My only problem with this is that I have alot of users coming from behind a corporate firewall, thus on top level examination, they appear to be coming from the same address. Session id's and cookies can obviously spoofed. I'd LOVE to implement an ip limit to password requests, but I feel I'd be locking out alot of users -- anyone have any good suggestions for this?
That's a very interesting theoretical point, and the biometric issue is very insightful.
In practice, regarding emails, I'm not sure how real a threat it is -- Even though someone may "know" my email address, they won't have access to my email? They can send fake email from me, but the don't have my PGP. Aside from be a potential recepient of SPAM, what is the harm to me that someone knows my email address?
Leaving unsolicted email out of the equation for a moment, your email address HAS to be known by people -- how else can they send you email? I fully support the idea of disposable by date emails and disposable by # of messages received emails, ala Spamgourmet. I think that sort of email management (whitelists, disposable addresses, etc) is a more fruitful way to deal with things. IMHO, changing your "real" email address should not be quite so casual. I'd rather see people defend/protect their email addresses rather than abandon them. I know some are lost -- but SPAM hasn't become THAT overwhelming yet has it? I have an email address that I've used for 10 years (crap I'm old), and I've been pretty wise about it -- and I'm pleased to say I get VERY little spam to it. I do use it for my login on Amazon, some other merchants I really trust. I've stopped using it on my domain registrations, instead using a 20 email limit filter on those, which I do occasionally refill or change.
You're 1--% right though that this is one of the cons that has to be weighed into the equation. Differrent people are going to need different things, and their weighings will have different results
I assume you're talking about Hotmail, who I know has a pretty rigorous expiration policy. Are you telling me that when they expire an account, they then recycle the name???
I can't believe that's true, even of MSFT -- email addresses should NEVER be reused. Even at my old company where we used "bad" email addresses like "dan@mycompany.com," even if dan left, we'd never reissue that email address, even if it was the new CEO. you just can't do that!
I would however be somewhat concerned about expiring DOMAINS. For example, if I let the mycompany.com domain slip/expire, then someone definitely could set that up, and get ALL the email sent to anyone at mydomain.com. But that's a different problem I think.
ok, I'm adding one more thing -- if an email address does not exist (I get a user does not exist message from the recieving mail server) I'll store that for 24 hours too. Doesn't do much for the "I accept it all" email servers, but it's something.
I'm sure this is going to degenerate into a "are emails good to use for login" battle (we've certainly hashed this out in our office several time), so I thought I'd start the Pros/Cons list here
pros for using email as login:
guaranteed unique, though you'd be a fool to not have check.
users forget it slightly less
you have to send verification/password anyway
cons for using email as login:
What if a user has more than one email address?
Email addresses make reasonable unique keys, but slow indexes, especially since many are very similar
users may use disposable email addresses and suddenly you cannot contact them
After reading the article, I've just adjusted my registration page (on my work site, not on sportsdot, my perl ain't what it should be) to not give the "pick another account name" if a user tries to register and existing email address. Both success and failure now go to the "Your password has been mailed to." I send either a success or "this account is already in use" message to the email address. I also stuck on a 3 registration attempts per day per email address whether success or failure to prevent me from inadvertantly spamming.
On March 30, 1950, the Oxford University Press published Xaipe (pronounced Kyereh, almost rhyming with fiery). The publication caused what his biographer calls "the most unpleasant controversy Cummings ever provoked". In it he says that "kike[s]" are "the most dangerous / machine as yet invented". Although he explained that he had no intention to insult Jews, he received criticism from his supporters and enemies alike.
That Apple/Palm similarity is not just a coincidence. There are ALOT of people at Palm who were with Apple in the 80s. Well, there were alot of people from Apple. Many of them were driven out -- (as a former Palm employee myself I think as they got rid of only the smart people) but just as Apple drove out, and then returned Jobsto great success, I believe Jeff Hawkins will have the same prodigal son type affect on Palm
sometimes you have to seperate the art from the artist. e.e. cummings ended up saying some really nasty things, but his poetry is amazing. We should apply the same license to others we meet -- there *is* a difference between the art and the artist.
Re:Glad I'm not a Californian anymore
on
Tinfoil Hat House
·
· Score: 1
I have to agree with Intellij nods -- they are the best. I have been using Intellij from 3.x on. When we moved to 4, I reevaluated everything. When we moved to 5 I reevaluated again -- so I've used them all recently. If the price point is not an issue -- and it should not be be, because Intellij saves at least 1 hours a week per developer -- then Intellij is the clear winner. IF price IS an issue -- examine Intellij from it's feature standpoint. Get the demo version. Write something cool in it. Check out all the refactoring options the menu. Look at the "reformat code before checkin" option. Look at the excellent compatibility with Version Control. Then think about all that and look at the price again.
the one caveat I'll give is that I don't use make any gui programs -- just CLI, Web and server stuff.
Ease up. Expressing a countrary opinion does not make one anti-American. I disagree with his statement that you can't sue the gov't, and actually agree with you. Your point is really weakened by your juvenile 1st two sentences, and it makes it difficult to be on your side.
Your links are great examples though -- they are the only thing that stopped me from modding you a troll, and inspired me to post instead.
What needs to happen is someone needs to sue the Patent Office for negligence. There must be some case out there where it can be shown that the USPTO's negligence in issuing patents so casually has caused some company monetary damages. If a city can be held liable because of damages caused by a pot hole or a supermarket because of floors being slippery, or McDonalds for coffee being too hot, can't we hold the USPTO responsible for issuing patents for which there is BLATANT prior art? I don't mean this as a rhetorical question. Why is the USPTO never held accountable?
Hit them in the pocketbook. It's the only sort of censure a government office understands.
Texas lost *a* game Germany 2-0. I don't see anywhere that says that it was the championship game. As an insider, are you saynig Texas did not play Dortmund at all?
from the article...In order to receive a complimentary copy of Windows XP Professional, customers must first file a confidential piracy report, hand over the fraudulent media and provide Microsoft with a proof of purchase...
And there is the rub. If you downloaded/borrowed a copy and installed that way -- too bad. I have no idea what the numbers are of people who bought an illegal copy of windows -- but a quick survey in my office shows that 100% of the people here who have an "illegal" copy of windows, either downloaded it or got a disk from someone, or used the call up and claim you have a new harddrive to install from a XP disk. I'm actually wondering who buys a copy of windows for $10 and thinks it's legit. And if you're buying it for $10 to save money, why wouldn't you just get it for free like everyone else?
So really, MSFT is looking for the idiots who were selling windows on the street and issuing receipts. Does anyone think this is a significant numbner of people?
http://www.ietf.org/internet-drafts/draft-delany-d omainkeys-base-02.txt
Here's the short version. You generate public/private keys. You enter the public key in your DNS record as a txt record formated "just so" (as in the specification). Then your outbound mail has to have a DomainKey-Signature header, again formatted "just so". Specific Implementation is now left as an exercise to the reader -- though I can imagine someone sticking this into James pretty quickly.
I don't think of email as "bullet proof" but I do have a *special* email address that sends to my cellphone. For those REALLY critical things. I don't rely on it alone for critical things -- like weather alerts when I'm sailing, but in the absence of any thing else, it's one good way to get notified about stuff. Of course, I use Spamgourmet to protect the address.
I used to get filtered out by a few places -- mainly because I send from a Comcast owned IP address, and SPEWS although well intentioned, is monolithic and draconian, and flags ALL comcast IP addresses. I'm not complaining (too much) -- drastic times called for drastic measures. However, since I implemented Domain Keys (and probably more importantly since Yahoo! implemented it) I have not had a "your server is bad" email bounce.
What everyone seems to be missing is now that Sony can now sell all sorts of items "illegally" (ie outside of their store) and then defraud all the black market customers by not providing their end of the bargain. If the customer complains, Sony can say "see, you should be trading at the legal store." By creating a high enough incidence of fraud in the black market, they'll drive everyone to the "legal" market. They can ruin a company like IGE by selling all sorts of fraudulent things.
Heck, if I was Sony, I'd sell version of things that had a life span of 2 days or so. Sell them on IGE with whatever logins they need. Or don't even do that. Sell/buy legit items on IGE, and then "follow" the sold item around. Whomever takes posession -- wipe their account.
Please note, I'm not advocating these things, it's just what I think Sony will do to drive all the external business to their market.
Well, I suspect that if they ar able to handle the traffic of a MMORPG, they may be able to be REASONABLY confident of their ability to have a replicated database and restore from a crash. I mean, if banks can do online banking, I suspect that handling transactions for a RPG should be doable.
...the two nations should put aside their historic rivalries...
I can't help but think that it is no coincidence that this is going on at the same time as anti-japanese riots in Japan. Seems like China is pulling out the stops to truly become the dominant Asian power.
Wow -- I have a feeling you're trolling but I'll bite. People don't listen to Howard Stern because he breaks the rules. People listen to him because he's FUNNY, and frequently insightful. Whether or not they'll pay $10/month to listen to him is another question, and we'll just have to wait and see -- but I do know that the radio industry is full of people who missed on on huge opportunities by betting against Howard Stern.
Slashdot Mirror
My only problem with this is that I have alot of users coming from behind a corporate firewall, thus on top level examination, they appear to be coming from the same address. Session id's and cookies can obviously spoofed. I'd LOVE to implement an ip limit to password requests, but I feel I'd be locking out alot of users -- anyone have any good suggestions for this?
`email` varchar(255) NOT NULL,
as the primary key. How the database then deals with that is an internal issue. I agree with you, best practice is to use something like :
`emailHash` bigint NOT NULL,
In practice, regarding emails, I'm not sure how real a threat it is -- Even though someone may "know" my email address, they won't have access to my email? They can send fake email from me, but the don't have my PGP. Aside from be a potential recepient of SPAM, what is the harm to me that someone knows my email address? Leaving unsolicted email out of the equation for a moment, your email address HAS to be known by people -- how else can they send you email? I fully support the idea of disposable by date emails and disposable by # of messages received emails, ala Spamgourmet. I think that sort of email management (whitelists, disposable addresses, etc) is a more fruitful way to deal with things. IMHO, changing your "real" email address should not be quite so casual. I'd rather see people defend/protect their email addresses rather than abandon them. I know some are lost -- but SPAM hasn't become THAT overwhelming yet has it? I have an email address that I've used for 10 years (crap I'm old), and I've been pretty wise about it -- and I'm pleased to say I get VERY little spam to it. I do use it for my login on Amazon, some other merchants I really trust. I've stopped using it on my domain registrations, instead using a 20 email limit filter on those, which I do occasionally refill or change.
You're 1--% right though that this is one of the cons that has to be weighed into the equation. Differrent people are going to need different things, and their weighings will have different results
I can't believe that's true, even of MSFT -- email addresses should NEVER be reused. Even at my old company where we used "bad" email addresses like "dan@mycompany.com," even if dan left, we'd never reissue that email address, even if it was the new CEO. you just can't do that!
I would however be somewhat concerned about expiring DOMAINS. For example, if I let the mycompany.com domain slip/expire, then someone definitely could set that up, and get ALL the email sent to anyone at mydomain.com. But that's a different problem I think.
ok, I'm adding one more thing -- if an email address does not exist (I get a user does not exist message from the recieving mail server) I'll store that for 24 hours too. Doesn't do much for the "I accept it all" email servers, but it's something.
pros for using email as login:
- guaranteed unique, though you'd be a fool to not have check.
- users forget it slightly less
- you have to send verification/password anyway
cons for using email as login:After reading the article, I've just adjusted my registration page (on my work site, not on sportsdot, my perl ain't what it should be) to not give the "pick another account name" if a user tries to register and existing email address. Both success and failure now go to the "Your password has been mailed to ." I send either a success or "this account is already in use" message to the email address. I also stuck on a 3 registration attempts per day per email address whether success or failure to prevent me from inadvertantly spamming.
On March 30, 1950, the Oxford University Press published Xaipe (pronounced Kyereh, almost rhyming with fiery). The publication caused what his biographer calls "the most unpleasant controversy Cummings ever provoked". In it he says that "kike[s]" are "the most dangerous / machine as yet invented". Although he explained that he had no intention to insult Jews, he received criticism from his supporters and enemies alike.
Make of it what you will.
That Apple/Palm similarity is not just a coincidence. There are ALOT of people at Palm who were with Apple in the 80s. Well, there were alot of people from Apple. Many of them were driven out -- (as a former Palm employee myself I think as they got rid of only the smart people) but just as Apple drove out, and then returned Jobsto great success, I believe Jeff Hawkins will have the same prodigal son type affect on Palm
sometimes you have to seperate the art from the artist. e.e. cummings ended up saying some really nasty things, but his poetry is amazing. We should apply the same license to others we meet -- there *is* a difference between the art and the artist.
Looks like many of us will be joining you in New Hampshire.
the one caveat I'll give is that I don't use make any gui programs -- just CLI, Web and server stuff.
It took me the better part of an hour to find a good copy of Office 2003 yesterday.
kidding!!! I'm kidding
Your links are great examples though -- they are the only thing that stopped me from modding you a troll, and inspired me to post instead.
Hit them in the pocketbook. It's the only sort of censure a government office understands.
http://sports.espn.go.com/sports/news/story?id=205 7311
and (the exact same story) on the Robocup official site: http://www.robocup-us.org/press.html
Texas lost *a* game Germany 2-0. I don't see anywhere that says that it was the championship game. As an insider, are you saynig Texas did not play Dortmund at all?
Articles...Read Them.
And there is the rub. If you downloaded/borrowed a copy and installed that way -- too bad. I have no idea what the numbers are of people who bought an illegal copy of windows -- but a quick survey in my office shows that 100% of the people here who have an "illegal" copy of windows, either downloaded it or got a disk from someone, or used the call up and claim you have a new harddrive to install from a XP disk. I'm actually wondering who buys a copy of windows for $10 and thinks it's legit. And if you're buying it for $10 to save money, why wouldn't you just get it for free like everyone else?
So really, MSFT is looking for the idiots who were selling windows on the street and issuing receipts. Does anyone think this is a significant numbner of people?
http://james.apache.org/
http://www.ietf.org/internet-drafts/draft-delany-d omainkeys-base-02.txt
Here's the short version. You generate public/private keys. You enter the public key in your DNS record as a txt record formated "just so" (as in the specification). Then your outbound mail has to have a DomainKey-Signature header, again formatted "just so". Specific Implementation is now left as an exercise to the reader -- though I can imagine someone sticking this into James pretty quickly.
I don't think of email as "bullet proof" but I do have a *special* email address that sends to my cellphone. For those REALLY critical things. I don't rely on it alone for critical things -- like weather alerts when I'm sailing, but in the absence of any thing else, it's one good way to get notified about stuff. Of course, I use Spamgourmet to protect the address.
I used to get filtered out by a few places -- mainly because I send from a Comcast owned IP address, and SPEWS although well intentioned, is monolithic and draconian, and flags ALL comcast IP addresses. I'm not complaining (too much) -- drastic times called for drastic measures. However, since I implemented Domain Keys (and probably more importantly since Yahoo! implemented it) I have not had a "your server is bad" email bounce.
Heck, if I was Sony, I'd sell version of things that had a life span of 2 days or so. Sell them on IGE with whatever logins they need. Or don't even do that. Sell/buy legit items on IGE, and then "follow" the sold item around. Whomever takes posession -- wipe their account.
Please note, I'm not advocating these things, it's just what I think Sony will do to drive all the external business to their market.
Well, I suspect that if they ar able to handle the traffic of a MMORPG, they may be able to be REASONABLY confident of their ability to have a replicated database and restore from a crash. I mean, if banks can do online banking, I suspect that handling transactions for a RPG should be doable.
Stripper Jeopardy -- hot or not -- Hollywood Squares, etc. Daniel J Carver's racist movie reviews. These things are brilliant.
I can't help but think that it is no coincidence that this is going on at the same time as anti-japanese riots in Japan. Seems like China is pulling out the stops to truly become the dominant Asian power.
Wow -- I have a feeling you're trolling but I'll bite. People don't listen to Howard Stern because he breaks the rules. People listen to him because he's FUNNY, and frequently insightful. Whether or not they'll pay $10/month to listen to him is another question, and we'll just have to wait and see -- but I do know that the radio industry is full of people who missed on on huge opportunities by betting against Howard Stern.