Very true. If I remember correctly, there already is an RFC for the reverse-MX/DNS lookup system you describe. It hasn't been supported too widely yet.
Key revocation definately needs to be a concern if you are signing server messages at the server level. Same concern as DNS expiration dates, for the most part.
I think the big point either way is that you don't need to completely ditch all of the existing SMTP code and infrastructure, like some have been suggesting. You just need enough of the large ISPs to start adding and supporting new sets of mail features that will make it harder to set up spam mail servers while not appreciably impacting legitimate users.
It's also should be pointed out that the concerns of convenient spam-proof email and the concerns of completely private email are similar, but not the same.
True, but email servers are very low load services, compared to web servers.
To get the benefit, you only really need to sign after the first hop going out. The message goes from whatever email client is used by the user to their mail server. The message is encrypted there.
Spammers, of late, have been sending mail directly to mailservers from either the few remaining open relays or various wingate proxies installed by some of the SoBig viruses and otherwise. They aren't going to be able to use any servers that do the signing for you. And the server's not signing them on the way in.
The people who won't like this are the legitimate large mailing lists.
There's tons of different places you could sequester the data. DNS or IP allocation records, for example -- it's already an up-to-date database of every ISP in the world. DNS already handles caching and whatnot.
It's pretty much like a trust mark in reverse. Step one, all of the servers contain a key and automatically digitally sign the messages as coming through that server. Step two, the server admins create a DNS record containing the key used by the server and the server admin attests to the fact that they don't allow open relays and whatnot. Step three, if an email claims to come from that server and isn't signed, the message can be safely dropped. If an email comes from the server and is signed, it can be whitelisted.
The problem is that any sort of key distribution scheme for intercommunication between two random related groups sucks. There's where the user interface comes in and things become just like normal use of encrypted messages. PGP Universal isn't going to help you there. But at the very least, if two companies are both sending proprietary emails back and forth, you can make sure that any mail between those two parties has been encrypted.
My first thought is, "Oh great, that'll just mean you need to trust the server."
But then I started to consider what would happen if a lot of the large domain servers were to start signing their mail automatically with a "Yes this really did go through our mail server" signature.
For one, if every message to come from Yahoo was signed with yahoo's key, you could automatically deny every message from yahoo that didn't have that signature. Think of how much easier spam catching would be.
Joe-jobbing could be reduced. If it comes from Intergalactic Orange Smoothie's DNS address without a signature, you know that somebody's been joe-jobbing Intergalactic Orange Smoothie.
And encryption between known partners could be enforced. So every message between Intergalactic Orange Smoothie and their partners could be encrypted.
Problems are, not everybody's got PGP. So Intergalactic Orange Smoothie can't make every message encrypted. So there still needs to be some user-interaction.
Which is why you wait until the jerk who sits next to you and checks his voicemail on speakphone has forgotten to log out before grabbing it from his machine.;)
Of course signed, watermarked schemes tend to be crackable, as the SDMI folks found.
Many attempts to DRM files are going to fail because the insiders who *need* non-DRMed versions of the content will release the non-DRM versions of the content.
Aye, but this is also for the case where it's attached to the same electronics bus as your avionics (very likely with no protection to keep it from causing power problems with the other gear), flight-critical (if an IFR-certified GPS or VOR used for navigation doesn't work right, you can and will experience the ever-fun "Controlled flight into terrain"), etc.
So some protectionism is called for. Granted, you are talking about a government agency, and they tend to go overboard about such things..;)
Not quite. DC-X was built for the military, not NASA, and then was later transfered to NASA when SDI was scaled back.
I'm not referring to a competitive bid. I'm talking about a fly-off. For example, the YF-16/YF-17 fly off. Both parties were funded to build their prototypes. The aircraft were tried out, and the YF-16 was the one that won out. Same for the ASF fly-off (X-35, and I forget the other) In all of these cases, you couldn't take the prototype and use it for combat missions, but you had enough of it to understand what goes on.
The X-prize foundation is definately showing that people can build a prototype-grade craft pretty easily. Prototypes are, by nature, cheap. The X-33's failure is that it was, for all intents and purposes, building a prototype for the cost of a production craft. A prototype will have whatever parts that fit the bill that they can lay their fingers on. Too much prototype money means that you don't scrimp and then you don't build a prototype.
Remember that this isn't always wasted effort in excess prototypes. The YF-17 ended up turning into the F/A-18. And the main cost is the production vehicles, anyways.
The problem with the X-33 is that NASA chose the most challenging option, it took too long (it's easier to go overbudget if it's a long project), and there wasn't anybody else who might get it done sooner, and it became progressively heavier and less useful were it to have been built.
The thing about a prototype is that it doesn't have to last forever, doesn't need to actually do anything, doesn't need any intact abort modes, and doesn't need to fit into a fleet. For a launch vehicle, it needs to just get into an unstable orbit for a few revs and then come down for a few full-scale test flights, plus a smattering of taxi tests, progressive flight envelope expansion.
Pretty much you want to certify the shape, the thermal protection system, the turnaround times, and whatever sort of other new technologies can fit in the budget.
The later vehicle needs to have intact abort modes, where it actually lands properly if the engines quit partway through. The later vehicle needs to get to a decent orbit. It needs to actually carry passengers and/or cargo. You can use an engine that hasn't been developed yet, better electronics, etc.
Fully electric drive means monster pickup and almost no shifting. Insane amounts of torque.
Add a generator to it, tho, and it's got cruddy mileage once the generator kicks in due to the inefficency of the motion->electricity->motion conversion.
Actually, they can get a lot of this just by running a program a little better.
If they make the program a few years instead of 10 years, it's more assured funding and less propensity towards useless middle management. Plus, it's much easier to cancel a 10 year project 3 years in instead of canceling a project that's 3 years into a 4 year project.
If you have competing bids up to the point of prototypes, which the military does, you get 2x the basic developments for 1.25x the cost. If you have a clear setup of prototype-then-production, you don't end up with a 20 year old prototype like the shuttle. (It's probably the case that they should have just built Enterprise and maybe Columbia first, except at half-size and then gone back to the drawing board for Challenger, Atlantis, Discovery, and Endeavour)
And if you concentrate on a few things, like cost, safe transport of 4 crew, and the ability to get up and down, you can do it in a reasonable amount of time with a reasonable budget. The problem is that they tried to make the shuttle do too many things and be too advanced.
The problem with stopping the manned space program is that it's doubtful that we'd be able to get it started again once stopped.
Not necessarily. Science projects are often an investment in the future, with great payoffs.
If we were to develop a good replacement for the shuttle that did wonders for launch costs ($100/lb or so), even if the craft is owned by Boeing or LockMart, you can bet that people are going to be lined up to use that instead of Ariane, Soyuz, or Proton rockets. This would result in a lot of folks employed in America in support of this, because you know that they'll find reasons to turn down any other suggestions for launching elsewhere.
Plus, the companies are probaly going to be traditional American aerospace contractors. Which then means that the employees of said contractors will end up with money that will go back into circulation when they buy stuff, invest, etc.
Wellfare... Now that's throwing money down the drain.
The speach directing man to go to the moon was there because Kennedy needed a propaganda and publicity boost because of the other cruddy things that were happening around then. Following through was a different matter, but you don't want to insult the legacy of a dead guy. Well, that, and the Russians were racing us to the moon, which kept things going.;)
It's cynical, but being cut down before you have the chance to screw things up does wonders for your legacy. Were somebody to have killed Nixon in 1972 (Before watergate arrests, before "peace with honor" got a chance to end with Vietnamese defeat, and after got the space shuttle going) we'd remember him favorably, too.
NASA is mostly about maintaining their bunch of people and astronauts. Most of their projects are currently things that nobody else has the money to throw at. Most of the waste of late is companies like Boeing and LockMart, where they all go overbudget, because it's more profitable that way.
Really, the large problem right now is that nobody *can* compete with NASA because it's too expensive. National Geographic would love to send a photographer to the Moon, but there's no way that they'd be able to pay for it on their own. I'm of the belief that they really need to find some way of having reasonable launch costs (i.e. a reasonable multiple of fuel costs, not some multi-million dollar craft) and most of the rest of it will take care of itself.
The military has found that, for a high performance aircraft, you do need to build 2 different prototypes. There's only one military, but there's 2 contractors and 2 prototypes.
I'm also following Ben Rich (Second boss of the famed Skunk works) in thinking that it's also best for a program to take a mere few years. This way, nobody tries to build a career out of middle managing it.
If NASA made it known that they would ship insane amounts of payload to space at $100/lb if somebody could do it, you could bet that even Boeing or LockMart would put asside their current cash-cow boosters to make a launch vehicle to do just that.
NASA has shown that they can't really get anything done quickly and cheaply. It's not going to get us much more advances if they are all put aside once the goals are reached. It's also not going to help unless you define what "reusable" means. Apollo capsules could be called reusable if you stretch things.
The problem is that NASA needs to be mostly out of the loop. NASA has interfered and bungled stuff up more than once. It is increasingly appearing (At least to me) that the best way to do things is to have at least 2 teams build one or more prototypes each that don't *need* to actually complete all of the goals of the project, they just need to pave the way for the production vehicle that occurs next. Especially for something that goes up to LEO.
The ideal program there is that they will stipulate some sort of contract that revolves around funding 2-3 teams to develop a launcher for $x million over y years and, once it's operational, paying $z/lb with a guarantee of at least w lbs shipped "up" per year. They could probably fit the ideal contract on 2 sheets of paper.
The language in this bill is quite interesting, actually. Nothing is said about getting people from earth to LEO, just about getting from LEO to other places. A reusable craft that goes from LEO to the moon is pretty easy in comparison to a reusable craft that goes from earth to LEO. Picture a module the size of the service module with some larger engines.
A certain amount of "NASA's not building it" is present, but not quite enough. It looks to be congressman-friendly, in terms that Congress is going to have to review the selections. The problem here, of course, is that congressmen generally don't do much research other than what lobyists "research" for them. I'm not sure if that is better or worse than NASA deciding on the idea beforehand and then making it happen -- both have had some beautiful screwups.
They do earmark some funds for 2004 and 2005, which is at least positive.
There's probably a lot of hidden expenses that will go along with this. To go to most of these places, you need better shielding for radiation, which means a heavier craft or some new research. You will probably need to bring the launch costs to LEO down, which might even be accomplished by something as simple as placing a large enough order for Atlas V and/or Delta IV CCB's to bring the cost-per-unit down signifigantly. You will probably need either a shuttle replacement or a good number of OSPs. You will likely still need the ISS, too.
And the goal is to not cancel too many other NASA projects, like sonic-boom research, the mission to Pluto (which has to happen soon), and other such things. Although I can guarantee that the mission to the asteroid could replace a good chunk of the asteroid-related missions that we're currently doing.
Hey, I bet you'd love to talk about hygene levels with that stinky geek sitting next to you in the train.;)
And I'm sure that you and your traveling companion are talking about body ratings, albeit using different words, about the hot member of the appropriate gender two rows ahead.;)
Aye. I think the discussion about the phone companies not trying kill VoIP was more referring to the VoIP long distance and local phone services. So perhaps we were talking about Vo-the-internet. The phone companies, of course, will do VoIP behind the covers if it works for them.
Phone companies want to itemize and per-minute and allocation and whatnot anything to death. They will stop working with VOIP when they are forced to, not a second before.
There's a problem. Previously, the phone was a *phone* with extras. With something that's a pretty cruddy phone but a good gaming machine, I'm not sure if people's parents are going to go for it as much as a cool phone that contains the same functionality but looks like a "real" phone.
I do think people actively buy a cellphone with some games over one without. They make great entertainment while you are waiting for somebody to show up.
But I think that's an added feature, not a primary purpose for purchase.
And those are all simple games that can be played for 5 minutes, not Pandamoneum or Tony Hawk.
They'd probably get something out of The Sims or SimCity or something like that. Not ported PS1 games.
Slashdot Mirror
Very true. If I remember correctly, there already is an RFC for the reverse-MX/DNS lookup system you describe. It hasn't been supported too widely yet.
Key revocation definately needs to be a concern if you are signing server messages at the server level. Same concern as DNS expiration dates, for the most part.
I think the big point either way is that you don't need to completely ditch all of the existing SMTP code and infrastructure, like some have been suggesting. You just need enough of the large ISPs to start adding and supporting new sets of mail features that will make it harder to set up spam mail servers while not appreciably impacting legitimate users.
It's also should be pointed out that the concerns of convenient spam-proof email and the concerns of completely private email are similar, but not the same.
True, but email servers are very low load services, compared to web servers.
To get the benefit, you only really need to sign after the first hop going out. The message goes from whatever email client is used by the user to their mail server. The message is encrypted there.
Spammers, of late, have been sending mail directly to mailservers from either the few remaining open relays or various wingate proxies installed by some of the SoBig viruses and otherwise. They aren't going to be able to use any servers that do the signing for you. And the server's not signing them on the way in.
The people who won't like this are the legitimate large mailing lists.
I think that it's easier than you think.
There's tons of different places you could sequester the data. DNS or IP allocation records, for example -- it's already an up-to-date database of every ISP in the world. DNS already handles caching and whatnot.
It's pretty much like a trust mark in reverse. Step one, all of the servers contain a key and automatically digitally sign the messages as coming through that server. Step two, the server admins create a DNS record containing the key used by the server and the server admin attests to the fact that they don't allow open relays and whatnot. Step three, if an email claims to come from that server and isn't signed, the message can be safely dropped. If an email comes from the server and is signed, it can be whitelisted.
The problem is that any sort of key distribution scheme for intercommunication between two random related groups sucks. There's where the user interface comes in and things become just like normal use of encrypted messages. PGP Universal isn't going to help you there. But at the very least, if two companies are both sending proprietary emails back and forth, you can make sure that any mail between those two parties has been encrypted.
They've done that in the past to combat script leakage.
View this as a 70% cure for the corporate network. Useless for end-users.
You can't guarantee the exact person (although you might be able to audit-trail the logfiles and such)
But it will get you closer to the eventual goal of everything being encrypted and reduce most of the popular non-inside jobs.
My first thought is, "Oh great, that'll just mean you need to trust the server."
But then I started to consider what would happen if a lot of the large domain servers were to start signing their mail automatically with a "Yes this really did go through our mail server" signature.
For one, if every message to come from Yahoo was signed with yahoo's key, you could automatically deny every message from yahoo that didn't have that signature. Think of how much easier spam catching would be.
Joe-jobbing could be reduced. If it comes from Intergalactic Orange Smoothie's DNS address without a signature, you know that somebody's been joe-jobbing Intergalactic Orange Smoothie.
And encryption between known partners could be enforced. So every message between Intergalactic Orange Smoothie and their partners could be encrypted.
Problems are, not everybody's got PGP. So Intergalactic Orange Smoothie can't make every message encrypted. So there still needs to be some user-interaction.
In America, you watch the TV. In MPAA/RIAA/Paid-off-congressman America, the TV watches you.
'nuff said
Hmmmm.. True.
;)
Which is why you wait until the jerk who sits next to you and checks his voicemail on speakphone has forgotten to log out before grabbing it from his machine.
Of course signed, watermarked schemes tend to be crackable, as the SDMI folks found.
Many attempts to DRM files are going to fail because the insiders who *need* non-DRMed versions of the content will release the non-DRM versions of the content.
Actually, the workers in the IT industry have a long-term memory. This is why we've all got such a bad attitude about everything.
It's just the management who doesn't have a long-term memory. But it's too easy for a manager to spin a success out of a failure.
Aye, but this is also for the case where it's attached to the same electronics bus as your avionics (very likely with no protection to keep it from causing power problems with the other gear), flight-critical (if an IFR-certified GPS or VOR used for navigation doesn't work right, you can and will experience the ever-fun "Controlled flight into terrain"), etc.
;)
So some protectionism is called for. Granted, you are talking about a government agency, and they tend to go overboard about such things..
Not quite. DC-X was built for the military, not NASA, and then was later transfered to NASA when SDI was scaled back.
I'm not referring to a competitive bid. I'm talking about a fly-off. For example, the YF-16/YF-17 fly off. Both parties were funded to build their prototypes. The aircraft were tried out, and the YF-16 was the one that won out. Same for the ASF fly-off (X-35, and I forget the other) In all of these cases, you couldn't take the prototype and use it for combat missions, but you had enough of it to understand what goes on.
The X-prize foundation is definately showing that people can build a prototype-grade craft pretty easily. Prototypes are, by nature, cheap. The X-33's failure is that it was, for all intents and purposes, building a prototype for the cost of a production craft. A prototype will have whatever parts that fit the bill that they can lay their fingers on. Too much prototype money means that you don't scrimp and then you don't build a prototype.
Remember that this isn't always wasted effort in excess prototypes. The YF-17 ended up turning into the F/A-18. And the main cost is the production vehicles, anyways.
The problem with the X-33 is that NASA chose the most challenging option, it took too long (it's easier to go overbudget if it's a long project), and there wasn't anybody else who might get it done sooner, and it became progressively heavier and less useful were it to have been built.
The thing about a prototype is that it doesn't have to last forever, doesn't need to actually do anything, doesn't need any intact abort modes, and doesn't need to fit into a fleet. For a launch vehicle, it needs to just get into an unstable orbit for a few revs and then come down for a few full-scale test flights, plus a smattering of taxi tests, progressive flight envelope expansion.
Pretty much you want to certify the shape, the thermal protection system, the turnaround times, and whatever sort of other new technologies can fit in the budget.
The later vehicle needs to have intact abort modes, where it actually lands properly if the engines quit partway through. The later vehicle needs to get to a decent orbit. It needs to actually carry passengers and/or cargo. You can use an engine that hasn't been developed yet, better electronics, etc.
Other way around.
Fully electric drive means monster pickup and almost no shifting. Insane amounts of torque.
Add a generator to it, tho, and it's got cruddy mileage once the generator kicks in due to the inefficency of the motion->electricity->motion conversion.
Hybrids are gas drive, electric for pickup.
Actually, they can get a lot of this just by running a program a little better.
If they make the program a few years instead of 10 years, it's more assured funding and less propensity towards useless middle management. Plus, it's much easier to cancel a 10 year project 3 years in instead of canceling a project that's 3 years into a 4 year project.
If you have competing bids up to the point of prototypes, which the military does, you get 2x the basic developments for 1.25x the cost. If you have a clear setup of prototype-then-production, you don't end up with a 20 year old prototype like the shuttle. (It's probably the case that they should have just built Enterprise and maybe Columbia first, except at half-size and then gone back to the drawing board for Challenger, Atlantis, Discovery, and Endeavour)
And if you concentrate on a few things, like cost, safe transport of 4 crew, and the ability to get up and down, you can do it in a reasonable amount of time with a reasonable budget. The problem is that they tried to make the shuttle do too many things and be too advanced.
The problem with stopping the manned space program is that it's doubtful that we'd be able to get it started again once stopped.
Not necessarily. Science projects are often an investment in the future, with great payoffs.
If we were to develop a good replacement for the shuttle that did wonders for launch costs ($100/lb or so), even if the craft is owned by Boeing or LockMart, you can bet that people are going to be lined up to use that instead of Ariane, Soyuz, or Proton rockets. This would result in a lot of folks employed in America in support of this, because you know that they'll find reasons to turn down any other suggestions for launching elsewhere.
Plus, the companies are probaly going to be traditional American aerospace contractors. Which then means that the employees of said contractors will end up with money that will go back into circulation when they buy stuff, invest, etc.
Wellfare... Now that's throwing money down the drain.
The speach directing man to go to the moon was there because Kennedy needed a propaganda and publicity boost because of the other cruddy things that were happening around then. Following through was a different matter, but you don't want to insult the legacy of a dead guy. Well, that, and the Russians were racing us to the moon, which kept things going. ;)
It's cynical, but being cut down before you have the chance to screw things up does wonders for your legacy. Were somebody to have killed Nixon in 1972 (Before watergate arrests, before "peace with honor" got a chance to end with Vietnamese defeat, and after got the space shuttle going) we'd remember him favorably, too.
Not entirely.
NASA is mostly about maintaining their bunch of people and astronauts. Most of their projects are currently things that nobody else has the money to throw at. Most of the waste of late is companies like Boeing and LockMart, where they all go overbudget, because it's more profitable that way.
Really, the large problem right now is that nobody *can* compete with NASA because it's too expensive. National Geographic would love to send a photographer to the Moon, but there's no way that they'd be able to pay for it on their own. I'm of the belief that they really need to find some way of having reasonable launch costs (i.e. a reasonable multiple of fuel costs, not some multi-million dollar craft) and most of the rest of it will take care of itself.
The military has found that, for a high performance aircraft, you do need to build 2 different prototypes. There's only one military, but there's 2 contractors and 2 prototypes.
I'm also following Ben Rich (Second boss of the famed Skunk works) in thinking that it's also best for a program to take a mere few years. This way, nobody tries to build a career out of middle managing it.
Bush Sr. tried that one. It only works if you are killed before you can deal with the aftermath. ;)
Or just providing an application for it.
If NASA made it known that they would ship insane amounts of payload to space at $100/lb if somebody could do it, you could bet that even Boeing or LockMart would put asside their current cash-cow boosters to make a launch vehicle to do just that.
True.
NASA has shown that they can't really get anything done quickly and cheaply. It's not going to get us much more advances if they are all put aside once the goals are reached. It's also not going to help unless you define what "reusable" means. Apollo capsules could be called reusable if you stretch things.
The problem is that NASA needs to be mostly out of the loop. NASA has interfered and bungled stuff up more than once. It is increasingly appearing (At least to me) that the best way to do things is to have at least 2 teams build one or more prototypes each that don't *need* to actually complete all of the goals of the project, they just need to pave the way for the production vehicle that occurs next. Especially for something that goes up to LEO.
The ideal program there is that they will stipulate some sort of contract that revolves around funding 2-3 teams to develop a launcher for $x million over y years and, once it's operational, paying $z/lb with a guarantee of at least w lbs shipped "up" per year. They could probably fit the ideal contract on 2 sheets of paper.
The language in this bill is quite interesting, actually. Nothing is said about getting people from earth to LEO, just about getting from LEO to other places. A reusable craft that goes from LEO to the moon is pretty easy in comparison to a reusable craft that goes from earth to LEO. Picture a module the size of the service module with some larger engines.
A certain amount of "NASA's not building it" is present, but not quite enough. It looks to be congressman-friendly, in terms that Congress is going to have to review the selections. The problem here, of course, is that congressmen generally don't do much research other than what lobyists "research" for them. I'm not sure if that is better or worse than NASA deciding on the idea beforehand and then making it happen -- both have had some beautiful screwups.
They do earmark some funds for 2004 and 2005, which is at least positive.
There's probably a lot of hidden expenses that will go along with this. To go to most of these places, you need better shielding for radiation, which means a heavier craft or some new research. You will probably need to bring the launch costs to LEO down, which might even be accomplished by something as simple as placing a large enough order for Atlas V and/or Delta IV CCB's to bring the cost-per-unit down signifigantly. You will probably need either a shuttle replacement or a good number of OSPs. You will likely still need the ISS, too.
And the goal is to not cancel too many other NASA projects, like sonic-boom research, the mission to Pluto (which has to happen soon), and other such things. Although I can guarantee that the mission to the asteroid could replace a good chunk of the asteroid-related missions that we're currently doing.
Hey, I bet you'd love to talk about hygene levels with that stinky geek sitting next to you in the train. ;)
;)
And I'm sure that you and your traveling companion are talking about body ratings, albeit using different words, about the hot member of the appropriate gender two rows ahead.
Aye. I think the discussion about the phone companies not trying kill VoIP was more referring to the VoIP long distance and local phone services. So perhaps we were talking about Vo-the-internet. The phone companies, of course, will do VoIP behind the covers if it works for them.
Not a chance.
Phone companies want to itemize and per-minute and allocation and whatnot anything to death. They will stop working with VOIP when they are forced to, not a second before.
Good point.
There's a problem. Previously, the phone was a *phone* with extras. With something that's a pretty cruddy phone but a good gaming machine, I'm not sure if people's parents are going to go for it as much as a cool phone that contains the same functionality but looks like a "real" phone.
Which may be version 2 of the NGage concept.
I do think people actively buy a cellphone with some games over one without. They make great entertainment while you are waiting for somebody to show up.
But I think that's an added feature, not a primary purpose for purchase.
And those are all simple games that can be played for 5 minutes, not Pandamoneum or Tony Hawk.
They'd probably get something out of The Sims or SimCity or something like that. Not ported PS1 games.