Smaller systems are intrinsically more focused, which implies better privacy.
Let's not conflate privacy and security. Thats' not straightforward if we talk about such obscure concepts as group- or team- privacy. Anyway, it's obvious that sysadmins can access email contents, which we may call a privacy breach. When someone who was not appointed by the team or group does so, we call it a security breach. There are recipes to defend from the latter, not from the former.
Of course, one can choose to be "transparent" and operate through a gmail account. I don't recommend it. On the opposite, I recommend every group or team run their own email servers if they can spare the effort to keep them secure. I'd vote Clinton just for doing so if I were American.
Translation #1: There is a coil in the table. There is a coil in the back of the phone. The 2 coils act as a transformer with an air core. That only works if you bought a new phone. (And paid huge amounts for it including the 2-year contract.)
Heck, you're right. It's not quite the equivalent of POE for WiFi:-(
--
No, I'm not connected yet. I'm at step 8 of the assembly instruction...
Hm... olms spend their whole lives in the dark. I assume you imply "and if they're not given an adequate diet", since that's the topic at hand. But even then, the Solar System is fairly closed...
Back to topic, a probabilistic explanation of getting fatter or slimmer should take into account the possibility to observe counterintuitive results if the time scale is not large enough.
This is ultimately the problem with linux. There is no defined platforms anywhere. Software that wants to use anything can't ever guarantee that it will be there. They aren't part of the OS, but rather, part of the users defined installation.
Not quite: It's the task of a distribution to make sure all needed libraries are in place. I concede there is some difficulty when codecs and formats are not fully standardized. In that case, proprietary distributions stick on their homebrewed format and don't care about compatibility. A problem with FOSS is that users want it to be compatible with any other format.
And who wrote "This is compounded by FOSS users being tolerant of crashy software because it suits their ideology"? I experienced running and even buying Adobe and Microsoft packages. They have all the defects that RMS keeps on warning about, and if you do it as a hobbist you likely end up with some 8-year obsolete software that cannot be mantained and hardly works. I'm not going to buy any more of that to avoid getting locked in it that way. Is that "ideology"?
The reason why that software crashes so often is that it is underfunded. So, I could pay 300 bucks to get Bitwig, or do what I can with Avdemux and maybe donate them some 10 bucks. Maybe I should consider paying 50 bucks per month per license to use Premiere. Now, yes, if we go down to consider what should the price be proportional to, we may be approaching some ideological thinking.
-- From each according to his ability, to each according to his needs!
Nowadays we see a good deal of traditional activities, such as commerce, banking, socializing, studying, voting, and so forth, going more an more "online". Those transitions involve moving the roots of feelings, beliefs, and trust from an area to another, different one. It is an epochal change of paradigm, probably comparable to the invention of writing. What surprises me is that science and religion don't seem to be eager to participate.
While gravity is an easily recognizable effect of mass, there are objects, like the photons, whose existence as particles rather than waves can be argued about in vain, much like the existence of God. Their statistical treatment, as given by quantum mechanics, apparently violates any classical scientific method, so that one can never know whether a single photon exists and which slit did it go through. A shifted paradigm could emphasize the information transferred, rather than the energy, just as if reality were virtual.
I'd rise a similar objection to your exo-cake argument. In an accelerated universe, God's space and time coordinates are relative. No point in discussing which existed before which. IMHO, it would be more fruitful to concentrate on what's God's role in processing and transferring information. After Gödel's theorems, it seems that something beyond logics has to hypothesized in order to describe the universe well, even from a scientific point of view.
Something seems to be less accurate than it might have been:
The nature of God is such that it cannot be proven. Otherwise, we lose the choice to believe.
We can prove our logical thinking, not physics. Science often simplifies things by modeling a part of reality so as to apply mathematical tools. We cannot prove that reality exists as we perceive it and that our model captures its essence correctly. That requires us to exercise our choice to believe.
That said, science has yet to prove what the universe is, so how could we expect it to prove something outside of it?
God, or whatever our souls perceive or believe, is "inside" the Universe, since we define the Universe as the totality of what exists. By the same argument, our minds are part of the Universe too, albeit physics gives little consideration to virtual-reality models that would result from a mind-centric perspective of reality.
If anything, Lawrence Krauss' conclusion that Religious arguments for the existence of God thinly veiled as scientific arguments do a disservice to both science and religion looks a bit rushed. There must be a better way to put it.
It's fairly clear from the investigations Krebs carried out that a good deal of the chemicals have the right components and sort the expected effect. The risk is much higher than buying full price stuff at legit shops, of course. Krebs investigates the reasons why buyers go that way, and conveys the feeling (to me, at least) that there are several legitimate needs that pharmaceutical suppliers are far from satisfying. There should be a better market for medicines, but that's not the point.
Curiously, 3GPP are not keeping up by upgrading their name to 4GPP, 5GPP, and so forth...
Long term sketches provide for using IETF protocols, that is the Internet, for example SIP, Multipath TCP. Those seem to be kept "secret" for some reasons by telecoms and legal rules alike. T-Mobile is not available everywhere. In some countries, for example, it is forbidden to use fixed lines to make phone calls through VPNs. So-called SIP phones never made it to mass market. VOIP sellers tend to disable interoperability, IME.
There's plenty of related questions on social and economical consequences of having deserted that land. Where is server market heading? Who is the the average system owner nowadays, given that it is so much easier to rent a virtual server anywhere in the world? How about law enforcements...
The only conclusion that I can draw is that these major providers all use the same dynamic, or what they interpret as dynamic anyhow, IP lists and block based on them. I can understand that... the part that I have an issue with is that I have no recourse to have my IP reevaluated.
IME, it's unlikely that Hotmail and Yahoo do something in the same way; khasim is right, attach a firewall and have outgoing port 25 connections logged, then compare that log with your mail server's "official" log. That's the nasty side of remote control.
Subscribing to their FBL might also, occasionally, reveal unwanted activity. You need DKIM signatures for Yahoo. For Hotmail, you have to prepare a curl script that downloads their page every 12~24 hrs.
Whi don't you have your own abuse poc? Also, about that/29, 157.69.31.23.in-addr.arpa is set correctly, but the rest of the IPs are not. This has probably nothing to do with reputation, but it'd be convenient for you to have comcast define CNAMEs for RFC2317 delegation.
Sorry, I was wrong. They intercept the client-to-MTA (or MUA-to-MTA) connection, the article says.
Port 25 is mainly used for relaying (which is what confused me). Malware doing direct-to-MX SMTP does in fact use port 25. Modern clients should be configured to use port 587 instead. Since port 587 (MSA) requires sender authentication, there would be no reason to block/intercept it.
AIUI, they are not tampering the client-to-MSA connection —where the client is often configured to require STARTTLS, port 465, or whatever— but the MSA-to-MX one. There are no guarantees that encription is available between eny two hops along the mail path, and there have never been.
I think we all agree that predicting earthquakes (or weather, or stock exchange, for that matter) is not an exact science.
Actually, upon re-reading your reply, I'm not sure what you were actually arguing.
An expert's prediction —especially if officially appointed— should be solely based on her or his knowledge and beliefs, free from external pressure, lobbying, or prejudice. Scientists who are in conflict of interest because their opinions are too intertwined with their wishes should either stay silent or explain their position clearly. Legally, appointed experts who (ab)use their role for channeling spurious advices should be sentenced. IANAL, but it seems to me that would have been straightforward if the subject had been of financial rather than geological flavor, correct?
In fact, there was special likelihood of an earthquake.
Is this true?
Yes. There had been smaller "warning" shakes. As a matter of fact, there have been families who were going to leave l'Aquila as a precaution, and changed their minds after hearing an appeal to keep calm and stay home, on the radio. That was narrated by survivors. There had been some political pressure, aimed at keeping order, to have those scientists sign that appeal. No illicit deals were proved, and even if there had been any, they can be considered part of Berlusconi's style of administration. Governors command, subjects obey.
There is no reason to believe that a prediction, which will never be more than a general notion of increased likelihood over an indeterminate period of time anyway, could possibly save lives.
It is not the usual kind of "predictions" (or opinions), which are common in such cases, but rather the propensity to give false, unjustifiable predictions in order to keep people calm. The latter sounds like "we don't care if you die or not, but please do it silently."
As is often said, earthquakes do not kill people, unsafe buildings kill people. The buildings that collapsed and killed in Italy were unsafe obviously, and many of those that collapsed were extremely old. Where is the court case about the council (or whoever it ought to be) failing to earthquake strengthen a town full of mediaeval buildings?
Controlling the mind is the way to confer dictatorship-like powers while still respecting democracy. Until now, extraordinary communication skills are required in order to screw an entire country. Were mind control available, any idiot could do that. This explains why idiots go after mind control.
Public money is spent to drive research toward empowering the political system rather than some more useful task. Politicians are unable to drive research, of course. The outcome will probably consist of side-products, like the web. So what's the difference between Truthy and, say, teleportation?
When I see these laws, I always wonder who those "telco" companies are supposed to be. Tor nodes and VPN providers don't need to lay cables, they are telco clients. Does the law provide for any server to keep metadata? Hm... that's interesting. I always wanted to see a clear-cut definition of what a server is.
It looks as if the Internet was designed by someone different from the ITU.
I don't see how a mail client can discriminate between an email from my aunt and a message resulting from, say, an error in a cron job execution. Automated guesses based on message's body are unreliable. If I cannot control sending, I cannot configure any message attribute —header or envelop field— to be used for discrimination. Hence, I cannot manage that flow, no matter what tool I use. Garbage in, garbage out.
Mailchimp is a general-purpose notification manager. I would ask why they don't provide recipients with the ability to configure how they want notifications to be sent. I note they're commercial, and get paid by senders. Please recall the first paragraph of my first post in this thread. The point is that there is something wrong in how advertising is conceived and carried out. Perhaps we could have used the Internet to fix that. Instead, the current trend is to try and "fix" the Internet in an attempt to squeeze some more juice from economy as it came out of the industrial revolution.
On the other hand, Google is big enough be able to have Mailchimp and their likes begin to relent. Is the new "Inbox" aimed at doing that?
The reliability of email worsened as a consequence of spam and tentative mitigations thereof. Typically, poorly rated messages end up in spam folders and remain unnoticed, irrespective of their legitimacy. That behavior can be client-side only, but more often decisions are made by the receiving server too.
By direct interaction I mean a transport-neutral setting. For example, "Recovery: server.domain.com is online" could be enhanced to something like, say, "Recovery: server.domain.com is online. Further on/off messages are suspended for 8 hours unless you click <here>." The sender can use a general-purpose notification manager that recipients can configure online. That probably works better than mixing those notifications with the rest of email and let a general-purpose email client sort them out.
I get a bunch of ads that I wouldn't necessarily call "spam", but their ads. I actually want to get some of them (they're sometimes relevant to my job), but it's always super-low priority. [...]
That's the really challenging part. Marketers were not that bad in the dawn of newspapers. They worsened steadily as TV took root. The Internet offered them a chance to get interactive, and they declined. It required legislative efforts to mandate opt-in/out, and (honest) spammers abode by with bad grace. Spammers don't know why their ads work, and don't want to. They turned marketing into a non-cooperative game.
In this scenario, knowing how many times people open what messages, Google can infer message scores. They are quite unable to make yes/no decisions, but they can order messages accordingly. I suspect that's the basic idea of their new tool, as long as something called "Inbox" can be considered new nowadays.
I also get [notes and transactions whose flow is wanting better coordination...]. I don't know practically how you'd do that, but I wouldn't mind if someone were to figure that out.
When there's cooperation, the settings that deliver best mutual benefit should be worked out by direct interaction, for the sake of effectiveness. That would put email back into its role of transport mechanism, where it belongs.
Analysis of the source code history of Bash shows the vulnerabilities had existed since version 1.03 of Bash released in September 1989.
That's the outcome of a limited analysis. Had they dug deeper, they would probably have concluded that such kind of vulnerability was already latent in Babbage's Difference engine, as well as in any man-made device. Don't misunderstand me, I don't mean that Nature makes no bugs:-/
The point with man-made stuff is that we are free to decide how to deal with it. No wait, that was supposed to be the point with free software. (Damn, I'm getting garbled, perhaps it's hypocaffeiniemia.) Really, bugs happen the same whether you're paid or not. Discovering such an old one takes an odd moment.
Slashdot Mirror
Smaller systems are intrinsically more focused, which implies better privacy.
Let's not conflate privacy and security. Thats' not straightforward if we talk about such obscure concepts as group- or team- privacy. Anyway, it's obvious that sysadmins can access email contents, which we may call a privacy breach. When someone who was not appointed by the team or group does so, we call it a security breach. There are recipes to defend from the latter, not from the former.
Of course, one can choose to be "transparent" and operate through a gmail account. I don't recommend it. On the opposite, I recommend every group or team run their own email servers if they can spare the effort to keep them secure. I'd vote Clinton just for doing so if I were American.
Translation #1: There is a coil in the table. There is a coil in the back of the phone. The 2 coils act as a transformer with an air core. That only works if you bought a new phone. (And paid huge amounts for it including the 2-year contract.)
Heck, you're right. It's not quite the equivalent of POE for WiFi :-(
--
No, I'm not connected yet. I'm at step 8 of the assembly instruction...
And notice that the US-Cert alert (TA15-051A) is not for the spyware by itself, it is because the superfish is vulnerable...
It's idiotic to have pre-installed certificates. It implies admitting total ignorance on what trust is and what it implies.
Hm... olms spend their whole lives in the dark. I assume you imply "and if they're not given an adequate diet", since that's the topic at hand. But even then, the Solar System is fairly closed...
Back to topic, a probabilistic explanation of getting fatter or slimmer should take into account the possibility to observe counterintuitive results if the time scale is not large enough.
OK, I'll bite. Is there anything in cell biology which violates the laws of thermodynamics?
Yes, life. It violates the 2nd law.
This is ultimately the problem with linux. There is no defined platforms anywhere. Software that wants to use anything can't ever guarantee that it will be there. They aren't part of the OS, but rather, part of the users defined installation.
Not quite: It's the task of a distribution to make sure all needed libraries are in place. I concede there is some difficulty when codecs and formats are not fully standardized. In that case, proprietary distributions stick on their homebrewed format and don't care about compatibility. A problem with FOSS is that users want it to be compatible with any other format.
And who wrote "This is compounded by FOSS users being tolerant of crashy software because it suits their ideology"? I experienced running and even buying Adobe and Microsoft packages. They have all the defects that RMS keeps on warning about, and if you do it as a hobbist you likely end up with some 8-year obsolete software that cannot be mantained and hardly works. I'm not going to buy any more of that to avoid getting locked in it that way. Is that "ideology"?
The reason why that software crashes so often is that it is underfunded. So, I could pay 300 bucks to get Bitwig, or do what I can with Avdemux and maybe donate them some 10 bucks. Maybe I should consider paying 50 bucks per month per license to use Premiere. Now, yes, if we go down to consider what should the price be proportional to, we may be approaching some ideological thinking.
--
From each according to his ability, to each according to his needs!
Nowadays we see a good deal of traditional activities, such as commerce, banking, socializing, studying, voting, and so forth, going more an more "online". Those transitions involve moving the roots of feelings, beliefs, and trust from an area to another, different one. It is an epochal change of paradigm, probably comparable to the invention of writing. What surprises me is that science and religion don't seem to be eager to participate.
While gravity is an easily recognizable effect of mass, there are objects, like the photons, whose existence as particles rather than waves can be argued about in vain, much like the existence of God. Their statistical treatment, as given by quantum mechanics, apparently violates any classical scientific method, so that one can never know whether a single photon exists and which slit did it go through. A shifted paradigm could emphasize the information transferred, rather than the energy, just as if reality were virtual.
I'd rise a similar objection to your exo-cake argument. In an accelerated universe, God's space and time coordinates are relative. No point in discussing which existed before which. IMHO, it would be more fruitful to concentrate on what's God's role in processing and transferring information. After Gödel's theorems, it seems that something beyond logics has to hypothesized in order to describe the universe well, even from a scientific point of view.
Something seems to be less accurate than it might have been:
The nature of God is such that it cannot be proven. Otherwise, we lose the choice to believe.
We can prove our logical thinking, not physics. Science often simplifies things by modeling a part of reality so as to apply mathematical tools. We cannot prove that reality exists as we perceive it and that our model captures its essence correctly. That requires us to exercise our choice to believe.
That said, science has yet to prove what the universe is, so how could we expect it to prove something outside of it?
God, or whatever our souls perceive or believe, is "inside" the Universe, since we define the Universe as the totality of what exists. By the same argument, our minds are part of the Universe too, albeit physics gives little consideration to virtual-reality models that would result from a mind-centric perspective of reality.
If anything, Lawrence Krauss' conclusion that Religious arguments for the existence of God thinly veiled as scientific arguments do a disservice to both science and religion looks a bit rushed. There must be a better way to put it.
It's fairly clear from the investigations Krebs carried out that a good deal of the chemicals have the right components and sort the expected effect. The risk is much higher than buying full price stuff at legit shops, of course. Krebs investigates the reasons why buyers go that way, and conveys the feeling (to me, at least) that there are several legitimate needs that pharmaceutical suppliers are far from satisfying. There should be a better market for medicines, but that's not the point.
Curiously, 3GPP are not keeping up by upgrading their name to 4GPP, 5GPP, and so forth...
Long term sketches provide for using IETF protocols, that is the Internet, for example SIP, Multipath TCP. Those seem to be kept "secret" for some reasons by telecoms and legal rules alike. T-Mobile is not available everywhere. In some countries, for example, it is forbidden to use fixed lines to make phone calls through VPNs. So-called SIP phones never made it to mass market. VOIP sellers tend to disable interoperability, IME.
Nicely said.
There's plenty of related questions on social and economical consequences of having deserted that land. Where is server market heading? Who is the the average system owner nowadays, given that it is so much easier to rent a virtual server anywhere in the world? How about law enforcements...
Except that I can find a (bad) _dmarc record:
$ dig +short _dmarc.fimble.com txt
"v=spf1 ip4:23.31.69.157/32 a mx ptr include:fimble.com ~all"
(I'd remove that '*' from your zone file...)
The only conclusion that I can draw is that these major providers all use the same dynamic, or what they interpret as dynamic anyhow, IP lists and block based on them. I can understand that... the part that I have an issue with is that I have no recourse to have my IP reevaluated.
IME, it's unlikely that Hotmail and Yahoo do something in the same way; khasim is right, attach a firewall and have outgoing port 25 connections logged, then compare that log with your mail server's "official" log. That's the nasty side of remote control.
Subscribing to their FBL might also, occasionally, reveal unwanted activity. You need DKIM signatures for Yahoo. For Hotmail, you have to prepare a curl script that downloads their page every 12~24 hrs.
...I have SPF records for the domain...
Your record is bad. Please check dmarcian's spf test.
...and IP address are not on any RBLs.
Right, but they're not on any whitelist either. Try this: https://www.dnswl.org/
I see fimble has a /29:
NetRange: 23.31.69.152 - 23.31.69.159
CIDR: 23.31.69.152/29
NetName: FIMBLE
Customer: FIMBLE (C03254701)
RegDate: 2012-12-19
Updated: 2013-12-11
Ref: http://whois.arin.net/rest/net...
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-888-565-4329
OrgAbuseEmail: abuse@comcast.net
OrgAbuseRef: http://whois.arin.net/rest/poc...
Whi don't you have your own abuse poc? Also, about that /29, 157.69.31.23.in-addr.arpa is set correctly, but the rest of the IPs are not. This has probably nothing to do with reputation, but it'd be convenient for you to have comcast define CNAMEs for RFC2317 delegation.
Sorry, I was wrong. They intercept the client-to-MTA (or MUA-to-MTA) connection, the article says.
Port 25 is mainly used for relaying (which is what confused me). Malware doing direct-to-MX SMTP does in fact use port 25. Modern clients should be configured to use port 587 instead. Since port 587 (MSA) requires sender authentication, there would be no reason to block/intercept it.
AIUI, they are not tampering the client-to-MSA connection —where the client is often configured to require STARTTLS, port 465, or whatever— but the MSA-to-MX one. There are no guarantees that encription is available between eny two hops along the mail path, and there have never been.
I think we all agree that predicting earthquakes (or weather, or stock exchange, for that matter) is not an exact science.
Actually, upon re-reading your reply, I'm not sure what you were actually arguing.
An expert's prediction —especially if officially appointed— should be solely based on her or his knowledge and beliefs, free from external pressure, lobbying, or prejudice. Scientists who are in conflict of interest because their opinions are too intertwined with their wishes should either stay silent or explain their position clearly. Legally, appointed experts who (ab)use their role for channeling spurious advices should be sentenced. IANAL, but it seems to me that would have been straightforward if the subject had been of financial rather than geological flavor, correct?
In fact, there was special likelihood of an earthquake.
Is this true?
Yes. There had been smaller "warning" shakes. As a matter of fact, there have been families who were going to leave l'Aquila as a precaution, and changed their minds after hearing an appeal to keep calm and stay home, on the radio. That was narrated by survivors. There had been some political pressure, aimed at keeping order, to have those scientists sign that appeal. No illicit deals were proved, and even if there had been any, they can be considered part of Berlusconi's style of administration. Governors command, subjects obey.
There is no reason to believe that a prediction, which will never be more than a general notion of increased likelihood over an indeterminate period of time anyway, could possibly save lives.
It is not the usual kind of "predictions" (or opinions), which are common in such cases, but rather the propensity to give false, unjustifiable predictions in order to keep people calm. The latter sounds like "we don't care if you die or not, but please do it silently."
As is often said, earthquakes do not kill people, unsafe buildings kill people. The buildings that collapsed and killed in Italy were unsafe obviously, and many of those that collapsed were extremely old. Where is the court case about the council (or whoever it ought to be) failing to earthquake strengthen a town full of mediaeval buildings?
Sure.
Obviously, it didn't end for good in 2003.
Controlling the mind is the way to confer dictatorship-like powers while still respecting democracy. Until now, extraordinary communication skills are required in order to screw an entire country. Were mind control available, any idiot could do that. This explains why idiots go after mind control.
Public money is spent to drive research toward empowering the political system rather than some more useful task. Politicians are unable to drive research, of course. The outcome will probably consist of side-products, like the web. So what's the difference between Truthy and, say, teleportation?
When I see these laws, I always wonder who those "telco" companies are supposed to be. Tor nodes and VPN providers don't need to lay cables, they are telco clients. Does the law provide for any server to keep metadata? Hm... that's interesting. I always wanted to see a clear-cut definition of what a server is.
It looks as if the Internet was designed by someone different from the ITU.
I don't see how a mail client can discriminate between an email from my aunt and a message resulting from, say, an error in a cron job execution. Automated guesses based on message's body are unreliable. If I cannot control sending, I cannot configure any message attribute —header or envelop field— to be used for discrimination. Hence, I cannot manage that flow, no matter what tool I use. Garbage in, garbage out.
Mailchimp is a general-purpose notification manager. I would ask why they don't provide recipients with the ability to configure how they want notifications to be sent. I note they're commercial, and get paid by senders. Please recall the first paragraph of my first post in this thread. The point is that there is something wrong in how advertising is conceived and carried out. Perhaps we could have used the Internet to fix that. Instead, the current trend is to try and "fix" the Internet in an attempt to squeeze some more juice from economy as it came out of the industrial revolution.
On the other hand, Google is big enough be able to have Mailchimp and their likes begin to relent. Is the new "Inbox" aimed at doing that?
The reliability of email worsened as a consequence of spam and tentative mitigations thereof. Typically, poorly rated messages end up in spam folders and remain unnoticed, irrespective of their legitimacy. That behavior can be client-side only, but more often decisions are made by the receiving server too.
By direct interaction I mean a transport-neutral setting. For example, "Recovery: server.domain.com is online" could be enhanced to something like, say, "Recovery: server.domain.com is online. Further on/off messages are suspended for 8 hours unless you click <here>." The sender can use a general-purpose notification manager that recipients can configure online. That probably works better than mixing those notifications with the rest of email and let a general-purpose email client sort them out.
I get a bunch of ads that I wouldn't necessarily call "spam", but their ads. I actually want to get some of them (they're sometimes relevant to my job), but it's always super-low priority. [...]
That's the really challenging part. Marketers were not that bad in the dawn of newspapers. They worsened steadily as TV took root. The Internet offered them a chance to get interactive, and they declined. It required legislative efforts to mandate opt-in/out, and (honest) spammers abode by with bad grace. Spammers don't know why their ads work, and don't want to. They turned marketing into a non-cooperative game.
In this scenario, knowing how many times people open what messages, Google can infer message scores. They are quite unable to make yes/no decisions, but they can order messages accordingly. I suspect that's the basic idea of their new tool, as long as something called "Inbox" can be considered new nowadays.
I also get [notes and transactions whose flow is wanting better coordination...]. I don't know practically how you'd do that, but I wouldn't mind if someone were to figure that out.
When there's cooperation, the settings that deliver best mutual benefit should be worked out by direct interaction, for the sake of effectiveness. That would put email back into its role of transport mechanism, where it belongs.
Analysis of the source code history of Bash shows the vulnerabilities had existed since version 1.03 of Bash released in September 1989.
That's the outcome of a limited analysis. Had they dug deeper, they would probably have concluded that such kind of vulnerability was already latent in Babbage's Difference engine, as well as in any man-made device. Don't misunderstand me, I don't mean that Nature makes no bugs :-/
The point with man-made stuff is that we are free to decide how to deal with it. No wait, that was supposed to be the point with free software. (Damn, I'm getting garbled, perhaps it's hypocaffeiniemia.) Really, bugs happen the same whether you're paid or not. Discovering such an old one takes an odd moment.