You need a good blacklist (you're maintaining your own, but Spamhaus does too, and you'd probably be better off using theirs at the MTA because at the MTA you can deliver a permanent fatal, but at the router, the client (if they're a legit relay delivering on behalf of a zombie) will just try your MX. Just make sure you use a blacklist that doesn't block "categories" of network. You only want to block known abusers.
Next, you need a way to defend against forgery. SPF does that just fine.
Next, you want to filter for spam at delivery time. SpamAssassin is your friend, nuff said.
Next, you want to filter in the MUA based on direct user feedback (possibly feeding back in to the delivery-time filter). Thunderbird is among the select set of very good offerings here.
And you're done.
At home, I do all of the above, and I get only the very rare piece of spam sneaking through all 4 layers (out of thousands per day without any filtering).
It's not a 180. It *is* the most interesting signal to date.
You have to understand that saying something is the most interesting piece of dirt we've found on this mountain does not mean you've struck gold, just that you've found interesting dirt.
DomainKeys and SPF fit in differnt spaces for solving different problems.
SPF has a great deal of value. The only problem I see with it is the envelope rewriting schemem (SRS, I think it's called) which is cumbersome. I'm expecting a) someone will fork the SPF standard, since the original introducers got in bed with MSFT and b) they'll want to introduce a transfer-of-authority protocol into SMTP rather than trying to cram everything into the FROM part of the envelope.
After that, SPF is really all you need to stop forged spam.
What a lot of people (including the grandparent) don't get is that SPF isn't designed to stop spam. SPF is designed to stop two things: forgeries and bounces of forgeries. Stopping those two, however, then makes stopping spam a much more manageable problem.
If you're looking for the panacea spam solution, you're doomed. If you're looking for the right tools to eliminate almost all of the problem, SPF should be among your first few (along with a good, flexible, multi-technology server-based filtering tool like SpamAssassin; an extremely well maintained and liberal blacklist like Spamhaus; and an easy-to-use end-user spam filter like Thunderbird's).
Look and feel are uninteresting except where they are expressions of unique features. Gnome, KDE, WindowMaker and dozens of minor desktops I've probably never heard of are all themeable.
The real test is how FUNCTIONAL your desktop is. Does it have modern internationalization and accessibility featurs. Does it provide a framework for application cooperation? Does it provide a framework for user management of desktop features that is consistent, even for external elements?
Pretty baubles are easy and relatively universal. Functionality is hard.
Well, I would expect that file extension, among other things, would be the way you would determine the type of an object, but once you're past that stage, you really need to manage that more abstractly, and MIME type is as good a way to go as any.
For example, not all objects come from the filesystem. You might get an image object shunted to you by some sort of Web application. The "filename" (e.g. URL) might not have an extension, or the extension might be ".cgi". You have to be able to work with other modes of input.
Another example, Real Media files (some of them) end in ".rpm" as do RedHat Package Manager files. How do you distinguish these?
MIME isn't the only way to classify object types, but it's a reasonable way to go for a modern desktop.
Yeah, I was a bit confused by the Windows comment. Certainly the Linux desktop (and by that I mean Gnome and KDE which are reasonably similar in many ways) has taken many concepts from Windows. The default layout of window controls, the look of a panel / task bar, and many more things are Windows-like by default, but I can't think of a single one that's not customizable.
Windows is the dominant desktop paradigm right now, so it makes sense to emulate it for the defaults. You have a different idea, go right ahead and choose a different theme and/or write your own.
Let's be clear. This is not KDE. This has nothing to do with KDE, any more than KDE having an AIM client ties AIM to KDE.
NX is not toolkit-specific, it's just a way of compressing the X protocol for displaying applications over low bandwith connections.
That said, the KDE folks are talking about "integrating NX" into their KDE application framework, which would presumably mean having desktop tools that make the use of NX more convinient, and perhaps wrapping some of KDE's out-of-band data into the NX protocol (such as inter-application communication).
This is all good, but people are missing the mark if they think this is a special way of moving KDE (that is, Qt) widgets across the wire. It's simply not.
And can you still gain access to a raw socket and construct your own session? If so, this will stop VB-viruses from propagating (maybe), but nothing more sophisticated, which presumably will simply drop down to raw packet construction.
The original reason for the research was to counter IBM's claims that you could reduce your TCO more by converting to Linux on a mainframe than to Windows on PC farms.
BOTH OF THEM WERE CORRECT.
In the IBM case, they were looking at it from the point of view that you already had mainframes, and you wanted to make them cheaper to maintain and keep up with modern software trends. They were correct.
In the Microsoft case, they were analyzing what it would take to convert over to mainframes or start from scratch. They were correct.
Where MS went horribly, horribly wrong was when their marketing folks took this, perfectly reasonable, research and referenced it in ads to the general computing community without any indication that it was a comparison relevant only to a particular niche market!
MS did some good research here, but the applied it unethically. Let's be clear on what we're coming down on them for!
I've used E for a long long time. I don't use gnome or kde because they LOOK heavy. The bars, the widgets, everything feel fat.
And since, as we all know, Gnome and KDE are not window managers, and I believe that E is at least Gnome-compatible, there's no reason to be speaking as if E and Gnome (or KDE for that matter) are equatable.
What's more, Gnome and KDE are both fully themable, and at least in the case of Gnome, that means that you can select pixmaps/SVG, layout and fonts that result in a very E-like look (there are, in fact, several old Gnome themes that were designed to fit in with E more smoothly than the default).
Gnome is a set of libraries that provides for everything from widgets (such as the truly amazing Gnome Canvas which is distantly related to the TK Canvas) to session management to inter-applicaton communication to accessibility features to internationalization and much, much more. Enlightenment is a fine Window manager, and it has some of the other features of a desktop system as well, but let's not forget that most of what a desktop does, it does for applications via libraries, not by controling the display and management of application windows.
There are two factors in what you point out: 1) the groups you point out are actively harming others 2) over-agressive law enforcement using the above as excuses to broaden their powers generically.
I'm all for stomping on those who hurt others, but I want to make sure that a) they're given at least two chances to reform (this is why sex offender registration is a huge deal to me as well as the state of prisons) b) the punishment fits the crime (e.g. not having to register as a sex offender for having sex with your boy/girlfriend in a public place) c) we keep the powers of law enforcement in check.
That last is really important. In this country we make law enforcement difficult, and we do so for a reason. Ultimately, we appreciate the guy who enforces the law, but we don't TRUST him enough to let any single abuse get too far out of hand. Personally, I think this was a stroke of brilliane, and you will note that it has been replicated and improved on in various parts of the world. The 2nd and 6th ammendments are critical parts of our system of government, and encroaching on those HARMS the overall health of the nation.
You have to love SpamAssassin for it's very Perlish approach to spam filtering... "hey, there's a cool new way to filter spam... throw it in!"
I love this mostly because it means that SA is a moving target. Spammers can figure out how to defeat pieces of it, but it deploys a wide range of static, dynamic, network-based and user-driven tests that changes so much that spammers simply can't afford to keep up.
The other problem with those figures is that the groups overlap. Sum up the percentage of all the jews, gypsies, catholics, socialists, and homosexuals that were killed and you'll get a figure much higher than 100%. Someone could be a Homosexual, a Socialist, and a Catholic all at once.
And the way the Germans we counting, you could be a Jew too (if you had a Jewish ancestor). Man, there's a combo that'd get you through ANY school's Affirmative Action quotas!;-)
You are, of course, welcome to not participate, but as closed-source companies are finding, that's becoming an increasingly difficult prospect.
On the one hand, you have a situation where your CUSTOMERS (and in the open source world, most of the time I find that it is your customers who contribute the most) do a great deal of the work of making themselves happy. On the other hand, you have the model where you have to do everything yourself.
The problem is that this "free work" comes with a set of constraints (cost, if you prefer, though that's somewhat misleading) where your customers demand that you not simply sell their work back to them at a profit, but actually add value (what a shocker), and that that value comes with the same capability for them to in turn add more value. As long as you are willing to ride that particular hampster-wheel, you can make a decent living doing this....
Everbody loves to quote Martin Niemöller's lines about moral failure in the face of the Holocaust: '
First they came for the Communists, but I was not a Communist, so I said nothing. Then they came for the Social Democrats, but I was not a Social Democrat, so I did nothing. Then came the trade unionists, but I was not a trade unionist. And then they came for the Jews, but I was not a Jew, so I did little. Then when they came for me, there was no one left to stand up for me.'
But interestingly, people use the quotation to imply different meanings - even altering it to suit their purpose. When Time magazine used the quotation, they moved the Jews to the first place and dropped both the communists and the social democrats. American Vice-President Al Gore likes the to quote the lines, but drops the trade unionists for good measure. Gore and Time also added Roman Catholics, who weren't on Niemöller's list at all. In the heavily Catholic city of Boston, Catholics were added to the quotation inscribed on its Holocaust memorial. The US Holocaust Museum drops the Communists but not the Social Democrats; other versions have added homosexuals.
Yeah, I kind of wondered about the PowerPC there... it's used ALL OVER in Macs, MANY embeded systems, IBM RISC machines (mostly AIX-based) and probably many other places I don't know about. Hardly a niche.
development of gcc was quite closed to most people up until egcs was almost forked from it.
Development of egcs WAS forked from it. egcs was a stand-alone project of Cygnus that was most certainly not GCC.
However, that's years after what I'm refering to. GCC as of version 2.0 (years before 2.x began to close itself off to outside input) began to have full-fledged sub-projects the way the Linux kernel does. What I'm not sure of is when gcc moved from being Stallman's baby to being run by committee. That was either sometime late in 1.x development or early in 2.x development, I'm just not certain.
Let's follow this logic for a mailing list... let's call it LKML, just to pick a random name.
Now, I send mail to LKML. The protocol can work one of two ways: 1) use my token in the 50,000 messages taht are sent out 2) generate its own token for all 50,000 messages 3) generate a unique token for each of 50,000 messages.
Plan 1 is abusable thusly: a) spammer has "token machine" which generates the spam b) spammer has "mailing list" machine which disperses the mail to thousands of hapless end-users.
Plan 2 is abusable thusly: a) spammer generates one token and sends 50,000 messages (all the same) based on it.
Plan 3 imposes a burden on mailing lists that is unworkable. LKML (whatever that might stand for in my hypothetical) may not be able to afford enough hardware to send out so much mail, so they go away, and only large, commercial mailing lists and very small, and thus ineffective in the large, mailing lists remain in operation.
The problem is that bulk email has many forms, some good and some bad. The solution is multi-layered, fuzzy spam filtering. As someone pointed out SA 3.0 will meet part of that criteria (actually, it already does at 2.63, but there are some killer features in 3.0), but other tools, layered with SA are still needed.
Spamhaus has done a huge service in the creation of a non-premtive blacklist (sbl-xbl) that combines known spam sources with known exploited systems. By non-premtive, I mean that it finally gives sites like mine (hosted on a "residential network") a list that does not exclude ourselves, AND is highly effective. Any blacklist I use must have one central feature: it must have a way for mail servers, without changing their IP or what servers they deliver through, to get OFF of the list (unless they've provably been so abusive that they no longer merit such an opportunity).
Currently my filtering looks like this:
Step 1: SBL-XBL check (5xx error code from SMTP if that matches, and that cuts out HUGE amounts of bandwidth wastage).
Step 2: SPF check (also 5xx error code from SMTP if that fails)
Step 3: SpamAssassin check (mail is receieved fully and then scored and filtered or marked appropriately). I have SA assign a small positive ("more spammy") score for mail that has no SPF authorization, and that's about as close as I get to premptive spam filtering.
I still get spam sneaking through, but I went from my users ("user", really) complaining that they could never read mail through all the spam to, "is mail working, I haven't gotten anything today."
Specifically, the model by which he retained control, but opened the code and process by which it was modified, accepting the input of sub-projects.
Projects such as Mozilla, Perl, and many others have adopted the same strategy, but as far as I'm aware, the only other project that MAY have beat Linux to the punch there was gcc, which had a very similar development procedure, but may have been somewhat more committee-oriented by the time it actually had to deal with sub-projects (as opposed to the monolithic development process that existed when Stallman was fully in charge).
The management practices of open source projects have, at the very least, evolved a great deal since Linux was introduced, and in many cases as a result of the success that Linus has had in various modes of management.
Google doesn't set these prices. They are simply responding to the market, and as they get better and better estimates of what the dutch auction is LIKELY to set, they are required by law to tell the SEC what they think it will go out at. They're estimating on the high side as they should, but if they get information that indicates with a high degree of certainty that it will go out lower, they need to disclose that.
The real problem here is that the SEC's regulations make it quite difficult to comply while offering a dutch auction. Either the SEC should outright ban such things, or they should fix the regulations so that it's no harder to comply with the regulations for either format (e.g. you should be required to file information about the general valuation of your company, which is all in the S1, but there's no reason in a dutch auction to file an estimate of the opening price... you just can't know that). It might make sense to require a range of suggested price, but it should be just that, a range from asset value to earnings times some reasonable multiple for the industry would be fine.
PS: Slashdot eds should have put up a blurb after this terrible submission noting that Google doesn't set these prices.
Slashdot Mirror
No one cares about the MS bits. When I say "fork the standard" I just mean that any future development could be done using the original SPF.
You're just repeating what I said.
You need a good blacklist (you're maintaining your own, but Spamhaus does too, and you'd probably be better off using theirs at the MTA because at the MTA you can deliver a permanent fatal, but at the router, the client (if they're a legit relay delivering on behalf of a zombie) will just try your MX. Just make sure you use a blacklist that doesn't block "categories" of network. You only want to block known abusers.
Next, you need a way to defend against forgery. SPF does that just fine.
Next, you want to filter for spam at delivery time. SpamAssassin is your friend, nuff said.
Next, you want to filter in the MUA based on direct user feedback (possibly feeding back in to the delivery-time filter). Thunderbird is among the select set of very good offerings here.
And you're done.
At home, I do all of the above, and I get only the very rare piece of spam sneaking through all 4 layers (out of thousands per day without any filtering).
It's not a 180. It *is* the most interesting signal to date.
You have to understand that saying something is the most interesting piece of dirt we've found on this mountain does not mean you've struck gold, just that you've found interesting dirt.
DomainKeys and SPF fit in differnt spaces for solving different problems.
SPF has a great deal of value. The only problem I see with it is the envelope rewriting schemem (SRS, I think it's called) which is cumbersome. I'm expecting a) someone will fork the SPF standard, since the original introducers got in bed with MSFT and b) they'll want to introduce a transfer-of-authority protocol into SMTP rather than trying to cram everything into the FROM part of the envelope.
After that, SPF is really all you need to stop forged spam.
What a lot of people (including the grandparent) don't get is that SPF isn't designed to stop spam. SPF is designed to stop two things: forgeries and bounces of forgeries. Stopping those two, however, then makes stopping spam a much more manageable problem.
If you're looking for the panacea spam solution, you're doomed. If you're looking for the right tools to eliminate almost all of the problem, SPF should be among your first few (along with a good, flexible, multi-technology server-based filtering tool like SpamAssassin; an extremely well maintained and liberal blacklist like Spamhaus; and an easy-to-use end-user spam filter like Thunderbird's).
Look and feel are uninteresting except where they are expressions of unique features. Gnome, KDE, WindowMaker and dozens of minor desktops I've probably never heard of are all themeable.
The real test is how FUNCTIONAL your desktop is. Does it have modern internationalization and accessibility featurs. Does it provide a framework for application cooperation? Does it provide a framework for user management of desktop features that is consistent, even for external elements?
Pretty baubles are easy and relatively universal. Functionality is hard.
Well, I would expect that file extension, among other things, would be the way you would determine the type of an object, but once you're past that stage, you really need to manage that more abstractly, and MIME type is as good a way to go as any.
For example, not all objects come from the filesystem. You might get an image object shunted to you by some sort of Web application. The "filename" (e.g. URL) might not have an extension, or the extension might be ".cgi". You have to be able to work with other modes of input.
Another example, Real Media files (some of them) end in ".rpm" as do RedHat Package Manager files. How do you distinguish these?
MIME isn't the only way to classify object types, but it's a reasonable way to go for a modern desktop.
Yeah, I was a bit confused by the Windows comment. Certainly the Linux desktop (and by that I mean Gnome and KDE which are reasonably similar in many ways) has taken many concepts from Windows. The default layout of window controls, the look of a panel / task bar, and many more things are Windows-like by default, but I can't think of a single one that's not customizable.
Windows is the dominant desktop paradigm right now, so it makes sense to emulate it for the defaults. You have a different idea, go right ahead and choose a different theme and/or write your own.
Doh.. that's Neverball. Me and my penchant for not previewing! ;-)
I would have cited Wesnoth, GLTron and .
What's interesting about that list is not only that they're all great open source games, but also that they're cross-platform!
Life is good for open source gaming.
Let's be clear. This is not KDE. This has nothing to do with KDE, any more than KDE having an AIM client ties AIM to KDE.
NX is not toolkit-specific, it's just a way of compressing the X protocol for displaying applications over low bandwith connections.
That said, the KDE folks are talking about "integrating NX" into their KDE application framework, which would presumably mean having desktop tools that make the use of NX more convinient, and perhaps wrapping some of KDE's out-of-band data into the NX protocol (such as inter-application communication).
This is all good, but people are missing the mark if they think this is a special way of moving KDE (that is, Qt) widgets across the wire. It's simply not.
www.goolge.com = www.verisign.com
;-)
I'm dyslexic, and it actually took me 3 or 4 tries before I could tell what was wrong with that
And can you still gain access to a raw socket and construct your own session? If so, this will stop VB-viruses from propagating (maybe), but nothing more sophisticated, which presumably will simply drop down to raw packet construction.
The original reason for the research was to counter IBM's claims that you could reduce your TCO more by converting to Linux on a mainframe than to Windows on PC farms.
BOTH OF THEM WERE CORRECT.
In the IBM case, they were looking at it from the point of view that you already had mainframes, and you wanted to make them cheaper to maintain and keep up with modern software trends. They were correct.
In the Microsoft case, they were analyzing what it would take to convert over to mainframes or start from scratch. They were correct.
Where MS went horribly, horribly wrong was when their marketing folks took this, perfectly reasonable, research and referenced it in ads to the general computing community without any indication that it was a comparison relevant only to a particular niche market!
MS did some good research here, but the applied it unethically. Let's be clear on what we're coming down on them for!
I've used E for a long long time. I don't use gnome or kde because they LOOK heavy. The bars, the widgets, everything feel fat.
And since, as we all know, Gnome and KDE are not window managers, and I believe that E is at least Gnome-compatible, there's no reason to be speaking as if E and Gnome (or KDE for that matter) are equatable.
What's more, Gnome and KDE are both fully themable, and at least in the case of Gnome, that means that you can select pixmaps/SVG, layout and fonts that result in a very E-like look (there are, in fact, several old Gnome themes that were designed to fit in with E more smoothly than the default).
Gnome is a set of libraries that provides for everything from widgets (such as the truly amazing Gnome Canvas which is distantly related to the TK Canvas) to session management to inter-applicaton communication to accessibility features to internationalization and much, much more. Enlightenment is a fine Window manager, and it has some of the other features of a desktop system as well, but let's not forget that most of what a desktop does, it does for applications via libraries, not by controling the display and management of application windows.
wh0z3 sp3111ng eggzaktly d0 j00 konsidr akur8?
There are two factors in what you point out: 1) the groups you point out are actively harming others 2) over-agressive law enforcement using the above as excuses to broaden their powers generically.
I'm all for stomping on those who hurt others, but I want to make sure that a) they're given at least two chances to reform (this is why sex offender registration is a huge deal to me as well as the state of prisons) b) the punishment fits the crime (e.g. not having to register as a sex offender for having sex with your boy/girlfriend in a public place) c) we keep the powers of law enforcement in check.
That last is really important. In this country we make law enforcement difficult, and we do so for a reason. Ultimately, we appreciate the guy who enforces the law, but we don't TRUST him enough to let any single abuse get too far out of hand. Personally, I think this was a stroke of brilliane, and you will note that it has been replicated and improved on in various parts of the world. The 2nd and 6th ammendments are critical parts of our system of government, and encroaching on those HARMS the overall health of the nation.
You have to love SpamAssassin for it's very Perlish approach to spam filtering... "hey, there's a cool new way to filter spam... throw it in!"
I love this mostly because it means that SA is a moving target. Spammers can figure out how to defeat pieces of it, but it deploys a wide range of static, dynamic, network-based and user-driven tests that changes so much that spammers simply can't afford to keep up.
The other problem with those figures is that the groups overlap. Sum up the percentage of all the jews, gypsies, catholics, socialists, and homosexuals that were killed and you'll get a figure much higher than 100%. Someone could be a Homosexual, a Socialist, and a Catholic all at once.
;-)
And the way the Germans we counting, you could be a Jew too (if you had a Jewish ancestor). Man, there's a combo that'd get you through ANY school's Affirmative Action quotas!
You are, of course, welcome to not participate, but as closed-source companies are finding, that's becoming an increasingly difficult prospect.
On the one hand, you have a situation where your CUSTOMERS (and in the open source world, most of the time I find that it is your customers who contribute the most) do a great deal of the work of making themselves happy. On the other hand, you have the model where you have to do everything yourself.
The problem is that this "free work" comes with a set of constraints (cost, if you prefer, though that's somewhat misleading) where your customers demand that you not simply sell their work back to them at a profit, but actually add value (what a shocker), and that that value comes with the same capability for them to in turn add more value. As long as you are willing to ride that particular hampster-wheel, you can make a decent living doing this....
Yeah, I kind of wondered about the PowerPC there... it's used ALL OVER in Macs, MANY embeded systems, IBM RISC machines (mostly AIX-based) and probably many other places I don't know about. Hardly a niche.
development of gcc was quite closed to most people up until egcs was almost forked from it.
Development of egcs WAS forked from it. egcs was a stand-alone project of Cygnus that was most certainly not GCC.
However, that's years after what I'm refering to. GCC as of version 2.0 (years before 2.x began to close itself off to outside input) began to have full-fledged sub-projects the way the Linux kernel does. What I'm not sure of is when gcc moved from being Stallman's baby to being run by committee. That was either sometime late in 1.x development or early in 2.x development, I'm just not certain.
Let's follow this logic for a mailing list... let's call it LKML, just to pick a random name.
Now, I send mail to LKML. The protocol can work one of two ways: 1) use my token in the 50,000 messages taht are sent out 2) generate its own token for all 50,000 messages 3) generate a unique token for each of 50,000 messages.
Plan 1 is abusable thusly: a) spammer has "token machine" which generates the spam b) spammer has "mailing list" machine which disperses the mail to thousands of hapless end-users.
Plan 2 is abusable thusly: a) spammer generates one token and sends 50,000 messages (all the same) based on it.
Plan 3 imposes a burden on mailing lists that is unworkable. LKML (whatever that might stand for in my hypothetical) may not be able to afford enough hardware to send out so much mail, so they go away, and only large, commercial mailing lists and very small, and thus ineffective in the large, mailing lists remain in operation.
The problem is that bulk email has many forms, some good and some bad. The solution is multi-layered, fuzzy spam filtering. As someone pointed out SA 3.0 will meet part of that criteria (actually, it already does at 2.63, but there are some killer features in 3.0), but other tools, layered with SA are still needed.
Spamhaus has done a huge service in the creation of a non-premtive blacklist (sbl-xbl) that combines known spam sources with known exploited systems. By non-premtive, I mean that it finally gives sites like mine (hosted on a "residential network") a list that does not exclude ourselves, AND is highly effective. Any blacklist I use must have one central feature: it must have a way for mail servers, without changing their IP or what servers they deliver through, to get OFF of the list (unless they've provably been so abusive that they no longer merit such an opportunity).
Currently my filtering looks like this:
Step 1: SBL-XBL check (5xx error code from SMTP if that matches, and that cuts out HUGE amounts of bandwidth wastage).
Step 2: SPF check (also 5xx error code from SMTP if that fails)
Step 3: SpamAssassin check (mail is receieved fully and then scored and filtered or marked appropriately). I have SA assign a small positive ("more spammy") score for mail that has no SPF authorization, and that's about as close as I get to premptive spam filtering.
I still get spam sneaking through, but I went from my users ("user", really) complaining that they could never read mail through all the spam to, "is mail working, I haven't gotten anything today."
Specifically, the model by which he retained control, but opened the code and process by which it was modified, accepting the input of sub-projects.
Projects such as Mozilla, Perl, and many others have adopted the same strategy, but as far as I'm aware, the only other project that MAY have beat Linux to the punch there was gcc, which had a very similar development procedure, but may have been somewhat more committee-oriented by the time it actually had to deal with sub-projects (as opposed to the monolithic development process that existed when Stallman was fully in charge).
The management practices of open source projects have, at the very least, evolved a great deal since Linux was introduced, and in many cases as a result of the success that Linus has had in various modes of management.
Google doesn't set these prices. They are simply responding to the market, and as they get better and better estimates of what the dutch auction is LIKELY to set, they are required by law to tell the SEC what they think it will go out at. They're estimating on the high side as they should, but if they get information that indicates with a high degree of certainty that it will go out lower, they need to disclose that.
The real problem here is that the SEC's regulations make it quite difficult to comply while offering a dutch auction. Either the SEC should outright ban such things, or they should fix the regulations so that it's no harder to comply with the regulations for either format (e.g. you should be required to file information about the general valuation of your company, which is all in the S1, but there's no reason in a dutch auction to file an estimate of the opening price... you just can't know that). It might make sense to require a range of suggested price, but it should be just that, a range from asset value to earnings times some reasonable multiple for the industry would be fine.
PS: Slashdot eds should have put up a blurb after this terrible submission noting that Google doesn't set these prices.