Not really. Yeah, to some extent, of course, you can work with people over the telephone. But you can't beat a good face to face meeting. Not with today's technology, at least. Conference calls are a pain in the ass, and that's even with the fancy phones which are build specifically for conference calling. Try it on your home telephone and it's even worse. I suppose there is software out there to do it over the internet, if you have broadband. This could potentially work pretty well, identifying the speaker automatically, allowing whiteboarding, etc., but buying the software is one expense, and deploying it is yet another.
So then you get to where people are required to come in a few days a week, and can work at home for the rest. But then what are you really saving? The lights are still going to be on, the building still has to be rented, the bathroom is still used, etc. And then you have to spend the money to build an elaborate VPN system so that people can access the shared files they need. And even that is not going to be as secure as a machine protected by physical walls. You're going to have to give everyone calling cards, so they aren't paying for the calls they make from home. Realistically most employees are going to need a broadband connection, so you've got to fork over the cost for that (and in some places it might not even be available). If you want to provide books for your workers, you've got to provide a copy for every single worker who needs it, rather than storing them in a central library. You can forget about people conversing about work over lunch, cause they're not going to be eating lunch together. I don't know about you but personally I sometimes need to print out a section of code that I'm having trouble debugging. It's much nicer using a fast laser printer than my piece of crap inkjet. You lose all the economies of scale of having all the workers in the same physical location. And most of the costs you're cutting aren't really being cut, they're just being transferred to the worker themselves.
I'm not saying it's not a worthwhile option. Some people would strongly prefer to work at home, to the point where they'll even be willing to take a pay cut. But a true cost savings isn't really there.
I liked when I worked at Hewlett Packard and was able to work from home occassionally, as long as I got permission from my manager. But it's only something I took advantage of a few days a month. Maybe that was an unusual situation, though, as I spent a good deal of my time on the phone with co-workers around the world. But most of the other advantages of being in the office seem like they would hold across many different situations.
The issue here is that nothing else is going to happen but the decline of US Jobs until the USA fixes its tax system to account for the taxation differentials in the rest of the world.
Or maybe we could just tax the companies that do the outsourcing. Want to hire a foreign worker for $10,000 a year. Fine, but then you gotta pay $15,000 in outsourcing taxes to the US government.
The problem is for most projects you need to communicate with other workers on a regular basis. This is possible if you're all working together in India, but it isn't possible if you're all working separately, from home.
Now, suppose your objective were: To build and maintain the most secure, flexible and efficient Unix/Linux systems possible and to develop interesting applications using Perl, PHP, C, C++, Java, SQL and related technologies. That would interest me as a potential employer.
Hey! What a coincidence. That's exactly what I want to do. Will you hire me?
I know you're being witty, but did they label him a security risk because he WAS one, or because they had to find a risk somewhere to justify their consultation fee so they picked the geek who knew the most passwords?
Knowing the most passwords makes you a security risk. It might be a risk worth taking, but it is a risk.
Karen Stanek had been employed by Yellow Pages Publishers in Michigan for 10 years as an at-will employee when John Greco became president. Stanek complained to the company's counsel that Greco was using company funds for personal purchases. Stanek claims that Greco engaged in retaliatory conduct against her after she complained, which resulted in her termination. Stanek sued Greco for intentional interference with her at-will employment relationship. The court dismissed Stanek's claim and she appealed.
In Stanek v. Greco (3/14/03), the U.S. Court of Appeals for the Sixth Circuit reversed and reinstated Stanek's claim. The court reviewed the conflicting line of rulings under Michigan law on whether a former at-will employee may sue a former supervisor for tortious interference with an at-will employment relationship. The court explained that, although Stanek has a difficult burden to prevail, and must prove that the supervisor acted solely for his benefit, without regard to the company's interest, a cause of action may exist. Accordingly, the court returned the case to the trial court for further proceedings.
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
Hmm, it's possible that what they did falls under the definition of tortious interference. But IANAL, so I really have no clue whether or not that's the case.
Usually, Opt-in systems have some sort of confirmation mechanism - if an unknown sender sends you mail, your whitelist system will send THEM an email asking them to confirm that they're a human.
It's *always* possible to eliminate spam by destandardizing everything. But that eliminates any chance of automation for legitimate users.
LOL. That's exactly my point. "If people who haven't met me yet want to tell me something there are better methods than e-mail which provide protection against spam. Automated messages and personal messages shouldn't be carried on the same system."
Not in the slightest... email CR systems can be automated.
Sure, but then it's not really email any more. It's a new system built on top of email. If you want to rebuild a new system from scratch, sure, you can do so. But why build it on top of email, then?
But throw AOL, Earthlink, and a couple other popular-with-nontechies services together and you might have something. I don't think it's insurmountable.
I never said it was. I was challenging your statement that AOL is "big enough, and (perhaps most importantly) have the biggest subscribership of nontechnical users, to ramrod an authenticated email "standard" through." They don't. Not even close. AOL users represent a tiny fraction of email users.
Depends on the value of "onerous."
What is something which isn't "onerous" which AOL could do and still gain from this?
I'm not sure what you *would* use as a requirement (if I was, I'd be writing the RFCs already).
Authentication of email is really simple. There are a vast number of solutions. Perhaps that's part of the problem, because you've got to get the vast majority of the world to agree on a single one of those solutions.
If web forms become the standard for receiving "mail," you'll see the vast majority of people using the same software, and this'll be just as frequent.
I doubt it, but if so then I guess I won't get any spam, cause I'll use different software.
And this'll be about as popular as any other manual challenge-response system, which is to say "not at all."
This is much easier than an email challenge/response system.
Not at all... all her other AOL friends would be authenticated, for starters.
The people I know who use AOL are a very small percentage of my friends. My mom used to use it, and a very small percentage of the people she talked to at the time used it. Furthermore, most e-mail people receive isn't personal anyway. I think my 90-99% figure is quite accurate.
Grandma's going to be asking why, if her AOL is such a lousy service, *your* service can't authenticate you.
Because my service isn't AOL. Grandma may not be technical, but she's not stupid. It'll be quite obvious that "authenticated" means the same thing as "AOL User".
And as long as they're not imposing onerous requirements to get authenticated, your service probably could.
Yeah, but as long as you're not imposing onerous requirements, it's useless. I could just as well use the From: address for authentication. Authentication is only useful if it's ubiquitous, and AOL doesn't have anywhere near enough power to make it ubiquitous.
Just like the price of CDs fell as duplicating became cheaper?
CDs are a monopoly. Internet access (especially dialup internet access) is not.
Right now spam email is cheap and easy, and people read email. If everyone abandons email for web forms, so will spammers.
But web forms aren't standardized like email is. With email you have an email address, and if you change it you have to tell everyone who is using it. With web forms you can easily set up traps which no human would fall for but spam bots would. Plus web forms are interactive. You can use CAPTCHA to ensure that the person sending the message is a human. Sure, it might be spam, but manually sent spam isn't going to be profitable enough to be widespread.
I think we're approaching it from two different perspectives: you're looking at a personal solution, and I'm looking at a permanent, works-for-everyone-on-the-net solution.
I'm also looking at a permanent solution. Maybe you need to better define the problem, and then tell me what your solution is.
Actually, I didn't ask for any examples at all.
Right, right, that was someone else. Your only argument seems to be that sending spam to feedback forms is easy. I think it clearly isn't, as I explained above.
They've got a captive audience software-wise, so they could have a client that handles standard email and authenticated email simultaneously (and transparently, for outbound stuff). And all of a sudden if everybody's grandmother started saying "Why is your mail always marked 'Unauthenticated'?" then non-AOL clients might start supporting it.
I doubt the grandmother would mention it at all, since 90-99% of her email would similarly be marked "unauthenticated."
On the other hand, maybe AOL (etc.) has a disincentive to actually fix the problem, however much noise they might make about it.
Well, I don't know about a disincentive, but I certainly don't see any incentive. If they could fix spam for themselves, but not for others, it'd be great, but if they just fix spam for everyone it's not going to help them any. Even to the extent that their costs would go down, so would everyone elses, so prices would have to fall accordingly.
Yeah, I'm a big believer that we should start integrating PGP into everything. All email should be signed at the very least, if not encrypted. Slashdot posts should be signed. DNS replies should be signed. Instant messages should be signed. eBay feedback should be signed. Banks should sign my key when I establish a bank account. My state government should sign my key when I get my driver's license.
I don't think it'd take very long to establish a tight web of trust if everyone would just work together. Actually I think if just a single state offered a keysigning service through its DMV it'd quickly spread like wildfire. But maybe I'm overly optimistic.
But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.
I fail to see how a working email address is any more useful in tracking someone than an IP address.
C/R is not a solution for me. If a friend sends me a message I want to get it right away. Not after the next time he happens to check e-mail from the account he sent the message. That might not be until weeks later, and that is simply unacceptable.
That's also without any major incentive for the spammers to try to get in.
I don't see how the incentive is any different than it is now.
If web forms become the standard, that's where the spammers will hit.
The whole point is that web forms are not standard. Also, they are interactive (unlike email, which can take long periods of time between a request and response, and people generally don't check for a response right away anyway). So CAPTCHA systems are available.
In any case, feedback forms are only a single solution out of many. It's useful for those messages you want to receive which are related to something you've put on the web already anyway. You only asked for an example (and I gave you two). Friendster's messaging system would be another one, which is useful in a different situation.
The problem is that email and instant messaging are basically the only push-based protocols available, email has absolutely no authentication built in, and instant messaging isn't being used by many automated senders. Even building authentication on top of email, and getting the damn websites (Slashdot, eBay, Citibank, etc.) to use it would solve the problem.
yes, I suppose that the uploader must send a copy of the bits out over the wire, yadda yadda, but the actual reciever puts the whole thing back together again into 1 coherent file
I wouldn't even say that. The receiver is the one doing all the copying. He just happens to be using someone else's computer to do so.
If a friend allows me to go onto his computer and copy files onto my iPod, how can you say the friend is doing the copying? Going back to the original statement, "In Canada, it is legal to borrow content (a CD, movie, etc) from a friend (or stranger), and copy it for your own personal use." So if I go into a friend's house, and copy the files, it should be legal, right? And this is simply the electronic equivalent of that.
Slashdot Mirror
It failed in the past, so let's try it again. Greater plan.
Good, we agree.
It failed in the past, so let's give up. Great plan.
Not really. Yeah, to some extent, of course, you can work with people over the telephone. But you can't beat a good face to face meeting. Not with today's technology, at least. Conference calls are a pain in the ass, and that's even with the fancy phones which are build specifically for conference calling. Try it on your home telephone and it's even worse. I suppose there is software out there to do it over the internet, if you have broadband. This could potentially work pretty well, identifying the speaker automatically, allowing whiteboarding, etc., but buying the software is one expense, and deploying it is yet another.
So then you get to where people are required to come in a few days a week, and can work at home for the rest. But then what are you really saving? The lights are still going to be on, the building still has to be rented, the bathroom is still used, etc. And then you have to spend the money to build an elaborate VPN system so that people can access the shared files they need. And even that is not going to be as secure as a machine protected by physical walls. You're going to have to give everyone calling cards, so they aren't paying for the calls they make from home. Realistically most employees are going to need a broadband connection, so you've got to fork over the cost for that (and in some places it might not even be available). If you want to provide books for your workers, you've got to provide a copy for every single worker who needs it, rather than storing them in a central library. You can forget about people conversing about work over lunch, cause they're not going to be eating lunch together. I don't know about you but personally I sometimes need to print out a section of code that I'm having trouble debugging. It's much nicer using a fast laser printer than my piece of crap inkjet. You lose all the economies of scale of having all the workers in the same physical location. And most of the costs you're cutting aren't really being cut, they're just being transferred to the worker themselves.
I'm not saying it's not a worthwhile option. Some people would strongly prefer to work at home, to the point where they'll even be willing to take a pay cut. But a true cost savings isn't really there.
I liked when I worked at Hewlett Packard and was able to work from home occassionally, as long as I got permission from my manager. But it's only something I took advantage of a few days a month. Maybe that was an unusual situation, though, as I spent a good deal of my time on the phone with co-workers around the world. But most of the other advantages of being in the office seem like they would hold across many different situations.
Europe is not, was not and will not (in the forseeable future) be a country.
Right. I think they're going to call it Eurasia.
How many of us pushed hard to be able to telecommute (and now act surprised when our company hires someone to telecommute from India)?
Who's telecommuting from India? I thought the Indian programmers worked in an office just like you and I.
The issue here is that nothing else is going to happen but the decline of US Jobs until the USA fixes its tax system to account for the taxation differentials in the rest of the world.
Or maybe we could just tax the companies that do the outsourcing. Want to hire a foreign worker for $10,000 a year. Fine, but then you gotta pay $15,000 in outsourcing taxes to the US government.
The problem is for most projects you need to communicate with other workers on a regular basis. This is possible if you're all working together in India, but it isn't possible if you're all working separately, from home.
Now, suppose your objective were: To build and maintain the most secure, flexible and efficient Unix/Linux systems possible and to develop interesting applications using Perl, PHP, C, C++, Java, SQL and related technologies. That would interest me as a potential employer.
Hey! What a coincidence. That's exactly what I want to do. Will you hire me?
I know you're being witty, but did they label him a security risk because he WAS one, or because they had to find a risk somewhere to justify their consultation fee so they picked the geek who knew the most passwords?
Knowing the most passwords makes you a security risk. It might be a risk worth taking, but it is a risk.
I doubt what they did was illegal, but it's bad business at best. Here is a group of network security geeks, who get other network security geeks fired, so they can increase their bottom line.
Hmm, it's possible that what they did falls under the definition of tortious interference. But IANAL, so I really have no clue whether or not that's the case.
We keep getting freakishly close to a machine civilization where all manual jobs are done by AI.
If we're lucky, that'll be what happens. What's worrisome is when we get a machine civilization where all manual jobs are done by humans!
Yep, you've just described the singularity.
Say your building is 800ft tall...
I'm pretty sure you can't build an 800 ft. tall building without government permission.
And anything that's not covert can be shot down...
Right, cause you're not going to get in trouble for shooting down an unmanned government helicopter.
Usually, Opt-in systems have some sort of confirmation mechanism - if an unknown sender sends you mail, your whitelist system will send THEM an email asking them to confirm that they're a human.
And then they'll pass the confirmation request on to a human trying to get porn.
Back to that "If Microsoft would implement a solution in Outlook and thereby impose a de facto standard" situation again.
Outlook already has encryption and signatures, just no one uses them.
The rest of what you've said, I've basically already responded to. I don't see anything new here. Nice talking to you.
It's *always* possible to eliminate spam by destandardizing everything. But that eliminates any chance of automation for legitimate users.
LOL. That's exactly my point. "If people who haven't met me yet want to tell me something there are better methods than e-mail which provide protection against spam. Automated messages and personal messages shouldn't be carried on the same system."
Not in the slightest... email CR systems can be automated.
Sure, but then it's not really email any more. It's a new system built on top of email. If you want to rebuild a new system from scratch, sure, you can do so. But why build it on top of email, then?
But throw AOL, Earthlink, and a couple other popular-with-nontechies services together and you might have something. I don't think it's insurmountable.
I never said it was. I was challenging your statement that AOL is "big enough, and (perhaps most importantly) have the biggest subscribership of nontechnical users, to ramrod an authenticated email "standard" through." They don't. Not even close. AOL users represent a tiny fraction of email users.
Depends on the value of "onerous."
What is something which isn't "onerous" which AOL could do and still gain from this?
I'm not sure what you *would* use as a requirement (if I was, I'd be writing the RFCs already).
Authentication of email is really simple. There are a vast number of solutions. Perhaps that's part of the problem, because you've got to get the vast majority of the world to agree on a single one of those solutions.
If web forms become the standard for receiving "mail," you'll see the vast majority of people using the same software, and this'll be just as frequent.
I doubt it, but if so then I guess I won't get any spam, cause I'll use different software.
And this'll be about as popular as any other manual challenge-response system, which is to say "not at all."
This is much easier than an email challenge/response system.
Not at all... all her other AOL friends would be authenticated, for starters.
The people I know who use AOL are a very small percentage of my friends. My mom used to use it, and a very small percentage of the people she talked to at the time used it. Furthermore, most e-mail people receive isn't personal anyway. I think my 90-99% figure is quite accurate.
Grandma's going to be asking why, if her AOL is such a lousy service, *your* service can't authenticate you.
Because my service isn't AOL. Grandma may not be technical, but she's not stupid. It'll be quite obvious that "authenticated" means the same thing as "AOL User".
And as long as they're not imposing onerous requirements to get authenticated, your service probably could.
Yeah, but as long as you're not imposing onerous requirements, it's useless. I could just as well use the From: address for authentication. Authentication is only useful if it's ubiquitous, and AOL doesn't have anywhere near enough power to make it ubiquitous.
Just like the price of CDs fell as duplicating became cheaper?
CDs are a monopoly. Internet access (especially dialup internet access) is not.
Right now spam email is cheap and easy, and people read email. If everyone abandons email for web forms, so will spammers.
But web forms aren't standardized like email is. With email you have an email address, and if you change it you have to tell everyone who is using it. With web forms you can easily set up traps which no human would fall for but spam bots would. Plus web forms are interactive. You can use CAPTCHA to ensure that the person sending the message is a human. Sure, it might be spam, but manually sent spam isn't going to be profitable enough to be widespread.
I think we're approaching it from two different perspectives: you're looking at a personal solution, and I'm looking at a permanent, works-for-everyone-on-the-net solution.
I'm also looking at a permanent solution. Maybe you need to better define the problem, and then tell me what your solution is.
Actually, I didn't ask for any examples at all.
Right, right, that was someone else. Your only argument seems to be that sending spam to feedback forms is easy. I think it clearly isn't, as I explained above.
They've got a captive audience software-wise, so they could have a client that handles standard email and authenticated email simultaneously (and transparently, for outbound stuff). And all of a sudden if everybody's grandmother started saying "Why is your mail always marked 'Unauthenticated'?" then non-AOL clients might start supporting it.
I doubt the grandmother would mention it at all, since 90-99% of her email would similarly be marked "unauthenticated."
On the other hand, maybe AOL (etc.) has a disincentive to actually fix the problem, however much noise they might make about it.
Well, I don't know about a disincentive, but I certainly don't see any incentive. If they could fix spam for themselves, but not for others, it'd be great, but if they just fix spam for everyone it's not going to help them any. Even to the extent that their costs would go down, so would everyone elses, so prices would have to fall accordingly.
Yeah, I'm a big believer that we should start integrating PGP into everything. All email should be signed at the very least, if not encrypted. Slashdot posts should be signed. DNS replies should be signed. Instant messages should be signed. eBay feedback should be signed. Banks should sign my key when I establish a bank account. My state government should sign my key when I get my driver's license.
I don't think it'd take very long to establish a tight web of trust if everyone would just work together. Actually I think if just a single state offered a keysigning service through its DMV it'd quickly spread like wildfire. But maybe I'm overly optimistic.
When SpamAssassin marks an email as a false positive, neither I nor the sender knows that the email didn't get delivered.
Can't you set SpamAssassin to reply to the sender when his message is blocked? I know it's possible to do this with other filtering software.
But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.
I fail to see how a working email address is any more useful in tracking someone than an IP address.
C/R is not a solution for me. If a friend sends me a message I want to get it right away. Not after the next time he happens to check e-mail from the account he sent the message. That might not be until weeks later, and that is simply unacceptable.
That's also without any major incentive for the spammers to try to get in.
I don't see how the incentive is any different than it is now.
If web forms become the standard, that's where the spammers will hit.
The whole point is that web forms are not standard. Also, they are interactive (unlike email, which can take long periods of time between a request and response, and people generally don't check for a response right away anyway). So CAPTCHA systems are available.
In any case, feedback forms are only a single solution out of many. It's useful for those messages you want to receive which are related to something you've put on the web already anyway. You only asked for an example (and I gave you two). Friendster's messaging system would be another one, which is useful in a different situation.
The problem is that email and instant messaging are basically the only push-based protocols available, email has absolutely no authentication built in, and instant messaging isn't being used by many automated senders. Even building authentication on top of email, and getting the damn websites (Slashdot, eBay, Citibank, etc.) to use it would solve the problem.
yes, I suppose that the uploader must send a copy of the bits out over the wire, yadda yadda, but the actual reciever puts the whole thing back together again into 1 coherent file
I wouldn't even say that. The receiver is the one doing all the copying. He just happens to be using someone else's computer to do so.
If a friend allows me to go onto his computer and copy files onto my iPod, how can you say the friend is doing the copying? Going back to the original statement, "In Canada, it is legal to borrow content (a CD, movie, etc) from a friend (or stranger), and copy it for your own personal use." So if I go into a friend's house, and copy the files, it should be legal, right? And this is simply the electronic equivalent of that.