This is a sensible direction to go in. Legitimate bulk email needs to move to a model where the subscriber rather than the publisher controls the subscription, and RSS is one such system.
The problem at the moment is the low spread of RSS clients/viewers (I have never even seen one).
Another subscriber-controlled method of publication would be for each subscriber to have a mailbox on the publisher's system, accessible with POP3 (or IMAP or even NNTP).
This has the advantage that it is workable with today's email clients that everybody already has -- you just add a new POP server and username into your client config.
It is not ideal with most modern clients, but it works, and the clients can easily be enhanced to make it easier to add another subscription and have the messages dropped into your main mailbox for viewing.
In that case I'm happily compliant with your new master plan, since the first MTA that gets the message is exim running on my debian box, and it knows perfectly well that it's me sending the message - in fact it rewrites the From: address from andrew@ to andrew@.
I'm not sure how that helps anyone else, mind, as the next step is my ISP, and it's only going to be aware that my mail is coming from an MTA and not a client if it bothers to look at the Received: headers.
In short, I think you need to think this through more fully, or at least explain yourself better. Maybe you could write a journal entry on the subject? (I do believe you're on the right lines.)
I just checked the RFC, because this is important.
RFC2822 just says
The "From:" field specifies the author(s) of the message,
that is, the mailbox(es) of the person(s) or system(s) responsible
for the writing of the message.
As you say, the world is changing, but have you any reference to some document saying it is now expected that the From: header of a message should represent the sender's mailbox on the system the message was sent from? I'm quite willing to adapt if there's a genuine move in this direction.
The AMTP RFC says nothing about the sender of the mail at all. It is concerned solely with authenticating the mail server.
My understanding was that the envelope sender should be checked by the MTA, not the header fields
What we really need is a pay-per-message system. It would work just like mobile phones: you buy "credit" from your ISP, it doesn't get topped up until they've actually seen the money, and it goes down each time you send a message.
Lots of people suggest this. It's too expensive to run. Already for domestic landline telephony, the cost of billing is a significant proportion of the total cost even for postpay. Prepay is considerably more expensive to run. (I used to work on telephone billing software).
The certificate isn't meant to prove that the sender isn't a spammer, it's only meant to prove that the sender really is the owner of the domain. The CA's are theoretically capable of checking this: that's how https works a well.
That said, this is rather pointless as the reverse DNS can be checked anyway. It makes the domain owner a little more traceable, but not much.
As far as revoking is concerned, the idea is not so much that certificates of spammers will be revoked as that domain names of spammers will be blocked using block lists. Again, this is a negligible advance on the current (highly unsatisfactory) system of DNSBLs.
The certificate authenticates the MTA passing on the message, not the sender. Many people send out mail with a "From:" address quite independent of the network originating the message; I do myself.
Absolutely right, but this time it's not "coming up on slashdot", even people in the "real world" are producing this rubbish. You can hardly blame slashdot for reporting it.
Using TLS has a benefit in cutting down forgery and making spammers easier to trace, but asking all mail system administrators to set up X.509 certs is a huge amount of work for that small gain. (eg. I'm sending an email to 10 of my friends to ask for sponsorship for a sponsored bungee jump -- how do I tell my ISP's mail server to use entity "ngo" instead of "per", and what are the chances I haven't a clue I'm supposed to do this?)
The Mail Policy Code is a waste of time. Spammers will lie, and a huge proportion of everyone else will get it wrong through carelessness. It's chief benefit would be to help legitimate bulk commercial email (which is difficult to allow through content-based filtering), but I think the future of that kind of communication is in "pull" protocols where the subscriber rather than the publisher controls the subscription. (I outlined a couple of ideas in an earlier comment).
I wouldn't worry too much about pirating. Remember that 99% of those who are using it without paying wouldn't use it if they had to pay.
I think the only way to make money out of shareware is to make it ubiquitous first, then extract the money. Really try aggressively to get it onto people's hard disks. Approaching magazines to put it on cover CDs (ideally reviewing it in the mag as well) seems the obvious way.
Once it's well known, then try to tie it up with registration codes or whatever. People are a lot more likely to pay for shareware if they already believe they can't do without it. If you can't imagine people believing they can't do without your program, give up now. I don't use Windows much, but I've not seen a windows image viewer as good as gqview, so you may be in with a chance.
Of course, you say you want money now, but I don't think that's realistic. It takes time to build market share for any product. You've written a program, but you don't have an employer so you're running your own business. My advice would be to hit the library looking for books on sales and marketing, because all that rambling I've written is really someone who doesn't know what they're talking about, and a lot of people make careers out of knowing how to sell stuff.
I was wondering if anyone would bring this up. The "wall" business doesn't ring any bells with me, but SCO's idea of what constitutes "evidence" looks a bit less odd when set against "the testimony of the eight witnesses" and so on.
Probably it's stretching a point a bit, though not as much as the Economist does comparing the case to the SCOpes trial.
Presumably this means if you don't want to cough up $699/cpu to SCO, all you have to do is become a Linux Company!
For sale: Linux CD's (Debian 2.1 CD1 only). 10 delivery included, anywhere in Central Luton. Outside Central Luton, please email webmaster@127.0.0.1 for extortionate postal rates.
Red Hat's case has a few counts. Count I is "Declaratory Judgment of Noninfringement of Copyrights". They can only get this declaratory judgement if they show that "an actual controversy exists" (para. 73)
Count II is similar, but with respect to trade secrets not copyright.
Counts III - VII are for libel, unfair trade practices etc. and can run on their own whether SCO plans on suing or not.
The cheap razor / expensive blade analogy is often used with respect to game consoles, but there is an important difference: A razor (without the blade) really is just a cheap piece of plastic (or metal) with a clip on the end.
So in the razor industry, no strange or clever marketing is going on. The manufacturers sell cheap-to-manufacture holders for cheap prices, and expensive-to-manufacture blades for expensive prices. That's all.
With game consoles (or inkjet printers, for that matter), the situation is a bit different. The makers can choose to sell consoles or printers at loss leader prices, and games or ink cartridges at inflated prices, but they must then keep on guard against third parties taking advantage of their loss leaders by undercutting the consumables, which is a familiar story to us.
The one thing that's really new and unique about Linux is that the chatter of developers is in public. That's brought the problem that end-users overhear it and get confused about it.
The parent poster, who is probably quite intelligent and keen to learn, is therefore confused between Red Hat, which is a product he can pick up and use, and Gnome, which is a component included in Red Hat, and which if he were a developer he could take and build into products of his own.
I'm deliberately using the word "developer" in a very broad sense, and some of you may be thinking "You don't need to be a developer to pick a different desktop environment", but that is just an indication of how easy the development process has been made by the Open Source method. It's still worth distinguishing between the things you need to do to run your system, and the things you can do if you want to dip your toe into the ocean of system development.
This is a marketing issue -- I think it's mostly up to the distributors to emphasise the end user products they are selling and try to separate them in the media from the components that they have assembled the products from. In some ways it is a good thing that some user thinks they are running "Linux version 7.1", however much our hair stands up when we hear it.
Very interesting. But he didn't promise anything: he even claimed to be speaking hypothetically.
This could be interpreted as just trying to inflate the value of his patent. "Not only will I screw vast $$$ out of MSFT, I will then also be in a position to auction technical leadership in the browser market to the highest bidder."
That gives me an idea. Perhaps there's an opening in the market for a company that takes the source code written by the numerous free software authors, and compiles them all together in a way that makes sure that they all run together without problems.
That way, your mom, and people like her, wouldn't have to worry about compiler compatibility and stuff like that, they would just get a CD or set of CDs with an operating system that worked!
Do you think anyone would go for a setup like that?
The part I find interesting is that 61% of their revenue came from something other this little adventure. Maybe they caught a windfall in SCOForum cancellation fees.
Re:Message from http://www.budgetlinuxcds.com
on
Mandrake 9.2 RC1
·
· Score: 2, Interesting
How is it any more an advert than the main story itself, which is an advert for Mandrake?
Slashdot frequently runs stories about new products of interest, from gadgets to applications. Both Mandrake's new release, and budgetlinuxcds copies of it fall into this category
SPEWS in no way denies that what it is doing is harmful- check their page, they INTEND it to be harmful, they want to scare people into submission. They are Terrorists.
Now wait a second. I'm on your side, I'm anti-SPEWS. I've never (to my knowledge) had outgoing mail blocked, but I hate the idea that my ISP might stop a message reaching me because SPEWS doesn't like the sender's netblock.
But refusing incoming email messages isn't terrorism. It isn't even a crime. In my book, it's bad service, but unless you've got a contract that says differently it's not even defective service.
The answer is not to rant about "terrorism", but to advertise the idea that consumers should make sure that some "spam filtering" service provided to them by the ISP that they pay money to isn't following an agenda beyond just blocking messages reasonably determined to be unwanted.
How many profitable, wealth-creating, job-creating companies use software?
How many profitable, wealth-creating, job-creating companies sell software?
If software becomes much cheaper, because more software can work from public free code bases, how many companies do better and how many companies do worse?
As an application programmer for, say, a bank, what is the effect of cheaper infrastructure software on my job security? If the projects being considered for me to work on become cheaper does that make them more likely or less likely to be approved?
If you work for Microsoft, you have my sympathy, but there are more of us than there are of you. Capitalism isn't about producing products, it's about producing products for customers, and when something else comes along that's better for the customer, his benefit outweighs the loss to the producer whose product no longer meets the need.
Boycotting mail from spam-friendly ISPs may "work" in that it makes life harder for spammers, but it doesn't work for the poor end user who is losing mail from contacts with "unlucky" IP addresses
Central to SPEWS success was the pretence that it was providing a service to its users, when in fact it was providing a service to the internet at large at the expense of its users.
The end result was that dedicated admins and advisors would force or trick people to bear this cost, who would not have chosen to do so if they knew what was going on.
Incidentally, another good reason for relying on local block lists is that all centralised blocking lists - either DNSBL or per-message like Razor - are vulnerable to deliberate spoofing by third parties who want to deny particular email.
Slashdot Mirror
This is a sensible direction to go in. Legitimate bulk email needs to move to a model where the subscriber rather than the publisher controls the subscription, and RSS is one such system.
The problem at the moment is the low spread of RSS clients/viewers (I have never even seen one).
Another subscriber-controlled method of publication would be for each subscriber to have a mailbox on the publisher's system, accessible with POP3 (or IMAP or even NNTP).
This has the advantage that it is workable with today's email clients that everybody already has -- you just add a new POP server and username into your client config.
It is not ideal with most modern clients, but it works, and the clients can easily be enhanced to make it easier to add another subscription and have the messages dropped into your main mailbox for viewing.
In that case I'm happily compliant with your new master plan, since the first MTA that gets the message is exim running on my debian box, and it knows perfectly well that it's me sending the message - in fact it rewrites the From: address from andrew@ to andrew@.
I'm not sure how that helps anyone else, mind, as the next step is my ISP, and it's only going to be aware that my mail is coming from an MTA and not a client if it bothers to look at the Received: headers.
In short, I think you need to think this through more fully, or at least explain yourself better. Maybe you could write a journal entry on the subject? (I do believe you're on the right lines.)
I just checked the RFC, because this is important.
RFC2822 just says
As you say, the world is changing, but have you any reference to some document saying it is now expected that the From: header of a message should represent the sender's mailbox on the system the message was sent from? I'm quite willing to adapt if there's a genuine move in this direction.The AMTP RFC says nothing about the sender of the mail at all. It is concerned solely with authenticating the mail server.
My understanding was that the envelope sender should be checked by the MTA, not the header fields
What we really need is a pay-per-message system. It would work just like mobile phones: you buy "credit" from your ISP, it doesn't get topped up until they've actually seen the money, and it goes down each time you send a message.
Lots of people suggest this. It's too expensive to run. Already for domestic landline telephony, the cost of billing is a significant proportion of the total cost even for postpay. Prepay is considerably more expensive to run. (I used to work on telephone billing software).
The system would be awash with fraud, as well.
The certificate isn't meant to prove that the sender isn't a spammer, it's only meant to prove that the sender really is the owner of the domain. The CA's are theoretically capable of checking this: that's how https works a well.
That said, this is rather pointless as the reverse DNS can be checked anyway. It makes the domain owner a little more traceable, but not much.
As far as revoking is concerned, the idea is not so much that certificates of spammers will be revoked as that domain names of spammers will be blocked using block lists. Again, this is a negligible advance on the current (highly unsatisfactory) system of DNSBLs.
The certificate authenticates the MTA passing on the message, not the sender. Many people send out mail with a "From:" address quite independent of the network originating the message; I do myself.
Absolutely right, but this time it's not "coming up on slashdot", even people in the "real world" are producing this rubbish. You can hardly blame slashdot for reporting it.
Using TLS has a benefit in cutting down forgery and making spammers easier to trace, but asking all mail system administrators to set up X.509 certs is a huge amount of work for that small gain. (eg. I'm sending an email to 10 of my friends to ask for sponsorship for a sponsored bungee jump -- how do I tell my ISP's mail server to use entity "ngo" instead of "per", and what are the chances I haven't a clue I'm supposed to do this?)
The Mail Policy Code is a waste of time. Spammers will lie, and a huge proportion of everyone else will get it wrong through carelessness. It's chief benefit would be to help legitimate bulk commercial email (which is difficult to allow through content-based filtering), but I think the future of that kind of communication is in "pull" protocols where the subscriber rather than the publisher controls the subscription. (I outlined a couple of ideas in an earlier comment).
What next? RAID-5 using a stack of 8 inch floppies?
Too late
I wouldn't worry too much about pirating. Remember that 99% of those who are using it without paying wouldn't use it if they had to pay.
I think the only way to make money out of shareware is to make it ubiquitous first, then extract the money. Really try aggressively to get it onto people's hard disks. Approaching magazines to put it on cover CDs (ideally reviewing it in the mag as well) seems the obvious way.
Once it's well known, then try to tie it up with registration codes or whatever. People are a lot more likely to pay for shareware if they already believe they can't do without it. If you can't imagine people believing they can't do without your program, give up now. I don't use Windows much, but I've not seen a windows image viewer as good as gqview, so you may be in with a chance.
Of course, you say you want money now, but I don't think that's realistic. It takes time to build market share for any product. You've written a program, but you don't have an employer so you're running your own business. My advice would be to hit the library looking for books on sales and marketing, because all that rambling I've written is really someone who doesn't know what they're talking about, and a lot of people make careers out of knowing how to sell stuff.
I was wondering if anyone would bring this up. The "wall" business doesn't ring any bells with me, but SCO's idea of what constitutes "evidence" looks a bit less odd when set against "the testimony of the eight witnesses" and so on.
Probably it's stretching a point a bit, though not as much as the Economist does comparing the case to the SCOpes trial.
Presumably this means if you don't want to cough up $699/cpu to SCO, all you have to do is become a Linux Company!
For sale: Linux CD's (Debian 2.1 CD1 only). 10 delivery included, anywhere in Central Luton. Outside Central Luton, please email webmaster@127.0.0.1 for extortionate postal rates.
Sorry, screwed up the link
Red Hat's case has a few counts. Count I is "Declaratory Judgment of Noninfringement of Copyrights". They can only get this declaratory judgement if they show that "an actual controversy exists" (para. 73)
Count II is similar, but with respect to trade secrets not copyright.
Counts III - VII are for libel, unfair trade practices etc. and can run on their own whether SCO plans on suing or not.
The cheap razor / expensive blade analogy is often used with respect to game consoles, but there is an important difference: A razor (without the blade) really is just a cheap piece of plastic (or metal) with a clip on the end.
So in the razor industry, no strange or clever marketing is going on. The manufacturers sell cheap-to-manufacture holders for cheap prices, and expensive-to-manufacture blades for expensive prices. That's all.
With game consoles (or inkjet printers, for that matter), the situation is a bit different. The makers can choose to sell consoles or printers at loss leader prices, and games or ink cartridges at inflated prices, but they must then keep on guard against third parties taking advantage of their loss leaders by undercutting the consumables, which is a familiar story to us.
The one thing that's really new and unique about Linux is that the chatter of developers is in public. That's brought the problem that end-users overhear it and get confused about it.
The parent poster, who is probably quite intelligent and keen to learn, is therefore confused between Red Hat, which is a product he can pick up and use, and Gnome, which is a component included in Red Hat, and which if he were a developer he could take and build into products of his own.
I'm deliberately using the word "developer" in a very broad sense, and some of you may be thinking "You don't need to be a developer to pick a different desktop environment", but that is just an indication of how easy the development process has been made by the Open Source method. It's still worth distinguishing between the things you need to do to run your system, and the things you can do if you want to dip your toe into the ocean of system development.
This is a marketing issue -- I think it's mostly up to the distributors to emphasise the end user products they are selling and try to separate them in the media from the components that they have assembled the products from. In some ways it is a good thing that some user thinks they are running "Linux version 7.1", however much our hair stands up when we hear it.
Very interesting. But he didn't promise anything: he even claimed to be speaking hypothetically.
This could be interpreted as just trying to inflate the value of his patent. "Not only will I screw vast $$$ out of MSFT, I will then also be in a position to auction technical leadership in the browser market to the highest bidder."
That gives me an idea. Perhaps there's an opening in the market for a company that takes the source code written by the numerous free software authors, and compiles them all together in a way that makes sure that they all run together without problems.
That way, your mom, and people like her, wouldn't have to worry about compiler compatibility and stuff like that, they would just get a CD or set of CDs with an operating system that worked!
Do you think anyone would go for a setup like that?
As the Halloween IX authors are keen to point out, HP make more money out of Linux than IBM do.
In business terms, that is called "commitment"
The part I find interesting is that 61% of their revenue came from something other this little adventure. Maybe they caught a windfall in SCOForum cancellation fees.
They were still selling Linux at that point.
It'll make you go blind.
How is it any more an advert than the main story itself, which is an advert for Mandrake?
Slashdot frequently runs stories about new products of interest, from gadgets to applications. Both Mandrake's new release, and budgetlinuxcds copies of it fall into this category
SPEWS in no way denies that what it is doing is harmful- check their page, they INTEND it to be harmful, they want to scare people into submission. They are Terrorists.
Now wait a second. I'm on your side, I'm anti-SPEWS. I've never (to my knowledge) had outgoing mail blocked, but I hate the idea that my ISP might stop a message reaching me because SPEWS doesn't like the sender's netblock.
But refusing incoming email messages isn't terrorism. It isn't even a crime. In my book, it's bad service, but unless you've got a contract that says differently it's not even defective service.
The answer is not to rant about "terrorism", but to advertise the idea that consumers should make sure that some "spam filtering" service provided to them by the ISP that they pay money to isn't following an agenda beyond just blocking messages reasonably determined to be unwanted.
As a supporter of capitalism, answer these:
How many profitable, wealth-creating, job-creating companies use software?
How many profitable, wealth-creating, job-creating companies sell software?
If software becomes much cheaper, because more software can work from public free code bases, how many companies do better and how many companies do worse?
As an application programmer for, say, a bank, what is the effect of cheaper infrastructure software on my job security? If the projects being considered for me to work on become cheaper does that make them more likely or less likely to be approved?
If you work for Microsoft, you have my sympathy, but there are more of us than there are of you. Capitalism isn't about producing products, it's about producing products for customers, and when something else comes along that's better for the customer, his benefit outweighs the loss to the producer whose product no longer meets the need.
Boycotting mail from spam-friendly ISPs may "work" in that it makes life harder for spammers, but it doesn't work for the poor end user who is losing mail from contacts with "unlucky" IP addresses
Central to SPEWS success was the pretence that it was providing a service to its users, when in fact it was providing a service to the internet at large at the expense of its users.
The end result was that dedicated admins and advisors would force or trick people to bear this cost, who would not have chosen to do so if they knew what was going on.
Incidentally, another good reason for relying on local block lists is that all centralised blocking lists - either DNSBL or per-message like Razor - are vulnerable to deliberate spoofing by third parties who want to deny particular email.