You complain about bounces, but this system does not verify the envelope from, and therefor will not prevent all those bounces.
Yeah, but it would give people a reason to reject the email properly as being invalid rather than bouncing it. This in turn would turn the spammers away from using my domain, so in the end I stop getting bounces (the bounces aren't really the problem, it's the fact my domain name is being maligned).
A spammer who can get an account on your system (think Yahoo here), can send email to another account they control. They then have an email with your signed hash on it, which they can resend all they want.
Ah yes, very good. Hadn't thought of that, had I... I did think about checksuming headers too of course that's always problematic and would ultimately suffer from the same. Back to thinkign some more...
Mailing lists, some email forwarding services, and other systems will add information to both the body and headers of a message. MicroSoft Exchange servers store emails in an internal format and recreate the heasers when they forward it on. *poof*, you now have an invalid hash.
I knew some systems did, but figured they'd just not use the system, and then (over time) as people start to adopt the system en-masse then such systems would be under pressure to change the way they work (change "from" and re-sign or drop those shitty sigs etc.) or find people avoiding them.
Hashing and then using public key encryption to sign the emails is fairly expensive. The keys that you would look up in DNS are going to be fairly large. All-in-all, this is a fairly expensive proposal, and it doesn't really solve any problems.
It is, but like I say, if you're willing to use it you get the benefits but it doesn't hurt you if you choose not to. And I doubt overall that it's that expensive compared to all the other costs of spam and filtering: DNS lookups are cheap especially as large organisations proxy and cache DNS lookups.
I think #2 is the killer, but I appreciate your other points.
I also thought about reverse-MX schemes (and seem to remember looking at SPF and seeing they'd thought about it even more) but wondered how I'd cope given that my IP may change frequently and DNS propoagtes more slowly, but I can't predict what IP I'll get next from the DHCP server, and similar problems.
My idea for reducing spam by at least getting rid of a whole load of joe-jobbing would be to let people announce how to verify emails from them (I've received something like 50,000 bounces as a result of some spammer sending mails from hijacked machines claiming to be from [random-word]@schmerg.com).
I own all email sent from schmerg.com, so I add a (new type of) DNS record of my public key, and then every email that I send I add a header "X-WonderSchemeEncyrptedChecksum" with the value of the SHA-1 checksum of that message's body as sent, encrypted with my corresponding private key.
If your mail system doesn't know about this, nothing changes, but if you DO know about the scheme, then whenever you receive an email you do a DNS lookup on the sender's domain. If that domain has no key listed, then you're none the wiser, but if they DO have a key listed (and here my domain schmerg.com does) then you can safely reject any emails that don't have the new header, or where decrypting the checksum fails to match the body.
This way an organisation can still add their crappy sigs or whatever, and then sign all their email, and spammers will learn not to use that domain in their From address.
Big ISPs and people like HotMail can sign all the email their users send thru their system, and we start to reduce the ability of spammers to have false From addresses. If you want to send email claiming to be from a domain protecting itself in this way, you have to send it thru that domain at some point (or know the private key yourself).
It's nowhere near a complete solution to spam, but it makes life harder for spammers (and phishers and the rest), and it rewards those willing to make the effort without punishing those who don't.
To get round various implementation issues you'd probably want to add multiple keys to your DNS record and then describe which one you were using for each email (so you can rotate keys, or use different keys for different locations, and phase out old keys regularly if you're Hotmail.com or similar), but DNS propagation, caching and lookup is a given on today's internet.
If you can't be bothered checking the identity of the sender you don't have to, but if you want to (and you can afford the DNS lookup and the cycles to checksum the message etc.), then you can.
Dunno if any of you have looked at Office 2003 files saved as XML but I was remarkably impressed - none of this hacky big blocks of CDATA like previous versions, but a remarkably clean and easy to read layout Word for example includes (with regards to your first extract [0008]) the spec of the areas that the spell checker has doubts about (ie spell check region "start" and "end" tags so that a spell check doesn't have to nest layout blocks). All the other stuff you'd expect (page layout settings, named styles, document properties) are laid out very clearly, but I was surprised to see the essentially transitory spell check information, but Word now also seems to store details of where it has performed auto-correct (changing "teh" to "the" etc.) and I guess they're saving that info to the XML too...
I've not got my O2003 machine here, but can post some sample XML on Monday, or maybe someone else could....
Longhorn WinFS directory is just another rencarnation of the Cairo object orientated file system.
Yeah, that's why I said "long promised" - the difference between the last 10 years and now is that WinFS is in the Longhorn beta which is available to developers (oh, and WinFS is a lot better thought thru, it doesn't replace the file system, it sits above it).
Longhorn will no doubted slip, but I think WinFS will ship (look at the direction Office and SharePoint are moving) if (and this was the question I was asking) people think it'll be a useful way to store their data, but will the Microsoft patents around Office's XML storage scare developers away ? What message does it send to ISVs ?
Could these moves by MS damage perceptions and acceptance of WinFS ?
WinFS is the long-promised "replace the user-data parts of the filesystem with an RDBMS" feature, and a key part of Longhorn. It basically lets you register an XML schema for describing your data, and the data is then stored not as XML but broken down into a relational database (see also GnomeFS).
One of the concerns people have with WinFS is "but then any other program could fiddle around with the individual records of what I store, how do I hide stuff or stop them making my 'files' inconsistent by screwing up or deleting individual records" - and if MS want to patent some aspect of their getting Office ready for this, does it mean we're all supposed to patent our XML before we stick into WinFS ??
IBM did this with one of their Aptivas, but nobody seemed to care.
So they did, and I see Sony split out some of the gubbins of their towers into a seperate box - so I guess you're right and no-one else is really that concerned.
You could just put a USB2 hub and a DVD drive (in an external USB2 case) on your desk, with a beige box on the floor....
Yep, but I wouldn't be getting the benefit of a smaller beige box on the floor with optimised airflow and without a whole load of drive bays etc. or the easy access firewire and audio connectors and power and reset buttons but yes, it's something I've considered (or at least wondered why no-one is selling it yet)...
I've been wondering why nobody's yet making a nice 2 (or 3) part case design, where I put CD/DVD-Rom drives into a small desktop case which also has all those "front end" connectors (ie USB, firewire, media slots) and a reset button and power on/off buttons, and then put the rest of the gubbins into a small box to sit under the desk (or in a cupboard etc.) so you can optimise the airflow and cooling for the CPU. I suppose AGP and PCI slots would go in the "not-seen" box, and the hard disks could go in either.
I can see why no one did this before (maximum length of IDE cables, keyboard cables etc.), but surely with USB standardising the keyboard/mouse style connectors and with firewire (and maybe serial ATA) standardising high-bandwidth connections for the media devices you can easily seperate these boxes by say 2 or 3 metres of a chunky combined cable, and then I can put the hot'n'noisy bits in one place and keep the peripherals I need to access near my keyboard/mouse/display...
If you provided 2 external power bricks for the two different parts, you can manage the power demands for each section independently, and with a bit of thought you'd have a nice docking station concept for those who want to move a machine between home and work... but the big win is that I have a nice desktop box that looks smaller than a shuttle but quite a bit smaller and with much less cooling required (so it's quiet).
Yeah, mini-ITX and a Cyrix processor, but I want it all (AGP 8x, Athlon 64, big disks etc)...
I'd stick with the advice of others re: do it with just a decent router, and don't bother with traffic shaping etc.
Here in the UK the best value small routers I've found are the Draytek range, sold by Seg, and quite highly reviewed.
The 2600G should be all you need for 179 quid (199 including a card of your own ), it does wired and wireless, the firewall is solid, and if you end up needing to filter you can do so quite easily.
Plus the user forums show that whilst there is the odd glitch and imperfection, but at least you can find other UK users to help when your ISP goes a bit weird.
I have no connection with them, but I'm a happy user of their products in the UK
This is like ranking projects based on largest number of lines of code.
Hooray, thought no-one would say it !
It's like measuring commerce sites by value - I designed and built a system that could probably claim to be the world's largest online marketplace (executed more $ value of trades in it's first 2 weeks than ebay have done in 5 years, and has now executed more $3 trillion in less than a year) - but I'm guessing the software, hardware, complexity and management is a fair bit smaller than the equivalent ebay systems.
So in the UK we've had number portability for a few years, and it's been fine for me. I rang my provider last month and simply asked for a PAC code (the code that lets you move your number to a different provider) - I didn't threaten to cancel, or query a bill, I just asked for a PAC code....
I instantly got some smooth bloke asking "is there a problem sir", who (now that he's been prompted) took the time to look at my 5 years of usage and had the authority to offer me
Free phone upgrade up to 300 quid ($500)
Change my tariff to a custom package to fit my recent history of call + SMS usage
Discount the monthly fee for that tariff by 60%
So, I was paying to much before (aren't we all), but they didn't worry too much as they knew the number was valuable to me, now I don't have to get shirty or threaten to close my account, I just ask for a PAC code and I have some leverage...
I don't want my friends' Outlook 2003 to destroy all the e-mail I send just because I run my own sendmail
I've been thinking about this and I don't think it's that bad. If you use your ISP's mail account, then you upload all your mail to their (authenticating) SMTP server, hence the domain name matches, but if you want to run your own sendmail you just do so with your own domain, and for that domain you register (cf MX records) that authentic SMTP servers to originate the email are your sendmail machine, and any other valid relay you use.
The real problem with this tho is that on receiving an email you have to do a lot of work (lookup sender's DNS records, look for valid originating servers, look back along Received headers to check that a valid originating server is present and... oh... here's the doozy... make sure those Received headers are valid and not spoofed).
As I've complained about before, some spammer has infected a few hundred broadband-connected machines with a trojan like SubSeven, and is using them to send spam using my domain name as a spoofed From address - so I've been getting loads of bounces for several months now, and there's very little I can do other than contact the ISP of the infected machine and complain.
I don't think my life would be noticeably different if the Internet were 100% secure tomorrow
Just because you personally aren't suffering from security problems right now means a secure internet wouldn't appear to change things much, but wait until you've been hit with a security related problem that wasted a week of time / lost you $1,000 / lost you your job / destroyed your credit rating / etc. - suddenly a secure internet becomes much more appealing.
I don't want to sound like I'm being harsh on you, but compare your statement to an extreme like "I don't think immortality is a big thing - I mean, I've been alive 35 years and I haven't died yet..."
If your ISP used authenticated SMTP then the bots would'nt work. Of course they could try to sniff auth info, at which point some encryption would be your friend.
My ISP does authenticate - the problem is the poor schmuck who's machine has been infected... and I take it the trojan does something like automate Outlook to send the mails via that (or read the settings from Outlook and connect direct) , so it's sent via the infected user's ISP and (authenticated) SMTP server - it's just that the headers are false....
Never touches any of my systems until I get the bounce message from some spam target with problems...
The problem is that SMTP servers, even if they authenticate the user, don't validate the header fields, so From: headers et al can be spoofed, and blackhole lists won't work when thousands of machines can be adopted into a spam sending scheme.
Until we get to the stage of doing a form of backwards MX lookup (ie "this email claims to be from domain X, reject it unless I am the MX source for X and this user has authenticated, or the email has, at some stage prior to me, come thru a mailer that is a valid source of domain X") then this kind of spoof is going to be exploited - and the check above is pretty expensive.
I quite like the idea of this greylisting, but it seems a lot of spam is nowadays being sent as DSPAM (cf DDOS) or Distributed Spam. A spammer infects a load of broadband machines with a simple trojan, and then calls upon a number of the trojans to send an email spam via that machines normal MTA (ie for most windows machines it uploads to the ISPs mail servers).
I know this is happening as some complete bastard seems to be doing this using my domain as a "From:" address (well, [random-word]@schmerg.com), meaning that I'm been getting about 30 or 40 bounce messages a day for the last 2 or 3 months now. And although the odd sending IP is repeated, mostly they're all from different IP addresses. And of course I'm getting perfectly valid looking bounce messages from perfectly reasonable companies (and only a couple of abusive replies so far).
Now the problem is that the email is being uploaded to thier (non-open-relay) ISP's mailserver that will retry properly, and anyone else looking at the IP address will see a perfectly reasonable IP (the spammer seems to gave infected a lot of AT+T customers, ComCast customers, etc.). So short of blocking spam on subject, this spam is harder to prevent in the first place.
I've semi-automated a process to report the infected machines (that provoked a bounce message) to the appropriate ISP, and seem to havign some success in getting the ISPs to contact their customers, but I think this new form of spamming using a distributed attack will be particularly hard to block.
Anyone with a great idea (or who knows more about this scheme, or the identity of the twat behind it) I'd love to hear from you...
Even if this first move by the UK government comes to not very much, it's an encouraging sign that parts of the government is becoming aware of the problem and has at least expressed an interest in resolving it.
This stance at least sends a message to companies who so far have had a broad tolerance to spam (cable ISPs who don't care about security, companies running open relays, etc.) - I honestly believe they often have this "it's not important" attitude out of pure ignorance.
Governements saying "this matters" may encourage a few of them to pick up their act. Piece by piece we will make a move towards a more securable mail infrastructure - it won't happen overnight, it won't happen by bigh bang, it'll come small step by small step, and as such moves like this should be neither ridiculed nor raved about, but gently welcomed and encouraged.
The quote from Goslins article/interview IMHO tries to say that computer programs are often more complex coded then the problem they try to solve requires.
And where does it say that ? Nowhere - you're taking something that you know and reading it into a quote that doesn't say it. Judge the article not by what you already think, but by what it says, and you'll find it says nothing, but flatters the reader. Now take Brook's argument about the essential and accidental complexity of software (that I alluded to originally), the causes, the complexity of the problem and that of the solution, and you get some insight into complexity in software. Not just some glib statement.
And great, Gosling has the idea "things could be better" - but the article shows very little of value other than a "gee-whiz wouldn't it be nice if all the complexity just vanished".
The fact that a number of people read into it things that it doesn't say, and some people say "it must be deep because I don't understand it", implies that it's typical marketing speak - ie techno-babble.
Until he produces something more concrete than "wouldn't it be good" then he has nothing, and definitely nothing new (and bandying around technical speak to fake depth of thought isn't goign to hide it). Lots of other people have followed this logic, and then realised if it was that mechanical then the compilers would be doing it already. Let me say it again - the real insight into refactoring comes from looking at problems again, not from looking at low levels of code.
Funny, that/. - ers pick a single sentence of an article out of context, make a laugh about it, and then declare the whole article, not only the singel sentence to be techno brabble:-)
So nice of you to generalise about me again...
I'm not declaring the article techno-babble on the basis of a single laugh, I'm calling it as techno-babble of which the only parts written to be easily accessible are truisms - a classic bit of marketing spin to flatter middle management and generate "gee isn't he smart" reactions in techies with an interest in the subject.
Neither is the quote dumb nor is the article techno-babble.
Hmm, lets take the quote which makes people laugh out loud (why do you think they do that - is it because they think it's a statement of genius ??)....
Complexity is in many ways just evil. Complexity makes things harder to understand, harder to build, harder to debug, harder to evolve, harder to just about everything.
So, he says, complexity is hard. Well, that's a truly deep insight. Can you see anything else of value in this quote - I can't. And this is talking to programmers - who (I think) may already have arrived at the viewpoint that "complexity is hard" when they wrote their very first program how ever many years ago that was. So, the statement is banal - you could say it was dumb because it says nothing, or you could say it's dumb because it's essential a tautology.
And if refactoring consists of nothing more than renaming methods amd renaming variables, well then you may want to think that Gosling is a genius. And you would be welcome to do so, but me, I think that's junk, and any amount of putting big words into describing it is just trying to make something trivial appear specialist.
Me, I've been refactoring code since before it was called refactoring - and the big wins do NOT come from re-arranging the syntactic deckchairs when the monolithic ship is sinking, they come from going back to analysing the original problem, comparing the problem as it stands now, seeing what tools and code you have that can be re-used, and then changing the core to reflect the new situation.
So when you've finished telling me what I think, consider (c) - I'm interested in the area, and understand the article, but think it adds nothing of value.
If you want to reply, please try and do so without telling me what I think, what I know or what I don't know... arguments and discussions I quite enjoy, but patronising me sort of pisses me off.
I don't understand you. Does that mean I have to kill you?
I should think I deserve to be shot for quoting a crappy line from a Genesis song... so yeah, come on round.... I'll put the kettle on and you can kill me after coffee...
Hardly. What he's saying there is (to expand a little), when code becomes too complicated, it becomes hard to understand, and thus people waste a lot of time trying (and often failing at first) to debug, evolve etc.
I meant the article was techno-babble. The selected quote (that made me and others laugh) was just plain banal: "complexity is complex" - gee whiz, James, why not say "good is good and bad is bad" - the point is that complexity the fundamental problem we're attempting to manage. If that's as deep as his thoughts on complexity get,then his later thoughts on managing it are going to be ill-founded.
I'm surprised you find the quoted sentence at all controversial, or "techno-babble." Or perhaps you mean the rest of the article was technobabble. I couldn't comment on that, since I'm not expert enough to understand all of it - and I doubt you are either.
The quoted sentence was just dumb. The rest of the article was techno-babble. And I'm sorry I haven't convinced you of my right to comment on it, but I stand by my statement.
You seem to be setting up a strawman here.
Not really, I was laughing at a moronic statement, and taking the piss out of someone trying to fake depth by obfuscation. He gave the interview - he made statements in public to try and sell something.
And when you've finished deciding what I ignored and what you think I'm allowed to understand, maybe you'd like to re-read the article and see if it has any use, or shows any signs of intelligence.
As a Slashdot thread on a programming language progresses, the probability of someone claiming that "Lisp already does that" approaches unity.
If I had mod points I'd mark you up as funny - but have you read and grokked the Meta Object Protocol ?? Because much as I hate Lisp at the lower syntactic levels, I keep on finding that features I like in other languages were actually present in the MOP and similar. That's not to say that other languages don't present the ideas in better and easier-to-use ways, but it still pisses me off that those beardie-weirdie Lisp blokes had already thought of it so much earlier...
We kill what we fear, and we fear what we don't understand....
"Complexity is in many ways just evil. Complexity makes things harder to understand, harder to build, harder to debug, harder to evolve, harder to just about everything." -- Gosling
Software entities are more complex for their size than perhaps any other human construct because no two parts are alike. If they are, we make the two similar parts into a subroutine - - open or closed. In this respect, software systems differ profoundly from computers, buildings, or automobiles, where repeated elements abound. -- Fred Brooks, Jr.
Which quote tells you more ? Which quote has more insight ? Which quote came 30 years earlier ?
Here's a clue - complexity in software doesn't usually vanish at some magical point, we just aim to achieve a position where our view of inherent complexity in a problem becomes optimally manageable. As the fundamental point of interest within a problem domain changes over time, so will the optimal viewpoint. The point of re-factoring is to move our viewpoint according to what we want to do now, not what we wanted to do when the code was written.
Gosling is talking techno-babble... tell him to draw a parse tree of any meaning in his jargon.
I don't understand why I can get a Dell laptop that is UXGA, but I can't get a UXGA LCD monitor for my desktop
Part of the problem is that a DVI single channel tops out at 1280 x 1024, so to go above this using DVI requires two channels, which can be done with a standard cable, but is only recently becoming available on retail cards (GeForce 4 Ti4200 and above, ATI 8500 and above, various very expensive workstation graphics cards). Older cards with DVI only have a single channel.
Laptops use proprietary digital connections and specialist graphics cards, so don't suffer the same problem.
So basically, LCD displays with higher resolutions have been limited to analog (yuk at those res) or tellig you to get a specialist card.
On the other hand, I have a nice Iiyama AU4831D 19 inch LCD display running UXGA 1600x1200 - driven by an GeForce 4 Ti 4200, and thanks to nvidia's drivers all this runs fine on Linux and Xfree 4.3.0. Here in the UK, this monitor is now about £650 ($1,000), less than a laptop with a similar res screen.
Slashdot Mirror
You complain about bounces, but this system does not verify the envelope from, and therefor will not prevent all those bounces.
Yeah, but it would give people a reason to reject the email properly as being invalid rather than bouncing it. This in turn would turn the spammers away from using my domain, so in the end I stop getting bounces (the bounces aren't really the problem, it's the fact my domain name is being maligned).
A spammer who can get an account on your system (think Yahoo here), can send email to another account they control. They then have an email with your signed hash on it, which they can resend all they want.
Ah yes, very good. Hadn't thought of that, had I... I did think about checksuming headers too of course that's always problematic and would ultimately suffer from the same. Back to thinkign some more...
Mailing lists, some email forwarding services, and other systems will add information to both the body and headers of a message. MicroSoft Exchange servers store emails in an internal format and recreate the heasers when they forward it on. *poof*, you now have an invalid hash.
I knew some systems did, but figured they'd just not use the system, and then (over time) as people start to adopt the system en-masse then such systems would be under pressure to change the way they work (change "from" and re-sign or drop those shitty sigs etc.) or find people avoiding them.
Hashing and then using public key encryption to sign the emails is fairly expensive. The keys that you would look up in DNS are going to be fairly large. All-in-all, this is a fairly expensive proposal, and it doesn't really solve any problems.
It is, but like I say, if you're willing to use it you get the benefits but it doesn't hurt you if you choose not to. And I doubt overall that it's that expensive compared to all the other costs of spam and filtering: DNS lookups are cheap especially as large organisations proxy and cache DNS lookups.
I think #2 is the killer, but I appreciate your other points.
I also thought about reverse-MX schemes (and seem to remember looking at SPF and seeing they'd thought about it even more) but wondered how I'd cope given that my IP may change frequently and DNS propoagtes more slowly, but I can't predict what IP I'll get next from the DHCP server, and similar problems.
Thanks
--
T
My idea for reducing spam by at least getting rid of a whole load of joe-jobbing would be to let people announce how to verify emails from them (I've received something like 50,000 bounces as a result of some spammer sending mails from hijacked machines claiming to be from [random-word]@schmerg.com).
I own all email sent from schmerg.com, so I add a (new type of) DNS record of my public key, and then every email that I send I add a header "X-WonderSchemeEncyrptedChecksum" with the value of the SHA-1 checksum of that message's body as sent, encrypted with my corresponding private key.
If your mail system doesn't know about this, nothing changes, but if you DO know about the scheme, then whenever you receive an email you do a DNS lookup on the sender's domain. If that domain has no key listed, then you're none the wiser, but if they DO have a key listed (and here my domain schmerg.com does) then you can safely reject any emails that don't have the new header, or where decrypting the checksum fails to match the body.
This way an organisation can still add their crappy sigs or whatever, and then sign all their email, and spammers will learn not to use that domain in their From address.
Big ISPs and people like HotMail can sign all the email their users send thru their system, and we start to reduce the ability of spammers to have false From addresses. If you want to send email claiming to be from a domain protecting itself in this way, you have to send it thru that domain at some point (or know the private key yourself).
It's nowhere near a complete solution to spam, but it makes life harder for spammers (and phishers and the rest), and it rewards those willing to make the effort without punishing those who don't.
To get round various implementation issues you'd probably want to add multiple keys to your DNS record and then describe which one you were using for each email (so you can rotate keys, or use different keys for different locations, and phase out old keys regularly if you're Hotmail.com or similar), but DNS propagation, caching and lookup is a given on today's internet.
If you can't be bothered checking the identity of the sender you don't have to, but if you want to (and you can afford the DNS lookup and the cycles to checksum the message etc.), then you can.
--
Tim
Dunno if any of you have looked at Office 2003 files saved as XML but I was remarkably impressed - none of this hacky big blocks of CDATA like previous versions, but a remarkably clean and easy to read layout Word for example includes (with regards to your first extract [0008]) the spec of the areas that the spell checker has doubts about (ie spell check region "start" and "end" tags so that a spell check doesn't have to nest layout blocks). All the other stuff you'd expect (page layout settings, named styles, document properties) are laid out very clearly, but I was surprised to see the essentially transitory spell check information, but Word now also seems to store details of where it has performed auto-correct (changing "teh" to "the" etc.) and I guess they're saving that info to the XML too...
I've not got my O2003 machine here, but can post some sample XML on Monday, or maybe someone else could....
Longhorn WinFS directory is just another rencarnation of the Cairo object orientated file system.
Yeah, that's why I said "long promised" - the difference between the last 10 years and now is that WinFS is in the Longhorn beta which is available to developers (oh, and WinFS is a lot better thought thru, it doesn't replace the file system, it sits above it).
Longhorn will no doubted slip, but I think WinFS will ship (look at the direction Office and SharePoint are moving) if (and this was the question I was asking) people think it'll be a useful way to store their data, but will the Microsoft patents around Office's XML storage scare developers away ? What message does it send to ISVs ?
Could these moves by MS damage perceptions and acceptance of WinFS ?
WinFS is the long-promised "replace the user-data parts of the filesystem with an RDBMS" feature, and a key part of Longhorn. It basically lets you register an XML schema for describing your data, and the data is then stored not as XML but broken down into a relational database (see also GnomeFS).
The PDC bloggers and MS internal staff are writing extensively about WinFS - especially Mike Deem.
One of the concerns people have with WinFS is "but then any other program could fiddle around with the individual records of what I store, how do I hide stuff or stop them making my 'files' inconsistent by screwing up or deleting individual records" - and if MS want to patent some aspect of their getting Office ready for this, does it mean we're all supposed to patent our XML before we stick into WinFS ??
IBM did this with one of their Aptivas, but nobody seemed to care.
...
So they did, and I see Sony split out some of the gubbins of their towers into a seperate box - so I guess you're right and no-one else is really that concerned.
Oh well... thanks
You could just put a USB2 hub and a DVD drive (in an external USB2 case) on your desk, with a beige box on the floor....
...
Yep, but I wouldn't be getting the benefit of a smaller beige box on the floor with optimised airflow and without a whole load of drive bays etc. or the easy access firewire and audio connectors and power and reset buttons but yes, it's something I've considered (or at least wondered why no-one is selling it yet)
Cheers
I've been wondering why nobody's yet making a nice 2 (or 3) part case design, where I put CD/DVD-Rom drives into a small desktop case which also has all those "front end" connectors (ie USB, firewire, media slots) and a reset button and power on/off buttons, and then put the rest of the gubbins into a small box to sit under the desk (or in a cupboard etc.) so you can optimise the airflow and cooling for the CPU. I suppose AGP and PCI slots would go in the "not-seen" box, and the hard disks could go in either.
...
I can see why no one did this before (maximum length of IDE cables, keyboard cables etc.), but surely with USB standardising the keyboard/mouse style connectors and with firewire (and maybe serial ATA) standardising high-bandwidth connections for the media devices you can easily seperate these boxes by say 2 or 3 metres of a chunky combined cable, and then I can put the hot'n'noisy bits in one place and keep the peripherals I need to access near my keyboard/mouse/display
If you provided 2 external power bricks for the two different parts, you can manage the power demands for each section independently, and with a bit of thought you'd have a nice docking station concept for those who want to move a machine between home and work... but the big win is that I have a nice desktop box that looks smaller than a shuttle but quite a bit smaller and with much less cooling required (so it's quiet).
Yeah, mini-ITX and a Cyrix processor, but I want it all (AGP 8x, Athlon 64, big disks etc)...
I'd stick with the advice of others re: do it with just a decent router, and don't bother with traffic shaping etc.
Here in the UK the best value small routers I've found are the Draytek range, sold by Seg, and quite highly reviewed.
The 2600G should be all you need for 179 quid (199 including a card of your own ), it does wired and wireless, the firewall is solid, and if you end up needing to filter you can do so quite easily.
Plus the user forums show that whilst there is the odd glitch and imperfection, but at least you can find other UK users to help when your ISP goes a bit weird.
I have no connection with them, but I'm a happy user of their products in the UK
This is like ranking projects based on largest number of lines of code.
Hooray, thought no-one would say it !
It's like measuring commerce sites by value - I designed and built a system that could probably claim to be the world's largest online marketplace (executed more $ value of trades in it's first 2 weeks than ebay have done in 5 years, and has now executed more $3 trillion in less than a year) - but I'm guessing the software, hardware, complexity and management is a fair bit smaller than the equivalent ebay systems.
I thought this was news for nerds, not Top Trumps
--
T
I instantly got some smooth bloke asking "is there a problem sir", who (now that he's been prompted) took the time to look at my 5 years of usage and had the authority to offer me
- Free phone upgrade up to 300 quid ($500)
- Change my tariff to a custom package to fit my recent history of call + SMS usage
- Discount the monthly fee for that tariff by 60%
So, I was paying to much before (aren't we all), but they didn't worry too much as they knew the number was valuable to me, now I don't have to get shirty or threaten to close my account, I just ask for a PAC code and I have some leverage...I don't want my friends' Outlook 2003 to destroy all the e-mail I send just because I run my own sendmail
... oh ... here's the doozy... make sure those Received headers are valid and not spoofed).
I've been thinking about this and I don't think it's that bad. If you use your ISP's mail account, then you upload all your mail to their (authenticating) SMTP server, hence the domain name matches, but if you want to run your own sendmail you just do so with your own domain, and for that domain you register (cf MX records) that authentic SMTP servers to originate the email are your sendmail machine, and any other valid relay you use.
The real problem with this tho is that on receiving an email you have to do a lot of work (lookup sender's DNS records, look for valid originating servers, look back along Received headers to check that a valid originating server is present and
As I've complained about before, some spammer has infected a few hundred broadband-connected machines with a trojan like SubSeven, and is using them to send spam using my domain name as a spoofed From address - so I've been getting loads of bounces for several months now, and there's very little I can do other than contact the ISP of the infected machine and complain.
I don't think my life would be noticeably different if the Internet were 100% secure tomorrow
Just because you personally aren't suffering from security problems right now means a secure internet wouldn't appear to change things much, but wait until you've been hit with a security related problem that wasted a week of time / lost you $1,000 / lost you your job / destroyed your credit rating / etc. - suddenly a secure internet becomes much more appealing.
I don't want to sound like I'm being harsh on you, but compare your statement to an extreme like "I don't think immortality is a big thing - I mean, I've been alive 35 years and I haven't died yet..."
If your ISP used authenticated SMTP then the bots would'nt work. Of course they could try to sniff auth info, at which point some encryption would be your friend.
My ISP does authenticate - the problem is the poor schmuck who's machine has been infected... and I take it the trojan does something like automate Outlook to send the mails via that (or read the settings from Outlook and connect direct) , so it's sent via the infected user's ISP and (authenticated) SMTP server - it's just that the headers are false....
Never touches any of my systems until I get the bounce message from some spam target with problems...
The problem is that SMTP servers, even if they authenticate the user, don't validate the header fields, so From: headers et al can be spoofed, and blackhole lists won't work when thousands of machines can be adopted into a spam sending scheme.
Until we get to the stage of doing a form of backwards MX lookup (ie "this email claims to be from domain X, reject it unless I am the MX source for X and this user has authenticated, or the email has, at some stage prior to me, come thru a mailer that is a valid source of domain X") then this kind of spoof is going to be exploited - and the check above is pretty expensive.
--
T
I quite like the idea of this greylisting, but it seems a lot of spam is nowadays being sent as DSPAM (cf DDOS) or Distributed Spam. A spammer infects a load of broadband machines with a simple trojan, and then calls upon a number of the trojans to send an email spam via that machines normal MTA (ie for most windows machines it uploads to the ISPs mail servers).
I know this is happening as some complete bastard seems to be doing this using my domain as a "From:" address (well, [random-word]@schmerg.com), meaning that I'm been getting about 30 or 40 bounce messages a day for the last 2 or 3 months now. And although the odd sending IP is repeated, mostly they're all from different IP addresses. And of course I'm getting perfectly valid looking bounce messages from perfectly reasonable companies (and only a couple of abusive replies so far).
Now the problem is that the email is being uploaded to thier (non-open-relay) ISP's mailserver that will retry properly, and anyone else looking at the IP address will see a perfectly reasonable IP (the spammer seems to gave infected a lot of AT+T customers, ComCast customers, etc.). So short of blocking spam on subject, this spam is harder to prevent in the first place.
I've semi-automated a process to report the infected machines (that provoked a bounce message) to the appropriate ISP, and seem to havign some success in getting the ISPs to contact their customers, but I think this new form of spamming using a distributed attack will be particularly hard to block.
Anyone with a great idea (or who knows more about this scheme, or the identity of the twat behind it) I'd love to hear from you...
--
T
Even if this first move by the UK government comes to not very much, it's an encouraging sign that parts of the government is becoming aware of the problem and has at least expressed an interest in resolving it.
This stance at least sends a message to companies who so far have had a broad tolerance to spam (cable ISPs who don't care about security, companies running open relays, etc.) - I honestly believe they often have this "it's not important" attitude out of pure ignorance.
Governements saying "this matters" may encourage a few of them to pick up their act. Piece by piece we will make a move towards a more securable mail infrastructure - it won't happen overnight, it won't happen by bigh bang, it'll come small step by small step, and as such moves like this should be neither ridiculed nor raved about, but gently welcomed and encouraged.
All IMHO
The quote from Goslins article/interview IMHO tries to say that computer programs are often more complex coded then the problem they try to solve requires.
/. - ers pick a single sentence of an article out of context, make a laugh about it, and then declare the whole article, not only the singel sentence to be techno brabble :-)
And where does it say that ? Nowhere - you're taking something that you know and reading it into a quote that doesn't say it. Judge the article not by what you already think, but by what it says, and you'll find it says nothing, but flatters the reader. Now take Brook's argument about the essential and accidental complexity of software (that I alluded to originally), the causes, the complexity of the problem and that of the solution, and you get some insight into complexity in software. Not just some glib statement.
And great, Gosling has the idea "things could be better" - but the article shows very little of value other than a "gee-whiz wouldn't it be nice if all the complexity just vanished".
The fact that a number of people read into it things that it doesn't say, and some people say "it must be deep because I don't understand it", implies that it's typical marketing speak - ie techno-babble.
Until he produces something more concrete than "wouldn't it be good" then he has nothing, and definitely nothing new (and bandying around technical speak to fake depth of thought isn't goign to hide it). Lots of other people have followed this logic, and then realised if it was that mechanical then the compilers would be doing it already. Let me say it again - the real insight into refactoring comes from looking at problems again, not from looking at low levels of code.
Funny, that
So nice of you to generalise about me again...
I'm not declaring the article techno-babble on the basis of a single laugh, I'm calling it as techno-babble of which the only parts written to be easily accessible are truisms - a classic bit of marketing spin to flatter middle management and generate "gee isn't he smart" reactions in techies with an interest in the subject.
Neither is the quote dumb nor is the article techno-babble.
Hmm, lets take the quote which makes people laugh out loud (why do you think they do that - is it because they think it's a statement of genius ??)....
Complexity is in many ways just evil. Complexity makes things harder to understand, harder to build, harder to debug, harder to evolve, harder to just about everything.
So, he says, complexity is hard. Well, that's a truly deep insight. Can you see anything else of value in this quote - I can't. And this is talking to programmers - who (I think) may already have arrived at the viewpoint that "complexity is hard" when they wrote their very first program how ever many years ago that was.
So, the statement is banal - you could say it was dumb because it says nothing, or you could say it's dumb because it's essential a tautology.
And if refactoring consists of nothing more than renaming methods amd renaming variables, well then you may want to think that Gosling is a genius. And you would be welcome to do so, but me, I think that's junk, and any amount of putting big words into describing it is just trying to make something trivial appear specialist.
Me, I've been refactoring code since before it was called refactoring - and the big wins do NOT come from re-arranging the syntactic deckchairs when the monolithic ship is sinking, they come from going back to analysing the original problem, comparing the problem as it stands now, seeing what tools and code you have that can be re-used, and then changing the core to reflect the new situation.
So when you've finished telling me what I think, consider (c) - I'm interested in the area, and understand the article, but think it adds nothing of value.
If you want to reply, please try and do so without telling me what I think, what I know or what I don't know... arguments and discussions I quite enjoy, but patronising me sort of pisses me off.
Cheers
--
Tim
I don't understand you. Does that mean I have to kill you?
I should think I deserve to be shot for quoting a crappy line from a Genesis song... so yeah, come on round.... I'll put the kettle on and you can kill me after coffee...
Hardly. What he's saying there is (to expand a little), when code becomes too complicated, it becomes hard to understand, and thus people waste a lot of time trying (and often failing at first) to debug, evolve etc.
,then his later thoughts on managing it are going to be ill-founded.
I meant the article was techno-babble. The selected quote (that made me and others laugh) was just plain banal: "complexity is complex" - gee whiz, James, why not say "good is good and bad is bad" - the point is that complexity the fundamental problem we're attempting to manage. If that's as deep as his thoughts on complexity get
I'm surprised you find the quoted sentence at all controversial, or "techno-babble." Or perhaps you mean the rest of the article was technobabble. I couldn't comment on that, since I'm not expert enough to understand all of it - and I doubt you are either.
The quoted sentence was just dumb. The rest of the article was techno-babble. And I'm sorry I haven't convinced you of my right to comment on it, but I stand by my statement.
You seem to be setting up a strawman here.
Not really, I was laughing at a moronic statement, and taking the piss out of someone trying to fake depth by obfuscation. He gave the interview - he made statements in public to try and sell something.
And when you've finished deciding what I ignored and what you think I'm allowed to understand, maybe you'd like to re-read the article and see if it has any use, or shows any signs of intelligence.
As a Slashdot thread on a programming language progresses, the probability of someone claiming that "Lisp already does that" approaches unity.
If I had mod points I'd mark you up as funny - but have you read and grokked the Meta Object Protocol ?? Because much as I hate Lisp at the lower syntactic levels, I keep on finding that features I like in other languages were actually present in the MOP and similar. That's not to say that other languages don't present the ideas in better and easier-to-use ways, but it still pisses me off that those beardie-weirdie Lisp blokes had already thought of it so much earlier...
We kill what we fear, and we fear what we don't understand....
--
Ditto.
"Complexity is in many ways just evil. Complexity makes things harder to understand, harder to build, harder to debug, harder to evolve, harder to just about everything." -- Gosling
Software entities are more complex for their size than perhaps any other human construct because no two parts are alike. If they are, we make the two similar parts into a subroutine - - open or closed. In this respect, software systems differ profoundly from computers, buildings, or automobiles, where repeated elements abound. -- Fred Brooks, Jr.
Which quote tells you more ? Which quote has more insight ? Which quote came 30 years earlier ?
Here's a clue - complexity in software doesn't usually vanish at some magical point, we just aim to achieve a position where our view of inherent complexity in a problem becomes optimally manageable. As the fundamental point of interest within a problem domain changes over time, so will the optimal viewpoint. The point of re-factoring is to move our viewpoint according to what we want to do now, not what we wanted to do when the code was written.
Gosling is talking techno-babble... tell him to draw a parse tree of any meaning in his jargon.
But I like the moon.
Whereas we like tha moon
I was just glad to see rathergood get an award ("weird" category) - I've been singing I like tha moon for weeks now...
I don't understand why I can get a Dell laptop that is UXGA, but I can't get a UXGA LCD monitor for my desktop
Part of the problem is that a DVI single channel tops out at 1280 x 1024, so to go above this using DVI requires two channels, which can be done with a standard cable, but is only recently becoming available on retail cards (GeForce 4 Ti4200 and above, ATI 8500 and above, various very expensive workstation graphics cards). Older cards with DVI only have a single channel.
Laptops use proprietary digital connections and specialist graphics cards, so don't suffer the same problem.
So basically, LCD displays with higher resolutions have been limited to analog (yuk at those res) or tellig you to get a specialist card.
On the other hand, I have a nice Iiyama AU4831D 19 inch LCD display running UXGA 1600x1200 - driven by an GeForce 4 Ti 4200, and thanks to nvidia's drivers all this runs fine on Linux and Xfree 4.3.0. Here in the UK, this monitor is now about £650 ($1,000), less than a laptop with a similar res screen.
--
T