Only broken SPF implementations break forwarding. It is incorrect to block mail from a known forwarder. If no mechanism to whitelist non-SRS fowarders is known, and mail could be forwarded, then SPF must not block any mail. The SPF results are still available through the Received-SPF header for use by content filters.
You should not have turned SPF off. You simply needed to set the default for your domain to "?all". Furthermore, the problem you describe is not with SPF, but with an incorrect implementation of SPF at the receiver. It is incorrect to block mail from a known forwarder. The recipient sets up the forwarder (except for sender forwarder like greeting websites which are a different matter) and the recipient is responsible for whitelisting any forwarders they have set up which do not implement SRS.
If they can't do this - perhaps because the mailbox they are forwarding to is on a large ISP slow to implement such things - then the ISP should *not* block mail based on SPF. SPF is still useful because the results are stored in a Received-SPF header - which then makes excellent fodder for content based filters. This also applies to setting your published default to "?all". Although no mail is blocked, mail that comes from your servers is marked "pass", which affects the score in content filters. For bayesian filters, learning the proper weight for SPF results happens automatically without any additional programming.
Neither SPF nor Domain Keys directly addresses spam. They both prevent forgeries, aka "joe jobs". SPF stops envelope forgery. DK stops mail header forgery. The vast majority of AOL spam is not sent via AOL. That is why AOL is an early adopter of SPF. I have gotten death threats from people who are sick of getting spam I supposedly sent them. If SPF were widely implemented in MTA's, they would never get such forged mail. When SPF becomes widely implemented, spammers can publish SPF records also - in fact many already are. But now you can use the domain registration to track the source of the spam. This facilitates prosecution of scams, and blacklisting of unwanted spamming vendors.
SPF validates the envelope from, and can be checked before the DATA phase of SMTP. Domain Keys validates the rfc822 headers, and can't be checked until after SMTP DATA.
You want to implement both. SPF detects envelope forgeries before you have wasted much bandwidth. You can then use right hand side blacklists on sender domains. Yes, spammers too are adopting SPF. This is OK - those who like spam have something other than instinct to warn them when they are dealing with a scammer instead of a spammer. Those who hate spam can ignore it more efficiently.
Domain Keys validates the message headers. It protects you against forgeries by users in the same domain - e.g. a spammer on yahoo forging an innocent party on yahoo. SPF can also detect envelope sender forgeries from the same domain in conjuction with SES (Signed Envelope Sender) - which adds a crypto cookie to the local part.
You should implement SPF first. It is simpler, and eliminates most forgeries before SMTP DATA. SPF requires sepcial consideration for forwarders (SRS - Sender Rewriting Scheme) or whitelisting.
DK is a good addon for large ISP domains like yahoo and aol, but is broken by forwarders or mail processing tools that modify the body. For instance, my DSPAM bayesian filter adds "tags" to messages.
I am an American with three Indian families for neighbors. They have all recently moved here to work in Tech (software) industry. Most have not heard of Linux. One wife works for Oracle, and uses Windows, Linux, and Sun servers interchangeably.
If there was a black crime wave, yes. That wasn't the case when American blacks suffered harrasment. The KKK was the crime wave.
Racism is an internal attitude. You can't fix it by imposing external quotas. Racists just find more subtle ways to show their prejudice. For instance, a hair cutting salon here in Virginia and Maryland (my wife cuts my hair, so I don't remember the exact name and don't want to malign an innocent company) has a policy of charging a much higher price or refusing to cut "thick hair".
While modern popular stories and depictions of Santa 'Claus may be non-historical (but mythical), Saint Nicholas is historical, and attended the First Council of Nicea. There are well attested stories of him dropping bags of gold down chimneys, also.
Maybe there would be a market for a low power device that runs Win32, Linux, or MacOSX.
We used to have IBM 51x0 desktops. These were like Transmeta - they had a RISC CPU with a VM (CPU emulator) in ROM. There were two VMs available: System 360 (for running the System 360 APL interpreter) and System 36 (for running the System 36 Basic interpreter). There was a front panel switch to select the CPU emulation. Yes, like Transmeta, running the interpreter on top of the CPU emulator was fast enough to be very useful.
So, I am imagining a notebook with a front panel switch for i686/G4.
United settled with the Department of Transportation for $1.5 million in November 2003 for removing passengers from flights in "a few instances" based on their race, color, national origin, religion or ancestry.
In March, 2004, American settled with DOT for $1.5 million for removing 10 persons of Middle Eastern appearance as security risks.
In April, 2004, Continental settled with DOT for $0.5 million having been charnged with searching men of Middle Eastern descent more often and otherwise discriminating against them.
Continental gets my business. Removing people without hard evidence is going too far, but if I were Middle Eastern, I would understand completely getting searched more often.
No, that shows that the system doesn't work. The airlines are not allowed to use "racial profiling" to prioritize security screening. Several airlines have been successfully sued and fined millions for searching persons of aparently arab decent more often than others.
That's not how to implement translucency efficiently (i.e. an efficient alpha channel), but user interface choices. I.e., a "look & feel" patent - albeit more creative than "one-click".
If Apple had patented "a method to efficient display windows with translucent backgrounds" (and it wasn't obvious or already done), that would be one thing. But it still boggles my mind that a patent can be granted simply for the idea of a translucent window. I first heard of the idea in the '70s. In the early '80s, I saw the first implementation on the IBM PC. It was a TUI that changed the color of text "shadowed" by or behind a window.
If a patent can be granted for a mere idea, shouldn't it be sufficient to find a discussion of the idea in print for prior art? Why should we have to find an implementation when a specific implementation is not what is being patented?
USB supports bus powered devices like Mice, Keyboards, Webcams, Workspace LED lamps, etc. USB is lower cost for low bandwidth devices like Mice and keyboards. Firewire is not an economical interface for a keyboard. Once you move up to higher bandwidth and higher power devices like scanners, printers, high resolution cameras, large disk drives, tape drives, and video, then firewire is better. However, since you already have USB for your keyboard, mouse, modem, Ethernet, etc, it is nice to be able to use the same interface for a few high bandwidth goodies as well (for example I added a USB2 CD burner recently that works great). That way, you only need to get a firewire adapter if you really need the best performance.
In summary, USB is clearly better for a $5 mouse, and firewire is clearly better for high resolution digital video. For stuff in between, it depends on what you already have.
In one county if you spoiled your vote, the machine spat the ballot back at you and you got a fresh chance to vote. In another county, your ballot disappeared into a chute and if you spoiled your vote, you never knew about it. In the case of the former, the county was overwhelmingly white (and Republican-voting) while in the latter the county was overwhelmingly black (and Democrat-voting).
How did this overwhelmingly black Democrat voting county end up electing Republicans as local officials? Is it the opposite of Virginia, where we vote Republican Nationally, but Democrat locally? Or is it possible that the election officials were simply incompetent Democrats? (Like the Florida party workers who gave out voting guides with Nader and Gore switched to their elderly "get out the vote" patrons.)
But wait, I forget. They'd rather have media that slowly self-destructs over time or use so that every 10 years (or less) you need to rebuy your collection. Backups are for wussies after all!:)
Even this would be tolerable - if you actually *could* buy replacement copies. Unfortunately, my old LPs that have become unplayable are not available in any format. I really miss Alan Sherman. The "best of" CD available doesn't have any of my favorites numbers. Anyone know where I can get a copy of "Children of the Day Christmas Album"?
On a brighter note, I bought a copy of "Wee Sing Action Bible Songs" for my 4 year old. She was so excited, she opened and destroyed the tape before I could get it home to copy to another tape - so we never got to hear it. No, the company would not let me exchange the media because the damage was not due to "faulty workmanship". However, I complained loudly (and didn't buy any more products). Now, the same title comes in a package with both a CD and a tape. You give the tape to your little tyke, and make more tapes from the CD as needed. So at least there was a change of policy.
If copyright is repealed (for example) 30% of the economy vanishes overnight.
Straw man alert! HR 107 does not repeal copyright.
It does not stop RIAA from prosecuting all those people illegally distributing copyrighted CDs. (Notice that bandwidth, not the silly DRM inhibits the illegal distribution of DVDs.) I think the RIAA's money would be better spent figuring out how to capitalize on people natural desire to share music they like - but that is their business. Copyright infringers *are* breaking the law.
The DMCA as far as I can tell by reading it says that it is only criminal to break encryption for the purpose of illegal distribution. I guess you have to be a lawyer to go from there to making distribution of a program to watch DVDs a crime.
Until I am allowed to watch any DVDs I buy (without buying a bunch of extra crap I don't want like Windoze or more single purpose boxes) - there is no point in me buying (or stealing) them.
In "Perelandra", C.S. Lewis makes the suggestion that gender is a fundamental reality, of which biological sex is an imperfect reflection. For instance, even the Eldila - alien beings who do not reproduce - have gender. If that is true, then assigning gender to a robot makes perfect sense.
Re:Taking responsibility not possible for most
on
Infected PCs for Rent
·
· Score: 1
A very good point. As a matter of fact, we have had 2 or 3 rounds of exactly what you describe. They get an email which says something to the effect of, "A horrible virus has been infecting PCs!!! Delete XXXXX.DLL from your Windows directory immediately!!! Send this email to all your friends!!!". And they will dutifully follow the instructions. After all, it did come from someone they knew, right? I guess this would be classified as a "hoax".
The point is, Linux will not help these people. I am perfectly happy to let Microsoft take care of them. If only they did! Unfortunately, Microsoft support is worthless. I and my coworkers end up helping them - without getting paid since we supposedly don't support Windows. ("It couldn't be a Windows problem - Windows is what everyone uses.")
They're right, Windows is usually not the problem. But you can't tell the customer to their face what the real problem is. We carefully set them up with Linux firewalls, filtered web proxy, and filtered email. So they hook up a phone line to a modem card and download a virus that way, which quickly spreads to all the PCs over the LAN. Or else a salesman who picked up a boatload of viruses on the road with his Windows laptop comes in and connects his laptop to the LAN without telling anyone.
Sorry for the rant, but I am sick of Windows users. They need either Linux thin clients or Paladium to limit the damage they can do to deleting their own documents. They won't even consider a Linux thin client - it is not "standard" like Windows. But they would be perfectly happy to fork over yet more dough to M$ for Paladium.
Taking responsibility not possible for most
on
Infected PCs for Rent
·
· Score: 1, Interesting
Most Windows users are not capable of taking responsibility. They are simply too ignorant. Even if Windows shipped with zero security holes, when an email arrives saying "save this attachment to a file, then double click for a surprise", they will follow the instructions. When the email says "go to this web site and enter all your banking details", they will follow the instructions.
I hate to say it, but the only solution for Windows users is Paladium. Yes, Paladium prevents users from running the software of their choice and effectively puts their machine under the control of Microsoft. But their stupid choices are the problem! Besides, if they really wanted choice, they wouldn't be running Windows.
Paladium doesn't fix the system security holes, but it does fix the biggest security hole on most Windows machines - the user. It could be good for the net - provided that responsible users aren't forced to use it. At present, the test is easy. Windows users need Paladium. Others don't. (Yes, I know there are competent Windows users out there - but I've never met one.)
As soon as a game has an object or goal - as opposed to a straight simulation - it is political. Even games that are ostensibly straight simulations often have implicit goals (because some outcomes are undesirable) that render them political.
There are two basic categories for evaluating a games politics.
How well does the simulation match reality. This applies even for fantasy games, because while the physics may be fantasy or hightly simplified, there are still elements that symbolize abstract features of real things.
The second is what moral framework the game provides for its simulation. This is no different from a novel, whether realistic or fantasy.
For instance, you are blowing up other ships/people who are presumably sentient beings. Hopefully there is a good reason for this. If the reason is "it's fun", that is politics. If the reason is "to stop them from destroying me first", that is a different kind of politics.
So use the gui interface to the package manager. RPM has Ximian Redcarpet, and GnoRPM, and Up2date, and Redhat Network (and Yum and probably some more).
Note that Redcarpet, Up2date, RHN (and probably others) do auto-dependency like APT-GET.
I used the Redcarpet GUI when I first started with Ximian. It was very helpful and almost magic for a newbie. After a few months, I got 'rug' - the command line version (called 'rc' at the time). It was so much more flexible and efficient, I have never used the GUI since. For example, instead of paging through package listings with blearly eyes, I can just list them to a file with rug, and search the list with vim.
I started out my Dad on the GUI, and although he is no unix head, once familiar with the concepts, he found the 'rug' command line version much more efficient as well.
So my point is that you need both. I always recommend providing a solid scriptable command line interface first because it gives you the most bang for the buck (or hour). But then, a good GUI helps sell the program to new users by looking pretty and inviting and by helping to visualize concepts used by the program.
I have no sympathy for music or video pirates. It is their lawlessness that restricts the freedom of law abiding people. I still do not have any DVDs. If I purchase one, I am not allowed to play it (unless I also purchase an authorized player and only use it, yada, yada). I won't pirate one because I believe in obeying the law as long as doing so is morally defensible. I will start buying DVDs as soon as I am allowed to play them with the equipment and software of my choice.
Currently, I am allowed to play DVDs that my Dad makes of our home movies (from the days of 8mm home movies). I wonder how long that will last. When I went to a studio to record some of my own music, the CD I received was copy protected. Fortunately, this was before DMCA, so I found some MAC software to copy it for me. (Of course, I now know more questions to ask of any studio before giving them any dough.)
The benefit of packaging a project has very little to do with being precompiled. The benefit is that the package lists files belonging to the package and knows which files are config files. It knows what commands need to be run when installing, upgrading, or removing the package. It knows what other packages are needed for it to run properly.
If your distro uses RPM, install from Source RPMs. This lets you compile from source and optimize for your system and still have all the benefits of packaging. Many optimizations and option selections can be done from the rpm command line.
The benefits of a binary package are:
Installs faster
No compiler of development packages required. (important for firewall or embedded applications).
A properly packaged Source RPM is just as easy to install as a binary RPM. The RPM lists build prerequisites. I imagine Source only distros like Gentoo automatically download build time prerequisites, just like RedCarpet automatically downloads binary RPM pre-requisites.
Also note that data transfer costs $10/gigabyte after the first 20GB (down) or 5GB (up) in a month.
That's a whole lot better than kicking you off the service when you exceed some limit (as covered in previous slashdot stories). Better still if they give you a way to track your usage so far in a month (via an "odometer" on the modem or an ISP webpage).
I still haven't gotten around to rigging up an iptables based meter for my Cox cable service (which has stated limits, but no way to monitor).
Slashdot Mirror
Only broken SPF implementations break forwarding. It is incorrect to block mail from a known forwarder. If no mechanism to whitelist non-SRS fowarders is known, and mail could be forwarded, then SPF must not block any mail. The SPF results are still available through the Received-SPF header for use by content filters.
If they can't do this - perhaps because the mailbox they are forwarding to is on a large ISP slow to implement such things - then the ISP should *not* block mail based on SPF. SPF is still useful because the results are stored in a Received-SPF header - which then makes excellent fodder for content based filters. This also applies to setting your published default to "?all". Although no mail is blocked, mail that comes from your servers is marked "pass", which affects the score in content filters. For bayesian filters, learning the proper weight for SPF results happens automatically without any additional programming.
Neither SPF nor Domain Keys directly addresses spam. They both prevent forgeries, aka "joe jobs". SPF stops envelope forgery. DK stops mail header forgery. The vast majority of AOL spam is not sent via AOL. That is why AOL is an early adopter of SPF. I have gotten death threats from people who are sick of getting spam I supposedly sent them. If SPF were widely implemented in MTA's, they would never get such forged mail. When SPF becomes widely implemented, spammers can publish SPF records also - in fact many already are. But now you can use the domain registration to track the source of the spam. This facilitates prosecution of scams, and blacklisting of unwanted spamming vendors.
You want to implement both. SPF detects envelope forgeries before you have wasted much bandwidth. You can then use right hand side blacklists on sender domains. Yes, spammers too are adopting SPF. This is OK - those who like spam have something other than instinct to warn them when they are dealing with a scammer instead of a spammer. Those who hate spam can ignore it more efficiently.
Domain Keys validates the message headers. It protects you against forgeries by users in the same domain - e.g. a spammer on yahoo forging an innocent party on yahoo. SPF can also detect envelope sender forgeries from the same domain in conjuction with SES (Signed Envelope Sender) - which adds a crypto cookie to the local part.
You should implement SPF first. It is simpler, and eliminates most forgeries before SMTP DATA. SPF requires sepcial consideration for forwarders (SRS - Sender Rewriting Scheme) or whitelisting.
DK is a good addon for large ISP domains like yahoo and aol, but is broken by forwarders or mail processing tools that modify the body. For instance, my DSPAM bayesian filter adds "tags" to messages.
I am an American with three Indian families for neighbors. They have all recently moved here to work in Tech (software) industry. Most have not heard of Linux. One wife works for Oracle, and uses Windows, Linux, and Sun servers interchangeably.
Racism is an internal attitude. You can't fix it by imposing external quotas. Racists just find more subtle ways to show their prejudice. For instance, a hair cutting salon here in Virginia and Maryland (my wife cuts my hair, so I don't remember the exact name and don't want to malign an innocent company) has a policy of charging a much higher price or refusing to cut "thick hair".
While modern popular stories and depictions of Santa 'Claus may be non-historical (but mythical), Saint Nicholas is historical, and attended the First Council of Nicea. There are well attested stories of him dropping bags of gold down chimneys, also.
We used to have IBM 51x0 desktops. These were like Transmeta - they had a RISC CPU with a VM (CPU emulator) in ROM. There were two VMs available: System 360 (for running the System 360 APL interpreter) and System 36 (for running the System 36 Basic interpreter). There was a front panel switch to select the CPU emulation. Yes, like Transmeta, running the interpreter on top of the CPU emulator was fast enough to be very useful.
So, I am imagining a notebook with a front panel switch for i686/G4.
In March, 2004, American settled with DOT for $1.5 million for removing 10 persons of Middle Eastern appearance as security risks.
In April, 2004, Continental settled with DOT for $0.5 million having been charnged with searching men of Middle Eastern descent more often and otherwise discriminating against them.
Continental gets my business. Removing people without hard evidence is going too far, but if I were Middle Eastern, I would understand completely getting searched more often.
No, that shows that the system doesn't work. The airlines are not allowed to use "racial profiling" to prioritize security screening. Several airlines have been successfully sued and fined millions for searching persons of aparently arab decent more often than others.
That's not how to implement translucency efficiently (i.e. an efficient alpha channel), but user interface choices. I.e., a "look & feel" patent - albeit more creative than "one-click".
If a patent can be granted for a mere idea, shouldn't it be sufficient to find a discussion of the idea in print for prior art? Why should we have to find an implementation when a specific implementation is not what is being patented?
In summary, USB is clearly better for a $5 mouse, and firewire is clearly better for high resolution digital video. For stuff in between, it depends on what you already have.
How did this overwhelmingly black Democrat voting county end up electing Republicans as local officials? Is it the opposite of Virginia, where we vote Republican Nationally, but Democrat locally? Or is it possible that the election officials were simply incompetent Democrats? (Like the Florida party workers who gave out voting guides with Nader and Gore switched to their elderly "get out the vote" patrons.)
Even this would be tolerable - if you actually *could* buy replacement copies. Unfortunately, my old LPs that have become unplayable are not available in any format. I really miss Alan Sherman. The "best of" CD available doesn't have any of my favorites numbers. Anyone know where I can get a copy of "Children of the Day Christmas Album"?
On a brighter note, I bought a copy of "Wee Sing Action Bible Songs" for my 4 year old. She was so excited, she opened and destroyed the tape before I could get it home to copy to another tape - so we never got to hear it. No, the company would not let me exchange the media because the damage was not due to "faulty workmanship". However, I complained loudly (and didn't buy any more products). Now, the same title comes in a package with both a CD and a tape. You give the tape to your little tyke, and make more tapes from the CD as needed. So at least there was a change of policy.
All of these are neatly handled by requiring a USB port and a USB flash drive to store settings, patches, drivers, etc.
A reboot and/or parallel applications is not a big problem for a high end game that uses most of the machine anyway.
If copyright is repealed (for example) 30% of the economy vanishes overnight.
Straw man alert! HR 107 does not repeal copyright. It does not stop RIAA from prosecuting all those people illegally distributing copyrighted CDs. (Notice that bandwidth, not the silly DRM inhibits the illegal distribution of DVDs.) I think the RIAA's money would be better spent figuring out how to capitalize on people natural desire to share music they like - but that is their business. Copyright infringers *are* breaking the law.
The DMCA as far as I can tell by reading it says that it is only criminal to break encryption for the purpose of illegal distribution. I guess you have to be a lawyer to go from there to making distribution of a program to watch DVDs a crime.
Until I am allowed to watch any DVDs I buy (without buying a bunch of extra crap I don't want like Windoze or more single purpose boxes) - there is no point in me buying (or stealing) them.
In "Perelandra", C.S. Lewis makes the suggestion that gender is a fundamental reality, of which biological sex is an imperfect reflection. For instance, even the Eldila - alien beings who do not reproduce - have gender. If that is true, then assigning gender to a robot makes perfect sense.
The point is, Linux will not help these people. I am perfectly happy to let Microsoft take care of them. If only they did! Unfortunately, Microsoft support is worthless. I and my coworkers end up helping them - without getting paid since we supposedly don't support Windows. ("It couldn't be a Windows problem - Windows is what everyone uses.")
They're right, Windows is usually not the problem. But you can't tell the customer to their face what the real problem is. We carefully set them up with Linux firewalls, filtered web proxy, and filtered email. So they hook up a phone line to a modem card and download a virus that way, which quickly spreads to all the PCs over the LAN. Or else a salesman who picked up a boatload of viruses on the road with his Windows laptop comes in and connects his laptop to the LAN without telling anyone.
Sorry for the rant, but I am sick of Windows users. They need either Linux thin clients or Paladium to limit the damage they can do to deleting their own documents. They won't even consider a Linux thin client - it is not "standard" like Windows. But they would be perfectly happy to fork over yet more dough to M$ for Paladium.
I hate to say it, but the only solution for Windows users is Paladium. Yes, Paladium prevents users from running the software of their choice and effectively puts their machine under the control of Microsoft. But their stupid choices are the problem! Besides, if they really wanted choice, they wouldn't be running Windows.
Paladium doesn't fix the system security holes, but it does fix the biggest security hole on most Windows machines - the user. It could be good for the net - provided that responsible users aren't forced to use it. At present, the test is easy. Windows users need Paladium. Others don't. (Yes, I know there are competent Windows users out there - but I've never met one.)
There are two basic categories for evaluating a games politics.
- How well does the simulation match reality. This applies even for fantasy games, because while the physics may be fantasy or hightly simplified, there are still elements that symbolize abstract features of real things.
- The second is what moral framework the game provides for its simulation. This is no different from a novel, whether realistic or fantasy.
For instance, you are blowing up other ships/people who are presumably sentient beings. Hopefully there is a good reason for this. If the reason is "it's fun", that is politics. If the reason is "to stop them from destroying me first", that is a different kind of politics.Note that Redcarpet, Up2date, RHN (and probably others) do auto-dependency like APT-GET.
I used the Redcarpet GUI when I first started with Ximian. It was very helpful and almost magic for a newbie. After a few months, I got 'rug' - the command line version (called 'rc' at the time). It was so much more flexible and efficient, I have never used the GUI since. For example, instead of paging through package listings with blearly eyes, I can just list them to a file with rug, and search the list with vim.
I started out my Dad on the GUI, and although he is no unix head, once familiar with the concepts, he found the 'rug' command line version much more efficient as well.
So my point is that you need both. I always recommend providing a solid scriptable command line interface first because it gives you the most bang for the buck (or hour). But then, a good GUI helps sell the program to new users by looking pretty and inviting and by helping to visualize concepts used by the program.
Currently, I am allowed to play DVDs that my Dad makes of our home movies (from the days of 8mm home movies). I wonder how long that will last. When I went to a studio to record some of my own music, the CD I received was copy protected. Fortunately, this was before DMCA, so I found some MAC software to copy it for me. (Of course, I now know more questions to ask of any studio before giving them any dough.)
If your distro uses RPM, install from Source RPMs. This lets you compile from source and optimize for your system and still have all the benefits of packaging. Many optimizations and option selections can be done from the rpm command line.
The benefits of a binary package are:
A properly packaged Source RPM is just as easy to install as a binary RPM. The RPM lists build prerequisites. I imagine Source only distros like Gentoo automatically download build time prerequisites, just like RedCarpet automatically downloads binary RPM pre-requisites.
That's a whole lot better than kicking you off the service when you exceed some limit (as covered in previous slashdot stories). Better still if they give you a way to track your usage so far in a month (via an "odometer" on the modem or an ISP webpage).
I still haven't gotten around to rigging up an iptables based meter for my Cox cable service (which has stated limits, but no way to monitor).