Slashdot Mirror


User: Just+Some+Guy

Just+Some+Guy's activity in the archive.

Stories
0
Comments
11,329
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,329

  1. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    You didn't say "my customers don't want email from non-authorized sources". You said that you "as a mailserver administrator" want to know my "real name" if I am sending an email to your users.

    Those are basically identical. My customers compensate me for wanting these things. :)

    Somehow I don't find this position reasonable.

    I don't find unauthenticated email reasonable. It used to be so, but the spammers ruined it for us. I liked the old trust model, honest, but I just can't afford it anymore.

    I really don't hope you get the impression that I'm philosophically opposed to your point of view, because I'm not. It's the way that I wish things could still be. However, I just don't think we'll ever be able to go back, and that saddens me.

  2. Re:DNS Security will solve all our problems. on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    Simple, easy, problem solved.

    Nice! Of course, it totally glosses over the idea of key revocation. If someone compromises my key, how do I tell the world not to accept it anymore? How often to clients poll the revocation list - hourly? Ever time they receive an email? After 10 emails or 30 minutes, whichever comes first? Alternatively, do we pay someone to maintain a central revocation list that gets pushed to all of the email servers in the world? Public Key Infrastructure is not simple or easy in any non-trivial case, and this certainly isn't one of them.

    When you get a domain name, you register your public key (for free, presumably) and you're done.

    Uh-huh. In the next paragraph, you mention Verisign and certs. While it may (initially) be free to publish your public key, you can be absolutely certain that in no time flat, a large corporation will offer a key-signing service (for a fee). Soon, any emails signed with keys that aren't signed by the CA will be suspect and require manual intervention, in exactly the same way that you're free to use a self-signed SSL key for your website, but every browser in the world will raise an alarm whenever a visitor downloads it.

  3. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 2, Informative
    Where did I ever imply that I was making arbitrary rules? My clients ask me to reduce the amount of spam that they receive. I give them a list of policies, and the pros and cons of each. They pick the ones that they're comfortable with, and I implement them. In some cases, the clients are paying customers with machines in far-off states. In other cases, the clients are my family. Either way, I'm not single-handedly chosing policy.

    I am, however, responsible for implementing that policy as best as I can. Right now, that involves a few blackhole lists, ClamAV, and SpamAssassin. Now I want to test SPF to see if it can help without causing too many false positives. The unfortunate reality is that huge operating expenses have caused most of my clients to decide that they can't afford to blindly accept email from just anywhere, and they're certainly not the only companies that have begun feeling this way.

    The good news is that SPF and other technologies show promise of letting us little guys continue to run our mailservers. If some people had their way, the solution to spam would be to reject all email that doesn't originate from large businesses. Even if SPF inconveniences a few people, I still think it's a workable solution that does far more good than harm.

  4. Re:Why not use the "instant messaging" model? on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    You just did. Add a filter to your inbox that passes a whitelist, and dumps everything else to the trash.

    There, you've just implemented ICQ's privacy model. Are you sure that's what you really want?

  5. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    The job of a mailserver admin is NOT to decide who's allowed to send mail to the users and who's not.

    I would've agreed with you as recently as 2 or 3 years ago. Now, considering that well over 70% of the messages coming into my domains are spam, I have every right to reject mail that I believe is unwelcome. Some of the more conservative DNS blackhole lists help me form that opinion. SpamAssassin gives a bit more input. SPF can potentially help make the process even more accurate.

    I wish that the job of a mail admin was still as simple as making sure that all incoming mail gets delivered as requested. However, it's not, it hasn't been in a long time, and it shows no signs of getting better. Maybe some day in the future, the tides will shift back and we can all laugh about the Great Spam Wars of 2004, but we're not there yet.

  6. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    If Joe Whistleblower has a yahoo.com email address, then he has the option of sending the message from their webmail service. Note that this would be much smarter than sending it from his own local client anyway, since it wouldn't embed his home IP address in the headers (and he can use an anonymizing proxy if Yahoo! adds a "Sending-IP:" header or similar).

    So, once again, what ability does this take away from Joe Whistleblower other than the undesirable capability of sending the email from his home PC?

    This applies equally to Jane Abusedwife, and anyone else who doesn't want to send directly-traceable email.

  7. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 1
    I never said anything about using your ISP address to receive mail. Pick a POP or IMAP service that you like and give that out to your contacts. However, as a mail admin, I want to know the actual origin of email coming into my system, and unless you work for Yahoo!, your "canonical" address certainly isn't joeuser@yahoo.com.

    In other words, your outgoing mails should look like:

    From: joeuser@isp.com
    To: janeuser@otherisp.com
    Reply-To: joeuser@yahoo.com

    I'm hard pressed to come up with a situation in which this would be a real problem. Anyone?

  8. Re:SPF Proxy on Yahoo Submits DomainKeys Draft To IETF · · Score: 1

    Interesting. I'm not entirely sure that I want to route all of my email through a server that I don't have formal ties to, but if that's legitimate, then I'm sure it'd be a nice option for a lot of people.

  9. Re:One advantage DomainKeys has over SPF... on Yahoo Submits DomainKeys Draft To IETF · · Score: 3, Informative
    I feel for you, really, but look at it from another angle. You probably already have one email address: the one your ISP gave you. For all intents and purposes, that's your canonical identity when you're on the Internet. Now, if you want me to send email to your Yahoo! address instead of your ISP account, then give me that address and set a Reply-To: header in your email client to point to it. However, understand that as a mailserver administrator, I'm not terribly interested that you don't want to provide your "real" identifying information to my server or my customers. If you want to contact me or my users, then I want to know your "real" name.

    In the real world, people are known by a certain name. They may ask people to call them by another name, but certain legal entities (banks, loan companies, etc.) will insist on having access to that person's official identity. This is vaguely similar to what SPF proposes.

  10. Anyone using SPF with Sendmail? on Yahoo Submits DomainKeys Draft To IETF · · Score: 4, Interesting
    I admin several FreeBSD mailservers. I've added SPF records to the DNS for all of my domains, but I'd like to start using it to tag incoming email. Unfortunately, I'm not having much luck finding Sendmail milters (or other plugins) that 1) aren't written in Perl and seem to require half of CPAN, or 2) don't require much patching of Sendmail itself.

    Are there any lightweight milters that would work under FreeBSD that I could use to start using SPF on production systems? While I certainly won't be filtering out unknown mail at this time, I'd like to start inserting result headers to see how accurate it is in the real world.

  11. Re:PFT. on How To Play Your iTunes Music On Other Systems · · Score: 3, Interesting
    make it illegal

    Who said anything about making it illegal? If I buy a hard-to-find song on my wife's iMac, and I want to hear it on my Linux box, I'll happily do what it takes to make that happen. I keep hearing the tired suggestion to "just burn it to a CD, then rip it into an MP3. Get this: I can get music for free from the radio. I pay for it so that I can get good sound quality. Transcoding from one lossy algorithm to another does not fall within my definition of acceptable quality.

    Some people will use these tools to share music without authorization. Some of us will use them to listen to the music that we paid for when and where we want to listen to it.

    I'm not out to rip anybody off. I just want to hear some tunes. Understand?

  12. Re:Inflation. on Out of Gas · · Score: 1

    Some new engines self-tune to compensate for the octane of the fuel they're burning by adjusting the timing, mix, etc. My dad's Cadillac Deville performed noticably differently on 93 versus 87.

  13. Re:Let me be first first American to say: on European Council Approves Software Patents · · Score: 1
    I hope you'll follow our lead when it is your chance to get rid of the most hated man in the world (no, not Bin Laden, he's trailing at a distance even to 'Rummy' at the moment) as your political leader.

    Actually, I'll be campaigning to re-elect him. Believe it or not, more than half of us like President Bush right now, and I happened to be in that majority.

    Before you say _anything_ about our politicians, be sure to understand how 'our' politics work in this newfangled European area. Most europeans don't even know.

    Then why do so many Europeans get off complaining about "ignorant Americans"? I read the news and follow my country's political machinations. When your countrymen fail to do the same, somehow it's my fault as a US citizen?

    I never meant to sound like I was mounting an attack, but frankly, I'm tired of hearing everyone complain about my country, even as I watch their own do the same things that they deride us for. Either admit that we all have a lot of work to do, together, to bring about a better world, or shut up about it altogether.

  14. Re:Inflation. on Out of Gas · · Score: 1
    Could you get away with using octane booster from a parts store, or is that also hard to get? The stuff isn't cheap, but it's a darn sight better than paying $5/gal.

    I always use the 89 here, even though my car is rated for 87, since it's the exact same price and contains ethanol (which burns cleaner, is recommended by my car's manufacturer, and is heavily subsidized since I live in a corn-growing state).

  15. Re:Inflation. on Out of Gas · · Score: 1
    Yeah, because most of the monster trucks around here have 2.3-liter inline 4-cylinder engines, and not 5+ liter V-8s.

    As far as the "cut and paste skills" comment, feel free to explain "octane" without using "detonation", "compression ratio", or "rating", or otherwise sounding like any of the many explanations that already exist. There are only so many ways to state it, you know. Either show what I "cut and pasted" or drop it.

  16. Let me be first first American to say: on European Council Approves Software Patents · · Score: 4, Insightful
    "Welcome to our world." Furthermore, this had better be the end of Europeans slamming Americans because they don't like the laws our legislators pass.

    Look, I feel bad for you, really, but all we've been hearing for years on Slashdot is that Americans are idiots who keep electing bad leaders. The USA doesn't have a patent on bad lawmaking, so please keep that in mind, would you?

  17. Re:Inflation. on Out of Gas · · Score: 1
    Again, if you paid for a performance car, then you lose your right to bitch about fuel prices. Don't get me wrong, I like nice cars and have no problem with them or the people who choose to own them. However, you can't buy a sports car and then gripe about the cost of driving it. If you're crying from behind the wheel of your VW Jetta TDI, or Prius, or Insight, then you've earned the right to complain.

    Note: my car gets about 24 highway, so I'm really not whining about other people and their "gas guzzlers". Neither am I whining about the cost of fuel.

  18. Re:Inflation. on Out of Gas · · Score: 4, Informative
    The other alternative is that your ignorant of what "octane" means in connection with gasoline. Basically, it's a measure of a fuel's resistance to pre-detonation. The higher the octane, the higher the compression ratio an engine can use without the gasoline fumes spontaneously exploding before the spark ignites them.

    It is not a measure of the amount of energy in the fuel. If you're using a higher octane fuel than required to keep your car from pinging, and your car isn't a new model that self-tunes based on the fuel's octane rating, then you are wasting your money.

    So, either you're driving a high-performance "gaz-guzzler" (your term; I have no problem with high-performance engines) or you're an idiot - your call.

  19. Re:Inflation. on Out of Gas · · Score: 1
    Since when?

    I paid about $2.50 for a gallon two months ago, and yesterday I paid $3.75. I don't think it'll last long, but there certainly has been a dramatic short-term price increase.

  20. Re:Inflation. on Out of Gas · · Score: 1

    If you're driving something that takes 93 octane, I have little sympathy for your wallet. How big's the tank on that 'Vette, anyway?

  21. Re:Where electricity comes from on Out of Gas · · Score: 2, Insightful
    In case anything actually thinks that makes sense, consider that if everything were converted to use electricity, then you can always swap out the generators with something better without directly affecting any of the users.

    Q: Does your local electricity come from coal or nuclear?
    A: That depends on whether your particular part of the grid is running in excess or deficit at this particular instant.

    In other words, once you get everyone to use some non-petrochemical source, you can pick the most efficient means of producing it without forcing your customers to replace their investment again.

  22. Re:When does your crazy project stop being amateur on Amateur Rocket Reaches Space · · Score: 1
    Out of curiosity, how does that handle people who, say, are the benefactors of gigantic trust funds? I can imagine someone who makes $BIGNUM in interest each year, but only $20,000 from working in their chosen full-time profession. I'd still give them the benefit of the doubt and call them a professional photographer, even if they don't meat the "50%" criteria.

    Note that this is a hypothetical question and does not apply to me, so don't bother asking for a loan. ;-)

  23. Re:Note to editors on Transmeta To Add 'NX' Antivirus Feature To Chips · · Score: 3, Informative

    It's a general anti-buffer-overrun feature (among other things) that patches some of the holes commonly used by viruses and worms to escalate privileges. That's very anti-virus, in that it will make it more difficult to write the critters. It is not exclusively useful for blocking viruses, but I don't think that anyone was making that argument.

  24. Re:Now that you mention it ... on Anti-Spammers Infiltrate Private Online Spam Clubs · · Score: 1
    I thought it would be rude.

    Yes, in much the same way that making a big deal of stepping on a cockroach would emphasize the fact that your host had allowed vermin to infest their home. Still, a simple "DIE SPAMMER!" before you start would be enough to earn the gratitude (and cooperation) of the other partygoers.

  25. And I hope he didn't. on Attacking WinZip AES Encryption · · Score: 1
    I hope you've misquoted him.

    I hope that he meant every syllable of it. Here's the deal: the list of people in the world smart, paranoid, and experienced enough to develop a new, relative secure crypto system is extremely short, and the odds of one of them being in a random classroom at a given moment is almost nil.

    RSA may be breakable. 3DES may be breakable. We may even learn currently "impossible" methods of breaking quantum crypto. However, that professor can be reasonably confident that noone who was in his classroom when he said that is going to write a more secure system.

    Honestly, if anyone in that room is gifted enough in that extremely small problem space, then they probably already know it and a professor speaking to the contrary isn't going to dissuade them. On the other hand, someone who thinks that they may be smart enough to create the Next Big Thing in crypto may remember their teacher's words and give up on the idea after being laughed off of sci.crypt a few times after their algorithms are shredded by people who know the subject better than they do.

    If that professor can convince one would-be crypto hack to do something more productive with their time, then the world will be a better (and more secure) place for him having done it.