As I understand it, the proposal requires public-key encryption for every email sent, done by the sender at the time of sending. (If the "private key" -- something encrypted with the private key -- could be computed once and reused in every message, it could be copied and replayed by a forger.) This can dramatically raise the overhead associated with sending mail. Perhaps that overhead is reasonable, perhaps not.
Yes, it's reasonable. On a 1 gig pentium, GnuPG can digitally sign a 250K file in under 2 milliseconds. For the more typical 10K file, it's even faster.
Another way of looking at it, is that it increases the amount of computation involved in sending an email by less than 2%.
Of course, we're talking about an unknown piece of software implementing an unknown algorithm, written by some Yahoo, but I think they can do something close to GnuPG - performance wise.
prostoalex writes "Yahoo!, the owner of one of the largest e-mail systems in the world, is said to be developing a cryptographic product that will be offered freely to mail servers.
Personally I think digitally signed email standards is a horse race with most of the horses being invisible.
I wouldn't bet on Yahoo being the winner, but I would be happy if they at least crossed the finish line.
Summary of argument; It won't work because ISPs block port 25 and port 587.
My response: He's on drugs.
Several ISPs block port 25, but almost none block 587. And even if they did, it's not like it's hard to listen on port 26, or even port 80 for that matter.
Ah... the classic "physics warnings". http://maxwell.ucsc.edu/~stephanie/warninglabels .s html
I think my favorite is
WARNING! THIS IS A 100% MATTER PRODUCT: In the unlikely event that this merchandise should contact antimatter in any form, a catastrophic explosion will result.
Companies do have the right to log email and instant messaging, but generally do not have the right to do it without the consent of the user.
No, companies don't have that right. If they want to do it legally, they have to contract with all of the parties who's privacy is being violated. That would include the person on the other end of the phone call/email/IM, not just their employees.
There are exceptions for logging in some cases, but logging != routine monitoring.
Warning all parties that it's being done can in some cases be enough of a contract, but not always. For example, they can't (legally) monitor calls to your personal cell phone even if they told you about it, and only did it "on company time".
I'm genuinely curious as to the problem that the tablet PC solves. What's it good for?
Tablets have approximately the same form factor as laptops, and fill the same niche. Tablets have an advantage in drawing, and other "pen based" input operations, but a disadvantage in writing and other "keyboard based" input operations.
Personally, I'd much rather have a laptop with a touch screen that could fold over completely, or a tablet with a keyboard that attached to the fold-over cover.
Companies have the right to monitor all IM, e-mail, files on their premises.
No, companies do not have this right.
Employees have a right to privacy, even on the job, and that includes phone conversations, email, and IM.
And even if you wanted to claim that companies had some rights over their employees' personal lives, they wouldn't have those rights over the people their employees are talking to.
Of course, not having the right to do it is not the same as not doing it.
If we want public schools to improve, funding should go toward increasing teachers' salaries.
Higher salaries would tend to increase the supply of teachers, (and therefore the supply of good teachers) but without some method for selecting the higher quality ones, it only marginally improves the average teacher.
IMO, what we need is real competition in education. Right now, the quality of a teacher is largely measured by the grades their students get. Teachers grade their own students. On certain rare occasions, the managers of the teachers grade the students. And as if that's not bad enough, the information is held in strictest confidence, which means you can't use it to make decisions.
Imagine the difference if grades were assigned by an independent testing board, and the average grade achieved was publicly available.
There is only so much cruft that can be dealt with. The ephemeral nature of the web improves it's signal to noise ratio immensely. (Not that it's good mind you, just better than it would be otherwise.)
Research papers that quote web pages may not be very good papers, but that doesn't mean that the right answer is a more permanent form of web page.
It would be bad to write it on tissue paper, but that doesn't mean we should get rid of tissues.
If a paper needs to be less transient than the web page it's citing, then the paper's author should contact the web page's author and arrange for a copy. If anyone wanted to cite something I wrote, I wouldn't mind if they included a copy, and not just a link. I doubt I'm the only one who would be willing to do that.
Recently a colleague of mine published a paper in an online peer-reviewed journal which contained a trivial error (transposition typo) that however would change, in fact reverse, the interpretation results. They were permitted to fix this, months after the article had first been posted. Does this aid Progress, or is it Revisionist?
It's better to fix it than to leave it broken, but even better IMO, is to fix it and add a footnote that explains when the change was made, and why.
If the spam includes sufficient information to track down the sender, it's not subject to the provisions of the bill.
If the spam doesn't include enough information to figure out who sent it, then it is subject to the provisions of the bill.
Gee, thanks a lot congress. Might as well pass a law that says that it's illegal to rob a bank unless you're wearing a name tag with your correct name.
I just hope no ISP decides it's now OK for their customers to spam as long they include a P.O. box in the spam.
What we need to do is file 1000's of small claims against SCO in your local courts...
Why? SCO hasn't actually done much, they've just claimed they were going to do something. This latest is so vague it's ridiculous.
We don't need to file lawsuits, all we need to do is threaten to file lawsuits. One AP story that quotes any person who can make any claim to IP in the linux kernel, saying something like "If things work out the way I expect, sometime in the next 6 to 8 weeks SCO will be hit with a class action suit for their flagrant copyright violations to the tune of 22 Billion dollars".
Then follow that up every two days with "yet another author joins the suit" naming someone else who has IP in the linux kernel and up the amount by a billion dollars.
I mean, once gcc can compile 64-bit code, than we should simply be able to recompile all of our current apps for these new processors, shouldn't we?
Yeah... Right.
Of course we should, but are you willing to bet that nobody ever assumed that "long" was a 4 byte quantity when they were allocating memory? That everybody used ~0x4f instead of 0xffffffb0? That (n>>24) must fit in a byte?
Has anyone else thought that the most effective way to combat SPAM would be with education not filters/lawsuits/etc?
Lots of people.
I see two main problems;
1. It's easy to make the claim that spam is bad, but it's not easy to prove. Even if you had the evidence, how could you prove the evidence wasn't faked? Spammers can manufacture their own "evidence". Come to that, are you really sure spam is bad for business?
2. It only takes 1 in a million. Can you educate 90%? 99%? 99.99%? Right now, even a small fry internet business has enough bandwidth to spam the planet in just a few days (assuming that is, that their ISP would let them). Because of Moore's law, it takes a smaller and smaller percentage of the population being idiots for spam to be a problem. The ROKSO list is less than %0.001 of the internet.
Most people, like the poster, incorrectly assume that "begs the question" is the same as "answers the question".
I was taught that english rules are determined by usage, not the other way around.
If most people in the audience think an idomatic expression has a particular meaning, then it does have that meaning.
I've seen "begs the question" used as a replacement for "immediately raises the question with a level of urgency that can't be denied" far more often than any other usage.
Yeah, and all those ISPs who pays for bandwidth don't have a financial incentive to make sure that spam is not a problem right?
Yep, pretty much you've hit the nail on the head.
The average spam is less than 10K, and even though spam rates have been going up, bandwidth prices (to the ISP) have been going down faster.
The average $20 a month customer gets around 300-600 spams a month. Less than 10 megabytes. ISPs don't really pay by the byte, but it costs considerably less than $10 to recieve a gigabyte these days. That 10 megabytes of spam costs them less than a dime.
Is there something in the US legal system that actively prevents SCO from claiming every single file in the kernel as their own?
Yes, it's called "the judge". Bullshit tactics might be technically legal, but the human sitting behind the bench is going to disallow them just the same.
I'm going to issue a challenge. Alexis Dang (the author of this piece), if you're listening, here's a challenge. Give me $1500 and I'll build you a server that can beat your server in storage related activities.
Hmm... I think this might actually make an interesting contest.
How cheaply can you build a server that meets some arbitrary set of performance numbers - say, 1 terabyte of storage, able to saturate two 100baseT ethernet ports, and a MTBF of 2 years.
Given that Fry's is selling 250 Gig drives for $160 (after rebate), I'd bet someone could do it for under a $1250. Maybe even under a $1000.
Slashdot Mirror
Yes, it's reasonable.
On a 1 gig pentium, GnuPG can digitally sign a 250K file in under 2 milliseconds. For the more typical 10K file, it's even faster.
Another way of looking at it, is that it increases the amount of computation involved in sending an email by less than 2%.
Of course, we're talking about an unknown piece of software implementing an unknown algorithm, written by some Yahoo,
but I think they can do something close to GnuPG - performance wise.
-- this is not a
Personally I think digitally signed email standards is a horse race with most of the horses being invisible.
I wouldn't bet on Yahoo being the winner,
but I would be happy if they at least crossed the finish line.
-- this is not a
Summary of argument;
.sig
It won't work because ISPs block port 25 and port 587.
My response:
He's on drugs.
Several ISPs block port 25, but almost none block 587.
And even if they did, it's not like it's hard to listen on port 26, or even port 80 for that matter.
-- this is not a
This is a trick question right?
Yes, of course I'd chose an already working product over something that hasn't been finished.
I might switch once the open standard was finished, but not until they've got working code.
-- this is not a
http://maxwell.ucsc.edu/~stephanie/warninglabel
I think my favorite is
-- this is not
The comparing disturbs me less than the fact that gambling comes out looking better.
-- this is not a
No they don't.
The latest crop of worms use your ISP to send.
At any rate, blocking port 25 is attacking the symptom.
That's better than nothing, but we need to attack the disease.
-- this is not a
No, companies don't have that right.
If they want to do it legally, they have to contract with all of the parties who's privacy is being violated.
That would include the person on the other end of the phone call/email/IM, not just their employees.
There are exceptions for logging in some cases, but logging != routine monitoring.
Warning all parties that it's being done can in some cases be enough of a contract, but not always.
For example, they can't (legally) monitor calls to your personal cell phone even if they told you about it, and only did it "on company time".
-- this is not a
Tablets have approximately the same form factor as laptops, and fill the same niche.
Tablets have an advantage in drawing, and other "pen based" input operations,
but a disadvantage in writing and other "keyboard based" input operations.
Personally, I'd much rather have a laptop with a touch screen that could fold over completely,
or a tablet with a keyboard that attached to the fold-over cover.
-- this is not a
No, companies do not have this right.
Employees have a right to privacy, even on the job, and that includes phone conversations, email, and IM.
And even if you wanted to claim that companies had some rights over their employees' personal lives,
they wouldn't have those rights over the people their employees are talking to.
Of course, not having the right to do it is not the same as not doing it.
-- this is not a
Higher salaries would tend to increase the supply of teachers, (and therefore the supply of good teachers) but without some method for selecting the higher quality ones, it only marginally improves the average teacher.
IMO, what we need is real competition in education.
Right now, the quality of a teacher is largely measured by the grades their students get.
Teachers grade their own students.
On certain rare occasions, the managers of the teachers grade the students.
And as if that's not bad enough, the information is held in strictest confidence, which means you can't use it to make decisions.
Imagine the difference if grades were assigned by an independent testing board,
and the average grade achieved was publicly available.
-- this is not a
So what, you'd rather read it?
Sure, it would be better to stop spam from being sent.
But filtering is better than nothing, and making that easier is also better.
I'll take what I can get, and ask for more.
There is only so much cruft that can be dealt with.
.sig
The ephemeral nature of the web improves it's signal to noise ratio immensely.
(Not that it's good mind you, just better than it would be otherwise.)
Research papers that quote web pages may not be very good papers,
but that doesn't mean that the right answer is a more permanent form of web page.
It would be bad to write it on tissue paper,
but that doesn't mean we should get rid of tissues.
If a paper needs to be less transient than the web page it's citing,
then the paper's author should contact the web page's author and arrange for a copy.
If anyone wanted to cite something I wrote,
I wouldn't mind if they included a copy, and not just a link.
I doubt I'm the only one who would be willing to do that.
-- this is not a
It's better to fix it than to leave it broken, but even better IMO,
is to fix it and add a footnote that explains when the change was made, and why.
-- this is not a
If the spam includes sufficient information to track down the sender, it's not subject to the provisions of the bill.
.sig
If the spam doesn't include enough information to figure out who sent it, then it is subject to the provisions of the bill.
Gee, thanks a lot congress.
Might as well pass a law that says that it's illegal to rob a bank unless you're wearing a name tag with your correct name.
I just hope no ISP decides it's now OK for their customers to spam as long they include a P.O. box in the spam.
-- this is not a
Didn't you Brits already try letting people roam free in Austrailia instead of putting them in jail?
-- this is not a
No.
Anyone who claims otherwise either didn't understand the question,
or is ignoring the question and trying to push their particular definition.
-- this is not a
Why? SCO hasn't actually done much, they've just claimed they were going to do something.
This latest is so vague it's ridiculous.
We don't need to file lawsuits, all we need to do is threaten to file lawsuits.
One AP story that quotes any person who can make any claim to IP in the linux kernel,
saying something like "If things work out the way I expect, sometime in the next 6 to 8 weeks SCO
will be hit with a class action suit for their flagrant copyright violations to the tune of 22 Billion dollars".
Then follow that up every two days with "yet another author joins the suit" naming someone else who has IP in the linux kernel and up the amount by a billion dollars.
-- this is not a
Yeah... Right.
Of course we should, but are you willing to bet that nobody ever assumed that "long" was a 4 byte quantity when they were allocating memory?
That everybody used ~0x4f instead of 0xffffffb0?
That (n>>24) must fit in a byte?
-- this is not a
Lots of people.
I see two main problems;
1. It's easy to make the claim that spam is bad, but it's not easy to prove.
Even if you had the evidence, how could you prove the evidence wasn't faked?
Spammers can manufacture their own "evidence".
Come to that, are you really sure spam is bad for business?
2. It only takes 1 in a million.
Can you educate 90%? 99%? 99.99%?
Right now, even a small fry internet business has enough bandwidth to spam the planet in just a few days
(assuming that is, that their ISP would let them).
Because of Moore's law, it takes a smaller and smaller percentage of the population being idiots for spam to be a problem.
The ROKSO list is less than %0.001 of the internet.
-- this is not a
I was taught that english rules are determined by usage, not the other way around.
If most people in the audience think an idomatic expression has a particular meaning,
then it does have that meaning.
I've seen "begs the question" used as a replacement for "immediately raises the question with a level of urgency that can't be denied"
far more often than any other usage.
English is a living language. Get used to it.
-- this is not a
Yep, pretty much you've hit the nail on the head.
The average spam is less than 10K, and even though spam rates have been going up,
bandwidth prices (to the ISP) have been going down faster.
The average $20 a month customer gets around 300-600 spams a month.
Less than 10 megabytes.
ISPs don't really pay by the byte, but it costs considerably less than $10 to recieve a gigabyte these days.
That 10 megabytes of spam costs them less than a dime.
It costs them more to bill you.
-- this is not a
Yes, it's called "the judge".
Bullshit tactics might be technically legal, but the human sitting behind the bench is going to disallow them just the same.
-- this is not a
Right now, most IDE drives over 120 Gig comes with a controller.
As anyone who builds servers knows, you end up with a stack of them pretty quickly.
Ask around, you can probably get a brand spanking new IDE controller for $0.
-- this is not a
Hmm... I think this might actually make an interesting contest.
How cheaply can you build a server that meets some arbitrary set of performance numbers -
say, 1 terabyte of storage, able to saturate two 100baseT ethernet ports, and a MTBF of 2 years.
Given that Fry's is selling 250 Gig drives for $160 (after rebate), I'd bet someone could do it for under a $1250. Maybe even under a $1000.
-- this is not a