A note of clarification:
Software patents are legal in the United States, illegal pretty much everywhere else, but are nevertheless sometimes granted anyway in the EU. If you're in the EU and want to fight, click here.
I agree with the parent post, but I don't really understand how long distance telco is too cheap to meter. My provider provides all long distance at 3.8 cents/minute, web billing with itemization, credit card required. In other words, it's gotten pretty cheap, and the metering has changed to get cheaper itself, but metering still works. And this company and its many competitors in the low-end LD market, presumably, wouldn't do this if they weren't making money.
We all know Dartmouth is a very technically savvy place, so presumably they could duplicate these results. Or were they charging less per minute of talk? It seems to me that something's odd about the idea that LD telco is too cheap to meter. I applaud the idea of not metering it, which is great social policy for Dartmouth. But I don't really see how it can be an economic gain.
The messages referenced in the article are from January and concern a different (equally stupid) Verisign proposal. The IAB's comments on Verisign's current actions can be found here.
As it is now, I have a PGP key, but no one else does. So I grit my teeth and send my mail in the clear.
If we buy PGP Universal, everyone at my company will have PGP keys, but no one else will. So we'll all end up sending our mail in the clear (except for internal mail which doesn't cross the Internet anyway), because we have no one else's PGP keys to use for the encryption.
I suppose you could say that everyone signing their email is a good first step, and maybe it is, but I don't see how it will have network effects that get us to universal encrypted mail anytime soon.
I am afraid that case law has already established the legality of shrinkwrap licenses in the US. This happened in Procd, Inc. v. Zeidenberg.
ProCD, in which the Seventh Circuit interpreted Wisconsin's UCC, involved sophisticated commercial entities and a database that would not be valuable to the seller if redistributed by every buyer. Also, phone databases are a special case, because courts have already held that there can be no copyright on phone book information. So this is sort of a sui generis area of law.
I would feel pretty good about trying to distinguish ProCD from a case where an end-user buys a computer and just wants to use the darn thing in a manner that doesn't infringe any laws, but without agreeing to any contracts of adhesion. It's not a slam dunk, but that's why my original post said it was unclear. UCITA makes such cases a slam dunk for the licensor.
The "shrinkwrap license" we all hate is just another example of a long-standing practice by commercial operators. When you park your car, for example, a lot of times the bottom of the ticket says "By accepting this ticket you agree that our liability if your car gets hit is capped at $500," or something like that. These contracts are called "contracts of adhesion" (because they adhere to the ticket or whatever) and terms of these contracts are often found unenforceable by the courts. Any reasonable lawyer, not working for one of the sides in this issue, would say that substantial doubt surrounds the enforceability of shrinkwrap licenses in the United States.
BUT bad people are trying to change all that. They've come up with a proposed law, called the Uniform Computer Information Transactions Act, or UCITA. UCITA would, among other things, explicitly make shrinkwrap licenses fully enforceable. This would be a very bad thing.
UCITA is already the law in Maryland and Virginia. If you live in those states, move!
For more information on why UCITA is bad, click here. Find your state representatives here. Tell them what you think.
Hrm, could this have been one of the hidden advantages we lost when we switched from bang-path
addressing to DNS based ?
This is actually such a good idea that someone must have already thought of it and discarded it. The problem with "Received:" lines is that they're awfully hard to parse. So a human can analyse them and know where to send the bounce, but who wants to do that?
Why not have a "Transmit-Path:" (or whatever) header, and require each mailer to append its FQDN to it. It would look like this:
Transmit-Path: mail.foo.com!mailserver.bar.com
Sure, spammers could forge the initial entry or entries, but it would certainly help in situations where an innocent third party's system is being coopted by a malicious party and the "From:" and "From " lines are forged. This could enable a script to quickly bounce the mail back where it belongs -- to the mailer of the guy who's machine is compromised.
Of course, sites would have to code around the entries for their own gateway mailers, etc., but each site can handle that itself. Finally, there's the possiblity that an "innocent middleman" would get the bounces -- but the innocent middleman is likely to be an open relay, who deserves them.
I'm nowhere near an SMTP expert so this may be a stupid question: why not please everyone by 250 accepting the message, scanning it for viruses, and then, if it has a virus, bouncing it to the SMTP envelope "From " line? Or is Sobig forging the envelope From line too?
Slashdot Mirror
A note of clarification: Software patents are legal in the United States, illegal pretty much everywhere else, but are nevertheless sometimes granted anyway in the EU. If you're in the EU and want to fight, click here.
I agree with the parent post, but I don't really understand how long distance telco is too cheap to meter. My provider provides all long distance at 3.8 cents/minute, web billing with itemization, credit card required. In other words, it's gotten pretty cheap, and the metering has changed to get cheaper itself, but metering still works. And this company and its many competitors in the low-end LD market, presumably, wouldn't do this if they weren't making money.
We all know Dartmouth is a very technically savvy place, so presumably they could duplicate these results. Or were they charging less per minute of talk? It seems to me that something's odd about the idea that LD telco is too cheap to meter. I applaud the idea of not metering it, which is great social policy for Dartmouth. But I don't really see how it can be an economic gain.
The messages referenced in the article are from January and concern a different (equally stupid) Verisign proposal. The IAB's comments on Verisign's current actions can be found here.
As it is now, I have a PGP key, but no one else does. So I grit my teeth and send my mail in the clear.
If we buy PGP Universal, everyone at my company will have PGP keys, but no one else will. So we'll all end up sending our mail in the clear (except for internal mail which doesn't cross the Internet anyway), because we have no one else's PGP keys to use for the encryption.
I suppose you could say that everyone signing their email is a good first step, and maybe it is, but I don't see how it will have network effects that get us to universal encrypted mail anytime soon.
I would feel pretty good about trying to distinguish ProCD from a case where an end-user buys a computer and just wants to use the darn thing in a manner that doesn't infringe any laws, but without agreeing to any contracts of adhesion. It's not a slam dunk, but that's why my original post said it was unclear. UCITA makes such cases a slam dunk for the licensor.
BUT bad people are trying to change all that. They've come up with a proposed law, called the Uniform Computer Information Transactions Act, or UCITA. UCITA would, among other things, explicitly make shrinkwrap licenses fully enforceable. This would be a very bad thing.
UCITA is already the law in Maryland and Virginia. If you live in those states, move!
For more information on why UCITA is bad, click here. Find your state representatives here. Tell them what you think.
Why not have a "Transmit-Path:" (or whatever) header, and require each mailer to append its FQDN to it. It would look like this:
Transmit-Path: mail.foo.com!mailserver.bar.com
Sure, spammers could forge the initial entry or entries, but it would certainly help in situations where an innocent third party's system is being coopted by a malicious party and the "From:" and "From " lines are forged. This could enable a script to quickly bounce the mail back where it belongs -- to the mailer of the guy who's machine is compromised.
Of course, sites would have to code around the entries for their own gateway mailers, etc., but each site can handle that itself. Finally, there's the possiblity that an "innocent middleman" would get the bounces -- but the innocent middleman is likely to be an open relay, who deserves them.
I'm nowhere near an SMTP expert so this may be a stupid question: why not please everyone by 250 accepting the message, scanning it for viruses, and then, if it has a virus, bouncing it to the SMTP envelope "From " line? Or is Sobig forging the envelope From line too?