I can see if the e-mails I got claiming to be from my mother are really signed by her computer or not.
Which is the problem with the whole idea of trusted computing. What if your mom got herself a new computer? What if you upgrade your system?
The problem with TCPA and the likes is that it's tied to the system and not to the user. If you get a new system all your protected content is just so many gigs of useless bits.
Catastrophic hardware failures do happen, and would be even more catastrophic if the data is hardwired for a particular system.
Since SCO has stated that they consider the GPL null and void as well as in voilation of the consitution, copyright law and whatnot, SCO has effectively said they will not comply with the terms of the GPL.
Since the GPL is the only permission they have for distributing the software--since it's not in the public domain--they are no longer allowed to distribute any software that has been released under that license unless permission has been specifically sought and granted.
Like principles, licenses are not things you can disregard just because you don't like them.
If you uses standards compliant XHTML and CSS, you're much more likely to end up with a site that is readable in Lynx/Links than if you used oldschool HTML. This is because you can arrange things in a much more logical fashion in the markup since it doesn't contain the actual layout, which is imported from the CSS file.
This particular dead horse gets dug up way too often for it to be even moderately funny. Debian Stable may be old, but it's exactly that, with backports whenever security flaws are found. Excellent choice for production servers that absolutely have to stay up 24/7/365.
For people who use Debian on workstations, Testing or Unstable are much better choices, since they are kept nicely up to date. Testing contains the proven packages from unstable, which in turn isn't at all unstable except for the occasional dependency instability.
That's why you take matters into your own hands. IE 5.something and on does indeed have fully working support for PNGs with alpha channels.
Sure, it takes two short PHP functions or equivalent to get it working--one to identify IE on Windows and the other to create the image tag--but with that short step done I don't have to worry about it.
The advantage to this is that I can use the full spectrum of features in the PNG format, yet have my site rendered virtually identical in IE, Gecko, Opera and a bunch of other browsers on vastly separate platforms without any other special tweaks. That's what modern standards are for.
Just looking for an interesting argument. Obviously this isn't it.
In any event, if you meant that if--say--mutt or pine became as ubuquitous as Outlook, that crackers around the world would start finding security holes in them that would allow malformed messages to execute arbitrary code (wait, doesn't the kernel these days prevent execution of data even if there would happen to be an unchecked buffer?), and spread on by grepping the address book, why didn't you just say so?
No, they wouldn't, for the simple reason that these clients don't execute attachments or scripts automatically.
Of course, this doesn't prevent people from manually executing attachments even when they get warnings about doing so, but then, that's a problem that doesn't really have anything to do with which mail client people are using.
The sad thing is that when they introduced the "please spam me" feature, it was enabled by default and you had to log in in order to disable it. Which basically meant that for a while most snotmail accounts were publicly advertised.
Many large organizations use different servers for sending e-mail than receiving it. The SMTP servers that send e-mail for an ISP may not be listed on the MX records at all because they don't handle incoming e-mail for the domain.
Valid point. Basically I'm just mindstorming here, so I like the bubblepopping.
By whom? What worldwide authority would you trust to pass judgement on whether a domain was spamming? Would you trust the registrars?
Enough to give them money for my domains.
But challenge/response does not require those changes and I expect that it will be very successful. I was advocating it years before the company that's claiming patent rights on it ever existed.
And how would automated servers handle the sender verification without being bogged down? Or should my mother have to remember to whitelist companies she deals with before any server generated mail is sent?
All valid points, but the thing is that this would only involve the servers themselves. In essence, it could be tied to the DNS system, so that only MXes are allowed to propagate mail with reverse checking to prevent spoofing.
The signing would be part of the domain registration process, providing the registree with a license to propagate mail with their server. If found guilty of spamming, that license could be revoked.
This would of course require fundamental changes in the way the internet is built, but if spam is such an enormous problem (personally I get one or two spams per month without filtering), then maybe it's time for extreme measures?
Since a human being has to follow the simple instructions in the message, that is not a problem. You don't want something that is easily scripted anyway.
And how do you propose this will work with businesses that deal with hundreds or thousands of customers each day? You have to come up with some way to deal with that little problem.
That's a legitimate concern, but one which can be addressed by ISPs creating whitelists of trusted businesses. The businesses, in order to be able to continue getting legitimate e-mail through, will not spam and risk being removed from the list.
And if you have default whitelists, what's to prevent the spammers from forging a whitelisted sender? You could of course build into the new standard that all mail should be GPG/PGP signed, but that's a serious amount of overhead for an automated business server to handle.
I don't think call/response will fly as it's currently designed. I think a system where only servers with certificates are allowed to propagate mail would have a better chance of success.
If a server is found to be propagating spam, it can simply have its license centrally revoked.
You could make it into a system similar to DNS and only allow mail from registered and signed MXes through.
I just stated what the true problem is. I didn't say anything about how both sides of the war have their heads stuck so far up their asses they can't hear the voice of reason.
I have a Fabergé egg in my private collection that you want to have. Therefore you offer to buy it from me.
When I refuse to sell it to you, you smuggle your ACME Copy-Tron into my house and make a perfect copy of it.
Here comes the interesting part. Simply by making a copy of my original egg, you have greatly diminished the value of the original.
Now, let's say you hand out copies to everyone who wants one, and they in turn make more copies which they hand out to their friends. This makes my original nothing more than an interesting piece of decoration.
This is the exact problem facing the media industry today, and which they want to prevent at any cost.
It's all about real-world analogies: A folder holds documents, directories hold references to documents.
Of course, in the real world a file is a folder and not a document. Then again, all documents are files, yet not all files are documents, so I guess the distinction is warranted...
Not to mention it makes life easier for the programmer of the site. There are several cases where slightly different versions of the markup has to be served depending on which browser is used.
This was in fact the way NeXTSTEP was designed. Never made any sense to me unless they assumed their users were left-handed... Using your right hand to operate a widget on the left side of the window seems... Illogical.
Slashdot Mirror
Which is the problem with the whole idea of trusted computing. What if your mom got herself a new computer? What if you upgrade your system?
The problem with TCPA and the likes is that it's tied to the system and not to the user. If you get a new system all your protected content is just so many gigs of useless bits.
Catastrophic hardware failures do happen, and would be even more catastrophic if the data is hardwired for a particular system.
Since SCO has stated that they consider the GPL null and void as well as in voilation of the consitution, copyright law and whatnot, SCO has effectively said they will not comply with the terms of the GPL.
Since the GPL is the only permission they have for distributing the software--since it's not in the public domain--they are no longer allowed to distribute any software that has been released under that license unless permission has been specifically sought and granted.
Like principles, licenses are not things you can disregard just because you don't like them.
You mean something like this? They've been around longer than tablet PCs...
You do realize that AWARD which is used by the vast majority of mobos is owned by Phoenix these days, don't you?
If you uses standards compliant XHTML and CSS, you're much more likely to end up with a site that is readable in Lynx/Links than if you used oldschool HTML. This is because you can arrange things in a much more logical fashion in the markup since it doesn't contain the actual layout, which is imported from the CSS file.
This particular dead horse gets dug up way too often for it to be even moderately funny. Debian Stable may be old, but it's exactly that, with backports whenever security flaws are found. Excellent choice for production servers that absolutely have to stay up 24/7/365.
For people who use Debian on workstations, Testing or Unstable are much better choices, since they are kept nicely up to date. Testing contains the proven packages from unstable, which in turn isn't at all unstable except for the occasional dependency instability.
That's why you take matters into your own hands. IE 5.something and on does indeed have fully working support for PNGs with alpha channels.
Sure, it takes two short PHP functions or equivalent to get it working--one to identify IE on Windows and the other to create the image tag--but with that short step done I don't have to worry about it.
The advantage to this is that I can use the full spectrum of features in the PNG format, yet have my site rendered virtually identical in IE, Gecko, Opera and a bunch of other browsers on vastly separate platforms without any other special tweaks. That's what modern standards are for.
Just looking for an interesting argument. Obviously this isn't it.
In any event, if you meant that if--say--mutt or pine became as ubuquitous as Outlook, that crackers around the world would start finding security holes in them that would allow malformed messages to execute arbitrary code (wait, doesn't the kernel these days prevent execution of data even if there would happen to be an unchecked buffer?), and spread on by grepping the address book, why didn't you just say so?
P.S. M$ doesn't suck, it "acquires".
So how does that fit with your original statement that viruses and worms would start targeting alternative clients if they became wodespread enough?
Could it have something to do with secure defaults vs. secure defaults?
Or just that to become that widespread, they would have to implement exploitable automation features?
No, they wouldn't, for the simple reason that these clients don't execute attachments or scripts automatically.
Of course, this doesn't prevent people from manually executing attachments even when they get warnings about doing so, but then, that's a problem that doesn't really have anything to do with which mail client people are using.
The sad thing is that when they introduced the "please spam me" feature, it was enabled by default and you had to log in in order to disable it. Which basically meant that for a while most snotmail accounts were publicly advertised.
So they were right all along when they said Earth was the center of the universe?
Oh, but I would indeed have lost something. The more copies there are of something, the less valuable it becomes. That's why we have inflation.
(Haven't we discussed this before...?)
Many large organizations use different servers for sending e-mail than receiving it. The SMTP servers that send e-mail for an ISP may not be listed on the MX records at all because they don't handle incoming e-mail for the domain.
Valid point. Basically I'm just mindstorming here, so I like the bubblepopping.
By whom? What worldwide authority would you trust to pass judgement on whether a domain was spamming? Would you trust the registrars?
Enough to give them money for my domains.
But challenge/response does not require those changes and I expect that it will be very successful. I was advocating it years before the company that's claiming patent rights on it ever existed.
And how would automated servers handle the sender verification without being bogged down? Or should my mother have to remember to whitelist companies she deals with before any server generated mail is sent?
All valid points, but the thing is that this would only involve the servers themselves. In essence, it could be tied to the DNS system, so that only MXes are allowed to propagate mail with reverse checking to prevent spoofing.
The signing would be part of the domain registration process, providing the registree with a license to propagate mail with their server. If found guilty of spamming, that license could be revoked.
This would of course require fundamental changes in the way the internet is built, but if spam is such an enormous problem (personally I get one or two spams per month without filtering), then maybe it's time for extreme measures?
Since a human being has to follow the simple instructions in the message, that is not a problem. You don't want something that is easily scripted anyway.
And how do you propose this will work with businesses that deal with hundreds or thousands of customers each day? You have to come up with some way to deal with that little problem.
That's a legitimate concern, but one which can be addressed by ISPs creating whitelists of trusted businesses. The businesses, in order to be able to continue getting legitimate e-mail through, will not spam and risk being removed from the list.
And if you have default whitelists, what's to prevent the spammers from forging a whitelisted sender? You could of course build into the new standard that all mail should be GPG/PGP signed, but that's a serious amount of overhead for an automated business server to handle.
I don't think call/response will fly as it's currently designed. I think a system where only servers with certificates are allowed to propagate mail would have a better chance of success.
If a server is found to be propagating spam, it can simply have its license centrally revoked.
You could make it into a system similar to DNS and only allow mail from registered and signed MXes through.
Who the US put there in the first place...
Did I say that? No, I don't think I did.
I just stated what the true problem is. I didn't say anything about how both sides of the war have their heads stuck so far up their asses they can't hear the voice of reason.
Consider this scenario for a moment:
I have a Fabergé egg in my private collection that you want to have. Therefore you offer to buy it from me.
When I refuse to sell it to you, you smuggle your ACME Copy-Tron into my house and make a perfect copy of it.
Here comes the interesting part. Simply by making a copy of my original egg, you have greatly diminished the value of the original.
Now, let's say you hand out copies to everyone who wants one, and they in turn make more copies which they hand out to their friends. This makes my original nothing more than an interesting piece of decoration.
This is the exact problem facing the media industry today, and which they want to prevent at any cost.
Especially considering that SI is short for the French term "Système International". :P
It's all about real-world analogies: A folder holds documents, directories hold references to documents.
Of course, in the real world a file is a folder and not a document. Then again, all documents are files, yet not all files are documents, so I guess the distinction is warranted...
Not to mention it makes life easier for the programmer of the site. There are several cases where slightly different versions of the markup has to be served depending on which browser is used.
This was in fact the way NeXTSTEP was designed. Never made any sense to me unless they assumed their users were left-handed... Using your right hand to operate a widget on the left side of the window seems... Illogical.