For the embedded reporters, in order to be where they are they had to agree to follow a few common sense rules... some of the most important being that they aren't allowed to report on any future movements they may know of, and that they're never allowed to reveal the exact location of the unit.
These particular phones do just that... transmit the GPS location back to the telecom provider, people outside of the military who have no clearance to be handling such secret info. Yeah, it's likely that the telecom provider can be trusted, but why trust somebody to keep a secret when you can just not tell them the info in the first place?
The exact GPS location of our troops is a military secret, and for a good reason too!
Conversely, having knowledge of more prime numbers also means that new encryption tech can be based on those new theories and enhance privacy. It's kinda a double edge sword...
Write cashing is pretty close to what happens to a programmer. Eventually, you figure out that the best way to wobble that widget involves a 70 line block of code with 3 nested loops...
But that 70 lines likely would equate to 350 "words", so even for the good 50 WPM typer that's gonna take 7 minutes to move from thought to screen. If early during the 7 minutes the programmer is interrupted, that invention might even get lost, and take a good 10 minutes for the programmer to recover the concept.
Re:Move the onus from the recipient to the sender.
on
IETF to Look at Spam
·
· Score: 1
Blacklists become more effective under this scheme because there would be a two chances to apply them after the deed has been done. Once at client-side, and even a chance for the sender-side server to revoke the message before a majority of the victims even know what hit them.
And the problem with PGP is an issue of needing a "root of trust". That is, my PGP key represents me because, uhm, I say so. But that still doesn't give you any information as to whether I can be trusted. Relating the message back to FooBar isn't going to help you much if you never met FooBar. However, if you can relate it to FooBar@aol.com, you would then have the reputation of AOL on the line too, and AOL would have an incentive to keep e-mail originating from its domain spam free.
Re:Move the onus from the recipient to the sender.
on
IETF to Look at Spam
·
· Score: 1
1: This is based on the naive assumption that spammers would use sender-side servers that store a copy of every message sent. It would be a trivial task to create a server to send bogus notifications, then reply with to requests for messages with a dynamically generated message. All it takes is an IP number. That's why this plan would still require blacklists of IP numbers that aren't behaving. The difference now is that spammers would have to have their own server behind that IP address... getting an open relay to do their bidding for them just isn't going to be an opition.
2: It suffers from the same flaw that makes spam a problem with SMTP, a dependence on paranoid sysadmins. It is relatively trivial for a good sysadmin to prevent spam relaying, the problem is the large number of bad sysadmins who don't care. Yes, but now it's much easier to identify servers run by bad sysadmins and nuke them. By putting some authentication into the From: field, you now know for sure that message from Spammer@yahoo.com really passed through Yahoo's hands... and my guess is that's not going to be often.
Right now we're on a receiver pays system because if somebody sends you an e-mail... you're the one responsible for paying somebody to hold that e-mail until you're ready to pick it up. If you were to get 20 MB of e-mail in a day, most ISPs will cut you off.. you won't be able to get any more until you sign on and clear out your mailbox.
If the sender is responsible for keeping a server online and keeping up with the bandwith associated with what they've sent, then they've got to pay for the volume of e-mail they send. Now, if you're a typical user and only send out a handful of e-mails a day, you'll be fine. But if you send an outragous volume of e-mails, it's going to be your disk quota that fills up first and you'll have to retract some of your undelivered e-mail to send more.
The Internet was with base-level protocols that assumed everybody using the network would not abuse the network because they would always have something to lose, their jobs.
Therefore, a base assumption was made that every message sent would be a message the marked recipient would want to get. Clearly, that's not the case once you let untrusted public users onto the network... and DDOSes, Spam, and other unpleasantries result.
Because the spammer server would have to transmit the million payload messages over a course of a few days rather than a hit-and-run instant. The spammer now has the responsilbity of keeping his server online, and can't exactly rely on an somebody who carelessly left open relay anymore.
Moreover, it's likely that in the first few seconds 1000 or so of the million will see that e-mail, identify it as spam, and a few dozen of that 1000 will put that server on multiple blacklists. To the 900,000 remaining people who subscribe to any one of those blacklists, their software drops the notification into the bit bucket, and the payload never makes it.
So now, an attempt to reach 1,000,000 people only connects with 11% of that... and 90% will not even bother with anything more from that sender (be it the username/domain combo or the whole domain depending on the blacklist listing) again until the blacklist operators say otherwise.
Re:Move the onus from the recipient to the sender.
on
IETF to Look at Spam
·
· Score: 2, Insightful
This would likely be made invisible to the user.
When the checking-mail process begins, the client would go to the receive-side server to get the list of notifications received. It would first apply any local filter rules to strike out unacceptable notifications, then go one-by-one to the servers to confirm that they sent the message the notification claims, that the server is still offering the message, and than ask for the message itself.
If the message has been declared spam by the server operator, then the server will intentially pull the message from availablity and essentially vaporize it before it hits a majority of inboxes. Server owners have an incentive to do this... because it'd be extremely easy to add server owners who don't into a local blacklist.
Yeah, a verbose log file can be made available for the geeks that wanna know what happened under the hood, but the average end user wouldn't see the message pop into their Inbox until the message has been sucessfully cleared and transmitted. Once its in the Inbox, it's a local object that the user can do what they want to.
Re:Move the onus from the recipient to the sender.
on
IETF to Look at Spam
·
· Score: 1
1) If a person sees an e-mail in their inbox, then they can read it, and they are happy. Can you imagine the hordes of people who would now see that they got an e-mail, but could not get it for one reason or another? This makes e-mail *seem* fragile. Please explain to my step-father why he can see that he has e-mail, but he cannot read it on the plane. This is not a technical issue, but a psychological one, which is much harder to program around:-)
Just like his e-mail sits on a POP3 server until he downloads it at which point its possible to store it locally if desired. Once the transaction completes, it can still be on his local HD.
2) By what criteria could you filter the email? If you have not received the e-mail, you probably won't have enough information to tell if it is spam or not. The only information that you could go on is what is in the "notice" message. The server on which the the e-mail is stored according to the notice is info enough. If you trust that server, you'll accept that they have already done the spam filtering and canceling for you. If you do not trust that server, you simply ignore all notices from that server. Servers that are ignored by large chunks of the population suddenly become an undesirable place to send from.
Laws might not be able to stop spammers, but protocols have a better shot.
Simply put, it's too easy to create spam over the SMTP protocol. The from, and reply to fields are completely free text, and have no requirement that they must be a reflection of the actual sender of the message.
However, if SMTP were to fall out of favor for a new protocol, that new protocol could start the rules over and require that the server that is named in the from field must confirm that the username provided actually sent the message. Spoofing for the use of spam would then become practically impossible.
Once we have a confirmed from address, it puts a responsiblity to stand behind each e-mail sent through a server. Moreover, once spam use has been detected a really reputable server operator could simply stop authenticating that sender's e-mail.. causing auto deletion before its presented to a user.
If you can't make it illegal, try to make it impossible...
The fundemental diference that protects most communication systems from Spam-like abuse is that the sender is responsible for a majority of the costs of the message. Yeah, there are telemarketers and junk postal mail, but the are seriously limited by the fact that there is a noticiable cost assosciated with each additional message they send. The fact that it costs money to send such communications makes it impractical to bother people with offers with an extremely low reponse rate.
SMTP/POP3 e-mail presently leaves the cost of holding the message during the wait for the intended reader to be available on the receive-side server. The spammer doesn't even have to maintain a constant and consistant Internet connection.
Under the current system, a sender can send 100 MB of messages in an hour without penalty. However, a receiver who gets 100 MB of messages in an hour usually will find any other messages sent to them bouncing.
Requiring the message be held on a sender-side server instead would transfer the costs of sending a large volume of e-mail onto the sender, and therefore discurages the practice better than any law ever could.
Amazon's registration business isn't operational yet... and even if it was they've likely registered Amazon.com for the next 100 years or so with NetSol... why throw away a perfectly good registration, when it's nothing but a geek's trivia question they'd be changing anyway.
Yeah, but Amazon.com's stock actually went up during 2002 from 14.48 to 18.89. There's a 33% return on investment!
See, Amazon isn't a blue chip that decares its profits and then hands it out as dividends. Instead, it invests its profits from profitable lines back into expanding the business. The expansions so far have been mostly sucessful, so they contribute to the value of the company which gets measured in the stock price.
Bottom-line profit is an important metric, but it isn't the only one.
The fact is, it's a miracle of stupidity that Verisign can sell anybody a domain anymore.
It used to be that the price of a domain was $70 for two years, and you got it from Network Solutions. No choice in the matter, NetSol was the only game in town.
Then came the era of competition... but since a domain registration is a domain registration which is always a domain registration, there's really not much difference in what the competitors have to sell. The only differences come in terms of price, and what interfaces they offer for changing your domain.
Verisign's main advantage is that they still have the default renewal rights to those domains that were registered with the old NetSol years ago. No sane person would pick Verisign's registration service if they knew that any of the other full-service registration sites (Register.com, etc.) or the low-cost registration sites (000domains.com, GoDaddy.com, etc.) existed and can renew their domains too. This shows a lot about consumer inertia... letting accepting the auto-renewal at the old price for something whose price has dropped dramatically.
Actually, it's a "Rinse. Wash. Repeat." process. (It's hard to explain this concept on a geek-friendly site, since so many programmers each year have to be rescued from showers after getting caught in that infinite loop on the shampoo bottle.)
As older divisions turn profitable, they are funneling most of those profits into setting up new businesses on their site so that they can repeat and profit again. The result is that the overall operation is hovering around break even, but the value of the stock should theoretically increase because it now represents a bigger company. (Actual stock milage will vary due to the the external factors that send the whole stock market spinning at times.)
Look at Microsoft's breakdowns when they have to file their paperwork. Their domanant businesses of Windows and Office are profitable, but then Microsoft turns around and spends money trying to break into the businesses that it doesn't dominate such as its MSN web properties. Still profitable, but how much more profitable would they be if they gave up the ghost on MSN?
Freedom of the press has always belonged only to those who own a press.
Anybody's allowed to buy a press, pay an ISP to put up a website, put out a DVD, etc. However, getting people to look at your content is up to you, and nobody's required to help you get attention.
These publishers have always decided that they won't publish articles that they don't like, and they've now said out loud that they don't like articles that make them feel like they're giving too much info about things that can be used to harm numbers of people.
"The Industry" getting its act together with voluntary standards before the government comes calling with binding regulations has been a time-tested way of staying out of trouble.
The fact that the MPAA operates a rating system for movies that nearly all theater operators enforce (although many do so very poorly) prevents the governement from even trying to come down with any system of its own.
There won't be an "uncensored version of these journals"... there may be unedited versions of the articles that were submitted to the journals published elsewhere, but those elsewhere's already have a much smaller circulation.
If, suddenly, the Journal of Some-Really-Unimportant-Part-of-the-Human-Body jumps in distribution from 500 readers to 50,000... that's gonna trip an alarm bell somewhere I'd hope.
You seem to have forgotten how these terrorists work.
If they were to establish the Journal of Terror Science, eventually they'd be found out for what they are, and it's likely they've done something (other than publish their magazine) that's illegal because afterall these are terrorists we're talking about. At that point, the Fed would raid the magazine, discover the subscriber list, and then have cause to check into the background of the subscribers, which will likely lead to more terrorists arrested. That's just not gonna work for them.
If, however, one Al Queda friendly "researcher" is able to publish the instructions for how to make a nerve agent next to a flawed solution into how to undo the effects, then the recipe is out for all of the sleeper cells to see, and they have to do nothing more than to get a copy of a magazine at Barnes And Noble... no need to leave their name, and plenty of normal people who also bought the same magazine for other reasons to create overwhelming noise in the datastream anyway.
I don't think anybody's going to be ignorant of the risks certain things can present... they just want to limit the number of people who know how to create those problems to a need-to-know basis.
Then they told us that publishing scientific information that contradicted the administration could not be published and I did not protest.
Wait a second... what story did you read?
The story here is that a bunch of science journals have decided that they aren't going to publish things that give too much information to somebody who has evil thoughts in mind.
The Bush Administration didn't ask for this, and this has nothing to do with whether or not the administration likes the information... Washington isn't involved in this story at all!
The idea is simple... if the journal publishers don't like what you're writing about, you're not going to get published in their journal. That's not censorship, that's selection. If you wanna talk about what you wanna talk about, publish your own... you do the work to get people to take you seriously.
Aside from distracting a logged-in user, pressing the 20-or-so keystrokes needed download to move them into your emulating-interface, and then you have a logger that's at least good enough for that session.
For the embedded reporters, in order to be where they are they had to agree to follow a few common sense rules... some of the most important being that they aren't allowed to report on any future movements they may know of, and that they're never allowed to reveal the exact location of the unit.
These particular phones do just that... transmit the GPS location back to the telecom provider, people outside of the military who have no clearance to be handling such secret info. Yeah, it's likely that the telecom provider can be trusted, but why trust somebody to keep a secret when you can just not tell them the info in the first place?
The exact GPS location of our troops is a military secret, and for a good reason too!
Conversely, having knowledge of more prime numbers also means that new encryption tech can be based on those new theories and enhance privacy. It's kinda a double edge sword...
Write cashing is pretty close to what happens to a programmer. Eventually, you figure out that the best way to wobble that widget involves a 70 line block of code with 3 nested loops... But that 70 lines likely would equate to 350 "words", so even for the good 50 WPM typer that's gonna take 7 minutes to move from thought to screen. If early during the 7 minutes the programmer is interrupted, that invention might even get lost, and take a good 10 minutes for the programmer to recover the concept.
Blacklists become more effective under this scheme because there would be a two chances to apply them after the deed has been done. Once at client-side, and even a chance for the sender-side server to revoke the message before a majority of the victims even know what hit them.
And the problem with PGP is an issue of needing a "root of trust". That is, my PGP key represents me because, uhm, I say so. But that still doesn't give you any information as to whether I can be trusted. Relating the message back to FooBar isn't going to help you much if you never met FooBar. However, if you can relate it to FooBar@aol.com, you would then have the reputation of AOL on the line too, and AOL would have an incentive to keep e-mail originating from its domain spam free.
1: This is based on the naive assumption that spammers would use sender-side servers that store a copy of every message sent. It would be a trivial task to create a server to send bogus notifications, then reply with to requests for messages with a dynamically generated message. All it takes is an IP number.
That's why this plan would still require blacklists of IP numbers that aren't behaving. The difference now is that spammers would have to have their own server behind that IP address... getting an open relay to do their bidding for them just isn't going to be an opition.
2: It suffers from the same flaw that makes spam a problem with SMTP, a dependence on paranoid sysadmins. It is relatively trivial for a good sysadmin to prevent spam relaying, the problem is the large number of bad sysadmins who don't care.
Yes, but now it's much easier to identify servers run by bad sysadmins and nuke them. By putting some authentication into the From: field, you now know for sure that message from Spammer@yahoo.com really passed through Yahoo's hands... and my guess is that's not going to be often.
There's no need to charge per e-mail sent...
Right now we're on a receiver pays system because if somebody sends you an e-mail... you're the one responsible for paying somebody to hold that e-mail until you're ready to pick it up. If you were to get 20 MB of e-mail in a day, most ISPs will cut you off.. you won't be able to get any more until you sign on and clear out your mailbox.
If the sender is responsible for keeping a server online and keeping up with the bandwith associated with what they've sent, then they've got to pay for the volume of e-mail they send.
Now, if you're a typical user and only send out a handful of e-mails a day, you'll be fine. But if you send an outragous volume of e-mails, it's going to be your disk quota that fills up first and you'll have to retract some of your undelivered e-mail to send more.
There's no need for "stamps", just a protocol that requires the sender-side server have a more involved role in standing behind the message.
The Internet was with base-level protocols that assumed everybody using the network would not abuse the network because they would always have something to lose, their jobs.
Therefore, a base assumption was made that every message sent would be a message the marked recipient would want to get. Clearly, that's not the case once you let untrusted public users onto the network... and DDOSes, Spam, and other unpleasantries result.
Because the spammer server would have to transmit the million payload messages over a course of a few days rather than a hit-and-run instant. The spammer now has the responsilbity of keeping his server online, and can't exactly rely on an somebody who carelessly left open relay anymore.
Moreover, it's likely that in the first few seconds 1000 or so of the million will see that e-mail, identify it as spam, and a few dozen of that 1000 will put that server on multiple blacklists. To the 900,000 remaining people who subscribe to any one of those blacklists, their software drops the notification into the bit bucket, and the payload never makes it.
So now, an attempt to reach 1,000,000 people only connects with 11% of that... and 90% will not even bother with anything more from that sender (be it the username/domain combo or the whole domain depending on the blacklist listing) again until the blacklist operators say otherwise.
This would likely be made invisible to the user.
When the checking-mail process begins, the client would go to the receive-side server to get the list of notifications received. It would first apply any local filter rules to strike out unacceptable notifications, then go one-by-one to the servers to confirm that they sent the message the notification claims, that the server is still offering the message, and than ask for the message itself.
If the message has been declared spam by the server operator, then the server will intentially pull the message from availablity and essentially vaporize it before it hits a majority of inboxes. Server owners have an incentive to do this... because it'd be extremely easy to add server owners who don't into a local blacklist.
Yeah, a verbose log file can be made available for the geeks that wanna know what happened under the hood, but the average end user wouldn't see the message pop into their Inbox until the message has been sucessfully cleared and transmitted. Once its in the Inbox, it's a local object that the user can do what they want to.
1) If a person sees an e-mail in their inbox, then they can read it, and they are happy. Can you imagine the hordes of people who would now see that they got an e-mail, but could not get it for one reason or another? This makes e-mail *seem* fragile. Please explain to my step-father why he can see that he has e-mail, but he cannot read it on the plane. This is not a technical issue, but a psychological one, which is much harder to program around :-)
Just like his e-mail sits on a POP3 server until he downloads it at which point its possible to store it locally if desired. Once the transaction completes, it can still be on his local HD.
2) By what criteria could you filter the email? If you have not received the e-mail, you probably won't have enough information to tell if it is spam or not. The only information that you could go on is what is in the "notice" message.
The server on which the the e-mail is stored according to the notice is info enough. If you trust that server, you'll accept that they have already done the spam filtering and canceling for you. If you do not trust that server, you simply ignore all notices from that server. Servers that are ignored by large chunks of the population suddenly become an undesirable place to send from.
Laws might not be able to stop spammers, but protocols have a better shot.
Simply put, it's too easy to create spam over the SMTP protocol. The from, and reply to fields are completely free text, and have no requirement that they must be a reflection of the actual sender of the message.
However, if SMTP were to fall out of favor for a new protocol, that new protocol could start the rules over and require that the server that is named in the from field must confirm that the username provided actually sent the message. Spoofing for the use of spam would then become practically impossible.
Once we have a confirmed from address, it puts a responsiblity to stand behind each e-mail sent through a server. Moreover, once spam use has been detected a really reputable server operator could simply stop authenticating that sender's e-mail.. causing auto deletion before its presented to a user.
If you can't make it illegal, try to make it impossible...
The fundemental diference that protects most communication systems from Spam-like abuse is that the sender is responsible for a majority of the costs of the message. Yeah, there are telemarketers and junk postal mail, but the are seriously limited by the fact that there is a noticiable cost assosciated with each additional message they send. The fact that it costs money to send such communications makes it impractical to bother people with offers with an extremely low reponse rate.
SMTP/POP3 e-mail presently leaves the cost of holding the message during the wait for the intended reader to be available on the receive-side server. The spammer doesn't even have to maintain a constant and consistant Internet connection.
Under the current system, a sender can send 100 MB of messages in an hour without penalty. However, a receiver who gets 100 MB of messages in an hour usually will find any other messages sent to them bouncing.
Requiring the message be held on a sender-side server instead would transfer the costs of sending a large volume of e-mail onto the sender, and therefore discurages the practice better than any law ever could.
Amazon's registration business isn't operational yet... and even if it was they've likely registered Amazon.com for the next 100 years or so with NetSol... why throw away a perfectly good registration, when it's nothing but a geek's trivia question they'd be changing anyway.
Ack... wrong start-of-2002 stock price... the correct stat is 10.96 at the start of 2002, 18.89 at the end of it.
Yeah, but Amazon.com's stock actually went up during 2002 from 14.48 to 18.89. There's a 33% return on investment!
See, Amazon isn't a blue chip that decares its profits and then hands it out as dividends. Instead, it invests its profits from profitable lines back into expanding the business. The expansions so far have been mostly sucessful, so they contribute to the value of the company which gets measured in the stock price.
Bottom-line profit is an important metric, but it isn't the only one.
The fact is, it's a miracle of stupidity that Verisign can sell anybody a domain anymore.
It used to be that the price of a domain was $70 for two years, and you got it from Network Solutions. No choice in the matter, NetSol was the only game in town.
Then came the era of competition... but since a domain registration is a domain registration which is always a domain registration, there's really not much difference in what the competitors have to sell. The only differences come in terms of price, and what interfaces they offer for changing your domain.
Verisign's main advantage is that they still have the default renewal rights to those domains that were registered with the old NetSol years ago. No sane person would pick Verisign's registration service if they knew that any of the other full-service registration sites (Register.com, etc.) or the low-cost registration sites (000domains.com, GoDaddy.com, etc.) existed and can renew their domains too. This shows a lot about consumer inertia... letting accepting the auto-renewal at the old price for something whose price has dropped dramatically.
Actually, it's a "Rinse. Wash. Repeat." process. (It's hard to explain this concept on a geek-friendly site, since so many programmers each year have to be rescued from showers after getting caught in that infinite loop on the shampoo bottle.)
As older divisions turn profitable, they are funneling most of those profits into setting up new businesses on their site so that they can repeat and profit again. The result is that the overall operation is hovering around break even, but the value of the stock should theoretically increase because it now represents a bigger company. (Actual stock milage will vary due to the the external factors that send the whole stock market spinning at times.)
Look at Microsoft's breakdowns when they have to file their paperwork. Their domanant businesses of Windows and Office are profitable, but then Microsoft turns around and spends money trying to break into the businesses that it doesn't dominate such as its MSN web properties. Still profitable, but how much more profitable would they be if they gave up the ghost on MSN?
Uhm, so how do employers signal to you that they're interested in the interview? Smoke signals?
Freedom of the press has always belonged only to those who own a press.
Anybody's allowed to buy a press, pay an ISP to put up a website, put out a DVD, etc. However, getting people to look at your content is up to you, and nobody's required to help you get attention.
These publishers have always decided that they won't publish articles that they don't like, and they've now said out loud that they don't like articles that make them feel like they're giving too much info about things that can be used to harm numbers of people.
"The Industry" getting its act together with voluntary standards before the government comes calling with binding regulations has been a time-tested way of staying out of trouble. The fact that the MPAA operates a rating system for movies that nearly all theater operators enforce (although many do so very poorly) prevents the governement from even trying to come down with any system of its own.
There won't be an "uncensored version of these journals"... there may be unedited versions of the articles that were submitted to the journals published elsewhere, but those elsewhere's already have a much smaller circulation.
If, suddenly, the Journal of Some-Really-Unimportant-Part-of-the-Human-Body jumps in distribution from 500 readers to 50,000... that's gonna trip an alarm bell somewhere I'd hope.
You seem to have forgotten how these terrorists work. If they were to establish the Journal of Terror Science, eventually they'd be found out for what they are, and it's likely they've done something (other than publish their magazine) that's illegal because afterall these are terrorists we're talking about. At that point, the Fed would raid the magazine, discover the subscriber list, and then have cause to check into the background of the subscribers, which will likely lead to more terrorists arrested. That's just not gonna work for them. If, however, one Al Queda friendly "researcher" is able to publish the instructions for how to make a nerve agent next to a flawed solution into how to undo the effects, then the recipe is out for all of the sleeper cells to see, and they have to do nothing more than to get a copy of a magazine at Barnes And Noble... no need to leave their name, and plenty of normal people who also bought the same magazine for other reasons to create overwhelming noise in the datastream anyway. I don't think anybody's going to be ignorant of the risks certain things can present... they just want to limit the number of people who know how to create those problems to a need-to-know basis.
Then they told us that publishing scientific information that contradicted the administration could not be published and I did not protest.
Wait a second... what story did you read?
The story here is that a bunch of science journals have decided that they aren't going to publish things that give too much information to somebody who has evil thoughts in mind.
The Bush Administration didn't ask for this, and this has nothing to do with whether or not the administration likes the information... Washington isn't involved in this story at all!
The idea is simple... if the journal publishers don't like what you're writing about, you're not going to get published in their journal. That's not censorship, that's selection. If you wanna talk about what you wanna talk about, publish your own... you do the work to get people to take you seriously.
Aside from distracting a logged-in user, pressing the 20-or-so keystrokes needed download to move them into your emulating-interface, and then you have a logger that's at least good enough for that session.
Risks can be reduced, they cannot be eliminated.