iTunes for Windows is the first Apple product I've used that didn't Just Work.
I run my home Windows box as multi-user - one login for me, one for my wife, and one for root - because I don't trust running Windows live on the internet with Admin privileges turned on. Unfortunately, iTunes doesn't work very well in this environment - I couldn't install it without admin privileges, so it decided to keep separate music directories for me and for root. I've been able to go in and mess with it to combine them, more or less, but it doesn't work very well and tends to forget that I did that any time I update iTunes.
I've also had some of the issues you've mentioned with Quicktime on Windows, but between Windows, Quicktime, and Mozilla's plugin frameworks, I'm not sure how much of that is because of Apple. (And I'm running Real Mozilla, not Firefox...) (Well, I've had one other Apple product that didn't Just Work, but it was an antique LC430 I bought for $2 off a pallet of dubious-condition machines acquired by a friend. I suspect it's the lithium battery or something, but it was an impulse buy and I haven't taken the time to troubleshoot it or spend more than the price of the system for the battery. I don't blame Apple for that:-)
Some things have changed since I first took Computer Science 100 about 30 years ago. Some haven't. One thing that's apparently changed is that students are no longer taught never EVER to trust any input handed to their programs. One thing that hasn't changed is that you should STILL never trust any input to your programs:-)
To cut Apple some slack here, "Any time you port your program to a different operating environment with different capabilities, you need to re-examine all the decisions you made about what's safe and what's not" isn't really a CS100 kind of lesson. But it isn't a grad school lesson either.
And Safari on Windows would really rock - while I like Firefox, having another serious competitor to IE is a Really Good Thing, especially since it'll decrease the amount of IE-Specific Windows-Specific web pages out there.
Unfortunately, I've had to learn over the years that having programming safety taught as part of the intro computer course was pretty much the exception rather than the rule back when I was in school also. But on the bright side, there are lessons from those days that we've been allowed to forget, like "punch cards suck":-) They do enforce a certain amount of valuable discipline on programmers, and I already knew how to program a keypunch drum before I got to college so I was fairly efficient about using the things, but I definitely don't miss them...
More to the point than trying to speculate about the physics of the system, you can't receive a message from the future unless you've built a receiver. So even if the system works, you've got to spend the cash upfront before you can find out.
*Then* you can use it to violate causality and send yourself stock market and horse-racing results from the future....
I would assume that they've implemented this in the obvious way - make it look like a shared file server with no password on it, so it's easy to access from your PC. (If not, then it's more trouble to use than simply popping the card into your PC.)
If it is implemented in the obvious way, then yeah, anybody nearby can also read your memory card, upload your pictures, delete them, replace them with viruses or LoLcat memes, etc. (Ise in ur kamera, downloading ur pictur3z) In general, it seems like a bad idea.
You don't seem to understand the system. It's not certifying that mail from Comcast, AOL, etc. is non-spam - it's letting people who want to send mail _to_ those ISPs certify it as non-spam. So Botnets aren't particularly an issue, because the botnets live on large numbers of mostly-non-managed PCs on consumer broadband networks, universities, and similar environments. These mail senders will be running on a small number of mailing list servers with administrators, which will probably have enough firewalling capability to prevent being taken over by bots (at least in large volume.)
Furthermore, if the crypto is done competently, you won't be able to fake a Goodmail stamp on your message without having first paid Goodmail actual cash up front. If it's not done competently, then sure, they'll be pwn3d in 10 minutes and they'll die. While they haven't published their crypto methods on their websites as far as I can tell, they list their board of technical advisors, which includes Marty Hellmann and Avi Rubin, and presumably the ISPs they're selling to would have done some due diligence on it as well. It may be possible to replay use of a stamp, but if they've done it correctly, that'll only work if you're replaying the same message, so it'll still be a copy of the original message, not the spammer's message (and again, if they haven't done that, they're toast.)
If someone succeeds into breaking into a Goodmail sender's system, it'll drain their supply of stamps pretty quickly, so that still limits the quantity of spam that can be sent that way.
Goodmail's PR says that if your message has a Goodmail stamp, it gets handled by the ISP's Goodmail-handling server, and doesn't go through the rest of their spam filters. If they *didn't* implement it that way, then they don't really have the ability to guarantee delivery, so presumably they've got contracts with the ISPs to actually do that. For the ISPs that support POP or IMAP users, it's still possible for those users to run their own spam filters, of course, but most of the business here is the Webmail and AOL clients, who wouldn't have separate filtering capabilities. And we can quibble about exactly what fraction of the market these ISPs own, but it's large enough to attract customers - enough people bitch about AOL that that one alone may keep them in business.
The real question for me is "can a spammer afford to use Goodmail, and will Goodmail let them do it?" There will probably be some spammers that can live within Goodmail's AUP, which strikes me as fairly wimpy. But not many of them can afford 1/4 cent per message - at least not unless they target their market to people much more likely to buy than the average spammer's distribution list. There'll probably be a few, but hopefully Goodmail will spank them after they've been caught once. There won't be a lot.
Yes, it's theoretically possible for Bad Things to happen with open wireless. (Moderately Bad Things have even happened to me - a neighbor's laptop got virused and used my guest wireless connection for spamming for half a day once.)
But basically it's rare, and the scare stories about Bad Things That Could Happen If You Share Wireless appear to mostly be propagated by the kinds of broadband companies that don't want increased traffic on their nets, and by the kinds of pundits who get their reputation points by scaring people. They tend to overlap a lot with the kinds of people who want to scare you about not being an Evil File Sharer.
In spite of being a crypto geek, I run open wireless at home, so that guests can use it, and neighbors can use it if they need to, and do my crypto at the application layer (VPNs, encrypted SMTP.) I can usually see about 6 wireless nodes from my apartment, half of them unencrypted, plus there's Google out on the street. The main problem I've run into is that sometimes my laptop will grab a neighbor's wireless instead of mine, especially if somebody runs their microwave oven, and one of my neighbors has a firewall that blocks my work VPN, so I may wade through the limited documentation on my wireless and set up WMA.
Unfortunately, the security model I want isn't what WMA was built for - I'd like to encrypt my conversations, but leave access open, and WMA seems to only give you both or neither.
As somebody said in a different thread, Orkut is _so_ 2004. It was another six-degrees-of-separation social networking site in the mode of Friendster, started by a Google employee, with fairly nice organization for groups, messaging, etc. It wasn't oriented toward file-sharing, mostly just discussion, but after 6-12 months of finding all your friends' Orkut pages and seeing who _their_ friends were, it pretty much burned through its 15 minutes of fame.
Eventually, like Spinal Tap becoming popular in Japan after they'd faded out in Britain, Orkut started to catch on really heavily in Brazil.
Also, once people were done looking through their friends' sites, some fraction of the users started just Friending anybody at random, whether they knew them or not, and even if your picture didn't look like a hot chick or a cute gay man, you'd get a lot of Friend requests from strangers. Even if you didn't speak Portugese and they did.
After a while, Google started pushing their Orkut logins and Gmail logins together, which would make all your Orkut information linkable to your Gmail information. _Not_ what I wanted.
Come on now, have you *seen* vi's internals? Even vi users occasionally go piss on it, burn it, and bitch about the holes that have been punched in there from the beginning:-)
Doesn't mean we'd go use emacs, of course....
---
In fact I do use both, and unfortunately none of the vi-modes in emacs were that satisfactory when I last saw them. To the extent that I use Unix shell interfaces these days, I generally edit in vi and use emacs-mode in bash. I assume that window-based versions of emacs probably work better now than a decade ago, but I normally work on Windoze, either in Word, Powerpoint, or Notepad, and do most of my editor work with mice.
And unlike Christmas, where the date of the celebration probably was set to preempt other religions' Winter solstice festivals, the date for the celebration of the Crucifixion wasn't arbitrary - the events did happen at Passover, which is at the Spring Equinox (though the subsequent messing around with solar vs. lunar calendars means that the Orthodox and western Christian groups don't always celebrate it exactly at Passover.) Taking over the name "Easter" is misappropriation, but the date isn't.
The Danish cartoons were done to provoke a discussion about Islam's lack of tolerance for freedom of speech - and in some sense they succeeded:-) Unfortunately, the louder part of the Islamic world only saw the cartoons, not the reason they were drawn, and didn't get the joke. (The fact that the joke was insulting was a separate problem - and the cartoons did range from friendly to hostile.)
Apparently the Shiv Sena are no different from the shriller Moslem ranters or the Jerry Falwells in America - If you look at Hamas, you'll see that they provide a lot of social services in poor parts of Lebanon and to some extent Israel, and the religious right wing in America do a lot of individual anti-poverty work (things like Habitat for Humanity, relief work around the world, drilling wells for villages in Africa and Bangladesh, etc.) Yet they all bring disrespect to their religions by advocating tribalism, violence and intolerance.
Users won't put up with it? That one's possibly correct - if Goodmail lets too much spammy mail through, then enough users will complain to their ISPs that the ISPs stop accepting Goodmail, but that remains to be seen. Their AUP looks pretty wimpy, but charging 1/4 cent will at least cut out most of the spammers and encourage any that do use the service to only target spam to people who are likely to want their products.
Requires immediate total cooperation from everybody at once Nope - senders will only pay to deliver mail ISPs that have deals with Goodmail, so it's incrementally scalable. And they've got the ISPs who handle over half the US mailbox market on board with them, so that's a big enough potential market that some senders may find it worth paying them, especially senders who have trouble getting through to those ISPs already (e.g. AOL.)
Open relays, worms - Nope. This system doesn't purport to keep spammers from sending spam. This lets non-spammers avoid getting blocked by spam filters, by attaching cryptographically validated stamps to the non-spam messages. It'll probably let a few spammers avoid getting blocked as well, but they'll be upfront spammers paying money and lying about how they're legit and you forgot you opted in, not hidden spammers abusing worms open relays.
Unpopularity of weird new taxes - Maybe, maybe not - "Tax" approaches are unpopular not only because they suck, but because they don't reflect the underlying economics correctly, so they're trying to charge the wrong people the wrong amount of money for the wrong things because some wrong-headed "expert" thought it would be a good idea. Goodmail thinks they've found a sufficiently large market niche of mostly-commercial businesses willing to pay money to get email delivered reliably (reducing their email-admin costs and increasing opportunities for revenue) and ISPs willing to accept their mail (reducing help-desk and spam-filter costs; I forget if their model also pays part of the tax to the receiving ISP.) They may be correct, and if they aren't, then The Invisible Hand will drop them fast enough.
A lot of the discussion about market-economics solutions to spam proposed models like that. [insert standard checklist here:-)] Some of them get it wrong and have arbitrary prices for delivery that get paid to the wrong people, so they're not likely to work economically, while others of them realize that the real cost of spam isn't the bandwidth, CPU, or storage costs, it's the recipient's attention wasted reading the junk, so they propose ways to let the sender pay the recipient for reading the mail. Some of them use artificial payments like hashcash (where the sender has to burn CPU time, and therefore can't send spam very fast), while others use real cash, typically with some kind of stamps paid for with Paypal.
In one sense, that's absolutely the right model for reducing spam - you don't care how much spam there is in the world, you just care how much of it gets into your inbox, and if some Nigerian princess is willing to pay your price for consulting service for reading your mail, your mailbox has negotiated an appropriate price with her and waited for the Paypal to clear so you really don't mind spending two seconds of attention span to junk her message.
In reality, enough of the email that most people receive is something that they do want and therefore whitelist or perhaps even pay for, so you can't enforce this mechanism on all your email, so the spammer arms race would focus on how to impersonate email sources you *did* want to hear from, and you'd use crypto to keep them out, and the financial or technical transaction costs would be annoying enough that there would be useful email that you're not going to receive because the senders didn't want to bother haggling with your robosecretary about it.
So it's not implemented very often, and it may be hard to find off-the-shelf implementations, but if you're a corporate executive, you can always hire a secretary who will not only get rid of the junk, but prioritize the non-junk mail for you.
And of course, while this sort of thing is annoying enough that most people won't bother sending you mail if you're using it, if spam becomes sufficiently annoying that many people do adopt it anyway, you'll start seeing lots of advertisements for mail systems that pay you to read email! Right there at home on your couch!...5 PROFIT!!
If you look at Goodmail's web site, you'll see that they actually do track that each email was delivered to the user, using some variant on a web bug. That doesn't mean that the user paid attention to it, but at least it got to them and didn't get junked.
Of course, lots of commercial email sending systems do this kind of thing, including legitimate ones and spammers. A lot of the email I get at work from technology vendors has graphics and subscribe/unsubscribe URLs that come from email handling companies rather than the vendor themselves. (From a personal and technical standpoint, I think this is really tacky - it takes very little work to have URLs from http:mail-response-handler.examplevendor.com/stuff as opposed to http:example-mail-handler.com/examplevendor/stuff, even if the subdomain mail-response-handler.examplevendor.com actually points to a machine run by example-mail-handler.com. And of course they're not really named example-mail-handler.com - they've got short names like p0.com that don't say who they are or what they do and look like spammers, which gets extra-tackiness points when examplevendor.com has some network security product or seminar.)
They're not certifying countries, they're certifying senders of mail, and they're not certifying senders who aren't based in the US or Canada. There is a bit of neutrality risk here - if enough senders are willing to pay for certification, then ISPs may be more likely to junk non-certified email. On the other hand, if the ISPs do too much of that, their email users can switch to other ISPs, which is especially a risk for the free-mailbox providers like Yahoo, so they've got some incentive not to do it.
They're not trying to reduce the amount of spam in the world, or even the amount of spam in your mailbox. They're trying to increase the amount of non-spam that gets to your mailbox instead of getting junked.
The problems are related, of course - if they make it easier for your ISP to deliver some kinds of non-spam into your mailbox, that makes it safer for them to crank up their anti-spam filters so that more junk mail gets junked (so maybe there's less spam in your mailbox after all) but unpaid non-spam has a higher risk of getting junked too. The latter is the risky part of it; the less risky part is that if Goodmail does a lousy job of policing the few spammers who are willing to pay to send you mail, then users will complain to their ISPs, and their ISPs might pull out of Goodmail.
RTFWS - Goodmail is targeting the money-charging part of their business to companies that have a financial incentive to successfully deliver messages (e.g. transactional mail, subscribers paying for newsletters, etc.) and can therefore increase revenues if they can successfully deliver to users of AOL and the other big mailbox ISPs. Think about banks sending online statements, or online bookstores that want to deliver receipts to their users, or companies that want to send bills online instead of by snailmail.
They're also selling to companies that already pay a lot for email admin time keeping their mail with the big ISPs working and tracking mail delivery. If making sure AOL doesn't blacklist you is critical, and you're a medium-large volume mail sender, then it's already costing you a lot of work to keep everything working, and Goodmail not only promises that your mail won't get junked, but that they'll give you a delivery receipt for each message. So it might cost you less to pay Goodmail to do that rather than do it yourself.
If you're not doing kinds of business that are going to get more revenue or reduce costs by using Goodmail, then you're not the kind of person they're trying to sell to, so it's not worth their time to grab money from you. But if you _are_, then yes, it's a blatant money grab but might be worthwhile for you as well as them. Spam's a big enough problem that there are lots of opportunities to grab money while making life easier for the people you grab it from.:-)
For semi-commercial organized organizations, e.g. Greenpeace or churches or whatever, which have enough organizational and financial structure to get themselves a 501c3 registration, charging 1/20 cent per email message (or 1/4 cent if non-501c3) may be affordable - it certainly beats charging $25-50/year for membership that includes a snail-mail newsletter and several fundraising snailmails.
But there are lots of interest groups, discussion groups, and projects that don't have a financial structure, and it'd be really annoying to have to build a Paypal tip jar to accept payments to stay on their email lists, especially if they're a discussion-heavy group.
I'm currently on one or two high-volume mailing lists, and I've been on others in the past, where half the people might not bother paying $5/year to get certified email, and they're not organized in ways that would support a 501c3 which would cut the certs down to $1/year. And if half the people aren't participating, then it's less valuable to be on the list.
I also run a small social-group mailing list with dinner and party announcements. It probably gets about 200 messages/year for 200 people, so it would cost me $100/year to pay for Goodmail certs if everybody were on Goodmail ISPs (90% of the people are techies who don't use the kind of ISP Goodmail markets to, and I suppose I'd pay $10/year for certs, just as I've paid for the domain name most years, but if this stuff really caught on I'd probably build a tip jar, which would be annoying.)
They're not saying that these big ISPs are signing up to be Goodmail senders who pay 1/4 cent per message to whitelist the email they're sending. These ISPs are the mailbox providers that will accept and deliver Goodmail-certified messages without spam-filtering them, and Goodmail is bragging about them because it says that they have a large enough fraction of the US mailbox market that various commercial senders might be willing to pay to certify the messages they're sending.
So blacklisting the ISPs doesn't make sense here - Goodmail isn't claiming that Comcast is certifying that mail from ExampleUser@Comcast.com or InfectedZombie@Comcast.com isn't spam. (That'd be nice, but it ain't happening any time soon.) They're claiming that if you have a Comcast/Yahoo/AOL/etc. mailbox, and a message shows up in it with a Goodmail certificate on it, then it's from a well-behaved non-spammer who paid to deliver it, and that if you want to do transactional mail with somebody like your bank, then your Goodmail-accepting ISP won't junk the message so it's ok to give your bank that email address if they pay for Goodmail.
If you don't like the Goodmail system, the answer isn't to blackmail Goodmail senders at your ISP - it's to boycott ISPs who accept Goodmail (or at least, not use them for your important email, though you might still use their free for your ExampleISPgroups email), plus send complaints to blackhole\\\\\\\marketing@ExampleISP.net. Blacklisting people who pay for Goodmail stamps doesn't really make sense either - senders aren't going to pay for stamps that don't go to the ISPs that accept them. You could unsubscribe from any email lists sent by senders using Goodmail stamps, if that's what you want to do, and that might be more visible; Goodmail tracks that kind of thing and requires senders to respond to the unsubscribes.
The reason they can guarantee delivery is that they have contracts with big mailbox ISPs to accept and deliver their mail - they're not guaranteeing delivery to ISPs they don't have contracts with, and senders aren't going to pay them for sending to random ISPs. But they've got something over 50% of the US mailbox market signed up, so there's some reasonable market share.
This isn't saying that everybody should have to pay money to send email - it's saying that there are people who are willing to pay money to get email delivered to recipients who've asked to receive that mail, and that Goodmail is willing to make a sufficiently credible case to the big ISPs that they're only going to send mail to people who've asked to receive it, and the per-message fee is partly to make money and partly to discourage dishonest senders by making it unprofitable to get Goodmail stamps for their spam.
There is a downside - if you make some categories of email privileged, then ISPs are more likely to tighten their filters on the non-paid email and incorrectly reject more of it. On the other hand, that's already happening to some extent - if you read some of the spam and operations mailing lists, you'll hear lots of people bitching about how AOL incorrectly blacklisted them and how difficult and slow it is to get things corrected, and there are lots of companies and sites that simply don't accept AOL addresses for mailing list subscriptions or especially for transactional emails.
Goodmail's tried to add some balance to the community complaints about this kind of service by charging a much lower price to non-profits that want to certify their mail - I'm not thrilled with that approach, but there are enough non-profits out there that use snail mail for their newsletters or fundraising begging, and.05 cents is a lot cheaper than stamps, so at least some kinds of non-profits may be willing to pay for it or at least less likely to protest loudly to the ISPs.
Yes, it's market-based. That does mean that most spammers won't be willing to pay for it. But some legitimate email senders (and a smaller number of well-targeted spammers) will find it worthwhile to pay to get mail through big ISP blacklists - anybody who's running a legitimate mailing-list service or doing things like product registration spends a lot of time bitching about AOL.
There isn't a central authority controlling email - but they've got the ISPs that are over 50% of the US mailbox market. (Microsoft MSN isn't one of them, though:-) And these countermeasures _do_ work if phased in gradually; otherwise they wouldn't be able to make a profit (not that we know yet if they'll make a profit or if they'll die out in a year.) It doesn't require cooperation from everybody at once - they've got enough mailbox ISPs signed up that it's at least potentially worthwhile for an email sender to pay them for the service. And they're not trying to solve the *whole* spammer problem - they're trying to get some non-spammers to pay them for delivering non-spam, which is a difficult but much simpler problem. It's not a "find the spammer to make him pay" system - it's a "pay up front to claim you're not a spammer" system.
Joe-jobs, Forgery, Worms and Zombies, etc. - The press releases don't say *how* they handle their certification other than to mention cryptography. But their board of technical advisors is interesting - Marty Hellmann, Avi Rubin, Dave Crocker - so there's a good chance they've done it right. Cryptography does take a fair amount of horsepower, but it's scalable dumb horsepower, and if they've done things well they can avoid having to verify the crypto on most forged messages. If they've designed things well, it's not incompatible with open-source tools, but they're writing Press Releases, not technical documentation, so it's hard to tell.
Asshats, and trusting Goodmail's servers - yes, that's still a problem. Their terms of service are appallingly weak - they'll accept unconfirmed opt-ins, and their "interpret complaint as unsubscribe" is inadequate, so dishonest spammers can still pay to get service delivered for a while, until they get enough complaints. But at least the quarter-cent per message means that only well-targeted spammers will be willing to pay for it, so it won't be really high volumes of spam. If there's much of that going on, then email users won't stand for it, and they'll bitch at their ISPs (though that's more effective with AOL who charges money than with Yahoo who's giving you that email account for free anyway...)
And yes, email should be free, and whitelists suck, but blacklists also suck and some email senders may be willing to pay to deal with whitelists that suck instead of getting stuck on blacklists that suck.
If the end-user recipients were running full-scale Mail User Agents, you couldn't guarantee that they're not filtering, but in this case most of them are using the webmail services provided by the recipient ISPs, so there's really no extra filtering that's going to happen. (Of course, that doesn't mean that the user won't look at the sender's name or subject line and junk the message anyway.) That may change if Goodmail succeeds in enticing more ISPs to use their services, but they've already got a good chunk of the US market, and for many commercial email senders, simply not having to hassle with AOL's blacklisting may be worth paying for.
Some or most of those ISPs do also offer POP/IMAP mail services, so the user has a chance to do filtering, but that's not most of the users, and just guaranteeing that the ISP *won't* junk the message may be valuable enough for some senders to pay for Goodmail.
Some of the commercial email senders will probably be spammers, especially if you read their AUP carefully and notice that it doesn't require confirmed opt-in, but at least the economics of a quarter cent per message make it likely that there won't be a *lot* of spammers using the service - only the ones who are doing a good job of targeting customers\\\\\suckers for high-value services.
No, it's still running the full bit-torrent protocol, but it's pretty efficient because it's spending almost all of its time sending chunks of data, not tracking overhead. So you don't lose much, and if a second receiver comes on, it ramps up really fast.
Certainly non-wrecked houses in somewhere like New Orleans are hard to work on, for the kinds of reasons you'd mentioned. I'd forgotten about the issues of shotgun houses, but I've worked on century-old houses in New Jersey which have similar problems (though the water table's usually a bit lower) - if there's room in the walls to run wires, it's because termites have chewed through the beams, though sometimes you can use tricks like fishing wires through the old gas-pipes. On the other hand, back when I was doing that, wireless networking technology didn't really exist; if I were working on something mostly undamaged in the Garden District today I'd expect it to be way easier than wiring.
But this article was about somebody who's got gutted houses to work with, so a lot of that wall structure isn't in the way. The plaster's gone and will need to be replaced, and you can reach most of the things you want to reach.
I'm glad to hear that your company hasn't had trouble with AOL's blacklisting - 99% of the comments I see about it are the opposite, either email senders complaining that AOL incorrectly blacklists them and it's hard to get reinstated, or AOL users complaining that they sign up for mailing lists and AOL blacklists the senders so they don't get them. Of course, the people who don't have trouble don't bitch, and the AOL users who didn't know a given email was coming generally don't know that it's been junked so they don't complain much either.
AOL's in a touchy position - they really do receive infinite quantities of spam, and it's hard to tell some kinds of spam from legitimate mail without having humans read it, and it's hard to tell legitimate senders asking to be reinstated from spammers asking to be reinstated, and the financial incentives for allowing good email aren't very high so they can't afford to put lots of humans into the loop. But their reputation is such that lots of mail senders are simply not willing to deal with them.
First of all, spammers won't use them as block lists. If they do anything with them, they'll use them as lists of valid email addresses to send spam to. And any laws about do-not-spam lists are just laws, and most spammers aren't bothered by violating them, especially Nigerian scammers, zombie-abusers, stock scammers, and fake pill sellers.
Any laws about do-not-spam lists only apply in the country that makes the laws - so spammers will send mail from other countries. They often do that today, simply because it's harder to get a Chinese ISP to shut down spammers, and a lot harder to get Korean zombie farmers to shut them down.
It's possible to make the do-not-email lists a bit safer - instead of listing the email addresses directly, list hashes of them, which lets anybody who wants to check an individual address see if that address's hash is in the list, but doesn't let you recover the address from the list. But it's still a losing game.
I run my home Windows box as multi-user - one login for me, one for my wife, and one for root - because I don't trust running Windows live on the internet with Admin privileges turned on. Unfortunately, iTunes doesn't work very well in this environment - I couldn't install it without admin privileges, so it decided to keep separate music directories for me and for root. I've been able to go in and mess with it to combine them, more or less, but it doesn't work very well and tends to forget that I did that any time I update iTunes.
I've also had some of the issues you've mentioned with Quicktime on Windows, but between Windows, Quicktime, and Mozilla's plugin frameworks, I'm not sure how much of that is because of Apple. (And I'm running Real Mozilla, not Firefox...) (Well, I've had one other Apple product that didn't Just Work, but it was an antique LC430 I bought for $2 off a pallet of dubious-condition machines acquired by a friend. I suspect it's the lithium battery or something, but it was an impulse buy and I haven't taken the time to troubleshoot it or spend more than the price of the system for the battery. I don't blame Apple for that
To cut Apple some slack here, "Any time you port your program to a different operating environment with different capabilities, you need to re-examine all the decisions you made about what's safe and what's not" isn't really a CS100 kind of lesson. But it isn't a grad school lesson either.
And Safari on Windows would really rock - while I like Firefox, having another serious competitor to IE is a Really Good Thing, especially since it'll decrease the amount of IE-Specific Windows-Specific web pages out there.
Unfortunately, I've had to learn over the years that having programming safety taught as part of the intro computer course was pretty much the exception rather than the rule back when I was in school also. But on the bright side, there are lessons from those days that we've been allowed to forget, like "punch cards suck"
*Then* you can use it to violate causality and send yourself stock market and horse-racing results from the future....
(If not, then it's more trouble to use than simply popping the card into your PC.)
If it is implemented in the obvious way, then yeah, anybody nearby can also read your memory card, upload your pictures, delete them, replace them with viruses or LoLcat memes, etc. (Ise in ur kamera, downloading ur pictur3z) In general, it seems like a bad idea.
Furthermore, if the crypto is done competently, you won't be able to fake a Goodmail stamp on your message without having first paid Goodmail actual cash up front. If it's not done competently, then sure, they'll be pwn3d in 10 minutes and they'll die. While they haven't published their crypto methods on their websites as far as I can tell, they list their board of technical advisors, which includes Marty Hellmann and Avi Rubin, and presumably the ISPs they're selling to would have done some due diligence on it as well. It may be possible to replay use of a stamp, but if they've done it correctly, that'll only work if you're replaying the same message, so it'll still be a copy of the original message, not the spammer's message (and again, if they haven't done that, they're toast.)
If someone succeeds into breaking into a Goodmail sender's system, it'll drain their supply of stamps pretty quickly, so that still limits the quantity of spam that can be sent that way.
Goodmail's PR says that if your message has a Goodmail stamp, it gets handled by the ISP's Goodmail-handling server, and doesn't go through the rest of their spam filters. If they *didn't* implement it that way, then they don't really have the ability to guarantee delivery, so presumably they've got contracts with the ISPs to actually do that. For the ISPs that support POP or IMAP users, it's still possible for those users to run their own spam filters, of course, but most of the business here is the Webmail and AOL clients, who wouldn't have separate filtering capabilities.
And we can quibble about exactly what fraction of the market these ISPs own, but it's large enough to attract customers - enough people bitch about AOL that that one alone may keep them in business.
The real question for me is "can a spammer afford to use Goodmail, and will Goodmail let them do it?" There will probably be some spammers that can live within Goodmail's AUP, which strikes me as fairly wimpy. But not many of them can afford 1/4 cent per message - at least not unless they target their market to people much more likely to buy than the average spammer's distribution list. There'll probably be a few, but hopefully Goodmail will spank them after they've been caught once. There won't be a lot.
But basically it's rare, and the scare stories about Bad Things That Could Happen If You Share Wireless appear to mostly be propagated by the kinds of broadband companies that don't want increased traffic on their nets, and by the kinds of pundits who get their reputation points by scaring people. They tend to overlap a lot with the kinds of people who want to scare you about not being an Evil File Sharer.
In spite of being a crypto geek, I run open wireless at home, so that guests can use it, and neighbors can use it if they need to, and do my crypto at the application layer (VPNs, encrypted SMTP.) I can usually see about 6 wireless nodes from my apartment, half of them unencrypted, plus there's Google out on the street. The main problem I've run into is that sometimes my laptop will grab a neighbor's wireless instead of mine, especially if somebody runs their microwave oven, and one of my neighbors has a firewall that blocks my work VPN, so I may wade through the limited documentation on my wireless and set up WMA.
Unfortunately, the security model I want isn't what WMA was built for - I'd like to encrypt my conversations, but leave access open, and WMA seems to only give you both or neither.
Eventually, like Spinal Tap becoming popular in Japan after they'd faded out in Britain, Orkut started to catch on really heavily in Brazil.
Also, once people were done looking through their friends' sites, some fraction of the users started just Friending anybody at random, whether they knew them or not, and even if your picture didn't look like a hot chick or a cute gay man, you'd get a lot of Friend requests from strangers. Even if you didn't speak Portugese and they did.
After a while, Google started pushing their Orkut logins and Gmail logins together, which would make all your Orkut information linkable to your Gmail information. _Not_ what I wanted.
Doesn't mean we'd go use emacs, of course....
---
In fact I do use both, and unfortunately none of the vi-modes in emacs were that satisfactory when I last saw them. To the extent that I use Unix shell interfaces these days, I generally edit in vi and use emacs-mode in bash. I assume that window-based versions of emacs probably work better now than a decade ago, but I normally work on Windoze, either in Word, Powerpoint, or Notepad, and do most of my editor work with mice.
And unlike Christmas, where the date of the celebration probably was set to preempt other religions' Winter solstice festivals, the date for the celebration of the Crucifixion wasn't arbitrary - the events did happen at Passover, which is at the Spring Equinox (though the subsequent messing around with solar vs. lunar calendars means that the Orthodox and western Christian groups don't always celebrate it exactly at Passover.) Taking over the name "Easter" is misappropriation, but the date isn't.
Apparently the Shiv Sena are no different from the shriller Moslem ranters or the Jerry Falwells in America - If you look at Hamas, you'll see that they provide a lot of social services in poor parts of Lebanon and to some extent Israel, and the religious right wing in America do a lot of individual anti-poverty work (things like Habitat for Humanity, relief work around the world, drilling wells for villages in Africa and Bangladesh, etc.) Yet they all bring disrespect to their religions by advocating tribalism, violence and intolerance.
In one sense, that's absolutely the right model for reducing spam - you don't care how much spam there is in the world, you just care how much of it gets into your inbox, and if some Nigerian princess is willing to pay your price for consulting service for reading your mail, your mailbox has negotiated an appropriate price with her and waited for the Paypal to clear so you really don't mind spending two seconds of attention span to junk her message.
In reality, enough of the email that most people receive is something that they do want and therefore whitelist or perhaps even pay for, so you can't enforce this mechanism on all your email, so the spammer arms race would focus on how to impersonate email sources you *did* want to hear from, and you'd use crypto to keep them out, and the financial or technical transaction costs would be annoying enough that there would be useful email that you're not going to receive because the senders didn't want to bother haggling with your robosecretary about it.
So it's not implemented very often, and it may be hard to find off-the-shelf implementations, but if you're a corporate executive, you can always hire a secretary who will not only get rid of the junk, but prioritize the non-junk mail for you.
And of course, while this sort of thing is annoying enough that most people won't bother sending you mail if you're using it, if spam becomes sufficiently annoying that many people do adopt it anyway, you'll start seeing lots of advertisements for mail systems that pay you to read email! Right there at home on your couch!
Of course, lots of commercial email sending systems do this kind of thing, including legitimate ones and spammers. A lot of the email I get at work from technology vendors has graphics and subscribe/unsubscribe URLs that come from email handling companies rather than the vendor themselves. (From a personal and technical standpoint, I think this is really tacky - it takes very little work to have URLs from http:mail-response-handler.examplevendor.com/stuf
They're not certifying countries, they're certifying senders of mail, and they're not certifying senders who aren't based in the US or Canada. There is a bit of neutrality risk here - if enough senders are willing to pay for certification, then ISPs may be more likely to junk non-certified email. On the other hand, if the ISPs do too much of that, their email users can switch to other ISPs, which is especially a risk for the free-mailbox providers like Yahoo, so they've got some incentive not to do it.
The problems are related, of course - if they make it easier for your ISP to deliver some kinds of non-spam into your mailbox, that makes it safer for them to crank up their anti-spam filters so that more junk mail gets junked (so maybe there's less spam in your mailbox after all) but unpaid non-spam has a higher risk of getting junked too. The latter is the risky part of it; the less risky part is that if Goodmail does a lousy job of policing the few spammers who are willing to pay to send you mail, then users will complain to their ISPs, and their ISPs might pull out of Goodmail.
They're also selling to companies that already pay a lot for email admin time keeping their mail with the big ISPs working and tracking mail delivery. If making sure AOL doesn't blacklist you is critical, and you're a medium-large volume mail sender, then it's already costing you a lot of work to keep everything working, and Goodmail not only promises that your mail won't get junked, but that they'll give you a delivery receipt for each message. So it might cost you less to pay Goodmail to do that rather than do it yourself.
If you're not doing kinds of business that are going to get more revenue or reduce costs by using Goodmail, then you're not the kind of person they're trying to sell to, so it's not worth their time to grab money from you. But if you _are_, then yes, it's a blatant money grab but might be worthwhile for you as well as them. Spam's a big enough problem that there are lots of opportunities to grab money while making life easier for the people you grab it from.
But there are lots of interest groups, discussion groups, and projects that don't have a financial structure, and it'd be really annoying to have to build a Paypal tip jar to accept payments to stay on their email lists, especially if they're a discussion-heavy group.
I'm currently on one or two high-volume mailing lists, and I've been on others in the past, where half the people might not bother paying $5/year to get certified email, and they're not organized in ways that would support a 501c3 which would cut the certs down to $1/year. And if half the people aren't participating, then it's less valuable to be on the list.
I also run a small social-group mailing list with dinner and party announcements. It probably gets about 200 messages/year for 200 people, so it would cost me $100/year to pay for Goodmail certs if everybody were on Goodmail ISPs (90% of the people are techies who don't use the kind of ISP Goodmail markets to, and I suppose I'd pay $10/year for certs, just as I've paid for the domain name most years, but if this stuff really caught on I'd probably build a tip jar, which would be annoying.)
So blacklisting the ISPs doesn't make sense here - Goodmail isn't claiming that Comcast is certifying that mail from ExampleUser@Comcast.com or InfectedZombie@Comcast.com isn't spam. (That'd be nice, but it ain't happening any time soon.) They're claiming that if you have a Comcast/Yahoo/AOL/etc. mailbox, and a message shows up in it with a Goodmail certificate on it, then it's from a well-behaved non-spammer who paid to deliver it, and that if you want to do transactional mail with somebody like your bank, then your Goodmail-accepting ISP won't junk the message so it's ok to give your bank that email address if they pay for Goodmail.
If you don't like the Goodmail system, the answer isn't to blackmail Goodmail senders at your ISP - it's to boycott ISPs who accept Goodmail (or at least, not use them for your important email, though you might still use their free for your ExampleISPgroups email), plus send complaints to blackhole\\\\\\\marketing@ExampleISP.net. Blacklisting people who pay for Goodmail stamps doesn't really make sense either - senders aren't going to pay for stamps that don't go to the ISPs that accept them. You could unsubscribe from any email lists sent by senders using Goodmail stamps, if that's what you want to do, and that might be more visible; Goodmail tracks that kind of thing and requires senders to respond to the unsubscribes.
This isn't saying that everybody should have to pay money to send email - it's saying that there are people who are willing to pay money to get email delivered to recipients who've asked to receive that mail, and that Goodmail is willing to make a sufficiently credible case to the big ISPs that they're only going to send mail to people who've asked to receive it, and the per-message fee is partly to make money and partly to discourage dishonest senders by making it unprofitable to get Goodmail stamps for their spam.
There is a downside - if you make some categories of email privileged, then ISPs are more likely to tighten their filters on the non-paid email and incorrectly reject more of it. On the other hand, that's already happening to some extent - if you read some of the spam and operations mailing lists, you'll hear lots of people bitching about how AOL incorrectly blacklisted them and how difficult and slow it is to get things corrected, and there are lots of companies and sites that simply don't accept AOL addresses for mailing list subscriptions or especially for transactional emails.
Goodmail's tried to add some balance to the community complaints about this kind of service by charging a much lower price to non-profits that want to certify their mail - I'm not thrilled with that approach, but there are enough non-profits out there that use snail mail for their newsletters or fundraising begging, and
There isn't a central authority controlling email - but they've got the ISPs that are over 50% of the US mailbox market. (Microsoft MSN isn't one of them, though
Joe-jobs, Forgery, Worms and Zombies, etc. - The press releases don't say *how* they handle their certification other than to mention cryptography. But their board of technical advisors is interesting - Marty Hellmann, Avi Rubin, Dave Crocker - so there's a good chance they've done it right. Cryptography does take a fair amount of horsepower, but it's scalable dumb horsepower, and if they've done things well they can avoid having to verify the crypto on most forged messages. If they've designed things well, it's not incompatible with open-source tools, but they're writing Press Releases, not technical documentation, so it's hard to tell.
Asshats, and trusting Goodmail's servers - yes, that's still a problem. Their terms of service are appallingly weak - they'll accept unconfirmed opt-ins, and their "interpret complaint as unsubscribe" is inadequate, so dishonest spammers can still pay to get service delivered for a while, until they get enough complaints. But at least the quarter-cent per message means that only well-targeted spammers will be willing to pay for it, so it won't be really high volumes of spam. If there's much of that going on, then email users won't stand for it, and they'll bitch at their ISPs (though that's more effective with AOL who charges money than with Yahoo who's giving you that email account for free anyway...)
And yes, email should be free, and whitelists suck, but blacklists also suck and some email senders may be willing to pay to deal with whitelists that suck instead of getting stuck on blacklists that suck.
Some or most of those ISPs do also offer POP/IMAP mail services, so the user has a chance to do filtering, but that's not most of the users, and just guaranteeing that the ISP *won't* junk the message may be valuable enough for some senders to pay for Goodmail.
Some of the commercial email senders will probably be spammers, especially if you read their AUP carefully and notice that it doesn't require confirmed opt-in, but at least the economics of a quarter cent per message make it likely that there won't be a *lot* of spammers using the service - only the ones who are doing a good job of targeting customers\\\\\suckers for high-value services.
No, it's still running the full bit-torrent protocol, but it's pretty efficient because it's spending almost all of its time sending chunks of data, not tracking overhead. So you don't lose much, and if a second receiver comes on, it ramps up really fast.
But this article was about somebody who's got gutted houses to work with, so a lot of that wall structure isn't in the way. The plaster's gone and will need to be replaced, and you can reach most of the things you want to reach.
AOL's in a touchy position - they really do receive infinite quantities of spam, and it's hard to tell some kinds of spam from legitimate mail without having humans read it, and it's hard to tell legitimate senders asking to be reinstated from spammers asking to be reinstated, and the financial incentives for allowing good email aren't very high so they can't afford to put lots of humans into the loop. But their reputation is such that lots of mail senders are simply not willing to deal with them.
Any laws about do-not-spam lists only apply in the country that makes the laws - so spammers will send mail from other countries. They often do that today, simply because it's harder to get a Chinese ISP to shut down spammers, and a lot harder to get Korean zombie farmers to shut them down.
It's possible to make the do-not-email lists a bit safer - instead of listing the email addresses directly, list hashes of them, which lets anybody who wants to check an individual address see if that address's hash is in the list, but doesn't let you recover the address from the list. But it's still a losing game.
[Insert the usual checklist here....]