Digitally signing email is better than examining the transport layer because it pushes the smarts to the edge. It will work (in theory) regardless of the network it runs over - IPv4, IPv6, dial-forwarding, SoNet, or whatever.
However, SPF is being field tested, while DomainKeys is a draft of an idea. There's still a lot of handwaving that I'd like to see actually working code for. For example, DNS TXT records don't just have "some problems" when they go over 127 bytes in length - they completely break most of the current implementations of DNS. That could be a major problem for large keys. A real implementation would have run into that problem and have a solution (or maybe the implementer would give up on the idea...)
It's fine to say "sign the headers" but the real world of SMTP is nasty - it can do unexpected things to non-ascii text, change the end of line character(s) trim or convert white space. Hell, there are still servers out there that put '>' in front of any line that begins "From " Solvable problems, but much easier to deal with if the recommend solutions are mentioned in the spec.
I am dismayed at how often this misunderstanding has been repeated here.
* If the receiver does not check SPF, then no mail is rejected and forwarding is not broken.
* If the receiver does check SPF, but doesn't use any forwarders, then forwarding is not broken.
* If the receiver does check SPF, but uses only forwarders that implement SRS, then forwarding is not broken.
* If the receiver does check SPF and uses a non-SRS forwarder, but uses a whitelist to avoid rejecting mail from that forwarder, then forwarding is not broken.
* If the receiver check SPF and uses a non-SRS forwarder, but configures their MTA to reject mail from that forwarder, then their incompetence will result in rejected mail. How is this the fault of SPF?
My problem with your list above is that it assumes that the "receiver" is the same party as the "forwarder" While that's true in many cases, in many others, it's not.
I'm sure a lot of people forward email to their AOL accounts. Consider AOL. To implement SPF, AOL would need to allow each user to whitelist mail from IPs (They can't whitelist all forwarders without essentially whitelisting the whole internet.) Not impossible for AOL, but not exactly trivial either.
SPF requires supplemental work to keep things working. If you chose not to call that "breaking" then fine.
Forwarding services and web-generated email sites need to deploy SRS.
The problem isn't so much sites that implement SPF without deploying SRS, as it is sites that forward email and don't implement SPF at all, forwarding to a site that is attempting to implement SPF. Until and unless every site that forwards email does SRS, SPF can not be used to reject email as forged.
In my opinion SPF is useful only to whitelist things. I.e. if you get a message "from" example.com and it comes from an IP that example.com claims is "theirs" then you can be relatively certain it really is from example.com. But the converse is not true - just because it doesn't come from an IP example.com claims is "theirs" it doesn't necessarily mean it's not really from example.com
Correct me if I'm missunderstanding SMTP (or just making things up), but once a message enters the DATA phase, isn't an MTA supposed to accept it?
Consider yourself corrected.
RFC 2821 in section 4.2.5 Reply Codes After DATA and the Subsequent <CRLF>.<CRLF> makes it clear that if an error code is returned after the final '.' then the receiver is specifically not supposed to handle the message, and any bounces are therefore the responibility of the sender.
Try to buy any other currency or commodity with it. You can't. The only way is first selling it.
I just offered someone in the office 500 plat for a coke. I now have a coke.
Based on that experience, I'd say that converting plat to commodities isn't hard at all - you just need to find someone who has an extension into the everquest reality.
The problem is the x86 chip, which has no separate execute permission bit for memory...
Maybe not the 8086, but the entire family after the 186 has seperate CS and DS registers, and read and write protection on blocks.
On the 386 and later, it should be possible to put code in a seperate, unwriteable memory block, and limit the range of the CS to that block, and that block alone.
OptInRealBig won a temporary restraining order against SpamCop. The TRO prevents SpamCop from sending complaints about OIRB to their provider or removing email addresses from the complaints it receives which regard OIRB. I think we will rue this day for years to come."
I may be in the minority, but personally I doubt I'll rue this day at all. Spamcop used to send ISPs enough information that you could figure out which customer was spamming.
Now they're just vauge assertions that someone somewhere on your system sent email to somebody at sometime that they thought was spam.
30,000 customers and one of them is sending spam. Gee - who'd a thunk?
If this TRO gets spamcop to rethink their position on annonymous reporting, I won't rue it at all.
If they would have read the GPL it says that you license *all* your patents with that software for that software.
Well, to play SCOs advocate for a moment, that would only mean that by refusing to license their patents they aren't able to legally distribute the software.
They could claim they've been illegally distributing the software, and their patents are still in force.
[The solar constant is about 1 kW per Square meter.] That simply means you need quite some substantial area irradiated by bright sunlight to obtain a given amount of energy.
You didn't mention that that's at noon - over the course of a day, a square meter is going to get hit with about 6 kilowatt hours of power.
What a "substantial area" is depends on your application.
Assuming 50% efficency, 4-5 one meter panels would be enough for a typical house. You wouldn't even need to cover the whole roof.
Or how about a combination solar cell/umbrella/speaker for beach parties with kick ass sound. A 6' diameter and those babies would deliver more than 1000 watts per channel. (or you could get a smaller one and just run your laptop)
-- sheesh, seems like they'll let anybody on the internet these days.
The problem with patents as I see it isn't so much that there are stupid ones granted, but that there is no way to get real work done without running afowl of these stupid patents.
As much as I'd like to throw out patents completely, I don't see that happening anytime soon, so I propose approching the problem from the other direction.
Rule that software which runs on a computer built one year before the filing date of a patent was incapable of infringing. (Whatever it is must either be an algorithm or prior art, so it can't infringe.) Although working on old hardware might be a bit of a limitation, you could at least be certain of avoiding patent infringement by doing so.
not only that, but if you had access to the RIGHT hardware making a smartcard with a 16F84 pic processor in it also would be easy. now subvert the card by writing simple code to convert votes as they are written.
Fagh - waaay to complicated.
Just swap out a real card early in the election, set the votes on it how ever you like, and swap it back near the end of the election.
If you stole a voting machine you wouldn't even need to know how to program the card - just stick the card in your stolen machine and vote a few thousand times.
Of course, you could do the same with paper ballots. It's a little harder to swap out the ballot box, but I bet you could do it without that much trouble, even if the polling place was "hostile" to such moves. Swap in a phony near the start of the election, swap it out near the end.
Fundamentally, if an anonymous voting system makes it impossible to know how you voted, then you can't check it either.
Personally, I'm opposed to any system that requires secret voting, but I recognize that I'm in the minority on that.
Why not use the extra space for better sound quality rather than greater number of songs?
Yes, obviously more capacity is better at the same price and size.
I think the point is (despite the usually bad headline/summary) that the typical consumer doesn't care that much about capacity beyond about 1000 songs.
If a player can hold 1,000 songs, and costs $200 then it will beat a player that can hold 10,000 songs but costs $250.
I'd bet that if you could shave another $50 off the price by lowering the quality to the same as FM radio, but still have 1000 songs, that most consumers would prefer that.
The "escrow key" model of lock that now being distributed in the form of lugage lock leaves interesting options for a traveler...
- Leave your suitcase unlocked. The TSA can get access, and so can anybody else who wants to try to open it. - Lock your suitcase the old fashioned way. If the TSA wishes to check your bag, they'll bust your lock. Bad guys can also bust the lock. At least, if the contents are tampered with, you'll see a defeated lock when you recover your bag. - Lock your suitcase with the TSA-compliant locks. Most people can't open your bag, but TSA key holders (both good guys and bad guys) can get into your bag without having to break anything.
Hmm.. which option to chose?
I prefer the "full disclosure" model. TSA + a device that records all intrusions.
For example, every bag is sealed with a coded zip tie that must be broken to open it, and all "proper" examinations of the bag are video-taped, with the footage available to the bag's owner, and a new zip tie attached.
-- this is not a.sig
Summary of ToS, with comments
on
Paid To Spam
·
· Score: 2, Informative
Full ToS is on their website http://www.virtualmda.com/terms.htm
I've paraphrased their clauses. My comments are in italics after.
1. By signing up, you agree to this ToS
2. You get $1 for every "CPU HOUR". You have to ask to get paid. We won't pay unless it's at least $50. If there's anything suspicious, or we make a mistake in accounting, you get nothing.
Comment: it's not clear what a "CPU HOUR" is, but I suspect despite the many claims on slashdot, that they really do mean $1 for every hour your computer is running their program and is connected to the internet sending email. But their program doesn't run unless both you and they tell it to, so they could guarantee that it runs less than 40 hours if they wanted to.
3. You agree not to cheat.
4. We can change the Terms of Service whenever we want.
My guess is that this happens if you would actually get paid if they didn't.
5. You are responsible for security.
6. There is no warranty.
7. We aren't liable for anything.
8. Our software has a copyright.
9. We decide if you violated the ToS.
10. You can't resell the service.
I wonder why they're worried about that.
11. You are responsible for anything we send.
Yes, they really do expect you to take the fall for what they are doing.
12. You indeminfy us.
And if they should happen to take the fall, then you have to pay for that too.
13. All you can do if you don't like it is quit.
14. The legal jurisdicition for everything is New Hampshire.
15. You agree not to participate in class actions against us. And that goes for all time, not just this.
In other words, they know you're going to want to sue them, so they want to make sure it's not worthwhile to do it.
Mostly, the ToS is the usual collection of stupidity, but that last clause is so out there that I had to comment.
-- this is not a.sig
Re:no outbound connections?
on
Paid To Spam
·
· Score: 1
Someone needs to set up a huge server room that accepts only incoming packets so the spammers can seed the servers.
mailsiphon.com
--this is not a.sig
It's not really solstice without blue.
on
The Blues for LEDs
·
· Score: 1
But without the blue, the holiday lighting just wouldn't be the same.
Most nuclear plants work by boiling purified water, using the steam to turn a turbine.
What if, instead of running it as a closed loop, with the enormous cooling towers, we combined the two together, so that you have water desalinization and nuclear power in one?
It's not a bad idea, but there are problems. To properly desalinate, you want to heat the water to slightly over 100 degrees. To get maximum efficiency from the generator, you want to heat the water as much as possible.
Also, sea-steam is much more corrosive than pure water, so there are added costs because you need to use more expensive materials to build the turbine (or replace it more often).
So it's not "free", but potentially at least, it's cheaper to combine them than to run them both separately.
Slashdot Mirror
Less is better.
- not a
While I personally agree that it's probably not going to be effective, until they've tried it we can't be sure.
Once it's proven ineffective, then I'll start complaining that they've wasted my tax dollars and are interfering with things they should stay out of.
-- this is not a
Digitally signing email is better than examining the transport layer because it pushes the smarts to the edge. It will work (in theory) regardless of the network it runs over - IPv4, IPv6, dial-forwarding, SoNet, or whatever.
...)
.sig
However, SPF is being field tested, while DomainKeys is a draft of an idea.
There's still a lot of handwaving that I'd like to see actually working code for.
For example, DNS TXT records don't just have "some problems" when they go over 127 bytes in length - they completely break most of the current implementations of DNS.
That could be a major problem for large keys.
A real implementation would have run into that problem and have a solution (or maybe the implementer would give up on the idea
It's fine to say "sign the headers" but the real world of SMTP is nasty - it can do unexpected things to non-ascii text, change the end of line character(s) trim or convert white space.
Hell, there are still servers out there that put '>' in front of any line that begins "From "
Solvable problems, but much easier to deal with if the recommend solutions are mentioned in the spec.
-- this is not a
My problem with your list above is that it assumes that the "receiver" is the same party as the "forwarder"
While that's true in many cases, in many others, it's not.
I'm sure a lot of people forward email to their AOL accounts.
Consider AOL. To implement SPF, AOL would need to allow each user to whitelist mail from IPs
(They can't whitelist all forwarders without essentially whitelisting the whole internet.)
Not impossible for AOL, but not exactly trivial either.
SPF requires supplemental work to keep things working. If you chose not to call that "breaking" then fine.
-- this is not a
The problem isn't so much sites that implement SPF without deploying SRS, as it is sites that forward email and don't implement SPF at all, forwarding to a site that is attempting to implement SPF.
Until and unless every site that forwards email does SRS, SPF can not be used to reject email as forged.
In my opinion SPF is useful only to whitelist things.
I.e. if you get a message "from" example.com and it comes from an IP that example.com claims is "theirs" then you can be relatively certain it really is from example.com.
But the converse is not true - just because it doesn't come from an IP example.com claims is "theirs" it doesn't necessarily mean it's not really from example.com
-- this is not a
Consider yourself corrected.
RFC 2821 in section 4.2.5 Reply Codes After DATA and the Subsequent <CRLF>.<CRLF>
makes it clear that if an error code is returned after the final '.' then the receiver is specifically not supposed to handle the message, and any bounces are therefore the responibility of the sender.
-- this is not a
I just offered someone in the office 500 plat for a coke.
I now have a coke.
Based on that experience, I'd say that converting plat to commodities isn't hard at all - you just need to find someone who has an extension into the everquest reality.
-- this is not a
Maybe not the 8086, but the entire family after the 186 has seperate CS and DS registers, and read and write protection on blocks.
On the 386 and later, it should be possible to put code in a seperate, unwriteable memory block, and limit the range of the CS to that block, and that block alone.
-- not a
How about in addition to making better batteries, we make it so the electronics don't use as much electricity?
-- not a
I may be in the minority, but personally I doubt I'll rue this day at all.
Spamcop used to send ISPs enough information that you could figure out which customer was spamming.
Now they're just vauge assertions that someone somewhere on your system sent email to somebody at sometime that they thought was spam.
30,000 customers and one of them is sending spam.
Gee - who'd a thunk?
If this TRO gets spamcop to rethink their position on annonymous reporting, I won't rue it at all.
-- this is not a
Taxes do not "generate" money.
If he wants to make money, he should get a job.
-- this is not a
Well, to play SCOs advocate for a moment, that would only mean that by refusing to license their patents they aren't able to legally distribute the software.
They could claim they've been illegally distributing the software, and their patents are still in force.
-- not a
You didn't mention that that's at noon - over the course of a day, a square meter is going to get hit with about 6 kilowatt hours of power.
What a "substantial area" is depends on your application.
Assuming 50% efficency, 4-5 one meter panels would be enough for a typical house.
You wouldn't even need to cover the whole roof.
Or how about a combination solar cell/umbrella/speaker for beach parties with kick ass sound. A 6' diameter and those babies would deliver more than 1000 watts per channel.
(or you could get a smaller one and just run your laptop)
-- sheesh, seems like they'll let anybody on the internet these days.
Actually, I think it's a patent on crap flooding.
There's certainly plenty of prior art to defeat this, but who really cares?
Crap flooding doesn't work anymore, we've already evolved defenses for it.
-- sheesh, it's like they'll let anybody on the internet these days.
The problem with patents as I see it isn't so much that there are stupid ones granted, but that there is no way to get real work done without running afowl of these stupid patents.
.sig
As much as I'd like to throw out patents completely, I don't see that happening anytime soon, so I propose approching the problem from the other direction.
Rule that software which runs on a computer built one year before the filing date of a patent was incapable of infringing. (Whatever it is must either be an algorithm or prior art, so it can't infringe.)
Although working on old hardware might be a bit of a limitation, you could at least be certain of avoiding patent infringement by doing so.
-- this is not a
Fagh - waaay to complicated.
Just swap out a real card early in the election,
set the votes on it how ever you like, and swap it back near the end of the election.
If you stole a voting machine you wouldn't even need to know how to program the card - just stick the card in your stolen machine and vote a few thousand times.
Of course, you could do the same with paper ballots.
It's a little harder to swap out the ballot box, but I bet you could do it without that much trouble, even if the polling place was "hostile" to such moves.
Swap in a phony near the start of the election, swap it out near the end.
Fundamentally, if an anonymous voting system makes it impossible to know how you voted, then you can't check it either.
Personally, I'm opposed to any system that requires secret voting, but I recognize that I'm in the minority on that.
-- this is not a
Seems pretty good to me - better than the "It's new, so it must be good..." philosophy.
It would be better still to learn about stuff before promoting or opposing it, but who has time for that?
-- this is not a
If your first thought was that schools shouldn't be teaching this stuff,
.sig
then you've already slid too far down the slope.
You've already accepted that government run schools with required attendance is right and proper.
Why do we need schools at all?
Why are they manditory?
Who has the right to decide what is taught in them?
-- this is not a
Yes, obviously more capacity is better at the same price and size.
I think the point is (despite the usually bad headline/summary) that the typical consumer doesn't care that much about capacity beyond about 1000 songs.
If a player can hold 1,000 songs, and costs $200 then it will beat a player that can hold 10,000 songs but costs $250.
I'd bet that if you could shave another $50 off the price by lowering the quality to the same as FM radio, but still have 1000 songs, that most consumers would prefer that.
-- this is not a
I prefer the "full disclosure" model.
TSA + a device that records all intrusions.
For example, every bag is sealed with a coded zip tie that must be broken to open it,
and all "proper" examinations of the bag are video-taped, with the footage available to the bag's owner, and a new zip tie attached.
-- this is not a
Full ToS is on their website
.sig
http://www.virtualmda.com/terms.htm
I've paraphrased their clauses.
My comments are in italics after.
1. By signing up, you agree to this ToS
2. You get $1 for every "CPU HOUR".
You have to ask to get paid.
We won't pay unless it's at least $50.
If there's anything suspicious, or we make a mistake in accounting, you get nothing.
Comment: it's not clear what a "CPU HOUR" is, but I suspect despite the many claims on slashdot, that they really do mean $1 for every hour your computer is running their program and is connected to the internet sending email. But their program doesn't run unless both you and they tell it to, so they could guarantee that it runs less than 40 hours if they wanted to.
3. You agree not to cheat.
4. We can change the Terms of Service whenever we want.
My guess is that this happens if you would actually get paid if they didn't.
5. You are responsible for security.
6. There is no warranty.
7. We aren't liable for anything.
8. Our software has a copyright.
9. We decide if you violated the ToS.
10. You can't resell the service.
I wonder why they're worried about that.
11. You are responsible for anything we send.
Yes, they really do expect you to take the fall for what they are doing.
12. You indeminfy us.
And if they should happen to take the fall, then you have to pay for that too.
13. All you can do if you don't like it is quit.
14. The legal jurisdicition for everything is New Hampshire.
15. You agree not to participate in class actions against us.
And that goes for all time, not just this.
In other words, they know you're going to want to sue them, so they want to make sure it's not worthwhile to do it.
Mostly, the ToS is the usual collection of stupidity, but that last clause is so out there that I had to comment.
-- this is not a
mailsiphon.com
--this is not a
But without the blue, the holiday lighting just wouldn't be the same.
.sig
-- this is not a
The low tempature is below freezing about half the year in that area.
.sig
Seems like a perfect candidate for freeze desalination to me.
-- this is not a
It's not a bad idea, but there are problems.
To properly desalinate, you want to heat the water to slightly over 100 degrees.
To get maximum efficiency from the generator, you want to heat the water as much as possible.
Also, sea-steam is much more corrosive than pure water, so there are added costs because you need to use more expensive materials to build the turbine (or replace it more often).
So it's not "free", but potentially at least, it's cheaper to combine them than to run them both separately.
-- this is not a