I see it as more like a museum store where you can buy your own copy of works in the museum (e.g. a lithograph of a painting or a miniature version of a sculpture). You have the option of just taking pictures (free), but if you want an official copy, you have to pay the museum. Similarly, Spamhaus offers a free service (DNSBL request) and a pay service (Zone/Data Transfer).
Biodiesel is a diesel replacement, useful in high torque situations (freight hauling, etc.); methane is a gasoline replacement. Nuclear is good for electricity generation. Wind is good for powering batteries. Solar is good for heating. As with the current energy mix, we can expect the future energy generation mix to involve a variety of methods.
Gas prices were $1.25 a few years ago. There is no reason to think that the other $.75 ($.50 for diesel) is anything other than profit for someone (presumably the people who own the oil in the ground). Also, oil production in the Middle East was very profitable before the price increases. Gas could be sold for less than $1. Subtracting taxes of $.60 per gallon, that leaves $.40 for purchase, production, and processing. Amazingly enough, that's plenty for most producers.
I'm not disagreeing with your economics so much as your area of application. Gasoline was a high margin good even *before* the price increase, much less now.
The primary reason for the existence of leasing is that it makes it easier for businesses to expense their costs. When a business buys an automobile or computer hardware, it cannot expense the cost. Instead, it has to depreciate the price over time. This causes more paperwork and creates issues if the depreciation period is not the same as the period over which they want to use the product. By contrast, if they lease, they can expense the entire monthly lease amount.
I would also point out that leases are more flexible than buying the hardware outright. If one buys, then one is locked in for the lifetime of the product. With a lease, one can switch as soon as the lease term is up. Further, one can usually expand the hardware mid-lease if necessary (this is what Sun does at least).
Overall, subscription models are good news for free (like speech) software. By mixing hardware, software, and maintenance costs into one number, it makes it easier for free software to compete. Now, customers can compare total cost numbers and services rather than try to guess at the various costs. It also helps in that *nix variants (including GNU/Linux and Solaris) tend to handle limited resources better, so their hardware costs can be lower as well.
One's needs change. The Sun program is designed to give one bigger and bigger hardware as needed. With purchased hardware, one is stuck adding new units or discarding the old hardware. However, Sun can take back the old hardware and replace it with new hardware while only increasing the monthly subscription fee.
These subscriptions don't necessarily lock in the customer either. Now, if one wants to move to another architecture, it is no longer necessary to scrap the old hardware. Just start a new subscription with a new vendor and give back the hardware to the old vendor.
It is also worth noting that a subscription (lease) model is much better for businesses. Instead of buying hardware and depreciating it over time, they can expense the monthly lease cost (which is why auto leasing became so popular for businesses).
Microsoft, Linspire, etc. have a much steeper task, since they are targeted at consumers. Consumers are far more likely to buy hardware and use it until it drops. Sun only sells to businesses. Businesses are far more interested in scaling (i.e. if they expand, can they continue to use the same setup).
"Name me one software product that Sun has that you'd be willing to subscribe to get access to."
Solaris. Particularly if I want to run honking big hardware with massively parallel processors, etc. Sun already sells their hardware on a subscription basis (with maintenance contracts, etc.). Calling the hardware free and maintaining that it is the software that is being licensed is a small step. They are much closer to this than Microsoft (companies were always leery of Software Assurance and Microsoft's recent software delays have only reinforced this view).
Worst case scenario is that Sun gets bought out by one of their competitors. Even if they continue to hemorrhage earnings, they still have a large server market share (as well as massive cash reserves from the Microsoft settlement). Someone (e.g. HP, IBM, Dell) will want to pick up that market share. A subscription model makes them more valuable for this, as subscribers could be ported to the new company's hardware as they needed to switch.
I would forward the email (with full headers; method given in another response to your post) to abuse@microsoft.com, abuse@hotmail.com, and uce@ftc.gov
Don't know that it accomplishes anything, but it always makes me feel better:) I've gotten a response from abuse@microsoft.com previously.
"Naturally one hopes that violent criminals won't be neglected by this new focus on spammers."
I think that is pretty fair to say that prosecuting the 200 spammers has no reason to take significant resources away from prosecuting the hundreds of thousands of violent crimes per year. The scope of the two problems is not close. It's also worth noting that short of sacrificing civil liberty (curfews, video cameras on every street corner, mandatory fingerprinting and DNA profiling, etc.), there is not much more we can do to prosecute violent crime. There is quite a bit that can be done to reduce spam.
This is slashdot, it's pretty obvious that see is the the correct word (I see what you write; I can't hear it). Perhaps say is misleading (it's primary meaning does mean speech), but it is even more misleading to pretend that you hear things over slashdot. Other definitions (after the first) do not automatically imply that what was said was spoken (as opposed to written, signed, etc.).
1. SPF breaks pre-delivery forwarding: this is called relaying and is in fact one of the problems of the current system. Breaking it is desirable.
2. SPF is at loggerheads with RFC 1123 (breaks forwarding): this is acknowledged in the SPF proposal. Fixes (e.g. SRS) are being examined.
3. SPF is at loggerheads with RFC 974 and RFC 2821: see 1.
4. SPF hijacks existing DNS mechanisms: this is absurd. SPF does not block any existing uses for TXT records (unless it happens to have the same format as an SPF record, which is rather unlikely). It just offers a proposal on using TXT records to hold the info (until a new resource record could be assigned). That's the whole point of TXT records, to offer data that can't be kept in other records.
5a. SPF is useless for SMTP Relay clients with dynamically-assigned IP addresses: no, they can use either a separate email server (recommended) or a dynamic domain name (e.g. dyndns.org).
5b. SPF is useless for roaming SMTP Relay clients: again, the recommended handler for this is to authenticate with an external email server.
6. SPF relies upon DNS for security, but DNS isn't a security service: true (of any DNS service), but of limited impact. This is basically an argument that SPF won't be 100% effective. Neither will any other single proposal. This objection mainly suggests that *DNS* should be fixed, not SPF per se.
7. SPF is vulnerable to race conditions during database changes: see 6.
8. SPF creates new categories of third class citizenship: SPF could be used this way; however, there is nothing saying that it has to be. The primary use of SPF is to verify that @domain.com email actually comes from someone authorized to send email from that domain.
9. SPF doesn't actually address unsolicited bulk mail at all: this is true. If someone uses their actual domain name, SPF does not prevent spam. However, it does prevent spammers from joe jobbing SPF enabled domains (if the receiver checks). Further, the statement "Microsoft Worms run on infected machines, and using the same mail submission tools that the machine's owner uses to submit normal mail, they mail themselves to other people" is generally untrue. Most worms run their own SMTP server, since using the normal mail submission tools is subject to detection by the mail server (virus scanners, etc.). Most worms pick the sending address from the address book. SPF usually will block this, since your personal PC is probably not SPF enabled on any domains.
10. SPF hands Verisign its next unwelcome "innovation" on a platter: it would be trivially difficult to check if a domain name has been assigned as part of the SPF checks. If not, no need to accept the email. Further, I don't think that that Verisign would actually do this; the legal liability is too high (AOL, et. al. would sue them if they authorized spam this way).
Basically, the "refutation" points out one weakness of SPF that could limit legitimate mail: the breaking of sender forwarding (for most people, SRS will be sufficient replacement). The rest of it is just FUD.
SPF (or domain keys or even Caller ID) gives you a choice. You can choose to not use SPF or to set a +all for your domain (anyone can send using your domain). SPF does not take away your ability to send anonymous messages (which doesn't exist anyway; all SMTP tracks the originating IP; you need to use a proxy to get anonymity).
What SPF allows one to do is to say that one's own domain will only send from certain IPs (allows DNS to determine the list of IPs). I need this, because my business email *must* be exposed so that I can get new business. Without a solution like SPF, I am very vulnerable to having my address used in a joe job.
If you choose not to filter based on SPF, that's fine; it's your choice. Just don't complain if you get a spam that claims to come from me. I can't help it if you do not take advantage of the info I make available. This is one of the great benefits of SPF: not everyone has to use it for it to help. Heck, if just Yahoo, HotMail, and AOL used it, it would get rid of a lot of fake addresses.
The only verified data that one has about the sender with SPF is the IP address. The A records in your line all resolve to IP addresses (that's what an A record does; it turns a domain name into an IP). The MX resolves to a domain name (which resolves to an IP address). Thus, SPF (and Microsoft's Caller ID system) just verifies that the sending IP is allowed to send for that domain.
Domain keys does not check the senders' IPs to verify them. Instead, it uses a digital signature. The difference between it and other signature programs (e.g. GnuPG) is that it operates at the mail server level rather than at the sender level. Digital signatures would work as far as verifying the sender, but that is not really their purpose. They are actually intended to maintain privacy (i.e. to encrypt the transmission). Identity verification is a side effect rather than the intended purpose.
IP address based verification would be effective in countering many existing spam situations, e.g. joe jobs and virus emails sent direct from the infected computer. Hijacking the client's connection info for the mail server is vulnerable under whatever system. All systems are vulnerable to spammers buying a legitimate domain for their own use.
There is already an IP based verification method. Technically speaking, all mail servers are supposed to have PTR records. Unfortunately, it is not effective, since not everyone is able to set PTR records for their IPs. Thus, one can't filter on lack of a PTR record. SPF allows one to verify that an IP is allowed to send for a particular domain, so accounts on domains with SPF records are much more difficult to joe job. Domain keys does not add to this; they are just vulnerable to a different set of exploits.
My opinion is that the domain keys exploits (e.g. domain key hijacking) will be easier to exploit than the SPF exploits (e.g. IP hijacking). However, others disagree. SPF is certainly less computationally intensive to operate.
3-4 guns per owner is probably correct. Note that the Canadian statistics have similar distribution. There are far more guns than gun owners. It is not uncommon for a gun owner to own 10 or more guns. Think about a possible breakdown: handgun, shotgun, target rifle (for shooting at clay plates called birds), hunting rifle. Make the target rifle optional and you have 3-4 right there.
It's also worth noting that the.25 is disputed. Some claim that the correct number is 14 million guns or about.47 guns per capita. I posted a link elsewhere.
Elsewhere someone posted that the figure was 7 million guns for 10 million households in Canada. According to this, there are as many guns in the US as *adults* (presumably there is more than one adult in most households). Even if the Canadian number should be 14 million guns (as suggested here), this is still less than the number of adults (22 million according to this).
I would cite parallel statistics but didn't find them in my brief Google.
The point is not to make new, more expensive chips. Instead, the point is to switch from advancing by making the chips smaller to making the chips internally parallel. Presumably they will follow the same price guidelines as existing chips: the best chip will cost $650. Eventually, that same chip will cost $50.
They'll justify this to consumers the same way that they always do...they'll tell them that the new chip is better and charge more for it. Or they'll switch lines like they did when the P4 came out. Under $200 P4s came out before they stopped shipping P3s. Maybe they'll do something sneaky like double the reported clock speed, since there are two processor cores...clock speed's additive, right?:)
Note that Java predates C# and that Reiser4 is scheduled to come out before Longhorn (WinFS). Who's copying whom? Also, there are OS versions of.net and C# (Mono and, well, C#).
Actually, Outlook interfaces with Exchange to provide the groupware stuff. Without Exchange, Outlook's calendar integration is not nearly as useful. Exchange does have a a web interface (as do alternatives). That interface works with Netscape running on Solaris, so I'm guessing that it works on Linux as well.
Having used both Outlook and the Exchange web interface, I would agree with other posts that they don't really compare. With the web interface, the application and context menus are the generic browser menus. Outlook has its own.
For *fraud*. Last I checked, fraud was illegal long before CAN SPAM. It's nice that they are beginning to enforce the *previous* laws. As posted elsewhere, CAN SPAM is only involved in that it increases the sentence. Length of sentence is not currently important (can you name someone who went to jail for spamming and spammed again?).
Look at "SEC. 9. DO-NOT-E-MAIL REGISTRY." from the link you posted. What is it? An opt out list. Exactly what you said CAN SPAM was not. Further, if you actually read the law, it is always legal to send an honest message (no forged headers, etc.) to someone who did not explicitly request not to receive commercial emails by sending a remove message. Again, only opt-out (which you agreed should be called CAN'T SPAM).
Also read 8b1: "This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."
No tinfoil hat stuff here. It really does blow away all state regulations of email. The part about falsity/deception makes it clear that this is targetted at labelling requirements like those of California and Pennsylvania. I say again: a significant point of this law is to legalize some spam methods.
I don't want a name that *sounds* tough. I want a law that *is* tough and will be enforced. As long as anti-spam initiatives spend more time on names and less on effects, spam will remain a problem.
Or we could just start using the existing system. SPF ( http://spf.pobox.com ) allows for verification of the sender's ability to properly send mail for that domain. Heck, all mail senders are supposed to maintain PTR records (this IP belongs to machine.domain.com), but this is rarely enforced. No need to throw the baby out with the bathwater; just use the drain to empty out the water. Enforce what is there first before pursuing new measures.
The strength of SPF is that it down scales well. It helps even when not everyone is using it and can be transitioned. Further, it is an add on to the existing system rather than a replacement. It doesn't require companies to abandon their existing infrastructure.
It's noteworthy that this story is about people who broke the laws that existed *prior* to CAN SPAM. CAN SPAM just adds to their jail term. Personally I am less concerned about the length of the jail term and more concerned about its inevitability. If relay spamming is a guaranteed jail term, then the *old* laws would be effective. Enforcement is what is needed.
"We already have the law makers on our side."
What makes you think that? CAN SPAM pushed out more stringent state laws. If anything, the law maker tide may be running the other way (in support of spammers).
There are only a hundred spammers. No need to put 10,000 in jail, just 100 (or a 1000 if each spammer has 9 employees). I'm not disagreeing with you. I'm just pointing out that your numbers are actually very generous.
"A group of conscripts wound up late one day and decided that they might was well mutany [sic] since it came to the same thing in the end."
Well, then you are saying that they would have been deterred if the punishments had been different? So laws can be a deterrent.
You're looking at the issue backwards. You shouldn't look at people who are *not* deterred; instead, look at those who are and try to create the same circumstances. Unlike murder/assault, spam is not a crime of passion. There is time for contemplation.
A *minority* of everyone is (or has been) in jail. A minority plays the lottery regularly when the expected value is below 1 (i.e. when the jackpot is smaller than the chances of winning). Being deterred by risk is not a minority action but what happens with the *majority* of people.
Note that the main reason to relay is not to evade the law but to evade blacklists. It's quite possible that these people do not find what they are doing to be likely to get the law on them. Historically, they were correct. Now they aren't.
Anti-spam laws accomplish the following:
1. They deter those who can be deterred. Even if this is only two thirds of spammers, that's still *two thirds* of spammers.
2. Incarcerate those do not think that they will be caught. This can keep them from spamming during the period of incarceration.
3. Deter people from hiring spammers. Since someone who hires a spammer advertises their actual business, catching them *can* be consistent. They have no reason to think that they won't get caught.
4. Prevent suppliers from doing business with spammers. Spam doesn't happen in a vacuum. One needs bandwidth, computer equipment, a product (unless it's an out and out scam), a means of collecting payment, etc. If a company has the choice between operating 100% legally or 90% legally, it will usually choose 100% legally.
5. They can also make it easier for suppliers to explain why they won't do business with the spammer. Many don't want to do so. A law allows them to push the blame onto someone else.
No, can spam implies that you can SPAM! Spam is unsolicited advertising. If it's opt-in, then it's not spam, just a mailing list. CAN SPAM legalizes spam methods that the states had made illegal. If it were an actual anti-spam initiative, it would call itself "Clarification of email advertising standards" or something similar. It's just propaganda mixed with spam promotion.
I think that they should replace the review process with a challenge process. Instead of having patent officers review patent applications, wait until the patent is in question. Then the patent officers can take the time to fully investigate the patent claim. Further, since it is triggered by a challenge, there are now two knowledgeable sides (the one who applied and the challenger) which have the technical knowledge and interest to properly consider the patent claim.
I would also suggest that these challenges be on a loser pays basis. Thus, the patent examiner will be under no quota that forces them to reject/accept applications with only a cursory review. Further, if one side realizes that they are in the wrong, they have an incentive to admit it and not run up the bill more (or at all; they could admit it before the challenge review).
In this system, a patent application would just be filed. No review would be done until the challenge. Note that this also allows for your distributed review. If you wish to comment on a patent application, you should be able to do so. That information would then be available in the case of a challenge.
The beauty of this is that it moves the patent examination to a time when someone has the resources to fully examine the issue. Also, it makes it cheaper to apply for a patent (encouraging an increase in the information sharing aspect) and increases the rigorousness of the patent examination.
Note: this would still require a clarification of the patent rules. The problem that I see with the current patent is the idea that someone could patent "holding the button down to get a different effect than a quick click." Patent a particular physical implementation? Sure. Patent the concept (even limited to a specific platform)? That does not promote information sharing, so it should not be part of the patent process.
Slashdot Mirror
I see it as more like a museum store where you can buy your own copy of works in the museum (e.g. a lithograph of a painting or a miniature version of a sculpture). You have the option of just taking pictures (free), but if you want an official copy, you have to pay the museum. Similarly, Spamhaus offers a free service (DNSBL request) and a pay service (Zone/Data Transfer).
Biodiesel is a diesel replacement, useful in high torque situations (freight hauling, etc.); methane is a gasoline replacement. Nuclear is good for electricity generation. Wind is good for powering batteries. Solar is good for heating. As with the current energy mix, we can expect the future energy generation mix to involve a variety of methods.
Gas prices were $1.25 a few years ago. There is no reason to think that the other $.75 ($.50 for diesel) is anything other than profit for someone (presumably the people who own the oil in the ground). Also, oil production in the Middle East was very profitable before the price increases. Gas could be sold for less than $1. Subtracting taxes of $.60 per gallon, that leaves $.40 for purchase, production, and processing. Amazingly enough, that's plenty for most producers.
I'm not disagreeing with your economics so much as your area of application. Gasoline was a high margin good even *before* the price increase, much less now.
The primary reason for the existence of leasing is that it makes it easier for businesses to expense their costs. When a business buys an automobile or computer hardware, it cannot expense the cost. Instead, it has to depreciate the price over time. This causes more paperwork and creates issues if the depreciation period is not the same as the period over which they want to use the product. By contrast, if they lease, they can expense the entire monthly lease amount.
I would also point out that leases are more flexible than buying the hardware outright. If one buys, then one is locked in for the lifetime of the product. With a lease, one can switch as soon as the lease term is up. Further, one can usually expand the hardware mid-lease if necessary (this is what Sun does at least).
Overall, subscription models are good news for free (like speech) software. By mixing hardware, software, and maintenance costs into one number, it makes it easier for free software to compete. Now, customers can compare total cost numbers and services rather than try to guess at the various costs. It also helps in that *nix variants (including GNU/Linux and Solaris) tend to handle limited resources better, so their hardware costs can be lower as well.
One's needs change. The Sun program is designed to give one bigger and bigger hardware as needed. With purchased hardware, one is stuck adding new units or discarding the old hardware. However, Sun can take back the old hardware and replace it with new hardware while only increasing the monthly subscription fee.
These subscriptions don't necessarily lock in the customer either. Now, if one wants to move to another architecture, it is no longer necessary to scrap the old hardware. Just start a new subscription with a new vendor and give back the hardware to the old vendor.
It is also worth noting that a subscription (lease) model is much better for businesses. Instead of buying hardware and depreciating it over time, they can expense the monthly lease cost (which is why auto leasing became so popular for businesses).
Microsoft, Linspire, etc. have a much steeper task, since they are targeted at consumers. Consumers are far more likely to buy hardware and use it until it drops. Sun only sells to businesses. Businesses are far more interested in scaling (i.e. if they expand, can they continue to use the same setup).
"Name me one software product that Sun has that you'd be willing to subscribe to get access to."
Solaris. Particularly if I want to run honking big hardware with massively parallel processors, etc. Sun already sells their hardware on a subscription basis (with maintenance contracts, etc.). Calling the hardware free and maintaining that it is the software that is being licensed is a small step. They are much closer to this than Microsoft (companies were always leery of Software Assurance and Microsoft's recent software delays have only reinforced this view).
Worst case scenario is that Sun gets bought out by one of their competitors. Even if they continue to hemorrhage earnings, they still have a large server market share (as well as massive cash reserves from the Microsoft settlement). Someone (e.g. HP, IBM, Dell) will want to pick up that market share. A subscription model makes them more valuable for this, as subscribers could be ported to the new company's hardware as they needed to switch.
I would forward the email (with full headers; method given in another response to your post) to abuse@microsoft.com, abuse@hotmail.com, and uce@ftc.gov
:) I've gotten a response from abuse@microsoft.com previously.
Don't know that it accomplishes anything, but it always makes me feel better
"Naturally one hopes that violent criminals won't be neglected by this new focus on spammers."
I think that is pretty fair to say that prosecuting the 200 spammers has no reason to take significant resources away from prosecuting the hundreds of thousands of violent crimes per year. The scope of the two problems is not close. It's also worth noting that short of sacrificing civil liberty (curfews, video cameras on every street corner, mandatory fingerprinting and DNA profiling, etc.), there is not much more we can do to prosecute violent crime. There is quite a bit that can be done to reduce spam.
This is slashdot, it's pretty obvious that see is the the correct word (I see what you write; I can't hear it). Perhaps say is misleading (it's primary meaning does mean speech), but it is even more misleading to pretend that you hear things over slashdot. Other definitions (after the first) do not automatically imply that what was said was spoken (as opposed to written, signed, etc.).
1. SPF breaks pre-delivery forwarding: this is called relaying and is in fact one of the problems of the current system. Breaking it is desirable.
2. SPF is at loggerheads with RFC 1123 (breaks forwarding): this is acknowledged in the SPF proposal. Fixes (e.g. SRS) are being examined.
3. SPF is at loggerheads with RFC 974 and RFC 2821: see 1.
4. SPF hijacks existing DNS mechanisms: this is absurd. SPF does not block any existing uses for TXT records (unless it happens to have the same format as an SPF record, which is rather unlikely). It just offers a proposal on using TXT records to hold the info (until a new resource record could be assigned). That's the whole point of TXT records, to offer data that can't be kept in other records.
5a. SPF is useless for SMTP Relay clients with dynamically-assigned IP addresses: no, they can use either a separate email server (recommended) or a dynamic domain name (e.g. dyndns.org).
5b. SPF is useless for roaming SMTP Relay clients: again, the recommended handler for this is to authenticate with an external email server.
6. SPF relies upon DNS for security, but DNS isn't a security service: true (of any DNS service), but of limited impact. This is basically an argument that SPF won't be 100% effective. Neither will any other single proposal. This objection mainly suggests that *DNS* should be fixed, not SPF per se.
7. SPF is vulnerable to race conditions during database changes: see 6.
8. SPF creates new categories of third class citizenship: SPF could be used this way; however, there is nothing saying that it has to be. The primary use of SPF is to verify that @domain.com email actually comes from someone authorized to send email from that domain.
9. SPF doesn't actually address unsolicited bulk mail at all: this is true. If someone uses their actual domain name, SPF does not prevent spam. However, it does prevent spammers from joe jobbing SPF enabled domains (if the receiver checks). Further, the statement "Microsoft Worms run on infected machines, and using the same mail submission tools that the machine's owner uses to submit normal mail, they mail themselves to other people" is generally untrue. Most worms run their own SMTP server, since using the normal mail submission tools is subject to detection by the mail server (virus scanners, etc.). Most worms pick the sending address from the address book. SPF usually will block this, since your personal PC is probably not SPF enabled on any domains.
10. SPF hands Verisign its next unwelcome "innovation" on a platter: it would be trivially difficult to check if a domain name has been assigned as part of the SPF checks. If not, no need to accept the email. Further, I don't think that that Verisign would actually do this; the legal liability is too high (AOL, et. al. would sue them if they authorized spam this way).
Basically, the "refutation" points out one weakness of SPF that could limit legitimate mail: the breaking of sender forwarding (for most people, SRS will be sufficient replacement). The rest of it is just FUD.
SPF (or domain keys or even Caller ID) gives you a choice. You can choose to not use SPF or to set a +all for your domain (anyone can send using your domain). SPF does not take away your ability to send anonymous messages (which doesn't exist anyway; all SMTP tracks the originating IP; you need to use a proxy to get anonymity).
What SPF allows one to do is to say that one's own domain will only send from certain IPs (allows DNS to determine the list of IPs). I need this, because my business email *must* be exposed so that I can get new business. Without a solution like SPF, I am very vulnerable to having my address used in a joe job.
If you choose not to filter based on SPF, that's fine; it's your choice. Just don't complain if you get a spam that claims to come from me. I can't help it if you do not take advantage of the info I make available. This is one of the great benefits of SPF: not everyone has to use it for it to help. Heck, if just Yahoo, HotMail, and AOL used it, it would get rid of a lot of fake addresses.
The only verified data that one has about the sender with SPF is the IP address. The A records in your line all resolve to IP addresses (that's what an A record does; it turns a domain name into an IP). The MX resolves to a domain name (which resolves to an IP address). Thus, SPF (and Microsoft's Caller ID system) just verifies that the sending IP is allowed to send for that domain.
Domain keys does not check the senders' IPs to verify them. Instead, it uses a digital signature. The difference between it and other signature programs (e.g. GnuPG) is that it operates at the mail server level rather than at the sender level. Digital signatures would work as far as verifying the sender, but that is not really their purpose. They are actually intended to maintain privacy (i.e. to encrypt the transmission). Identity verification is a side effect rather than the intended purpose.
IP address based verification would be effective in countering many existing spam situations, e.g. joe jobs and virus emails sent direct from the infected computer. Hijacking the client's connection info for the mail server is vulnerable under whatever system. All systems are vulnerable to spammers buying a legitimate domain for their own use.
There is already an IP based verification method. Technically speaking, all mail servers are supposed to have PTR records. Unfortunately, it is not effective, since not everyone is able to set PTR records for their IPs. Thus, one can't filter on lack of a PTR record. SPF allows one to verify that an IP is allowed to send for a particular domain, so accounts on domains with SPF records are much more difficult to joe job. Domain keys does not add to this; they are just vulnerable to a different set of exploits.
My opinion is that the domain keys exploits (e.g. domain key hijacking) will be easier to exploit than the SPF exploits (e.g. IP hijacking). However, others disagree. SPF is certainly less computationally intensive to operate.
3-4 guns per owner is probably correct. Note that the Canadian statistics have similar distribution. There are far more guns than gun owners. It is not uncommon for a gun owner to own 10 or more guns. Think about a possible breakdown: handgun, shotgun, target rifle (for shooting at clay plates called birds), hunting rifle. Make the target rifle optional and you have 3-4 right there.
.25 is disputed. Some claim that the correct number is 14 million guns or about .47 guns per capita. I posted a link elsewhere.
It's also worth noting that the
Elsewhere someone posted that the figure was 7 million guns for 10 million households in Canada. According to this, there are as many guns in the US as *adults* (presumably there is more than one adult in most households). Even if the Canadian number should be 14 million guns (as suggested here), this is still less than the number of adults (22 million according to this).
I would cite parallel statistics but didn't find them in my brief Google.The point is not to make new, more expensive chips. Instead, the point is to switch from advancing by making the chips smaller to making the chips internally parallel. Presumably they will follow the same price guidelines as existing chips: the best chip will cost $650. Eventually, that same chip will cost $50.
:)
They'll justify this to consumers the same way that they always do...they'll tell them that the new chip is better and charge more for it. Or they'll switch lines like they did when the P4 came out. Under $200 P4s came out before they stopped shipping P3s. Maybe they'll do something sneaky like double the reported clock speed, since there are two processor cores...clock speed's additive, right?
.net => Parrot
.net and C# (Mono and, well, C#).
WinFS => Reiser4
C# => Java
Note that Java predates C# and that Reiser4 is scheduled to come out before Longhorn (WinFS). Who's copying whom? Also, there are OS versions of
Actually, Outlook interfaces with Exchange to provide the groupware stuff. Without Exchange, Outlook's calendar integration is not nearly as useful. Exchange does have a a web interface (as do alternatives). That interface works with Netscape running on Solaris, so I'm guessing that it works on Linux as well.
Having used both Outlook and the Exchange web interface, I would agree with other posts that they don't really compare. With the web interface, the application and context menus are the generic browser menus. Outlook has its own.
Don't you know?
:)
It's impossible to help people in XP.
"And yet they are prosecuting somebody"
For *fraud*. Last I checked, fraud was illegal long before CAN SPAM. It's nice that they are beginning to enforce the *previous* laws. As posted elsewhere, CAN SPAM is only involved in that it increases the sentence. Length of sentence is not currently important (can you name someone who went to jail for spamming and spammed again?).
Look at "SEC. 9. DO-NOT-E-MAIL REGISTRY." from the link you posted. What is it? An opt out list. Exactly what you said CAN SPAM was not. Further, if you actually read the law, it is always legal to send an honest message (no forged headers, etc.) to someone who did not explicitly request not to receive commercial emails by sending a remove message. Again, only opt-out (which you agreed should be called CAN'T SPAM).
Also read 8b1: "This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto."
No tinfoil hat stuff here. It really does blow away all state regulations of email. The part about falsity/deception makes it clear that this is targetted at labelling requirements like those of California and Pennsylvania. I say again: a significant point of this law is to legalize some spam methods.
I don't want a name that *sounds* tough. I want a law that *is* tough and will be enforced. As long as anti-spam initiatives spend more time on names and less on effects, spam will remain a problem.
Or we could just start using the existing system. SPF ( http://spf.pobox.com ) allows for verification of the sender's ability to properly send mail for that domain. Heck, all mail senders are supposed to maintain PTR records (this IP belongs to machine.domain.com), but this is rarely enforced. No need to throw the baby out with the bathwater; just use the drain to empty out the water. Enforce what is there first before pursuing new measures.
The strength of SPF is that it down scales well. It helps even when not everyone is using it and can be transitioned. Further, it is an add on to the existing system rather than a replacement. It doesn't require companies to abandon their existing infrastructure.
It's noteworthy that this story is about people who broke the laws that existed *prior* to CAN SPAM. CAN SPAM just adds to their jail term. Personally I am less concerned about the length of the jail term and more concerned about its inevitability. If relay spamming is a guaranteed jail term, then the *old* laws would be effective. Enforcement is what is needed.
"We already have the law makers on our side."
What makes you think that? CAN SPAM pushed out more stringent state laws. If anything, the law maker tide may be running the other way (in support of spammers).
There are only a hundred spammers. No need to put 10,000 in jail, just 100 (or a 1000 if each spammer has 9 employees). I'm not disagreeing with you. I'm just pointing out that your numbers are actually very generous.
"A group of conscripts wound up late one day and decided that they might was well mutany [sic] since it came to the same thing in the end."
Well, then you are saying that they would have been deterred if the punishments had been different? So laws can be a deterrent.
You're looking at the issue backwards. You shouldn't look at people who are *not* deterred; instead, look at those who are and try to create the same circumstances. Unlike murder/assault, spam is not a crime of passion. There is time for contemplation.
A *minority* of everyone is (or has been) in jail. A minority plays the lottery regularly when the expected value is below 1 (i.e. when the jackpot is smaller than the chances of winning). Being deterred by risk is not a minority action but what happens with the *majority* of people.
Note that the main reason to relay is not to evade the law but to evade blacklists. It's quite possible that these people do not find what they are doing to be likely to get the law on them. Historically, they were correct. Now they aren't.
Anti-spam laws accomplish the following:
1. They deter those who can be deterred. Even if this is only two thirds of spammers, that's still *two thirds* of spammers.
2. Incarcerate those do not think that they will be caught. This can keep them from spamming during the period of incarceration.
3. Deter people from hiring spammers. Since someone who hires a spammer advertises their actual business, catching them *can* be consistent. They have no reason to think that they won't get caught.
4. Prevent suppliers from doing business with spammers. Spam doesn't happen in a vacuum. One needs bandwidth, computer equipment, a product (unless it's an out and out scam), a means of collecting payment, etc. If a company has the choice between operating 100% legally or 90% legally, it will usually choose 100% legally.
5. They can also make it easier for suppliers to explain why they won't do business with the spammer. Many don't want to do so. A law allows them to push the blame onto someone else.
No, can spam implies that you can SPAM! Spam is unsolicited advertising. If it's opt-in, then it's not spam, just a mailing list. CAN SPAM legalizes spam methods that the states had made illegal. If it were an actual anti-spam initiative, it would call itself "Clarification of email advertising standards" or something similar. It's just propaganda mixed with spam promotion.
"in a manual trans car you get no response at all unless you clutch-turn"
You can get the same effect in an automatic by taking it out of Park. It won't start in Reverse, Drive, etc.
It's also possible to disable the neutral safety switch in a manual transmission. You can actually move the vehicle if the starter is strong enough.
I think that they should replace the review process with a challenge process. Instead of having patent officers review patent applications, wait until the patent is in question. Then the patent officers can take the time to fully investigate the patent claim. Further, since it is triggered by a challenge, there are now two knowledgeable sides (the one who applied and the challenger) which have the technical knowledge and interest to properly consider the patent claim.
I would also suggest that these challenges be on a loser pays basis. Thus, the patent examiner will be under no quota that forces them to reject/accept applications with only a cursory review. Further, if one side realizes that they are in the wrong, they have an incentive to admit it and not run up the bill more (or at all; they could admit it before the challenge review).
In this system, a patent application would just be filed. No review would be done until the challenge. Note that this also allows for your distributed review. If you wish to comment on a patent application, you should be able to do so. That information would then be available in the case of a challenge.
The beauty of this is that it moves the patent examination to a time when someone has the resources to fully examine the issue. Also, it makes it cheaper to apply for a patent (encouraging an increase in the information sharing aspect) and increases the rigorousness of the patent examination.
Note: this would still require a clarification of the patent rules. The problem that I see with the current patent is the idea that someone could patent "holding the button down to get a different effect than a quick click." Patent a particular physical implementation? Sure. Patent the concept (even limited to a specific platform)? That does not promote information sharing, so it should not be part of the patent process.