Obviously, neither my local qmail system nor my ADSL providers' SMTP relay will be listed in any SPF records; how will I be able to carry on locally managing my mail without automatically being rejected by SPF-aware mail servers?
1) If your provider's SMTP relay isn't listed in an SPF record, then it will still work (for now) until people start saying "i only accept mail from servers with valid SPF authentication".
2) When that day comes around, you can publish your own SPF info for your "vanity" domain using the sfp include syntax and pointing to your provider - basically saying "whoever can send mail for my provider's domain can send mail for my domain as well"
The tools and technologies are just fine. Outlook ("regular" and express), Mozilla, Thunderbird: all support encrypting/signing/decrypting/verifying at the touch of a mouse button, and anybody who's smart enough to walk through the average checkout wizard can handle the wizard to install a certificate.
Whatever the reasons for encryption not being more widespread, in 2004 technology isn't one them.
And for the record, it's presumed innocent until proven guilty. Yeah, but the whole point is that the other side has to prove you guilty - you don't have to "prove yourself innocent". BTW: just being in court costs money...
Again it doesn't have to prove that it didn't pay for a spam run. The FTC or DOJ or whoever has to prove that the company did. You said: "A company under investigation for spaming should be able to prove whether they did or did not pay for that spam". I read that to mean that if i have a peice of spam with your company's name on it, you should be able to prove that your company did not send it nor commission its sending.
I think false accusations would be a nuisance at the most, but they would be overall a lot less costly than the spam problem that plagues the internet for everyone
Until one of those falsely accused is you, then the cost equation might start to look a little different. You are innocent until proven guilty in a court of law - that holds for all crimes, from murder to spamming.
Whatever happened to "innocent until proven guilty"?
And how on earth is a company to prove that it didn't pay for a spam run? Even if it opens its books to the court, what's to prove that invoice 10993355.455 for 15,000$ worth of pencils isn't really for spam? Are you going to count the pencils, or are you going to ask them to bring them to court?
That's just too dangerous: i could put any company i don't like in the fireing line by spamming on their behalf and without their knowledge or consent.
Go to a warez site sometime, looking for something comparatively innocent, like games, and tell me that again. Already answered that.
Or, hell, go to one of about a million "typosquatter" sites. Misspell Google or something a few different ways. They're out there, trust me on this. I teach computer-illiterate folks to use the internet, and they run into these frequently. Fair enough - and, i gotta say, the only valid example so far in this thread. We already did one example above (whitehouse.com) but i do take your point. In the long run, i think the companies whose brands are being abused will drive this behaviour out. I notice that www.yahooo.com is now owned by yahoo, as an example.
Damn, man, how long have you been online? There are TONS of pages filled with ads (and yes, pornographic ones) that do little BUT trap you there. Not to mention spyware and spam sites. You probably are just like me and have things properly configured to block most of it. I've been online since 1991 and i use the internet every day. I can honestly say that i'm only very rarely surprised by porn i wasn't expecting. Sure, if i'm on astalavista looking for a crack or something, but other than that...
As for filters, they suck. They're never going to be a replacement for parental oversight, and it's pretty damned hard to sit there and watch them use the net for hours on end. The advice here from the childless or negilgent parents is unrealistic and impossible. If you have small children, you don't let them watch daytime television unsupervised. Not because you're afraid they might find porn, but because they might tune into the news and catch sight of some poor guy's charred corpse somewhere. There is porn on the internet. It's up to each parent to decide how (or even if) to protect their child from that fact.
Even with reasonably good, computer-literate parents, I've known kids who managed to encrypt their porn stash, gain unlawful access to AOL (comitting credit card fraud in the process), and who was probably also hacking... And that was a decade or so ago. This with the computer in a reasonably public place (e.g. not in his room). There wasn't a hell of a lot they could've done, in retrospect, and I think they only got a heads-up when AOL finally caught on. Our parents couldn't figure out how to program the clock on the VCR. I guarantee that trying to outsmart our kids on computers is very much a "finger in the dike" excercise.
So what am I saying? Well, it's probably quite impossible to regulate the internet as a whole, especially as with this act, but damn guys, get a clue here, and quit giving unrealistic half-assed advice. It's not probably impossible, it's plain impossible: even without getting into matters of jurisdiction, some of the people putting up porn (warez sites etc) are criminals: they don't care about the law.
Sad thing is you probably have to treat your kids like your users--untrusted--and configure their access accordingly, with good audit trails. That's about the only way to keep users in line--auditing. And even then, they'll just find a way to log in as someone else... If a country like China can't keep it's citizens from surfing content it doesn't want them to see, what hope do you have? You could just not get internet access, or only allow access to a vetted whitelist of sites, but unless you are willing to lock your kids up till their 18th birthday, they're going to get at the boobies: by hacking your connection, by using their friend's connection after school, by using the school's computer, etc etc.
So you're saying that your phone company had to buy or lease your phone number off the government? That shit doesn't even happen in socialist Europe, so i'd be well surprised if it did in capitalist USA.
OK, so after the "pop-ups = porn" argument above, now it's time for the "spyware = porn" argument. People and companies who install spyware are scum, whether their spyware is porn related or not, and no matter what it says on page 11 of their user argreement.
To paraphrase what i replied to another poster above: there's a lot of porn related spyware out there, but there's even more non-porn related spyware and lots of non-spyware related porn. Doesn't ring as well, i know.
Spyware and porn are seperate arguments, even if you once got tagged with a "porn toolbar".
But if i go to http://Whitehouse.com/ i get a page without any explicit (or even racy) content , clearly stating that "This Website does contain sexually-oriented adult material which may include visual images, movies and verbal descriptions of nude adults, adults engaging in sexual acts, and other audio and visual content that is sexually-explicit in nature." with a link inviting people to "Enter our award winning adult site", so if they're trying to trap people..
I think they attempt to lure people who were looking for porn in the first place, not ordinary citizens going about their business. Let's make it a game: starting at google.com with strict filtering turned on, please find me an example porn site that fulfills these criteria:
- found using "reasonably innocuous" search terms (yeah, we'll fight about that later, but "hot free porn" is out)
- has an address that could be mistaken for a non porn site (so "www.hotfreeporn.com" is out)
- appears within the first five pages of results (totaly made that up off the top of my head, but so what)
Why on earth would people try to "trick" you into looking at porn? Some world wide consipracy to corrupt your mind with boobies and pink bits? I just don't understand...
They're trying to lure the people looking for porn into looking at THEIR porn (hence the keywords and cover pages). As for pop-ups, unders, etc: they do that for the same reason as any other site - to make money. They do it more than other sites because they figure the average porn hound is more willing to put up with that crap than joe citizen.
Finally: in this day and age, if you still suffer from pop ups etc., then you only have yourself to blame and i have no sympathy for you: opera, firefox, privoxy - heck, even IE with the google toolbar.
Yes, many of them are. I've been to sites with game cracks that will barrage you with so many porn popups you have no choice but to reboot the computer.
Hello? Those sites are run by criminals - what did you expect, 1-800-flowers? Most of the sites these guys link to probably just try and get your IP to attack your computer or engage in some other form of dubious behaviour. You're basically bitching because the crack house has a lot of unsightly trash in the yard.
Interesting because things got awfully hairy when helping my little cousin do research for his 3rd grade paper on the "North American Beaver". Even with me sitting next to her, it's hard to keep her from reading the interesting site descriptions given on google.
That's what Safe Search is for. Using that when googling for "North American Beaver" (w/ quotes) gives me 6 pages of links about Castor canadensis, a large, web-footed, semi aquatic rodent with brown fur and a wide, flat, dark tail. (then i stopped looking)
A couple of facts: 1) the people who put porn up on the net aren't trying to "trap" or "trick" anyone into looking at it. Why would they? It'll just cause problems for them in the long run, and their target audience is willing to make a minimum effort to get to them anyways.
2) between search engine filters, parental controls on PCs and warning pages on adult oriented web sites, i really don't think we need to bring the government into the matter. Once they're there they won't leave.
that wasn't a fox news article. did you notice the 'associated press' byline? nope. didn't read the f****** article. just making a joke at the expense of fox news. what's your point?
In some ways I'm not sure how this is different on the surface from cell phone number portability.
The big difference is that phone companies don't buy their phone numbers off the government, whereas ISPs do pay for their IP ranges. Ignoring the technical side of things (block routing), this would be equivalent to a customer switching his car rental from Hertz to Avis, but insisting that he be able to take the same physical car with the other "provider". Even worse, in fact, since the car in question is the property of the rental agency, which could make a deal to sell it to the competition, whereas an IP range is only leased by an ISP and can't be resold.
Firt off: a disclaimer - i'm a developer, not a dba. I don't have any certification in any database product, and i don't do any of that dba stuff like back up and restore, log management, etc etc. I do, however, know my way around a couple of rdbms softwares but that's because i've built on top of them and i'm curious by nature. Many developers think of the db as a mysterious black box and never seem to get past "SELECT * FROM [TABLENAME] WHERE [PRIMARYKEY] = X" type queries. They're idiots.
Anyways, that's not the point - i want to talk about this whole "avoid vendor specific features" - "database independent" thing. I develop custom solutions that will run against a known database, not shrink wrapped software for distribution. My customers (i'm a contractor) spend big money on their database licenses - shouldn't i get them their money's worth by using every trick to a) code the app faster and b) make it more performant? Should i use an Oracle or DB2 like a very expensive version of MySQL (and, btw, i do use MySQL a lot, especially for smaller apps and prototyping). I've ported apps from oracle to MSSQL Server. It's stupid and tedious but it's not as bad as you'd think. I'm willing to bet that it's no harder (or easier) than porting apps from Websphere to Weblogic. Sure the big db vendors stuff a lot of "useless features" into their products - but i've seen middle tier developers spend man years(!) rewriting one of these useless features the db already implemented - who's being stupid there?
So it seems to me, that when you factor in the real world issues around using the database as a sorting tool.... its not quite so 'howl-worthy'.
The real world issue is that SQL has built in support for sorting and sorting algorithms in most big databases are highly optimized - furthurmore, the cost of ordering a recordset will almost always be minimal compared to the cost of generating that recordset. BTW, i noticed that the "order by" clause made it into EJBQL 2.0 as well, despite the howls of protests from object purists.
I wrote this little app in C++ (so it's very efficient) that pops up a box every 5 minutes saying "all is well", regardless of what the relationship of that message to reality. Makes me feel very secure.
As a OO fanboy, I must protest your mischaracterizatoin of us. Unlike the DB fanboys, we never claimed that OO is suitable for every problem domain.
Well said, and very true.
What drives me nuts aobut the DB fanboys is that they have to use DB for everything. For example, I maintain an embedded system where some nitwit ex-web-developer decided to implement the process table with MySQL. Huh?
You have my permission to hit him hard with the clue bat. Seriousely. While you're at it, give the manager who hired a web developer to do an embedded system a couple of whacks as well.
Slashdot Mirror
He's right on - this isn't a clever hack, it's inane.
Obviously, neither my local qmail system nor my ADSL providers' SMTP relay will be listed in any SPF records; how will I be able to carry on locally managing my mail without automatically being rejected by SPF-aware mail servers?
1) If your provider's SMTP relay isn't listed in an SPF record, then it will still work (for now) until people start saying "i only accept mail from servers with valid SPF authentication".
2) When that day comes around, you can publish your own SPF info for your "vanity" domain using the sfp include syntax and pointing to your provider - basically saying "whoever can send mail for my provider's domain can send mail for my domain as well"
The tools and technologies are just fine. Outlook ("regular" and express), Mozilla, Thunderbird: all support encrypting/signing/decrypting/verifying at the touch of a mouse button, and anybody who's smart enough to walk through the average checkout wizard can handle the wizard to install a certificate.
Whatever the reasons for encryption not being more widespread, in 2004 technology isn't one them.
And for the record, it's presumed innocent until proven guilty.
Yeah, but the whole point is that the other side has to prove you guilty - you don't have to "prove yourself innocent". BTW: just being in court costs money...
Again it doesn't have to prove that it didn't pay for a spam run. The FTC or DOJ or whoever has to prove that the company did.
You said: "A company under investigation for spaming should be able to prove whether they did or did not pay for that spam". I read that to mean that if i have a peice of spam with your company's name on it, you should be able to prove that your company did not send it nor commission its sending.
I think false accusations would be a nuisance at the most, but they would be overall a lot less costly than the spam problem that plagues the internet for everyone
Until one of those falsely accused is you, then the cost equation might start to look a little different. You are innocent until proven guilty in a court of law - that holds for all crimes, from murder to spamming.
Nonsense, next you'll claim that slashdotters should read artcicles before posting comments on them.
Whatever happened to "innocent until proven guilty"?
And how on earth is a company to prove that it didn't pay for a spam run? Even if it opens its books to the court, what's to prove that invoice 10993355.455 for 15,000$ worth of pencils isn't really for spam? Are you going to count the pencils, or are you going to ask them to bring them to court?
Think again.
That's just too dangerous: i could put any company i don't like in the fireing line by spamming on their behalf and without their knowledge or consent.
oooooooooooooooooooooooopsie - well, i needed to learn to count to 100 before posting.
/twit
I stand corrected - and thanks for the catch, i have adjusted my default reading level.
Go to a warez site sometime, looking for something comparatively innocent, like games, and tell me that again.
Already answered that.
Or, hell, go to one of about a million "typosquatter" sites. Misspell Google or something a few different ways. They're out there, trust me on this. I teach computer-illiterate folks to use the internet, and they run into these frequently.
Fair enough - and, i gotta say, the only valid example so far in this thread. We already did one example above (whitehouse.com) but i do take your point. In the long run, i think the companies whose brands are being abused will drive this behaviour out. I notice that www.yahooo.com is now owned by yahoo, as an example.
Damn, man, how long have you been online? There are TONS of pages filled with ads (and yes, pornographic ones) that do little BUT trap you there. Not to mention spyware and spam sites. You probably are just like me and have things properly configured to block most of it.
I've been online since 1991 and i use the internet every day. I can honestly say that i'm only very rarely surprised by porn i wasn't expecting. Sure, if i'm on astalavista looking for a crack or something, but other than that...
As for filters, they suck. They're never going to be a replacement for parental oversight, and it's pretty damned hard to sit there and watch them use the net for hours on end. The advice here from the childless or negilgent parents is unrealistic and impossible.
If you have small children, you don't let them watch daytime television unsupervised. Not because you're afraid they might find porn, but because they might tune into the news and catch sight of some poor guy's charred corpse somewhere. There is porn on the internet. It's up to each parent to decide how (or even if) to protect their child from that fact.
Even with reasonably good, computer-literate parents, I've known kids who managed to encrypt their porn stash, gain unlawful access to AOL (comitting credit card fraud in the process), and who was probably also hacking... And that was a decade or so ago. This with the computer in a reasonably public place (e.g. not in his room).
There wasn't a hell of a lot they could've done, in retrospect, and I think they only got a heads-up when AOL finally caught on.
Our parents couldn't figure out how to program the clock on the VCR. I guarantee that trying to outsmart our kids on computers is very much a "finger in the dike" excercise.
So what am I saying? Well, it's probably quite impossible to regulate the internet as a whole, especially as with this act, but damn guys, get a clue here, and quit giving unrealistic half-assed advice.
It's not probably impossible, it's plain impossible: even without getting into matters of jurisdiction, some of the people putting up porn (warez sites etc) are criminals: they don't care about the law.
Sad thing is you probably have to treat your kids like your users--untrusted--and configure their access accordingly, with good audit trails. That's about the only way to keep users in line--auditing. And even then, they'll just find a way to log in as someone else...
If a country like China can't keep it's citizens from surfing content it doesn't want them to see, what hope do you have? You could just not get internet access, or only allow access to a vetted whitelist of sites, but unless you are willing to lock your kids up till their 18th birthday, they're going to get at the boobies: by hacking your connection, by using their friend's connection after school, by using the school's computer, etc etc.
So you're saying that your phone company had to buy or lease your phone number off the government? That shit doesn't even happen in socialist Europe, so i'd be well surprised if it did in capitalist USA.
OK, so after the "pop-ups = porn" argument above, now it's time for the "spyware = porn" argument. People and companies who install spyware are scum, whether their spyware is porn related or not, and no matter what it says on page 11 of their user argreement.
To paraphrase what i replied to another poster above: there's a lot of porn related spyware out there, but there's even more non-porn related spyware and lots of non-spyware related porn. Doesn't ring as well, i know.
Spyware and porn are seperate arguments, even if you once got tagged with a "porn toolbar".
But if i go to http://Whitehouse.com/ i get a page without any explicit (or even racy) content , clearly stating that "This Website does contain sexually-oriented adult material which may include visual images, movies and verbal descriptions of nude adults, adults engaging in sexual acts, and other audio and visual content that is sexually-explicit in nature." with a link inviting people to "Enter our award winning adult site", so if they're trying to trap people..
well, they're going about it in a funny way.
There may be a lot of porn pop-ups, but there are lots of non-porn pop-ups and quite a lot of non-pop-up porn.
;)
Try saying that three times fast
The google toolbar in my IE browser at work shows over a hundred blocked pop ups and i certainly haven't been surfing porn sites from there...
I think they attempt to lure people who were looking for porn in the first place, not ordinary citizens going about their business. Let's make it a game: starting at google.com with strict filtering turned on, please find me an example porn site that fulfills these criteria:
- found using "reasonably innocuous" search terms (yeah, we'll fight about that later, but "hot free porn" is out)
- has an address that could be mistaken for a non porn site (so "www.hotfreeporn.com" is out)
- appears within the first five pages of results (totaly made that up off the top of my head, but so what)
Why on earth would people try to "trick" you into looking at porn? Some world wide consipracy to corrupt your mind with boobies and pink bits? I just don't understand...
They're trying to lure the people looking for porn into looking at THEIR porn (hence the keywords and cover pages). As for pop-ups, unders, etc: they do that for the same reason as any other site - to make money. They do it more than other sites because they figure the average porn hound is more willing to put up with that crap than joe citizen.
Finally: in this day and age, if you still suffer from pop ups etc., then you only have yourself to blame and i have no sympathy for you: opera, firefox, privoxy - heck, even IE with the google toolbar.
Yes, many of them are. I've been to sites with game cracks that will barrage you with so many porn popups you have no choice but to reboot the computer.
Hello? Those sites are run by criminals - what did you expect, 1-800-flowers? Most of the sites these guys link to probably just try and get your IP to attack your computer or engage in some other form of dubious behaviour. You're basically bitching because the crack house has a lot of unsightly trash in the yard.
Interesting because things got awfully hairy when helping my little cousin do research for his 3rd grade paper on the "North American Beaver". Even with me sitting next to her, it's hard to keep her from reading the interesting site descriptions given on google.
That's what Safe Search is for. Using that when googling for "North American Beaver" (w/ quotes) gives me 6 pages of links about Castor canadensis, a large, web-footed, semi aquatic rodent with brown fur and a wide, flat, dark tail. (then i stopped looking)
A couple of facts:
1) the people who put porn up on the net aren't trying to "trap" or "trick" anyone into looking at it. Why would they? It'll just cause problems for them in the long run, and their target audience is willing to make a minimum effort to get to them anyways.
2) between search engine filters, parental controls on PCs and warning pages on adult oriented web sites, i really don't think we need to bring the government into the matter. Once they're there they won't leave.
that wasn't a fox news article. did you notice the 'associated press' byline?
nope. didn't read the f****** article. just making a joke at the expense of fox news. what's your point?
Fox news: we report. we decide. you shut up.
In some ways I'm not sure how this is different on the surface from cell phone number portability.
The big difference is that phone companies don't buy their phone numbers off the government, whereas ISPs do pay for their IP ranges. Ignoring the technical side of things (block routing), this would be equivalent to a customer switching his car rental from Hertz to Avis, but insisting that he be able to take the same physical car with the other "provider". Even worse, in fact, since the car in question is the property of the rental agency, which could make a deal to sell it to the competition, whereas an IP range is only leased by an ISP and can't be resold.
Firt off: a disclaimer - i'm a developer, not a dba. I don't have any certification in any database product, and i don't do any of that dba stuff like back up and restore, log management, etc etc. I do, however, know my way around a couple of rdbms softwares but that's because i've built on top of them and i'm curious by nature. Many developers think of the db as a mysterious black box and never seem to get past "SELECT * FROM [TABLENAME] WHERE [PRIMARYKEY] = X" type queries. They're idiots.
Anyways, that's not the point - i want to talk about this whole "avoid vendor specific features" - "database independent" thing. I develop custom solutions that will run against a known database, not shrink wrapped software for distribution. My customers (i'm a contractor) spend big money on their database licenses - shouldn't i get them their money's worth by using every trick to a) code the app faster and b) make it more performant? Should i use an Oracle or DB2 like a very expensive version of MySQL (and, btw, i do use MySQL a lot, especially for smaller apps and prototyping). I've ported apps from oracle to MSSQL Server. It's stupid and tedious but it's not as bad as you'd think. I'm willing to bet that it's no harder (or easier) than porting apps from Websphere to Weblogic. Sure the big db vendors stuff a lot of "useless features" into their products - but i've seen middle tier developers spend man years(!) rewriting one of these useless features the db already implemented - who's being stupid there?
So it seems to me, that when you factor in the real world issues around using the database as a sorting tool.... its not quite so 'howl-worthy'.
The real world issue is that SQL has built in support for sorting and sorting algorithms in most big databases are highly optimized - furthurmore, the cost of ordering a recordset will almost always be minimal compared to the cost of generating that recordset. BTW, i noticed that the "order by" clause made it into EJBQL 2.0 as well, despite the howls of protests from object purists.
I wrote this little app in C++ (so it's very efficient) that pops up a box every 5 minutes saying "all is well", regardless of what the relationship of that message to reality. Makes me feel very secure.
Reeeeeeeeeeally? What license is it under?
As a OO fanboy, I must protest your mischaracterizatoin of us. Unlike the DB fanboys, we never claimed that OO is suitable for every problem domain.
Well said, and very true.
What drives me nuts aobut the DB fanboys is that they have to use DB for everything. For example, I maintain an embedded system where some nitwit ex-web-developer decided to implement the process table with MySQL. Huh?
You have my permission to hit him hard with the clue bat. Seriousely. While you're at it, give the manager who hired a web developer to do an embedded system a couple of whacks as well.