.
I should hope there's some ultimate absolute secrecy time limit; say 150 years, so everyone involved at the time would be long dead, and all technology and diplomacy irrelevant. When politics has aged into history, it should be available to everyone.
Radio streaming isn't what I'm talking about. With Rhapsody, I can suddenly decide I really need to hear "Mr. Roboto" by Styx at 3am, and have it playing a few seconds later. This isn't the sort of thing I want to pay for a permanent copy of. My music needs are often whim-driven, so a flat rate streaming buffet approach works perfectly for me.
I've never understood what all the fuss was about. Rhapsody offers a killer online music service with unlimited streaming for a flat ten bucks a month, plus cd burns at the same price as iTunes. If you want an mp3, burn it to cd and rip it for personal use. Why isn't everyone using Rhapsody?
It should be noted that US hardware for human space travel is also based on designs which are around three decades old (with some upgrades). Ditto Russian hardware.
Talking to non-techies
on
Beyond Fear
·
· Score: 2, Interesting
I was chief architect several years ago at a pioneering (and now dead) movies-over-the-net company. Beyond the technical issues involved, our biggest problem was movie-industry execs who insisted on "absolute, guaranteed, unbreakable" security. Needless to say, this was a bit of a stumbling block, as there's no such thing.
When I gave security-related presentations to non-techies, I got in the habit of asking for a show of hands asking who had locked their front door when they left home that morning. Needless to say, all hands went up. I'd then point out that a thief could break a window, tunnel through a wall, dig up through the floor, cut a hole in the roof, or batter down a door if they were determined enough to get inside...so why did they bother locking the front door? Thinking about this got people into a more reasonable mindset to discuss cost/benefit ratios and attack scenario analysis.
If telemarketing is not working (and it appears it isn't, due to the high number of people who do not want to be called by these people)
The problem is that it is working. That's the creepy, irrational, stupid fact at the core of this debate. Telemarketing is hugely successful, which is why there is so much of it. People say they don't want telemarketers, but enough also buy things from telemarketers that the latter make a very comfortable living.
It's exactly the same situation as with spam. Everyone says they hate it, and it would disappear within a few months if nobody bought the things advertised in it. It has not gone away, therefore we can conclude that people are buying things advertised via spam.
Banning telemarketing and spam is just as stupid as legislative term limits. If the majority don't want telemarketing or spam, ignore them, and they'll go away. If the majority don't want long-term legislators, don't re-elect them. Instead, we have these horrible kludge-laws designed to protect an irrational public from themselves.
I never thought we'd see an explosive growth of the Nanny State with Republicans in control of Congress and the Presidency.
The Third is clearly the runt of the Bill of Rights, especially embedded as it is in the middle of the high-profile first six. I speculate that the author noticed this and decided to come up with some way to make it relevant in the modern world.
The Findlaw page I cited mentions that the Supremes have never ruled on a 3rd Amendment case, and that indeed there's only one citation from Federal case law, which they describe as being unusual without going into details. I'll have to pester a lawyer friend to look that up now that my curiosity is engaged.
There was a science fiction story many years ago (circa 1980, IIRC) in Analog (again IIRC) which predicted widespread networked home computers, and the threat of hostile programs spreading among them. In the story, the US government mandated installation of (what we would call) antivirus software, developed and provided by the government. An attorney successfully gets the program thrown out on Constitutional grounds, showing that it violates the Third Amendment, since a program guarding against national security threats is effectively a "soldier".
Perl Golf is an entirely different direction to take this discussion...but might be fun. Pretty nice opening shot, there. Not sure I can better it. Anybody else want to give it a try?
Good post, overall, but I have to object to your phrase "the nullwits who designed the SMTP protocol". SMTP was designed at a time when the nascent internet was more or less a research preserve, all users of which were cooperative and well-intentioned. SMTP uses what I call "Moria security", for reasons which will be obvious to Tolkien fans.
SMTP lacks meaningful authentication features for the same reasons that TCP/IP lacks such features; they weren't needed at the time, and better to get something working out there and doing good than to sit on it while you build in design features that might possibly someday become useful.
A dirt path is a perfectly useful way for a few hikers to climb a hill. When a stream of passenger cars start using that path and a few of them lose their oil pans, don't blame the people who created the path.
Slashdot Mirror
Seriously speaking, I have absolutely no idea whatsoever why anyone is bothered by spam. My ISP runs SpamAssassin, which spam-scores every inbound message and munges the headers with that score. My procmail sorts anything over a particular score into a spam folder, which I periodically empty, usually with a cursory glance to see if there are any false positives (I haven't seen one for four months, by the way). Anywhere from zero to five spams reach my inbox every day, which I delete; if the number starts to creep higher, I might lower my filter threshold. And that's it. Total labor input from me is about fifteen minutes a week. I spend more time than that rinsing out the office coffee pot. So why all this outrage and law-making and angst?
...when I picture applications for a personal droid, having it read /. to me is not the first one that springs to mind.
Might it be best to make computer owners responsible for all harm caused by their computers, no excuses allowed? People would become much more security conscious. Insurers could include computer liability insurance with home or business coverage, with "good driver"-like discounts if you can show you use proper safeguards.
It's a harsh position, I know, but it seems like it might work.
I think this stinks, too, but I can see where it might make sense to drop Saruman for this movie if the only other choice was to drop something else. After all, once his army is defeated at Helm's Deep and his factories are trashed by the Ents, he's pretty much out of the picture as a major player in the war. Resolution (as Tolkien wrote it) would be nice, but I can't say this is an especially heinous cut.
I worked at a company that got about that much money from Microsoft a few years ago. They aren't around anymore. Back to the underwear-gnome drawning board.
No need for this, when Computer Boy has been out for several years. ("Eat gun!")
The internet was not then, and will never be, free. Somebody has to pay for all the servers and routers and wires, not to mention the dedicated writers and editors if you want quality content. In the early days of the net, the cost of operation was covered by donations from the government, universities, and large companies, supplemented by a lot of "stolen" labor time, under the management radar. The net has long since outgrown this mode of existence.
That's not to say that advertising is a good or viable way to pay those bills, merely to point out that there's no way back to Eden.
Stating an opinion on this is pretty pointless. The tech has been available for a while, with NAV2004 simply packaging it in a convenient and widely distributed form.
/. is flirting with this model.
Any business model based on forcing consumers to do anything on the Net is doomed (unless the Net and consumer hardware change a lot, which a number of companies are trying very hard to make happen). Tech will always appear which allows users to circumvent unwanted content.
Sites dependent on advertising can respond by politely asking their users to allow the ads to display (and to read them, and respond to them). Sites can be aware of what ads create special resentment and desire for circumvention (e.g., those horrid moving, floating flash ads) and voluntarily renounce them.
Or, sites can just give in and go for a pay model. A really good site with desirable content can make this work (e.g., Salon, which keeps defying its detractors' predictions by not dying). Of course, even
Let's be fair to Mr. Gates, for once. If you needed perfect code to achieve security, security would be impossible; I've never seen a nontrivial perfect program. All real-world large projects are going to have errors in them; it's a simple fact of our imperfect world.
Once you recognize this, attention must turn from achieving some mythical perfection to dealing with the probable scope and impact of errors. Just for example, one good thing about languages like (e.g.) Perl and Java is that (absent major kludging) they are incapable of expressing a buffer-overrun bug, a category of possible bug in (e.g.) C which is single-handedly responsible for a majority of significant net security holes.
In other words, once you admit that your code will never be perfect, you are forced to consider how to limit the damage your imperfections can do, and that in turn steers you toward technologies, processes, and practices that help you with that potential-damage reduction goal.
In that sense, Gates is entirely correct that one key to maintaining a secure system is to limit the accessibility of unneeded ports (and the services possibly behind them) from the net at large. Yes, ideally, all those ports and services would be invulnerable to attack. But we know that we're not perfect, so we play it safe and use a firewall. It's classic "belt and suspenders" engineering.
There is certainly a lot to be said about Microsoft's culpability for the low quality of their products, particularly with regard to security. But that doesn't mean Gates was wrong to say what he said.
Would someone please remind me what exactly is going on up there that is worth risking lives and spending money to continue? ISS in its current condition (of repair and staffing) is doing effectively no research or engineering work beyond "Let's put some guys in space and see if they get sick", and that's been done previously and with more functional medical gear.
What, at this point, is ISS for?
Yeah, but this is one of those "one thing at a time" situations. Right now, the military or intelligence agencies can keep something classified forever, using the catch-22 of "we can't tell you why it's secret because that's secret too" to avoid congressional or judicial review. Putting a ceiling on it would at least make sure that everything saw the light of day eventually. We can work on cranking down the ceiling, or pushing through earlier-release provisions for most material, once that's in place.
I should hope there's some ultimate absolute secrecy time limit; say 150 years, so everyone involved at the time would be long dead, and all technology and diplomacy irrelevant. When politics has aged into history, it should be available to everyone.
Radio streaming isn't what I'm talking about. With Rhapsody, I can suddenly decide I really need to hear "Mr. Roboto" by Styx at 3am, and have it playing a few seconds later. This isn't the sort of thing I want to pay for a permanent copy of. My music needs are often whim-driven, so a flat rate streaming buffet approach works perfectly for me.
I've never understood what all the fuss was about. Rhapsody offers a killer online music service with unlimited streaming for a flat ten bucks a month, plus cd burns at the same price as iTunes. If you want an mp3, burn it to cd and rip it for personal use. Why isn't everyone using Rhapsody?
It should be noted that US hardware for human space travel is also based on designs which are around three decades old (with some upgrades). Ditto Russian hardware.
I was chief architect several years ago at a pioneering (and now dead) movies-over-the-net company. Beyond the technical issues involved, our biggest problem was movie-industry execs who insisted on "absolute, guaranteed, unbreakable" security. Needless to say, this was a bit of a stumbling block, as there's no such thing.
When I gave security-related presentations to non-techies, I got in the habit of asking for a show of hands asking who had locked their front door when they left home that morning. Needless to say, all hands went up. I'd then point out that a thief could break a window, tunnel through a wall, dig up through the floor, cut a hole in the roof, or batter down a door if they were determined enough to get inside...so why did they bother locking the front door? Thinking about this got people into a more reasonable mindset to discuss cost/benefit ratios and attack scenario analysis.
The problem is that it is working. That's the creepy, irrational, stupid fact at the core of this debate. Telemarketing is hugely successful, which is why there is so much of it. People say they don't want telemarketers, but enough also buy things from telemarketers that the latter make a very comfortable living.
It's exactly the same situation as with spam. Everyone says they hate it, and it would disappear within a few months if nobody bought the things advertised in it. It has not gone away, therefore we can conclude that people are buying things advertised via spam.
Banning telemarketing and spam is just as stupid as legislative term limits. If the majority don't want telemarketing or spam, ignore them, and they'll go away. If the majority don't want long-term legislators, don't re-elect them. Instead, we have these horrible kludge-laws designed to protect an irrational public from themselves.
I never thought we'd see an explosive growth of the Nanny State with Republicans in control of Congress and the Presidency.
The Third is clearly the runt of the Bill of Rights, especially embedded as it is in the middle of the high-profile first six. I speculate that the author noticed this and decided to come up with some way to make it relevant in the modern world.
The Findlaw page I cited mentions that the Supremes have never ruled on a 3rd Amendment case, and that indeed there's only one citation from Federal case law, which they describe as being unusual without going into details. I'll have to pester a lawyer friend to look that up now that my curiosity is engaged.
There was a science fiction story many years ago (circa 1980, IIRC) in Analog (again IIRC) which predicted widespread networked home computers, and the threat of hostile programs spreading among them. In the story, the US government mandated installation of (what we would call) antivirus software, developed and provided by the government. An attorney successfully gets the program thrown out on Constitutional grounds, showing that it violates the Third Amendment, since a program guarding against national security threats is effectively a "soldier".
Perl Golf is an entirely different direction to take this discussion...but might be fun. Pretty nice opening shot, there. Not sure I can better it. Anybody else want to give it a try?
Enojy :)
/$1 . shuffle($2) . $3/egix;
//, shift;
#!/usr/bin/perl -p
# scram: scrambles the innards of words
# Usage: scram <input-text >scrambled-text
# Craig Berry (20030915)
s/
([a-z]) # Initial letter
([a-z]{2,}) # Two or more middle letters
([a-z]) # Final letter
# Fisher-Yates shuffle
sub shuffle {
my @chars = split
my $i = @chars;
while ($i) {
my $j = rand $i--;
@chars[$i, $j] = @chars[$j, $i];
}
return join '', @chars;
}
Good post, overall, but I have to object to your phrase "the nullwits who designed the SMTP protocol". SMTP was designed at a time when the nascent internet was more or less a research preserve, all users of which were cooperative and well-intentioned. SMTP uses what I call "Moria security", for reasons which will be obvious to Tolkien fans.
SMTP lacks meaningful authentication features for the same reasons that TCP/IP lacks such features; they weren't needed at the time, and better to get something working out there and doing good than to sit on it while you build in design features that might possibly someday become useful.
A dirt path is a perfectly useful way for a few hikers to climb a hill. When a stream of passenger cars start using that path and a few of them lose their oil pans, don't blame the people who created the path.
Yeah, I've seen both of those, too. Autorepliers and mailing lists open up vast new landscapes of misconfiguration-generated pain. :P