SPF doesn't tell admins a damn thing they didn't know before. Admins do not pay attention to header addresses when determining the source of spam, they look at the IP addresses, which are not truly being forged (not in the same sense, anyway).
SPF is only useful to end users who can be fooled by forged text headers. It was created to help stop phishing and provide some kind of reputation protection. It's ridiculous that people who should know better co-opted it as a "spam solution" and are willing to break legitimate uses of SMTP to see it adopted, without seeming to even reale the leverage it hands big ISPs.
Except that the spammers are sending through ISP servers using valid accounts and using ISP resources to submit their flood onto the world. Surely a clueful admin would notice the abundant cpu time/bandwidth being used to the point where it limits legitimate use?
Why do you think a clueful admin needs them all on one server to notice abnormal resource utilization? Whether they come through an application-level chokepoint or not, network traffic is network traffic. In many ways it's easier to see the problem machines when you just look at them at the network node level.
Sure, free accounts. Hotmail, yahoo, among other free email providers. This would not stop those.
This is why the thread starter called this the "1998 spam problem". Spammers haven't limited them selves to stealing resources or abusing free ones for a long time. They're happy to pay for single-use throwaway accounts. Those get cancelled and they sign up with the same provider again the next day. It's worth the money to them. Many of them are even willing to buy domains for single runs.
I'm assuming that you're talking about trojaned boxes being stopped (as I don't think you're talking about trojaned email servers). Of course, if you would have followed my point in previous posts that email would be blocked from invalid servers (ie the zombie boxes), you wouldn't have brought this point up. If spammers are getting most of their email blocked, they'll try thier hardest to get around it.
We can identify the zombie boxes today. We aren't stopping them now.
Is that even a crime?
Taking over someone else's computer and using it for unauthorized purposes? Ask Randall Shwartz or Kevin Mitnick.
SPF is not meant to stop spam, and it doesn't add anything to the spam-blocking arsenal that we don't already have or that can't be easily beaten. It's meant to help users who can't read existing email headers detect phishing scams. It would also make blacklists shorter since there are more server-level chokepoints. These may be good goals, but neither of them justifies the damage to legtimate uses of SMTP that is inherent in adopting SPF. It's only getting the attention it is because a lot of people are misunderstanding what it's useful for and the big players are throwing weight behind it because they like vendor lock-in and this hands it to them as "standard compliance" and "good net citizenship".
I'm sorry, but have you people been asleep for the last 5 years? I've never seen an ISP TOS that made any distinction between spam you sent direct from your box vs. mail you sent through their mailhub. This doesn't change anything.
Spammers already sign up for new accounts and then close them all the time. They are famous for it. ISPs either don't care or can't keep up.
Of course this all assumes spammers even open the accounts themselves instead of using their zombies to send for them, like they're already doing. And don't talk about ISPs shutting those down easily. They can't/won't even do it for worms, which are a lot more dangerous.
As for police getting involved when it's a crime... are they getting involved now when spammers hijack machines and use them to send their mail?
By the way, we *already* can figure out when spam is coming from a legit machine that's been zombied just by looking at the IP source (at the recipient level) or the outgoing traffic (at the ISP) level. SPF doesn't even have the benefit of making this easier to detect. It's not even a fundamental change to the spam programs to have them switch from sending directly to sending through the proper mailhub.
And spam from zombies is happening a lot. So why don't those accounts get shut down, if it's as easy as you think?
Because 1) users are so overwhelmed they mostly lack the time to actually report their spam, and 2) ISPs either don't care to police their networks, or are too overworked to keep up with it.
Ok, now we know you are a nutjob, but at least you've actually been able to finally state your objection clearly...
Heh. Not a nutjob, just someone who's been dealing with blocking spam long enough to realize this is completely obvious to the spammers. They already have most of the infrastructure they need to do this, and worse. And I'm far from the only person that realizes this.
So, in your scenario, all the spam from all the zombies using your authentication must now pass through a single point. As soon as someone figures out that they are receiving spam from an authenticated account, the account can be shut down, thus making the situation nothing more than a devolved open relay.
Yeah, that's like saying "as soon as someone figures out that they are being DoSed by a zombied machine..." or "as soon as someone figures out that their machine needs to be patched..." If the real world of users worked that way we wouldn't have the current malware pandemic.
But, even if that weren't the case, any situation in which *your* machine is compromised without your knowledge is undefendable and so far beyond the scope of this proposal that it really doesn't apply. The same argument can be made for just about any abuse of the net -- if you are going to hand the burglar your housekeys, of course they are going to rob your house...
You're absolutely right, which is basically the point. SPF does nothing to address this vector, and that's why authentication is not the panacea SPF proponents keep claiming it is. It is incredibly naive to claim that SPF will force spammers to stop forging their routes so that we can track them down easily (they'll stop using false info, yes, but they won't be using their info). Spammers do not play by the rules, and they have no issues with doing ridiculous and illegal stuff like this to get their message out.
It's simply ridiculous to push for a fundamental change in the mail architecture that has such known fundamental flaws. It doesn't go near addressing the real problem, and it won't slow the tide of spam for a month.
Your response is just a restatement of what SPF does. It doesn't go anywhere near the question asksed, which was: how will using SPF let ISPs have extra insight into which of their users are sending bulk mail?
ISPs can already see all the traffic on their network if they want to. It's trival to watch for specific hosts sending a suspicious amount of traffic on port 25.
They are ON the local machine, they have no need to look at the network, just what user:password@server:port the local MUA uses. They're already using keyboard sniffers to get credit card numbers, this isn't a large leap for them.
There are currently two strategies for fighting spammers using zombies.
Neither of the things you listed has anything to do with zombies.
Requiring people to use the ISP mailhub will get in the way of current zombies that try to send directly, but won't do anything to second generation ones that just detect the right mailhub to use. Your point about noticing traffic levels isn't relevant to the use of a mailhub, since the ISP can see that traffic regardless (and even filter it if they want). Also, watching traffic levels is only relevant to the current MO of zombies and will be useless when they change that MO (think even more machines than they have now, each sending a handful of messages per day).
SMTP auth has nothing to do with stopping zombies either, it's there to deal with relaying. If the spammer has software on your machine, he'll just read your credentials and use them. That's completely trivial. Trusted computing would do something about this, but that's a long long way off.
The only methods for fighting zombies are 1) keeping them off user machines and 2) doing traffic analysis. SPF doesn't affect either of these (except for possibly making traffic analysis harder), and only (1) is sustainable long-term. The trouble is getting there at all.
"Discover the correct mailhub" means watching one outgoing SMTP message, at worst. More likely it means checking if common MUAs are installed and reading their settings directly. This is not going to make spam trojans any more difficult to write, it'll just make them more popular.
ISPs can already use outgoing mail patterns to tell if they have a spam zombie box on their network. SPF does nothing to change that; if anything, it obfuscates it more, since today the zombie might send direct or use another mailhub, which is another data point to notice. When all traffic goes through one mailhub you lose that data point.
The orignal poster posited that SPF will encourage spammers to use more zombies to send mail.
You counter that SPF will help solve the zombie problem because it will make it easier for ISPs to notice spam zombie machines which are sending inordinate amounts of mail.
How does SPF have anything to do with this? ISPs can already note bulk outgoing mail originating from a client machine whether it comes through their mailhub or not. If anything, SPF will make it harder to differentiate spam from legit mail, since you lose the selector "bulk mail originating from client PC sent to remote hosts directly".
You're missing the point. As long as end user client machines can send legitimate mail, spammers who can take over those machines can send mail from those same machines, using the same servers the end users are using to send legitimate mail. The "number of potential zombies" who may be trying to send you spam at any given time is equal to the number of machines which have been taken over and are at all capable of sending mail. The zombie just has to watch to see how legitimate mail leaves that machine and then use the same route itself.
I'm not talking about getting a zombie server, or sending from a zombie client machine to the internet. They'll use the same zombie client machines they're using today, and they'll send through the right mailhub. They'll use whatever legit route the client machine uses to send mail.
According to spamhaus.org, there are only a few hundred spamming organizations that account for the vast majority of spam. We don't need everyone in the world to adopt SPF, we only need enough to convince these few people to switch from forging legitimate domain names to using their own.
No, they won't use their own. They'll use zombies. Thank you for encouraging them.
Of course they'll be able to send messages. You're missing the point of "zombie". They'll send it through the legit smtp server for that domain. And no, auth methods won't make a difference, because then they'll just steal the local credentials and use them.
The only thing SPF is going to do is accelerate the speed and deviousness of the current zombie deployment trend, while breaking legit uses of SMTP.
Our corporate Bogofilter installation blocks 1,100 spams per hour and has been doing so consistently for over a year. Very little spam gets through. We've had two real false positives since we installed, and one of those was today.
a) if you get spam from "someguy@msn.com", it's doubtful the whois info is going to help you any more than a hotmail received header does today b) if you get spam from "someguyyouknow@msn.com", you don't need the whois info to know who owns the machine c) if they stop forging froms (to beat sender verification systems) and just sending as the owner of the machine they hijacked, you won't need whois info to know who owns the machine d) even if you know the person, what good do you really expect it to do you? this is someone who got their machine zombied in the first place. and it's not necessarily someone you know well enough to go fix their machine, it could be a distant business associate or just someone who has your email address in their browser cache after visiting your web site (but the spam still comes from the exact same source and sender as if that person had mailed you themselves to comment on your web site)
Exactly. Going after sender verification (and route verification) is becoming more and more obsolete. We assumed the spammers wouldn't be able to do anything once we shut down their routes, but like has happened with almost every other tech we thought would beat them, they raised the bar to the next level and starting taking over machines and using *their* legit mail routes. So far they're still mostly using bogus From headers to send with, but it's only a matter of time until they switch to using the full credentials of the owner of the machine they're sending from.
How are SPF or DomainKeys or SMTP AUTH going to help you when all your spam comes from people you know, because spammers have moved to just taking over machines and using those machines to spam the people that person normally emails, as that person? In fact, the sender-verification systems likely will have the primary effect of pushing the spammers to using these techniques *more*. And if you think we're going to fix *that* problem by making MS machines more secure, wake up. The main effect of letting MS be involved in some sender verification "solution" is going to be inviting them to embrace and extend SMTP toward an Exchange-only internet.
It's becoming increasingly clear that the only thing that's going to set spam apart from legit mail long term is the content, and even that is becoming more and more iffy. Still, bayesian filters are showing the most short and long-term potential.
To all the people who are saying: "this is no big deal, we'll just block flash or whatever they're sending and ignore it". What do you do when the link to continue to the content you actually want is only available at the end of the flash ad?
No, I'm not giving them the idea, I've seen sites do this already. The greatest thing is when they're using some marginal JS hack that makes it so only "approved" browsers can get to the content link at all without reverse-engineering what they're trying to do.
They have the content their users want to see, so at some point they're going to be able to demand you verify you've looked at/done something before they let you see it, provided they can figure out how.
Not entirely true. If you read the LKML thread, the scripts only caught the anomly. Larry posted that to the list, and his original message had no idea it was malicious. It wasn't until he posted the changed lines that peer review noticed their true purpose.
Tom Adelstein was fired from Bynari Inc. At least that what a public filing indicates. He also has an agreed mutual consent with the company related to disparagement.
...
Nothing bad shows up on this guy.
Now that is an interesting conclusion.
No records indicate that he had any employees. So, your wife must have worked for someone else. Did she work for Bynari? If so, she worked for an officer of the company. He's not listed in the articles of incorporation or the bylaws as an officer.
I don't have any problem believing that whatever public records exist will show a corporate structure that was different from the day to day operations of the "company". Bynari's Dallas office was basically a storefront, with Tom's office out front, and a bullpen where all the techs worked. At the time it was like two developers, the "CIO", my wife, and maybe a few others. There were a CFO and a CEO off site somewhere IIRC, as well as contacts of Tom's in various countries around the world working on some kind of consultancy basis so Bynari could claim worldwide operations in their press releases. But everyone in the Dallas office certainly reported to Tom, and the outside people worked through him to the extent any of us could tell what was going on. Emails we got after we left indicated at some point he turned on the "CFO" and "CEO" as well.
In 1999, he was nominated as the FSF Man of the year.
Their nomination criteria makes it sound like anyone can nominate anyone, and I'd put money he's on that list because he either nominated himself or got a friend to do it. He can't hold a candle to the real luminaries on that list, either in dedication to FOSS or pure code/technology contributions. At the time I knew him, his workstation was running some Windows variant with Linux in VMWare (probably so he could try to establish some kind of cred with his techs), and he used FrontPage to make his web pages. He got in a long argument with my wife over whether he wanted to let her use server side includes on their web stuff, because he claimed that SSI stuff ran on a separate web server port, and it might break the ability of other news sites to view/syndicate their content.
I really doubt that. I've traded enough emails with both of you to recognize your writing styles and have a good idea who both of you are. Still up to the same "PR techniques", Tom?
As far as "his" side? He accused her of destroying Bynari resources, which I already mentioned, and taking off unauthorized time at Christmas, for which he wanted us to reimburse Bynari for three weeks' salary. Note that all of those accusations disappeared once lawyers were involved. He also claimed that she was fired for "chronic absentism" (the Christmas charge was made up to support this, most likely). The week before the pregnancy was announced to them, he was singing her praises. Then she told them on like a Monday or Tuesday, took the next Thursday of Friday off because she was sick (and ended up doing a lot of work from home both days), and was fired when she walked in the door Monday and suddenly accused of being the World's Worst Employee.
I have no problem airing what he told of us "his side". It's complete BS.
Whether or not Tom Adelstein started a company supporting Mandrake is the part you're going to specifically question? That's certainly the most independantly verifiable part of what I said. Feel free to check out the Wayback Machine:
Whether or not my wife was fired and whether or not she was pregnant and how close those events occured to each other is as verifiable as anything else that happened that many years ago. I'm sure I still have the lawyer letters and such from the moving expenses settlement around here somewhere, but that won't help me on slashdot.
Slashdot Mirror
SPF doesn't tell admins a damn thing they didn't know before. Admins do not pay attention to header addresses when determining the source of spam, they look at the IP addresses, which are not truly being forged (not in the same sense, anyway).
SPF is only useful to end users who can be fooled by forged text headers. It was created to help stop phishing and provide some kind of reputation protection. It's ridiculous that people who should know better co-opted it as a "spam solution" and are willing to break legitimate uses of SMTP to see it adopted, without seeming to even reale the leverage it hands big ISPs.
Except that the spammers are sending through ISP servers using valid accounts and using ISP resources to submit their flood onto the world. Surely a clueful admin would notice the abundant cpu time/bandwidth being used to the point where it limits legitimate use?
Why do you think a clueful admin needs them all on one server to notice abnormal resource utilization? Whether they come through an application-level chokepoint or not, network traffic is network traffic. In many ways it's easier to see the problem machines when you just look at them at the network node level.
Sure, free accounts. Hotmail, yahoo, among other free email providers. This would not stop those.
This is why the thread starter called this the "1998 spam problem". Spammers haven't limited them selves to stealing resources or abusing free ones for a long time. They're happy to pay for single-use throwaway accounts. Those get cancelled and they sign up with the same provider again the next day. It's worth the money to them. Many of them are even willing to buy domains for single runs.
I'm assuming that you're talking about trojaned boxes being stopped (as I don't think you're talking about trojaned email servers). Of course, if you would have followed my point in previous posts that email would be blocked from invalid servers (ie the zombie boxes), you wouldn't have brought this point up. If spammers are getting most of their email blocked, they'll try thier hardest to get around it.
We can identify the zombie boxes today. We aren't stopping them now.
Is that even a crime?
Taking over someone else's computer and using it for unauthorized purposes? Ask Randall Shwartz or Kevin Mitnick.
SPF is not meant to stop spam, and it doesn't add anything to the spam-blocking arsenal that we don't already have or that can't be easily beaten. It's meant to help users who can't read existing email headers detect phishing scams. It would also make blacklists shorter since there are more server-level chokepoints. These may be good goals, but neither of them justifies the damage to legtimate uses of SMTP that is inherent in adopting SPF. It's only getting the attention it is because a lot of people are misunderstanding what it's useful for and the big players are throwing weight behind it because they like vendor lock-in and this hands it to them as "standard compliance" and "good net citizenship".
I'm sorry, but have you people been asleep for the last 5 years? I've never seen an ISP TOS that made any distinction between spam you sent direct from your box vs. mail you sent through their mailhub. This doesn't change anything.
Spammers already sign up for new accounts and then close them all the time. They are famous for it. ISPs either don't care or can't keep up.
Of course this all assumes spammers even open the accounts themselves instead of using their zombies to send for them, like they're already doing. And don't talk about ISPs shutting those down easily. They can't/won't even do it for worms, which are a lot more dangerous.
As for police getting involved when it's a crime... are they getting involved now when spammers hijack machines and use them to send their mail?
By the way, we *already* can figure out when spam is coming from a legit machine that's been zombied just by looking at the IP source (at the recipient level) or the outgoing traffic (at the ISP) level. SPF doesn't even have the benefit of making this easier to detect. It's not even a fundamental change to the spam programs to have them switch from sending directly to sending through the proper mailhub.
And spam from zombies is happening a lot. So why don't those accounts get shut down, if it's as easy as you think?
Because 1) users are so overwhelmed they mostly lack the time to actually report their spam, and 2) ISPs either don't care to police their networks, or are too overworked to keep up with it.
Heh. Not a nutjob, just someone who's been dealing with blocking spam long enough to realize this is completely obvious to the spammers. They already have most of the infrastructure they need to do this, and worse. And I'm far from the only person that realizes this.
So, in your scenario, all the spam from all the zombies using your authentication must now pass through a single point. As soon as someone figures out that they are receiving spam from an authenticated account, the account can be shut down, thus making the situation nothing more than a devolved open relay.
Yeah, that's like saying "as soon as someone figures out that they are being DoSed by a zombied machine..." or "as soon as someone figures out that their machine needs to be patched..." If the real world of users worked that way we wouldn't have the current malware pandemic.
But, even if that weren't the case, any situation in which *your* machine is compromised without your knowledge is undefendable and so far beyond the scope of this proposal that it really doesn't apply. The same argument can be made for just about any abuse of the net -- if you are going to hand the burglar your housekeys, of course they are going to rob your house...
You're absolutely right, which is basically the point. SPF does nothing to address this vector, and that's why authentication is not the panacea SPF proponents keep claiming it is. It is incredibly naive to claim that SPF will force spammers to stop forging their routes so that we can track them down easily (they'll stop using false info, yes, but they won't be using their info). Spammers do not play by the rules, and they have no issues with doing ridiculous and illegal stuff like this to get their message out.
It's simply ridiculous to push for a fundamental change in the mail architecture that has such known fundamental flaws. It doesn't go near addressing the real problem, and it won't slow the tide of spam for a month.
Your response is just a restatement of what SPF does. It doesn't go anywhere near the question asksed, which was: how will using SPF let ISPs have extra insight into which of their users are sending bulk mail?
ISPs can already see all the traffic on their network if they want to. It's trival to watch for specific hosts sending a suspicious amount of traffic on port 25.
They are ON the local machine, they have no need to look at the network, just what user:password@server:port the local MUA uses. They're already using keyboard sniffers to get credit card numbers, this isn't a large leap for them.
There are currently two strategies for fighting spammers using zombies.
Neither of the things you listed has anything to do with zombies.
Requiring people to use the ISP mailhub will get in the way of current zombies that try to send directly, but won't do anything to second generation ones that just detect the right mailhub to use. Your point about noticing traffic levels isn't relevant to the use of a mailhub, since the ISP can see that traffic regardless (and even filter it if they want). Also, watching traffic levels is only relevant to the current MO of zombies and will be useless when they change that MO (think even more machines than they have now, each sending a handful of messages per day).
SMTP auth has nothing to do with stopping zombies either, it's there to deal with relaying. If the spammer has software on your machine, he'll just read your credentials and use them. That's completely trivial. Trusted computing would do something about this, but that's a long long way off.
The only methods for fighting zombies are 1) keeping them off user machines and 2) doing traffic analysis. SPF doesn't affect either of these (except for possibly making traffic analysis harder), and only (1) is sustainable long-term. The trouble is getting there at all.
"Discover the correct mailhub" means watching one outgoing SMTP message, at worst. More likely it means checking if common MUAs are installed and reading their settings directly. This is not going to make spam trojans any more difficult to write, it'll just make them more popular.
ISPs can already use outgoing mail patterns to tell if they have a spam zombie box on their network. SPF does nothing to change that; if anything, it obfuscates it more, since today the zombie might send direct or use another mailhub, which is another data point to notice. When all traffic goes through one mailhub you lose that data point.
The orignal poster posited that SPF will encourage spammers to use more zombies to send mail.
You counter that SPF will help solve the zombie problem because it will make it easier for ISPs to notice spam zombie machines which are sending inordinate amounts of mail.
How does SPF have anything to do with this? ISPs can already note bulk outgoing mail originating from a client machine whether it comes through their mailhub or not. If anything, SPF will make it harder to differentiate spam from legit mail, since you lose the selector "bulk mail originating from client PC sent to remote hosts directly".
You're missing the point. As long as end user client machines can send legitimate mail, spammers who can take over those machines can send mail from those same machines, using the same servers the end users are using to send legitimate mail. The "number of potential zombies" who may be trying to send you spam at any given time is equal to the number of machines which have been taken over and are at all capable of sending mail. The zombie just has to watch to see how legitimate mail leaves that machine and then use the same route itself.
I'm not talking about getting a zombie server, or sending from a zombie client machine to the internet. They'll use the same zombie client machines they're using today, and they'll send through the right mailhub. They'll use whatever legit route the client machine uses to send mail.
According to spamhaus.org, there are only a few hundred spamming organizations that account for the vast majority of spam. We don't need everyone in the world to adopt SPF, we only need enough to convince these few people to switch from forging legitimate domain names to using their own.
No, they won't use their own. They'll use zombies. Thank you for encouraging them.
Of course they'll be able to send messages. You're missing the point of "zombie". They'll send it through the legit smtp server for that domain. And no, auth methods won't make a difference, because then they'll just steal the local credentials and use them.
The only thing SPF is going to do is accelerate the speed and deviousness of the current zombie deployment trend, while breaking legit uses of SMTP.
Our corporate Bogofilter installation blocks 1,100 spams per hour and has been doing so consistently for over a year. Very little spam gets through. We've had two real false positives since we installed, and one of those was today.
They already are. I wondered why they thought punctuation would help, since most Bayesian filters tokenize punctuation out. I guess this is why.
Eh?
a) if you get spam from "someguy@msn.com", it's doubtful the whois info is going to help you any more than a hotmail received header does today
b) if you get spam from "someguyyouknow@msn.com", you don't need the whois info to know who owns the machine
c) if they stop forging froms (to beat sender verification systems) and just sending as the owner of the machine they hijacked, you won't need whois info to know who owns the machine
d) even if you know the person, what good do you really expect it to do you? this is someone who got their machine zombied in the first place. and it's not necessarily someone you know well enough to go fix their machine, it could be a distant business associate or just someone who has your email address in their browser cache after visiting your web site (but the spam still comes from the exact same source and sender as if that person had mailed you themselves to comment on your web site)
Exactly. Going after sender verification (and route verification) is becoming more and more obsolete. We assumed the spammers wouldn't be able to do anything once we shut down their routes, but like has happened with almost every other tech we thought would beat them, they raised the bar to the next level and starting taking over machines and using *their* legit mail routes. So far they're still mostly using bogus From headers to send with, but it's only a matter of time until they switch to using the full credentials of the owner of the machine they're sending from.
How are SPF or DomainKeys or SMTP AUTH going to help you when all your spam comes from people you know, because spammers have moved to just taking over machines and using those machines to spam the people that person normally emails, as that person? In fact, the sender-verification systems likely will have the primary effect of pushing the spammers to using these techniques *more*. And if you think we're going to fix *that* problem by making MS machines more secure, wake up. The main effect of letting MS be involved in some sender verification "solution" is going to be inviting them to embrace and extend SMTP toward an Exchange-only internet.
It's becoming increasingly clear that the only thing that's going to set spam apart from legit mail long term is the content, and even that is becoming more and more iffy. Still, bayesian filters are showing the most short and long-term potential.
And the Agenda VR3, which is/was all X, all the time, using a custom WM built with FLTK.
To all the people who are saying: "this is no big deal, we'll just block flash or whatever they're sending and ignore it". What do you do when the link to continue to the content you actually want is only available at the end of the flash ad?
No, I'm not giving them the idea, I've seen sites do this already. The greatest thing is when they're using some marginal JS hack that makes it so only "approved" browsers can get to the content link at all without reverse-engineering what they're trying to do.
They have the content their users want to see, so at some point they're going to be able to demand you verify you've looked at/done something before they let you see it, provided they can figure out how.
> Peer review did not catch this.
Not entirely true. If you read the LKML thread, the scripts only caught the anomly. Larry posted that to the list, and his original message had no idea it was malicious. It wasn't until he posted the changed lines that peer review noticed their true purpose.
Tom Adelstein was fired from Bynari Inc. At least that what a public filing indicates. He also has an agreed mutual consent with the company related to disparagement.
Nothing bad shows up on this guy.
Now that is an interesting conclusion.
No records indicate that he had any employees. So, your wife must have worked for someone else. Did she work for Bynari? If so, she worked for an officer of the company. He's not listed in the articles of incorporation or the bylaws as an officer.
I don't have any problem believing that whatever public records exist will show a corporate structure that was different from the day to day operations of the "company". Bynari's Dallas office was basically a storefront, with Tom's office out front, and a bullpen where all the techs worked. At the time it was like two developers, the "CIO", my wife, and maybe a few others. There were a CFO and a CEO off site somewhere IIRC, as well as contacts of Tom's in various countries around the world working on some kind of consultancy basis so Bynari could claim worldwide operations in their press releases. But everyone in the Dallas office certainly reported to Tom, and the outside people worked through him to the extent any of us could tell what was going on. Emails we got after we left indicated at some point he turned on the "CFO" and "CEO" as well.
In 1999, he was nominated as the FSF Man of the year.
The nominees list is here: http://www.gnu.org/award/award-1999.html
Their nomination criteria makes it sound like anyone can nominate anyone, and I'd put money he's on that list because he either nominated himself or got a friend to do it. He can't hold a candle to the real luminaries on that list, either in dedication to FOSS or pure code/technology contributions. At the time I knew him, his workstation was running some Windows variant with Linux in VMWare (probably so he could try to establish some kind of cred with his techs), and he used FrontPage to make his web pages. He got in a long argument with my wife over whether he wanted to let her use server side includes on their web stuff, because he claimed that SSI stuff ran on a separate web server port, and it might break the ability of other news sites to view/syndicate their content.
And yes, this is the same AC.
I really doubt that. I've traded enough emails with both of you to recognize your writing styles and have a good idea who both of you are. Still up to the same "PR techniques", Tom?
As far as "his" side? He accused her of destroying Bynari resources, which I already mentioned, and taking off unauthorized time at Christmas, for which he wanted us to reimburse Bynari for three weeks' salary. Note that all of those accusations disappeared once lawyers were involved. He also claimed that she was fired for "chronic absentism" (the Christmas charge was made up to support this, most likely). The week before the pregnancy was announced to them, he was singing her praises. Then she told them on like a Monday or Tuesday, took the next Thursday of Friday off because she was sick (and ended up doing a lot of work from home both days), and was fired when she walked in the door Monday and suddenly accused of being the World's Worst Employee.
I have no problem airing what he told of us "his side". It's complete BS.
You obviously don't know Tom!
There's another possibility, you know... ;)
Whether or not Tom Adelstein started a company supporting Mandrake is the part you're going to specifically question? That's certainly the most independantly verifiable part of what I said. Feel free to check out the Wayback Machine:
Bynari.com, circa 1999: http://web.archive.org/web/19991103003416/http://b ynari.com/
Bynari.net (the .ca version of the company site), circa 1999:
http://web.archive.org/web/19991128185323/http://w ww.bynari.net/
archive.org has plenty more.
Whether or not my wife was fired and whether or not she was pregnant and how close those events occured to each other is as verifiable as anything else that happened that many years ago. I'm sure I still have the lawyer letters and such from the moving expenses settlement around here somewhere, but that won't help me on slashdot.