Maybe the folks that take entire tables and squat for 8+ hours at a time are 'fly-by-coffee-show-hours 'biznesses'. Aka spammers, scammers, phishers, etc. They have no real office, and they like the anonymous/less-tracable connectivity they get from the shop's wireless as opposed to using their home connection. Anyone notice any decrease in spam on the weekends the shop shut this down?:P
I would never use an MTA that didnt do 4.2 anyway, even for straight [E]SMTP (at least for any mail not originating locally. Although since I pretty much always seperate the 'unix login account' namespace from the 'mail address' namespace, so there isnt a valid way for any addresses in locally generated mail that dont already have a full address to be corrected, except to substitute postmaster@${primary_domain}
Given the specification, MSA works just fine with the client beleiving it is speaking straight-ESMTP, even with SMTP AUTH, which would certainly be recommended, if not required; since the whole point is to seperate 'the world' sending you mail and 'authorized users' sending outbound mail, and of course without authentication there wouldnt be any way to determine authorization, even if the authorization rule is 'anyone that can successfully authenticate is authorized'
I assume your reply was just a clarification, and that you dont disagree with my more general point.
No, you dont need port 25 to relay through your tummy.com server. Use MSA - wether that means implementing it yourself (if your vserver is setup that way), or asking them to support it (if they dont already). Uses port 587 instead of 25. Requires authentication. Doesn't accept 'inbound' mail, only 'outbound for-relay'.
The 'better solution' you pine for has already existed for 7 years in RFC 2476, circa 1998. Hopefully more and more DSL/cableco's blocking of port 25 outbound will eventually lead to near-universal implementation of it.
If more and more major ISP's block port 25 outbound for their 'consumer grade' service, there will be less and less zombie spam from those networks. As more web and mailhosts come to grips with this (most already have, to be honest), they will ensure that they support MSA (RFC 2476), and those users that need to travel between connectivity providers will be setup to use it (only once, as it will also work when on onces 'home' network, no need to switch back and forth).
Mail that servers send to other servers, will still go via port 25, and in addition to other spam control measures, server admins wont have to deal with as many zombied wincrap boxes on $cableco or $telco/dsl networks.
Spammers can't use MSA to deliver mail to recipients, as 1. it requires authentication, and 2. it should be setup to only accept mail for outbound relay from authenticated users. Yes, there will be some cases of spammers hijacking MS email software, and using its saved passwords to send mail as that user through that users mail server, but that will be far easier to track down and squelch than the current situation of spam coming randomly from all over.
Yes, so you make sure you pick a clueful ISP that has MSA (RFC 2476) support, which uses port 587, then you set his mail client to use that, and it works fine both when hes in the office, or at home, regardless of port 25 restrictions wherever he's getting his connectivity from.
Since MSA requires him to *authenticate* (which most clients, even OE and ilk will do happily) when he connects on port 587, and the ISP only accepts *outbound* mail on that port (other ISP's wanting to delvier mail *to* your ISP still use 25) it isnt terribly attractive to spammers.
This idea is to seperate 'a mailserver connecting to another mailserver to drop of mail that is addressed to a user at the destination server' from 'a user connecting to his own server, authenticating as such, and then dropping of outbound mail for that server to then send on to the final destination', and restrict the first to non-dynamic, non-'consumer', or any addresses where there isnt some reasonable expectation of a positively identifiable responsible party.
Spammers will have a lot harder time abusing the second, and will be easier to identify if and when they do.
What I *meant* to say, was, it would be nice, if the media, especially the tech media, starting getting this right...
This 'adds to the risk facing' *Windows* Internet users, not 'Internet users'. Those of us that use the Internet from non-Microsoft platforms only, dont feel beleagered with risks from viruses, trojans,etc much at all. At least not directly. We certainly get our share of spam and crap email, but thats primarily annoying, not so much 'risky'
We do not object to use of this slang term to describe UCE, although we do object to the use of the word "spam" as a trademark and to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters.
Clueful folk in the industry recognize that Hormel is 'being nice'. I agree.
These pretty much agree with my take on the issue.
I don't have much sympathy for SpamArrest. They are clueless as far as fighting spam properly, apparently so far as to not even be aware of Hormel's position noted above.
The link given in the summary was http://eff.tor.org/ , but that leads to some site that... well, Im not sure what it is (one link leads to a list of what appears to be footraces, the other link goes to some photos.)
I'd support that, if the way that one would demonstrate being 'sensible' was something other than a 'certification', as those are fairly universally meaningless, as one can be a complete moron and get things like MCSE, A+, etc, and often those of us who arent stupid enough to fall for things like 'emailed updates from MS' (of course, not using anything from MS makes it that much easier) often dont have the inclination, time, or money to pay to take some idiotic test that (obviously in the case of MCSE, but for A+ too) assumes PC = Windows. I've worked for 8+ years as the network engineer at an ISP, and Id probably fail A+, becuase my answer to every question that had anything to do with Windows would either be 'It doesnt matter, becuase Windows is crap', or 'Format the HD and reinstall an OS that isnt a proprietary POS'
Becuase the point of E911 is that they know your location even if you are unable to speak (say a heart attack, or a child hiding in a closet with a burgler in the house where if they spoke, it would alert the burglar to their presence).
Basically, the only work around is to register your location with your VOIP provider when you get your service. And you'd still have to update it if you moved, for it to continue to work.
But that isnt the issue behine this order. The issue is that, up until now, the inumbent bell telco's have been very resistant to allowing the voips to connect to the emergency trunks that lead to the PSAPS that can be used to pass along this info. Some Voips did the next bext thing and routed calls to the 'public' (usually non-emergency) number at the PSAP. Some voips just dont provide 911 dialing at all (But they dont hide this - they make it clear when you order that theres no 911)
Yes, this is becuase the incumbent telco's have been refusing to provide access to the actual emergency trunks leading into the PSAP's. If you'll RTFA, you'll note Vonage talking about agreements with varioues telco's, and that theyve been trying for a very long time. The FCC order, thankfully, also *requires* the telcos to allow access to them.
All in all, a good thing, however I *hope* that the order allows a customer to consciously make the choice to *not* have 911 service, if they know they will aboslutely not need it for some reason (either if they have a standard landline as well, or if they are shipping the VOIP box to a foreign country for a relative to use to call them free, etc)
The bit about requiring the VOIP companies to make sure their customers know the limitations of 911 - I'm honestly not sure how much clearer Vonage could be. (I have another Voip provider myself, that does not currently support 911 service, and I was fully aware of that and the consequences of it, before I ordered service from them)
That said, if lack of 911 is in any way hoding back adoption of Voip, then I applaud this, as it forces the telco's to allow the Voip's to connect to 911 properly, and will allow them to offer it, which could very well be the hinge point that allows a lot more people to dump their expen$ive pots lines and go with Voip. Maybe this will be the competition that finally drives the ilecs to lower the prices.
I intend to setup a MythTV sometime in the next few months, and have been doing some research.
Does anyone know if, in adding support for this program service, they have *removed* support for the free zap2it service? Because I dont *want* to give anyone my credit card to automatically bill me monthly, Id be much happier with whatever hoops zap2it wants for the no-money-involved option, and I would only be interested in a basic data source, I dont need whatever extras the paid service has.
This isnt 'news for nerds', in any sense of the word. It is neither news (in the same way that 'The sun rose again today' would not be considered news), nor anything a self-respecting 'nerd' would consider interesting.
I just assume that new holes in IE will be found daily, if not more often. I dont use IE, or any other MS software, so I don't consider it terribly important.
Anyone in the field still using IE is either a complete moron or a brainwashed MS-apologist (or a blackhat 'using' it on other peoples machines).
Actually, their boneheaded move *would* in fact be the cause of their lost sales, not Apple's use of the trademark. Most soound-minded persons would presupposed that had TigerDirect *not* taken action against Apple, that their sales would have not been affected. Unfortunately, lacking a time machine, there is no way to actually and completely prove that.
I dont think anyone is suggesting anything is wrong with them, other than the fact that they tried to *way* overstep their rights with regards to this trademark.
Not only that, but the 'tinkerers' will develop the new features *for* you, that you can then take, incorporate into your own release, and sell it to the non-tinkerers.
So instead of paying for Windows licenses, buy the entire district brand new Pentium IV's with 1G ram, dual 300GB HD's, etc, etc.. Surely thats still technology. Heck, if their budget depends on spending a huge amount each year thats currently allocated to MS licenses, they could upgrade the entire school complement of hardware every year instead, to whatever is the current high end machine. Or new/bigger monitors. LCD projectors. who knows. But there are surely any number of alternatives to spending the money on MS software licenses.
Thought Thieves is about people stealing and profiting from your creation or innovation. Think about it: how would you feel if you saw your hard work being passed off as the property of someone else? What would you do?
Other than various companyies which are taking GPL code and incorporating it into their proprietary work in violation of the GPL, who is doing this?
I mean, if someone "pirates" Windows or other proprietary software, they arent exactly passing it off as 'their own work'. Likewise with music and movies. No one who is copying and sharing either is pretenting that *they* wrote, produced, directed, sang, or had anything else to do with the creation of the works in question, or even 'profiting' from it, since most 'file sharers' arent trying to sell the copies, just give them away. Granted, there *are* 'professional' pirates that do sell 'counterfeit' copies of things, but you arent going to educate them, they dont care. And most people don't encounter them unless they are specifically looking, and know where to look.
I think this is a subtle bit of misdirection on MS' part, to get more kids to think that copying software or entertainment is worse than it really is.
The simple fact is that making copies of information and/or distributing it is almost cost-free in this modern world of ours, and businesses built on it being hard and/or expensive just no longer make sense. Heck, witness VOIP, which is disrupting the concept that transmitting speech at great distance is a costly and difficult problem that is worth paying 20? 15? 5? none? cents a minute for. I understand the 911 issues, but to be honest, I think the best solution there would be for the FCC or Congress to mandate that local incumbent telco's provide an 'emergency call only' phone service, at no more than the cost of providing it (Im thinking something like $5/mo) And yes, slowly the telco's would be less and less telco's, and more and more 'emergency call only' providers. (They could also branch out into providing their own VOIP service too, of course, but they'd have to compete fairly for business there, without advantage of a pre-existing monopoly)
Their motivation is that that dont *want* to release a 'cheap', 'low end', 'without forcing their choices of media player down the users throat' version of Windows in the first place, at all. The supposed need for this was for low-income users, low-income countries, etc. So their response is basically "Well if you can afford a processor made in the last five years, you can afford to pay us for the full version of Windows, so there"
Actually this isnt an AMD vs Intel issue. MS doesnt want people with 'high end' processors using its 'low end' OS, regardless of wether they are AMD or Intel.
Does this lack of listening extend to people for whom english is a third language ?
I would have to say that no, it doesnt. If I can tell that the author/speaker is not a native english speaker, then even while I grit my teeth at misworded phrases, I withhold any associated negative response.
But yes, as you note, that is surely no excuse for an editor of a (presumably) professional publiscation.
Slashdot Mirror
Maybe the folks that take entire tables and squat for 8+ hours at a time are 'fly-by-coffee-show-hours 'biznesses'. Aka spammers, scammers, phishers, etc. They have no real office, and they like the anonymous/less-tracable connectivity they get from the shop's wireless as opposed to using their home connection. Anyone notice any decrease in spam on the weekends the shop shut this down? :P
I would never use an MTA that didnt do 4.2 anyway, even for straight [E]SMTP (at least for any mail not originating locally. Although since I pretty much always seperate the 'unix login account' namespace from the 'mail address' namespace, so there isnt a valid way for any addresses in locally generated mail that dont already have a full address to be corrected, except to substitute postmaster@${primary_domain}
Given the specification, MSA works just fine with the client beleiving it is speaking straight-ESMTP, even with SMTP AUTH, which would certainly be recommended, if not required; since the whole point is to seperate 'the world' sending you mail and 'authorized users' sending outbound mail, and of course without authentication there wouldnt be any way to determine authorization, even if the authorization rule is 'anyone that can successfully authenticate is authorized'
I assume your reply was just a clarification, and that you dont disagree with my more general point.
No, you dont need port 25 to relay through your tummy.com server. Use MSA - wether that means implementing it yourself (if your vserver is setup that way), or asking them to support it (if they dont already). Uses port 587 instead of 25. Requires authentication. Doesn't accept 'inbound' mail, only 'outbound for-relay'.
The 'better solution' you pine for has already existed for 7 years in RFC 2476, circa 1998. Hopefully more and more DSL/cableco's blocking of port 25 outbound will eventually lead to near-universal implementation of it.
http://www.ietf.org/rfc/rfc2476.txt
If more and more major ISP's block port 25 outbound for their 'consumer grade' service, there will be less and less zombie spam from those networks. As more web and mailhosts come to grips with this (most already have, to be honest), they will ensure that they support MSA (RFC 2476), and those users that need to travel between connectivity providers will be setup to use it (only once, as it will also work when on onces 'home' network, no need to switch back and forth).
Mail that servers send to other servers, will still go via port 25, and in addition to other spam control measures, server admins wont have to deal with as many zombied wincrap boxes on $cableco or $telco/dsl networks.
Spammers can't use MSA to deliver mail to recipients, as 1. it requires authentication, and 2. it should be setup to only accept mail for outbound relay from authenticated users. Yes, there will be some cases of spammers hijacking MS email software, and using its saved passwords to send mail as that user through that users mail server, but that will be far easier to track down and squelch than the current situation of spam coming randomly from all over.
More comprehensive info at:
http://www.circleid.com/article/1039_0_1_0_C/
Yes, so you make sure you pick a clueful ISP that has MSA (RFC 2476) support, which uses port 587, then you set his mail client to use that, and it works fine both when hes in the office, or at home, regardless of port 25 restrictions wherever he's getting his connectivity from.
Since MSA requires him to *authenticate* (which most clients, even OE and ilk will do happily) when he connects on port 587, and the ISP only accepts *outbound* mail on that port (other ISP's wanting to delvier mail *to* your ISP still use 25) it isnt terribly attractive to spammers.
Nope.
http://www.ietf.org/rfc/rfc2476.txt
This idea is to seperate 'a mailserver connecting to another mailserver to drop of mail that is addressed to a user at the destination server' from 'a user connecting to his own server, authenticating as such, and then dropping of outbound mail for that server to then send on to the final destination', and restrict the first to non-dynamic, non-'consumer', or any addresses where there isnt some reasonable expectation of a positively identifiable responsible party.
Spammers will have a lot harder time abusing the second, and will be easier to identify if and when they do.
Dangit. Stupid form.
What I *meant* to say, was, it would be nice, if the media, especially the tech media, starting getting this right...
This 'adds to the risk facing' *Windows* Internet users, not 'Internet users'. Those of us that use the Internet from non-Microsoft platforms only, dont feel beleagered with risks from viruses, trojans,etc much at all. At least not directly. We certainly get our share of spam and crap email, but thats primarily annoying, not so much 'risky'
http://spam.net/ci/ci_in.htm
Clueful folk in the industry recognize that Hormel is 'being nice'. I agree.
2. Some thoughts on SpamArrest:
http://tardigrade.net/challengeresponse.html
http://bre.klaki.net/dagbok/faerslur/1096220563.s
http://www.nelson.monkey.org/~nelson/weblog/tech/
These pretty much agree with my take on the issue.
I don't have much sympathy for SpamArrest. They are clueless as far as fighting spam properly, apparently so far as to not even be aware of Hormel's position noted above.
The link given in the summary was http://eff.tor.org/ , but that leads to some site that... well, Im not sure what it is (one link leads to a list of what appears to be footraces, the other link goes to some photos.)
I beleive they meant to say http://tor.eff.org/
I'd support that, if the way that one would demonstrate being 'sensible' was something other than a 'certification', as those are fairly universally meaningless, as one can be a complete moron and get things like MCSE, A+, etc, and often those of us who arent stupid enough to fall for things like 'emailed updates from MS' (of course, not using anything from MS makes it that much easier) often dont have the inclination, time, or money to pay to take some idiotic test that (obviously in the case of MCSE, but for A+ too) assumes PC = Windows. I've worked for 8+ years as the network engineer at an ISP, and Id probably fail A+, becuase my answer to every question that had anything to do with Windows would either be 'It doesnt matter, becuase Windows is crap', or 'Format the HD and reinstall an OS that isnt a proprietary POS'
Actually, yes, with E911 over legacy phone systems thats exactly what they get - your full address, phone #, name, etc.
Becuase the point of E911 is that they know your location even if you are unable to speak (say a heart attack, or a child hiding in a closet with a burgler in the house where if they spoke, it would alert the burglar to their presence).
Basically, the only work around is to register your location with your VOIP provider when you get your service. And you'd still have to update it if you moved, for it to continue to work.
But that isnt the issue behine this order. The issue is that, up until now, the inumbent bell telco's have been very resistant to allowing the voips to connect to the emergency trunks that lead to the PSAPS that can be used to pass along this info. Some Voips did the next bext thing and routed calls to the 'public' (usually non-emergency) number at the PSAP. Some voips just dont provide 911 dialing at all (But they dont hide this - they make it clear when you order that theres no 911)
Yes, this is becuase the incumbent telco's have been refusing to provide access to the actual emergency trunks leading into the PSAP's. If you'll RTFA, you'll note Vonage talking about agreements with varioues telco's, and that theyve been trying for a very long time. The FCC order, thankfully, also *requires* the telcos to allow access to them.
All in all, a good thing, however I *hope* that the order allows a customer to consciously make the choice to *not* have 911 service, if they know they will aboslutely not need it for some reason (either if they have a standard landline as well, or if they are shipping the VOIP box to a foreign country for a relative to use to call them free, etc)
The bit about requiring the VOIP companies to make sure their customers know the limitations of 911 - I'm honestly not sure how much clearer Vonage could be. (I have another Voip provider myself, that does not currently support 911 service, and I was fully aware of that and the consequences of it, before I ordered service from them)
That said, if lack of 911 is in any way hoding back adoption of Voip, then I applaud this, as it forces the telco's to allow the Voip's to connect to 911 properly, and will allow them to offer it, which could very well be the hinge point that allows a lot more people to dump their expen$ive pots lines and go with Voip. Maybe this will be the competition that finally drives the ilecs to lower the prices.
I intend to setup a MythTV sometime in the next few months, and have been doing some research.
Does anyone know if, in adding support for this program service, they have *removed* support for the free zap2it service? Because I dont *want* to give anyone my credit card to automatically bill me monthly, Id be much happier with whatever hoops zap2it wants for the no-money-involved option, and I would only be interested in a basic data source, I dont need whatever extras the paid service has.
This isnt 'news for nerds', in any sense of the word. It is neither news (in the same way that 'The sun rose again today' would not be considered news), nor anything a self-respecting 'nerd' would consider interesting.
I just assume that new holes in IE will be found daily, if not more often. I dont use IE, or any other MS software, so I don't consider it terribly important.
Anyone in the field still using IE
is either a complete moron or a brainwashed MS-apologist (or a blackhat 'using' it on other peoples machines).
Actually, their boneheaded move *would* in fact be the cause of their lost sales, not Apple's use of the trademark. Most soound-minded persons would presupposed that had TigerDirect *not* taken action against Apple, that their sales would have not been affected. Unfortunately, lacking a time machine, there is no way to actually and completely prove that.
I dont think anyone is suggesting anything is wrong with them, other than the fact that they tried to *way* overstep their rights with regards to this trademark.
Not only that, but the 'tinkerers' will develop the new features *for* you, that you can then take, incorporate into your own release, and sell it to the non-tinkerers.
So instead of paying for Windows licenses, buy the entire district brand new Pentium IV's with 1G ram, dual 300GB HD's, etc, etc.. Surely thats still technology. Heck, if their budget depends on spending a huge amount each year thats currently allocated to MS licenses, they could upgrade the entire school complement of hardware every year instead, to whatever is the current high end machine. Or new/bigger monitors. LCD projectors. who knows. But there are surely any number of alternatives to spending the money on MS software licenses.
Other than various companyies which are taking GPL code and incorporating it into their proprietary work in violation of the GPL, who is doing this?
I mean, if someone "pirates" Windows or other proprietary software, they arent exactly passing it off as 'their own work'. Likewise with music and movies. No one who is copying and sharing either is pretenting that *they* wrote, produced, directed, sang, or had anything else to do with the creation of the works in question, or even 'profiting' from it, since most 'file sharers' arent trying to sell the copies, just give them away. Granted, there *are* 'professional' pirates that do sell 'counterfeit' copies of things, but you arent going to educate them, they dont care. And most people don't encounter them unless they are specifically looking, and know where to look.
I think this is a subtle bit of misdirection on MS' part, to get more kids to think that copying software or entertainment is worse than it really is.
The simple fact is that making copies of information and/or distributing it is almost cost-free in this modern world of ours, and businesses built on it being hard and/or expensive just no longer make sense. Heck, witness VOIP, which is disrupting the concept that transmitting speech at great distance is a costly and difficult problem that is worth paying 20? 15? 5? none? cents a minute for. I understand the 911 issues, but to be honest, I think the best solution there would be for the FCC or Congress to mandate that local incumbent telco's provide an 'emergency call only' phone service, at no more than the cost of providing it (Im thinking something like $5/mo) And yes, slowly the telco's would be less and less telco's, and more and more 'emergency call only' providers. (They could also branch out into providing their own VOIP service too, of course, but they'd have to compete fairly for business there, without advantage of a pre-existing monopoly)
Their motivation is that that dont *want* to release a 'cheap', 'low end', 'without forcing their choices of media player down the users throat' version of Windows in the first place, at all. The supposed need for this was for low-income users, low-income countries, etc. So their response is basically "Well if you can afford a processor made in the last five years, you can afford to pay us for the full version of Windows, so there"
Actually this isnt an AMD vs Intel issue. MS doesnt want people with 'high end' processors using its 'low end' OS, regardless of wether they are AMD or Intel.
I would have to say that no, it doesnt. If I can tell that the author/speaker is not a native english speaker, then even while I grit my teeth at misworded phrases, I withhold any associated negative response.
But yes, as you note, that is surely no excuse for an editor of a (presumably) professional publiscation.