Sandman the Movie
on
Ask Neil Gaiman
·
· Score: 5, Interesting
You commented at MIT (BTW: wonderful reading of a great short-story) that you didn't want to see Sandman the Movie made at this point because of the horrible treatment it had been given (I think the last draft script you had read contained, "Puny humans, your bullets cannot harm me!")
With the change in attitude toward comics in Hollywood, have you considered pressing the issue again? Also, have you considered talking to Hollywood's most successful comic book geek (Jess Whedon) about his getting behind the project? I would be stunned if he wasn't interested, though I'm sure the Firefly movie is sucking down a good chunk of his time....
You're not listening. You act as if this sort of thing is new.
Keep in mind that when you say "this is a fairly common mistake", you're speaking more truth than you may realize. This isn't just *common*, it's downright guaranteed. Have a system that works at such a high level that buffer overflows aren't possible? Guess what, your system was written in a language where they ARE. Buffer overflows have been found in Java Virtual Machines, security modules for every major OS, etc, etc.
Why is OpenSSH more useful than the rest of the pack of remote access software now? Because one of those problems has been fixed. Will there be another tomorrow? You bet your sweet ass! That's why you layer your security technologies, but you don't throw out the baby with the bath-water and use something that "has no bugs"... because I'll guarantee that that's because no one has looked closely enough.
These bugs are not killing us. In fact, they're helping us to make our code stronger.
I'm so sick of the "there are bugs in it, let's switch" mentallity. There are bugs in every piece of software ever written. Why? Because human beings have a hard time specifying exactly what they want.
Sometimes those bugs are dangerous (as in buffer overflows), but if you look at your average piece of source code long enough -- source of ANY number of lines -- I bet you can find a bug in it.
So, we should all switch to the abacus? No, we should all make sure we spend time and money on the problem of finding bugs before the black-hats do. And that's why I buy software like Red Hat... because they actually spend some of that money on auditing for security, and I like the results (many bugs found and killed).
Sounds fine. Not quite what I was thinking, but another good idea. And thus you see just how easy it is to come up with business models around music as soon as you accept that the traditional label model is dead.
The point is that you don't WANT to have to have a huge storage device that you lugg around. Just an identity that lets you get the music from any place that has Internet access. If that happens to be the GSM-based wireless palmtop you carry around, then you get the same advantage you just described, with one more user-hop of indirection.
Spammers harm me, quite a lot actually, so they should be punnished
No, no they don't at all, and I'd rather that we not throw words like "harm" around and devalue them.
Mail was useful before the spammers took it over
Mail is still useful. Mail was more useful when there were less people on the Net and most of those people had common goals. Letting random idiots into the village means we have village idots. This is not shocking.
Over the last 10 years I have spend time worth tens of thousand dollars in order to keep mail useful dispite spam
And I've spent an equal amount of time cleaning up leaves in my yard. Trees are not harming me, they are costing me time and effort, but I choose to engage in that effort as you choose to involve yourself in the effort of sorting signal from noise in your inbox. You're welcome to do that if you wish. In *fact* I will help you (with tools like SpamAssassin).
Spam-apologist will probably point out that I "could have done it faster by other means"
Well, I'm not a spam appologist, but I'll point out that you could have just accepted mail from your freinds' machines IPs. You could have told everyone who you gave your email address to that they had to call you up first and then you add them to your firewall.
Instead, you've chosen to accept mail from EVERYONE and then complain that some of that mail (quite possibly the majority) is one of several classes of unwanted mail (e.g. commercial spam, religious spam, viruses, bounces from all of the above forged in your name, etc).
So I'm as happy about spammers as I would be about a burgler who had stolen tens of dolars from my home
But in the case of burglers a) you did not invite them in by installing an "everyone can come in" style unlocked door, which is recognized world-wide as a standard invitation to come on in b) you did not choose to lose money as a result of the theft.
The more appropriate annology would be that you opened up your front door and put a sign out saying "come in and talk to me", and then got upset that "it used to be that people just wandering in was useful to me and my business, but now everyone from bums on the street to politicians to salesmen are just coming in my house and costing my thousands of dollars of time to find them and kick them out!"
Solution: close your door or hire someone to run a rope-line outside to filter who gets in.
Not surprisingly spam has the same solutions. Thankfully the rope line can get pretty sophisticated and eventually will automatically invole everyone presenting picture ID before getting in, and your ability to run a background check on their ID to see if you should let them in.
Since the professionel spammers have far more victims than even the most active burgler
Victim is a wildly missused term here. I hate getting spam, but that's my problem, and I'll implement my solution. Just because I don't like what someone sends me doesn't make me a victim!
I find it deeply depressing that/. collectively (especially the moderators) have taken the side of the spammers on this one. Maybe you are to young to remember when the mail system worked.
Actually, I don't take the side of spammers. I take the side of the network. The network is good, and we should keep laws as far away from it as possible. What we need is the tools that let us build reputation in constructive ways and use that reputation to filter our mail on the basis of such.
As to my age... You're speaking to the former UUCP-gateway admin for Fidelity Investments... You can't send me mail at...!clue!ajs anymore, but, well... you get the idea.
I really do feel bad for the RIAA members (not the RIAA itself). They are stuck having to eventually face the fact that they are 80% of the way to extinction. Can anyone realy imagine a future 50 years down the road where anyone is interested in buying a piece of plastic with music on it?
Yes, storing it in a way that does not rot too fast or get deleted for video game space is valuable, but I see the future retailers of music being the clubs that host musicians. They should strike a deal with the performers that they host to sell the music via a Web site and via a kiosk at the show.
Here's one business model for that:
Club makes USB-fobs that contain the customer's name, credit info (or a key that they look up the credit info in their database with) and email address. The customer goes to a show and likes it, so they walk over to the kiosk and plug in their fob to order the "album" on the way out. The kiosk notes the purchase in the database and sends email to the customer with a link to download the music from the Web site.
Quick, easy, and here's the best part: you don't care about file-swappers because you get the customer at the exact point where they decide they like the music. You don't care if the 5 billion people who never come to your club swap this music around. What you care about is that your club (and the artist who gets a cut) made some extra money from a customer. You win, they win and the band wins.
But, I still feel bad for the labels who are doomed because they can't make a "star" anymore out of some semi-talented performer who they can stick on MTV. Or more to the point, they can make the star, but there's soon going to be no point in terms of selling CDs.
Most human beings count in 10s. Only technogeeks like us count in 2s. If the government standardized on anything, it'd be powers of 10.
But, then that's fine.
You can say, "our 1MB drive" if you mean that it has 1,000,000 bytes.
When you say, "our 1MiB drive" you should mean that it has 2^10 bytes.
Moreover, if you say it's "our 1Mib drice" you should mean it is has 2^10 bits.
Why should you do this silly thing? Because THAT is what those abbreviations mean, and if an astute customer decides to look them up, they will find those meanings.
If you don't want to use a technical term, then by all means, don't. Feel free to say, "our 1 million byte drive." That's fine with me, as long as you mean that it has 1 million bytes. If it has 2^10*1000 bytes then it gets harder, but that's not TOO bad, it's just 1000MiB. It's most certainly NOT 1GB or even 1GiB, and if you claim that it is, YOU ARE LYING.
Where does it say that because I have a computer on the internet that I am required to accept bits from anyone anywhere?
None at all! Good lord, I hope you don't think I was suggesting that you should not have every right to refuse anything you like!
What I was saying is that you don't have a right to expect that you can put up a large funnel marked "insert mail-like bits here" (which is what SMTP is) and complain when someone puts mail-like bits in it.
You can block whatever you like. You can put up a firewall that prevents every system on the Net except one from sending you mail. That's all entirely your choice and should always remain so! This is why I get upset whe providers tell me that I shoudl not run my own servers, but rely on thiers. I ask them, "how quickly will you respond to my requests to change mail filtering and install point-to-point encryption software of my choosing?" The answer is predictable, and not terribly interesting.
Feel free to filter however you like. What I have a problem with is when people say, "I don't want to get spam, so spam should be illegal." Well, I'd rather not have all sorts of communication happen in a day, but almost none of it should be illegal.
Here are some laws that would help stop spam, and would actually be useful:
1. Stiff penalties including jail time for using a host (not under your control) to relay mail that it does not advertise an MX for the repient of in batches of more than 1000 in a given day, unless you have an explicit agreement with the owner of that system.
2. A law giving a person explicit rights to collect damages in the event that their name is used as the sender address for unsolicited mail, without explicit consent in volume exceeding 1000 messages per day.
3. Same as #2, but for hosting/site providers whose domain name is used as above by an individual or business which has not been allocated the user-account(s) used in the mailing.
A law making software authors responsible for the use of their software to perform the above (without modification, of course, since you CAN make IE do all of the above using ActiveX controls, but IE should not be penalized for such scripting capabilities).
Notice that none of these address spam directly. What they do is attempt to make it difficult (and financially dangerous) to hide the origin of your mail. Once that is done, your ability to filter whatever you don't like (or accept what you do) becomes much more powerful!
Your logic seems to lead to the tacit acceptance of ultimately, unavoidably crappy laws that inflict penalties on the wrong parties, and of course cannot target the real problem, which simply moves off-shore.
Sorry, I'm just not able to get behind that. Spam is a technical problem which can be solved technically. It is not a legal problem. No one dies. No one is harmed. It costs you money, but only in sofar as you put up a public service accepting bits from anyone in the world, and someone DARED to send you bits you didn't want!
This is the same logic that got us into the situation where someone who gets caught having sex with their boy/girlfriend on lover's lane (especially if you're in Mass. and happen to be in a non-missionary position) can end up having to walk around to all of your neighbors and tell them you're a sex-offender... joy.
Yeah, so the definition of a spammer is what? If you get 1000 messages a day with my name as the return-address, do I get fined? What if the headers are *very* convincing? What if it's "from" someone else, but it came from my network? What if that was someone who I let put thier virus-infected laptop on my wireless network?
Good point. Also keep in mind that by threatening individual Red Hat customers, Red Hat's business is impacted by SCO's actions. This would seem to just be a delaying tactic on SCO's part. The best case scenario for them is to have this drag out in court for years.
Why not just have all the mailers settle on a protocol for key exchange that happens passively when you send/receive email?
I wrote up a specification for just this quite a while ago, but stopped working on it because a) I had a new job and b) other people seemed to be moving toward something workable that did roughly the same thing.
SVG would be fine. Flash sucks almost entirely because one company controls it. If my browser implements SVG, then those who control my browser (oh wait, that' me!) can control the experience as it makes the most sense there. Controls can be seemless between the two layers (e.g. blocking images can pertain inside AND outside of SVG and menus can be made more compatible inside and out).
Yes, SVG would be a welcome change.
As would DHTML.
As would simply designing your site well in the first place, and throwing away wizzy, flying images in favor of just making the damn information usable.
I take a look at Cannon's site for digital SLR cameras for example, and I imagine them without Flash. What would they do? Well, they *might* give you useful information on the cameras rather than animated page after animated page of marketing buzz-phrases. But, I doubt that. I think they'd just give you page after page of animated gifs:-(
I'm very sorry to hear that, and I hope that if this comes to pass your company moves quickly to take advantage of the large number of companies that will be looking for a move away from plugins and toward other, more universal technologies (such as DHTML, MPNG, etc).
However, I am overjoyed by this turn of events as a whole. I want to see flash and all other proprietary Web formats stricken from the world. The Web works and works well becuase it is NOT proprietary.
As for the "back to 1993" comment, I'll point out that in 1993, we did not have the GOOD open standards for high quality Web presentation such as DHTML, CSS, XML, and many, many others that we do today.
The death of the plugin will mean that only those protocols and rendering standards that are supported by the core browser will be available to the majority of the world's Web designers, and that will mean that no one company can effectively control the market without going open source (and effectively giving up said control).
As I understand it, Slashdot's revenue was floating most of VA's online content. That being the case, they needed even more money from it in order to avoid removing useful, but lower-revenue services that made the advertising more attractive (e.g. by giving customers a sense of larger circulation).
You are correct. What you describe is a community of trust, and in the real world, communities of trust are disjoint and apply only to certain applications and certain ways of interacting.
The same is true in software.
That does not make the idea of a CA useless, it simply makes it no more useful than it is in the real world.
The idea of a CA is totally independant of any centralization.
The implementation of existing CAs is centralized.
Don't confuse those two. You could, for example, start a "TLS SpamKiller" CA and distribute your CA key with your software. Then anyone that you sign keys for can certify sites that send mail using your software.
If your software is just a plugin for lots of existing mailers, then all people have to do is use your plugin. Done.
Your server *does* have to have a single name that it admits to, but you can accept mail for (and send it from) andy name you like. You can use TLS today.
1. The world isn't quite that authroitarian. 2. Your desire to have people behave politely doesn't override the general need to have the Internet remain an open exchange of packets between peers. 3. What's an ISP? What's a customer? Should UUNet filter mail coming from their peers? Should a University filter mail coming from its own dekstops? What about labs that have their own Internet presence, but are part of the University? What about multi-homed businesses?
I get a slew of these messages, and I have to admit to not having the time to solve the problem, but it's easily solved, if a monumental social engineering problem.
What you need to do is this: first, get everyone to agree that they need to use SMTP/TLS. Second, get everyone to agree to get a key that's signed by a CA. Notice I didn't say "ISPs" above... that's because not everyone relates to their upstream in the same way, and some people (big Universities for example) tend to peer with multiple providers.
Once everyone has a CA-signed key for their TLS-only mail then we can kill this sort of thing, dead. You send spam, you get axed. You send spam from multiple certs owned by the same entity, that entity gets axed. You send spam from multiple certs owned by multiple entities with the same CA, that CA gets axed.
Apply SpamAssassin-like weighting to this process (weighting each key and entity and CA based on frequency of good or bad mail) and you quickly evolve a system of personal and community reputation that lets us get back to business without hurting those who don't deserve to be hurt (e.g. you might use a bad CA and work for a bad company, but if your key is never used for spam, you will evolved a good reputation over time).
The same is true of viruses, it's just slightly more important to track individual sender keys (which will reprsent homes, corporate divisions and whatever other units make sense for you to create a unique mail server) when it comes to viruses. Databases of keys will have to be huge, but they can be distributed on various useful boundaries in the same way as DNS (e.g. by CA and then by organization).
We'll get there, it's just that the pain threshold has to increase to the point that we all nod our heads and say, "I'm shutting off non-TLS now".
Architect: [...]Thus the answer was stumbled upon by another, and intuitive program, initially created to investigate certain aspects of the human psyche. If I am the father of the matrix, she would undoubtedly be its mother.
Neo: The Oracle
Architect: Please, as I was saying she stumbled upon a solution whereby nearly 99 percent of all test subjects accepted the program as long as they were given a choice[...]
You commented at MIT (BTW: wonderful reading of a great short-story) that you didn't want to see Sandman the Movie made at this point because of the horrible treatment it had been given (I think the last draft script you had read contained, "Puny humans, your bullets cannot harm me!")
With the change in attitude toward comics in Hollywood, have you considered pressing the issue again? Also, have you considered talking to Hollywood's most successful comic book geek (Jess Whedon) about his getting behind the project? I would be stunned if he wasn't interested, though I'm sure the Firefly movie is sucking down a good chunk of his time....
You're not listening. You act as if this sort of thing is new.
Keep in mind that when you say "this is a fairly common mistake", you're speaking more truth than you may realize. This isn't just *common*, it's downright guaranteed. Have a system that works at such a high level that buffer overflows aren't possible? Guess what, your system was written in a language where they ARE. Buffer overflows have been found in Java Virtual Machines, security modules for every major OS, etc, etc.
Why is OpenSSH more useful than the rest of the pack of remote access software now? Because one of those problems has been fixed. Will there be another tomorrow? You bet your sweet ass! That's why you layer your security technologies, but you don't throw out the baby with the bath-water and use something that "has no bugs"... because I'll guarantee that that's because no one has looked closely enough.
These bugs are not killing us. In fact, they're helping us to make our code stronger.
I'm so sick of the "there are bugs in it, let's switch" mentallity. There are bugs in every piece of software ever written. Why? Because human beings have a hard time specifying exactly what they want.
Sometimes those bugs are dangerous (as in buffer overflows), but if you look at your average piece of source code long enough -- source of ANY number of lines -- I bet you can find a bug in it.
So, we should all switch to the abacus? No, we should all make sure we spend time and money on the problem of finding bugs before the black-hats do. And that's why I buy software like Red Hat... because they actually spend some of that money on auditing for security, and I like the results (many bugs found and killed).
Sounds fine. Not quite what I was thinking, but another good idea. And thus you see just how easy it is to come up with business models around music as soon as you accept that the traditional label model is dead.
The point is that you don't WANT to have to have a huge storage device that you lugg around. Just an identity that lets you get the music from any place that has Internet access. If that happens to be the GSM-based wireless palmtop you carry around, then you get the same advantage you just described, with one more user-hop of indirection.
Spammers harm me, quite a lot actually, so they should be punnished
/. collectively (especially the moderators) have taken the side of the spammers on this one. Maybe you are to young to remember when the mail system worked.
...!clue!ajs anymore, but, well... you get the idea.
No, no they don't at all, and I'd rather that we not throw words like "harm" around and devalue them.
Mail was useful before the spammers took it over
Mail is still useful. Mail was more useful when there were less people on the Net and most of those people had common goals. Letting random idiots into the village means we have village idots. This is not shocking.
Over the last 10 years I have spend time worth tens of thousand dollars in order to keep mail useful dispite spam
And I've spent an equal amount of time cleaning up leaves in my yard. Trees are not harming me, they are costing me time and effort, but I choose to engage in that effort as you choose to involve yourself in the effort of sorting signal from noise in your inbox. You're welcome to do that if you wish. In *fact* I will help you (with tools like SpamAssassin).
Spam-apologist will probably point out that I "could have done it faster by other means"
Well, I'm not a spam appologist, but I'll point out that you could have just accepted mail from your freinds' machines IPs. You could have told everyone who you gave your email address to that they had to call you up first and then you add them to your firewall.
Instead, you've chosen to accept mail from EVERYONE and then complain that some of that mail (quite possibly the majority) is one of several classes of unwanted mail (e.g. commercial spam, religious spam, viruses, bounces from all of the above forged in your name, etc).
So I'm as happy about spammers as I would be about a burgler who had stolen tens of dolars from my home
But in the case of burglers a) you did not invite them in by installing an "everyone can come in" style unlocked door, which is recognized world-wide as a standard invitation to come on in b) you did not choose to lose money as a result of the theft.
The more appropriate annology would be that you opened up your front door and put a sign out saying "come in and talk to me", and then got upset that "it used to be that people just wandering in was useful to me and my business, but now everyone from bums on the street to politicians to salesmen are just coming in my house and costing my thousands of dollars of time to find them and kick them out!"
Solution: close your door or hire someone to run a rope-line outside to filter who gets in.
Not surprisingly spam has the same solutions. Thankfully the rope line can get pretty sophisticated and eventually will automatically invole everyone presenting picture ID before getting in, and your ability to run a background check on their ID to see if you should let them in.
Since the professionel spammers have far more victims than even the most active burgler
Victim is a wildly missused term here. I hate getting spam, but that's my problem, and I'll implement my solution. Just because I don't like what someone sends me doesn't make me a victim!
I find it deeply depressing that
Actually, I don't take the side of spammers. I take the side of the network. The network is good, and we should keep laws as far away from it as possible. What we need is the tools that let us build reputation in constructive ways and use that reputation to filter our mail on the basis of such.
As to my age... You're speaking to the former UUCP-gateway admin for Fidelity Investments... You can't send me mail at
I really do feel bad for the RIAA members (not the RIAA itself). They are stuck having to eventually face the fact that they are 80% of the way to extinction. Can anyone realy imagine a future 50 years down the road where anyone is interested in buying a piece of plastic with music on it?
Yes, storing it in a way that does not rot too fast or get deleted for video game space is valuable, but I see the future retailers of music being the clubs that host musicians. They should strike a deal with the performers that they host to sell the music via a Web site and via a kiosk at the show.
Here's one business model for that:
Club makes USB-fobs that contain the customer's name, credit info (or a key that they look up the credit info in their database with) and email address. The customer goes to a show and likes it, so they walk over to the kiosk and plug in their fob to order the "album" on the way out. The kiosk notes the purchase in the database and sends email to the customer with a link to download the music from the Web site.
Quick, easy, and here's the best part: you don't care about file-swappers because you get the customer at the exact point where they decide they like the music. You don't care if the 5 billion people who never come to your club swap this music around. What you care about is that your club (and the artist who gets a cut) made some extra money from a customer. You win, they win and the band wins.
But, I still feel bad for the labels who are doomed because they can't make a "star" anymore out of some semi-talented performer who they can stick on MTV. Or more to the point, they can make the star, but there's soon going to be no point in terms of selling CDs.
Most human beings count in 10s. Only technogeeks like us count in 2s. If the government standardized on anything, it'd be powers of 10.
But, then that's fine.
You can say, "our 1MB drive" if you mean that it has 1,000,000 bytes.
When you say, "our 1MiB drive" you should mean that it has 2^10 bytes.
Moreover, if you say it's "our 1Mib drice" you should mean it is has 2^10 bits.
Why should you do this silly thing? Because THAT is what those abbreviations mean, and if an astute customer decides to look them up, they will find those meanings.
If you don't want to use a technical term, then by all means, don't. Feel free to say, "our 1 million byte drive." That's fine with me, as long as you mean that it has 1 million bytes. If it has 2^10*1000 bytes then it gets harder, but that's not TOO bad, it's just 1000MiB. It's most certainly NOT 1GB or even 1GiB, and if you claim that it is, YOU ARE LYING.
Where does it say that because I have a computer on the internet that I am required to accept bits from anyone anywhere?
None at all! Good lord, I hope you don't think I was suggesting that you should not have every right to refuse anything you like!
What I was saying is that you don't have a right to expect that you can put up a large funnel marked "insert mail-like bits here" (which is what SMTP is) and complain when someone puts mail-like bits in it.
You can block whatever you like. You can put up a firewall that prevents every system on the Net except one from sending you mail. That's all entirely your choice and should always remain so! This is why I get upset whe providers tell me that I shoudl not run my own servers, but rely on thiers. I ask them, "how quickly will you respond to my requests to change mail filtering and install point-to-point encryption software of my choosing?" The answer is predictable, and not terribly interesting.
Feel free to filter however you like. What I have a problem with is when people say, "I don't want to get spam, so spam should be illegal." Well, I'd rather not have all sorts of communication happen in a day, but almost none of it should be illegal.
Here are some laws that would help stop spam, and would actually be useful:
1. Stiff penalties including jail time for using a host (not under your control) to relay mail that it does not advertise an MX for the repient of in batches of more than 1000 in a given day, unless you have an explicit agreement with the owner of that system.
2. A law giving a person explicit rights to collect damages in the event that their name is used as the sender address for unsolicited mail, without explicit consent in volume exceeding 1000 messages per day.
3. Same as #2, but for hosting/site providers whose domain name is used as above by an individual or business which has not been allocated the user-account(s) used in the mailing.
A law making software authors responsible for the use of their software to perform the above (without modification, of course, since you CAN make IE do all of the above using ActiveX controls, but IE should not be penalized for such scripting capabilities).
Notice that none of these address spam directly. What they do is attempt to make it difficult (and financially dangerous) to hide the origin of your mail. Once that is done, your ability to filter whatever you don't like (or accept what you do) becomes much more powerful!
Your logic seems to lead to the tacit acceptance of ultimately, unavoidably crappy laws that inflict penalties on the wrong parties, and of course cannot target the real problem, which simply moves off-shore.
Sorry, I'm just not able to get behind that. Spam is a technical problem which can be solved technically. It is not a legal problem. No one dies. No one is harmed. It costs you money, but only in sofar as you put up a public service accepting bits from anyone in the world, and someone DARED to send you bits you didn't want!
We all hate spammers, so anti-spam laws are good.
This is the same logic that got us into the situation where someone who gets caught having sex with their boy/girlfriend on lover's lane (especially if you're in Mass. and happen to be in a non-missionary position) can end up having to walk around to all of your neighbors and tell them you're a sex-offender... joy.
Yeah, so the definition of a spammer is what? If you get 1000 messages a day with my name as the return-address, do I get fined? What if the headers are *very* convincing? What if it's "from" someone else, but it came from my network? What if that was someone who I let put thier virus-infected laptop on my wireless network?
This is not an easy problem.
Asteroids are panicing?! We should panic!
Linux is for people who feel they have to prove something; BSD is for people who don't need to.
OS/Warp is for people who feel they have to prove something; Windows 3.11 for Workgroups is for people who don't need to.
Wowza, it really is easy to make empty and yet important sounding claims into sound-bites! Thanks!
Good point. Also keep in mind that by threatening individual Red Hat customers, Red Hat's business is impacted by SCO's actions. This would seem to just be a delaying tactic on SCO's part. The best case scenario for them is to have this drag out in court for years.
Why not just have all the mailers settle on a protocol for key exchange that happens passively when you send/receive email?
I wrote up a specification for just this quite a while ago, but stopped working on it because a) I had a new job and b) other people seemed to be moving toward something workable that did roughly the same thing.
Perhaps it's time for me to go back to pps...
SVG would be fine. Flash sucks almost entirely because one company controls it. If my browser implements SVG, then those who control my browser (oh wait, that' me!) can control the experience as it makes the most sense there. Controls can be seemless between the two layers (e.g. blocking images can pertain inside AND outside of SVG and menus can be made more compatible inside and out).
:-(
Yes, SVG would be a welcome change.
As would DHTML.
As would simply designing your site well in the first place, and throwing away wizzy, flying images in favor of just making the damn information usable.
I take a look at Cannon's site for digital SLR cameras for example, and I imagine them without Flash. What would they do? Well, they *might* give you useful information on the cameras rather than animated page after animated page of marketing buzz-phrases. But, I doubt that. I think they'd just give you page after page of animated gifs
I'm very sorry to hear that, and I hope that if this comes to pass your company moves quickly to take advantage of the large number of companies that will be looking for a move away from plugins and toward other, more universal technologies (such as DHTML, MPNG, etc).
However, I am overjoyed by this turn of events as a whole. I want to see flash and all other proprietary Web formats stricken from the world. The Web works and works well becuase it is NOT proprietary.
As for the "back to 1993" comment, I'll point out that in 1993, we did not have the GOOD open standards for high quality Web presentation such as DHTML, CSS, XML, and many, many others that we do today.
The death of the plugin will mean that only those protocols and rendering standards that are supported by the core browser will be available to the majority of the world's Web designers, and that will mean that no one company can effectively control the market without going open source (and effectively giving up said control).
Score one for the Web!
As I understand it, Slashdot's revenue was floating most of VA's online content. That being the case, they needed even more money from it in order to avoid removing useful, but lower-revenue services that made the advertising more attractive (e.g. by giving customers a sense of larger circulation).
Wasn't it proven that you can't post an absolute statement on a web site whose very existance refutes your statement? Hmmm... I guess not. Oh well. ;-)
You are correct. What you describe is a community of trust, and in the real world, communities of trust are disjoint and apply only to certain applications and certain ways of interacting.
The same is true in software.
That does not make the idea of a CA useless, it simply makes it no more useful than it is in the real world.
The idea of a CA is totally independant of any centralization.
The implementation of existing CAs is centralized.
Don't confuse those two. You could, for example, start a "TLS SpamKiller" CA and distribute your CA key with your software. Then anyone that you sign keys for can certify sites that send mail using your software.
If your software is just a plugin for lots of existing mailers, then all people have to do is use your plugin. Done.
Uh... no, that's not quite true.
Your server *does* have to have a single name that it admits to, but you can accept mail for (and send it from) andy name you like. You can use TLS today.
Heh, you could be right. My Asimov timeline has been buried with the high-school paper I used it to write since the 80s ;-)
1. The world isn't quite that authroitarian.
2. Your desire to have people behave politely doesn't override the general need to have the Internet remain an open exchange of packets between peers.
3. What's an ISP? What's a customer? Should UUNet filter mail coming from their peers? Should a University filter mail coming from its own dekstops? What about labs that have their own Internet presence, but are part of the University? What about multi-homed businesses?
I get a slew of these messages, and I have to admit to not having the time to solve the problem, but it's easily solved, if a monumental social engineering problem.
What you need to do is this: first, get everyone to agree that they need to use SMTP/TLS. Second, get everyone to agree to get a key that's signed by a CA. Notice I didn't say "ISPs" above... that's because not everyone relates to their upstream in the same way, and some people (big Universities for example) tend to peer with multiple providers.
Once everyone has a CA-signed key for their TLS-only mail then we can kill this sort of thing, dead. You send spam, you get axed. You send spam from multiple certs owned by the same entity, that entity gets axed. You send spam from multiple certs owned by multiple entities with the same CA, that CA gets axed.
Apply SpamAssassin-like weighting to this process (weighting each key and entity and CA based on frequency of good or bad mail) and you quickly evolve a system of personal and community reputation that lets us get back to business without hurting those who don't deserve to be hurt (e.g. you might use a bad CA and work for a bad company, but if your key is never used for spam, you will evolved a good reputation over time).
The same is true of viruses, it's just slightly more important to track individual sender keys (which will reprsent homes, corporate divisions and whatever other units make sense for you to create a unique mail server) when it comes to viruses. Databases of keys will have to be huge, but they can be distributed on various useful boundaries in the same way as DNS (e.g. by CA and then by organization).
We'll get there, it's just that the pain threshold has to increase to the point that we all nod our heads and say, "I'm shutting off non-TLS now".
I already run TLS on my server, how about you?