Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal Journal: Email can and must be fixed 3

Email has a problem: spam.
More than 97% of all e-mails sent over the net are unwanted. You don't see most of them because they're filtered out (mostly) by Microsoft or your ISP or whatever, but they're there, sucking your money in development costs that are passed on to you when you pay for Internet service or for software.

You pay when you buy software, you pay when you pay for Internet service, you pay when you see far more advertisements than you need to for "free" email service. If you carefully minimize all possible costs, you still pay in lost opportunities as smart people who could be building better things are bogged down writing new tools to block spam.

Maybe you don't want to pay for the privilege of not getting 97% of the email sent to you, but that's the way it works, you don't want junk and there is no way for your computer to tell if you really want email so lots of money gets spent (on your behalf, costs passed on to you, thank you very much) to keep you from getting it.

Why, oh why must it be this way? Well, email is broken. It was built in a time when people trusted everyone using email to be respectable and act maturely. Yeah, it was *that* long ago.

Email servers accept email that has a valid destination. Email servers don't have a way of validating the sender, so servers are usually set to accept only mail that they are authorized to pass on. If you send an email to someone at Yahoo for example, your ISP takes your email and hands it off to a server designated by Yahoo to accept mail for it's customers. (Any server can accept any email, and servers used to accept mail that wasn't necessarily for their own customers, but this is called "open-relay" and is bad because it allows spammers to send lots of email, "bad" barely begins to cover it.)

Your server can't reject email that doesn't come from respectable people because there is no way to tell the good guys from the bad guys. The rules that determine how email has to work do not allow for any method of authenticating the sender. If you read a little, you can send an email that says it is from George Washington, Bill Gates, the president or your governor and there is no way to tell it wasn't.

"Email should validate the sender" seems a reasonable response, but if it tries to do that, then it breaks the rules (RFC) that everyone agrees on and then practically no email gets delivered which kind of defeats the whole purpose of email.

It is kind of a chicken and egg thing, if you set up your server to verify senders, then most email doesn't get through. If you don't, then anyone can send spam.

The rules don't allow for authenticated email, so the solution is to change the rules. If the server your email comes through changes the rules alone, then you stop getting email, but if every server starts giving preference to a new set of rules, then it can change over a couple years.

It is common to see people write steps with "???" as the third step and "profit" as the fourth step, but I will knowingly ignore that cliche. It is common to see people whip out the "reasons your proposal to fix email will fail" checklist, and I will knowingly ignore that too. If you're thinking of either one, please consider that I've already pondered them as well.


  1. Write and get accepted a new RFC for email which includes a sender verification system. I will refer to this RFC as Email 2.0, but the name is not really important. There are a couple key points that must be built into the RFC:
    * ISPs must have a method of determining who the real sender was and shutting down spammers.
    * Email 2.0 must allow anonymous email without allowing it to be untraceable.
    * It must be "free" to consumers, costs can be tied to voter's registration, or driver's licenses, social security numbers, employment or postal service but these are just possibilities not requirements (I can detail a potential system, even write the software for it and may be contacted if needed for this endeavor, but there are many bright minds that could be set the task.)
  2. Governments and major corporations must implement Email 2.0, setting dates a few years in the future, one date when all email servers will give preference to Email 2.0 and a second date when no email which does not adhere to Email 2.0 will be rejected
  3. International email must either use Email 2.0 or be relayed from governmental servers which then have the onus of policing themselves or be responsible for having their countries' email blocked

Email can continue in the war between spammers and spam blockers. While it does, you and I are paying for it. If we must pay, let us pay for something worthwhile. I would rather pay the hidden costs for Email 2.0 than the hidden costs that come with hoping that my software and service providers are winning an escalating spam war.

Change the rules.

User Journal

Journal Journal: This computer is MINE. 2

You do not have a right to put your advertisements on my computer. You do not have a right to run scripts or movies on my computer. When I view a web page or an email, I am asking my computer to show me things that I want to see, and if I don't want to see something, I am not obligated to download it, even if it is part of "your page" I am not obligated to let my computer show it to me.

I use Mozilla Firefox mostly because it does what I tell it to. I tell it not to show me advertisements and it doesn't. I tell it not to run scripts or flash without asking and it doesn't. I tell it quit showing me all those games notices and it stops showing them.

Adblock Plus blocks most of the advertisements on the web.
NoScript lets me determine whether I trust a website enough to let it show flash or run scripts.
FB Purity hides all that fluff about games that I don't want to see.

If you want me to see advertisements, then it is your obligation, not mine, to make them advertisements that I am willing to see. When websites start giving me options on displaying them, and when they do not offend me, then I will allow them to display.

If you want me to trust your site, then you, not me, must earn that right. If you have earned that trust by not allowing hijacking, not popping up new windows that I have to expend effort to get rid of, not putting so much crud on your page that it takes forever to see what I came there to see.

If you continually show me stuff that I do not want to see, wasting my time by filling a page with stuff that I have no interest in, then I will stop having my computer show it to me.

Many websites are trying to stay in business by offering content like news or social interaction and selling opportunities to advertise to other companies. I do not begrudge them that business model, but I own my computer and I pay for the service that connects me to the Internet and I decide what my computer shows me.

I like slashdot.org and I paid a minimal fee, not because I had to, but because they offered me the option, in order to not see all the advertising. They offered me pages without advertisement and content earlier than I would otherwise get to see it, and I gladly paid a tiny fee for the option. Even so, I did not choose to pay for the option have all the advertisements hidden. AdBlock will hide the remaining ads for me, but I allow, deliberately and knowingly allow, slashdot to show some advertisements to me. They do not offend, they are not offering me pills or dating, and they do not take extra time to avoid. I trust them to not do bad things with scripts and I want to see the video they offer, so I give them a trusted status in NoScript. They allow me to choose the types of content that are displayed in their pages and do not try to fill it with fluff that I have no interest in, so I do not need to remove the stuff like I do with facebook.

Over 90% of all the email being sent is advertising that nobody wants to see. We call it UBE (Unsolicited Bulk Email) or more commonly "spam" and we block it. Sometimes things that we might want to receive get blocked, and we have to put forth extra effort to see it in our "Junk" box or by clicking some "release from quarantine" option, but it is a small price to pay to keep from having to wade through 95 things we don't want to see for the 5 that we do. Slowly, we users of email, are learning how to have our computers show us only what we actually want.

Email will eventually be fixed. Because it was created in an environment where people could trust each other not to send unwanted stuff, it was created with flaws that make it very hard to fix, but eventually we will fix it because we decide what what our computers will show us. (This is a topic that deserves in depth writing but I will postpone that for now.)

We want our computers to let us play music and games. We want our computers to show us TV shows and movies. We will pay a reasonable fee, or view unobtrusive advertising in order to do these things, but if you make it too difficult, too expensive or require our computer to go through some complex process to "validate" our choice, then someone will make it possible for everyone to do it without compensating the producers for their effort. I do not endorse "piracy" but it is an observable fact that if you are not reasonable in your exchange, then people will be unreasonable in return.

Slashdot, Hulu, iTunes and Amazon have all come to this crossroads and found ways to offer reasonable options to consumers and consumers have been glad to support their business.

Facebook, music companies, movie companies and software companies have come to the same crossroads and thought that the better choice was to try to get the computers that consumers own to do things that the consumers do not want. They have not completely failed but any consumer, as a result, has a plethora of options to do what they want without entering into unreasonable agreements. I will not pretend that it is just and right for people to take what they want, but people want to be reasonable if you, the producer, are reasonable.

User Journal

Journal Journal: Microsoft to sponsor Apache Software Foundation

Today at the Open Source Software Convention, Microsoft announced it is becoming a Platinum sponsor of the Apache Software Foundation ($100,000 entry fee to join Yahoo and Google.) On Ars Technica they note suspicion but don't see any way that it could be damaging. Is this really the end of the world as we know it?
User Journal

Journal Journal: Try Ubuntu, its like Windows, only free (disclaimers follow)

Ubuntu is like Windows .... and no, I'm not crazy for saying that.

I now advocate telling people to Try Ubuntu, it's like Windows, only it's free and the software is free! Not surprisingly it has generated a few disagreements. There are good reasons for some of them but I stand by my statement and here I'll explain why and also examine some of the valid points of those who disagree.

Is it derogatory to Ubuntu users? Ubuntu is hardly fair to single out as the distribution that is like Windows and there are certainly others that might fit the bill as well, but I like Ubuntu and there are some similarities in what is good about both. Ubuntu has a good track record of trying to be a secure system from the beginning, but to be fair Windows has come a long way as well. The Ubuntu system is designed to be friendly and easy to use, but so is Windows. I use both Linux and Windows and help other people use both, so I'm comfortable in my assertion that in friendliness and security, either is okay, provided you use relatively current versions and some common sense. There are things that either platform might be considered better at, but most people don't care about those things unless they present a problem to them.

Are they really the same? There is a difference between Windows and Linux in general. (See Linux is Not Windows. This page covers a lot of the topics in pretty good detail and is clearly written, I recommend giving it a read.) To generalize though, I say that yes, they are the same; They are the same in their basic function of giving people a platform to run the programs they need. They can be vastly different in a variety of ways but sit a person who has never owned a computer or professionally used one in front of either a standard Windows install or a standard Ubuntu install then try some scenarios. Tell them to set up and check their email, they will probably find that they can use either equally as well. Task them with finding their bank online, reading news or finding funny pictures and they will both work. If you ask them to print something, the same complaints are likely to be heard with about the same success rate. No, they may not be the same in many important ways, but the ways that count to the average computer user are close enough that to point out the other differences is counter-productive. They don't care, really don't care, whether something is GPL or Microsoft EULA and they really, really don't care what the difference is between Linux and GNU/Linux.

Why harp on the free thing? The biggest surprise I see people voice when they start trying out Ubuntu is that it is so easy to get new software and terror that they might be getting what they're paying for or worse, being played for a sucker. Sometimes I have to agree that the quality of the software is reflected in its price, but most of the time the software that people want is either functionally the same or it is comparable to what they would try in Windows. To them, the biggest difference is that they would pay hundreds of dollars if they wanted to try comparable software in Windows. Of course that can easily run to thousands of dollars, but most of the time the real benefit is that people who wouldn't pay thousands get to try something similar for free. Notice that I said "similar", not "identical" and not "equivalent." Programs like Gimp and Open Office are not the same as the products they are most often compared to, in fact often they are much more limited in use, or documentation or functionality. But to someone who has never used MS Office, MS SQL Server, or Paint Shop, they are a startling example of high quality software the Windows home user would never have used if it weren't free. Once someone is hooked on high quality software they never want to go back to not having it. This is the Linux lock-in. It is excruciating for someone used to Open Office and the Gimp to consider paying for Windows, MS Office and Paint Shop. If they get hooked on Apache, MySQL, PostgreSQL, PHP, or Perl, then yes they could go to Windows, but most will prefer the platform that is cheapest for the software they want. Even if it's Open Office, Thunderbird, Firefox and the Gimp, they have very little incentive to go to Windows when Linux does what they want. (Most, maybe all, of these applications can be run in Windows but the question people invariably ask is why pay for what I can get for free?)

Why Ubuntu? (The _____ distribution is better!) I recommend Ubuntu to people who I know don't need special programs that can only be run in Windows and who I don't want to educate on using a Linux distro. Windows users (typically) can understand how to get and install Ubuntu and once they have it installed, can use it indefinitely without needing my help. This is the biggest draw I have to recommending it in particular. In addition, it is intuitive enough that most people can figure out how to do new things they might want to do and it is widely adopted so I know they can find answers if they have questions.

Sometimes they will ask me if I use it, and I answer honestly that I've tried it but I tend to use things more complex, more geeky and more technical than I'd recommend for them. If that doesn't immediately reassure them that I have their best interest at heart, I explain that currently I have a command line only security based distribution called Annvix installed on the machine that doesn't have a monitor or keyboard, a high end server type install called CentOS (based on Red Hat) on one hard drive and I'm using a distribution that is actually a live CD called Slax but installed on the hard drive and set so it is running from RAM. (This actual response varies from week to week as I play with different systems, but that is a pretty good example potential response.) Most people's eyes glaze over at this point but in the few instances where they don't then I recommend Gentoo or Fedora depending on what I think they value most. For the casual question about what they can try, I send them to my webpage. The short list of why I recommend Ubuntu looks like this:

  • Red Hat - costs enough to discourage learning something new
  • Cent OS - designed for servers, too many server minded options for an average user
  • Debian - Not as easy to use for people used to proprietary software, not as easy period
  • SUSE - costs and, well it always seemed cludgy to me
  • Fedora - Good second choice, too many choices demanded for newbies though
  • Mandriva - I wish I could recommend this, but experience says otherwise

Yes, these are all opinions and people will disagree, but of course I speak from experience with all of them, experience with Linux converts and I'm not above changing my suggestions when the opportunity seems right.

Why would you want people to use Linux? This is the golden question. Linux is traditionally the geeky system that will cause people to have to do that thing which they most fear, learn something new. I want them to use it for two reasons, the first is purely selfish. I want as many people to use it as possible so that there is money going into the pockets of the people who write the software I appreciate. More people means more money and that translates to better software for me. The second reason is the one that I am embarrassed to admit, I really do want people to have better lives. A tiny part of someone's quality of life comes from how their computer works for them and what they spend their money on. If I can convince them to use Linux and they like it, then they will have more money to spend on things that they consider important and a more pleasurable experience when they sit at their computer. If I could change the public in two ways it would be to give them more confidence and more reason for confidence. Using Linux is a small way to show someone that they really are competent to use their computer to do what they want in the ways they want and if it helps them financially as well, I'm all for that.

Sidenote: The url that probably brought you here was created at tinyurl.com because I couldn't fit the link and text I wanted into my sig without some sort of modification. The modification of the URL is one I don't like to make since it blinds people to where they're headed, but it does make my sig fit. If you would like to use my sig, it should look like:
<a href="http://tinyurl.com/2guudn">Try Ubuntu, it's like Windows</a>, only it's free and the software is free!


Journal Journal: Software patents, what is innovation? 1

Recipes for chemistry are patented regularly. Consider dyes and solvents, there are dozens of easy examples. The question is whether they should be, not whether they can be, and that answer probably applies to software patents as well.

The idea that patents should only apply to physical objects doesn't hold water. A prototype of a yarn machine, destroyed in a fire, doesn't make its patent invalid. In fact, no prototype is required to patent the machine. If explicit, the description of the potential final product is enough. Software is little different, useless except that it changes the potential of the machine. The machine's base components are still (practically) the same, but with software the machine changes in its usefulness. The same can be said of practically every patent, the materials exist before they are modified, but they change in how they can be used when a process (recipe, algorithm, whatever) is applied.

The real argument is whether software can ever change the basic potential of a machine in a non-obvious way. Program a PC to give instructions to an attached machine which produces yarn and it then becomes a yarn making machine, perhaps a patentable one. The key is other hardware, a combination of which could be non-obvious. Every capability of the PC before the hardware addition could be argued to be obvious. With any PC, the displayed, printed, audio encoded, or electrically transmitted information can be changed. The debatable point is whether different ways of accomplishing the change or transmission may be reasonably considered significant innovation.

If software should be patentable, it is because it can significantly change the amount of effort that a task requires, or because it makes possible a task that was not possible before the patent. These changes are innovation, which patents were intended to encourage. If software shouldn't be patentable, it is because no change to a computer's capability, without the addition of new hardware, changes the basic potential usefulness of the machine.

Someone should be able to patent a new process to use a standard shovel, as much as they should be able to patent software. Of course they can't, because it isn't considered innovation. On the other hand, a process of making a better shovel could be patented, even if it doesn't take as much creative insight. Is one process really superior to the other and is that really what patents are about?

User Journal

Journal Journal: My moderation philosophy - feedback requested

I could really use some feedback on the best ways to moderate. I appreciate the moderation system and try to be fair when I'm moderating but sometimes I feel like I just don't know where to spend my mod points the best.

I tend to use a lot of them on 'Underrated' or 'Overrated' instead of modding the comments I think are most worthy.

When it comes time to moderate I usually browse at -1 and try to read from oldest to newest, threaded. Typically I come across comments that add little to the debate and then I'm faced with the dilema of modding them down for a reason or just down to let other more valuable comments shine through.

The ones I find at +3 Troll are the most troublesome. I typically go through an internal discussion where I first consider that the comment is obviously interesting or it wouldn't attract that much attention and deserves a better score. If it does, should I just mod it up as 'Underrated' or should I give a reason for modding it up. A lot of those don't really seem funny/insightful/interesting to me, but as a conversation starter they have a value in that light alone. I hate to mod them up when they're already decently rated, but hate to leave them at troll. If I think they're distracting from the more important issues, is it a good idea to mod them down with 'overrated' or 'troll' or 'flamebait' since they already have a negative type of rating?

Then there is the friends help friends type of rating. If I come across a comment from someone I recognize as being generally thoughtful or insightful do I have a bias that is unfair in their favor? If I mod them up I worry that I'm doing it in part because of other comments and not based solely on this comment. Is that such a bad thing though? If I mod up a comment that might have been fairly rated at 1, then are thoughtful and insightful people encouraged to make more comments (a good thing) or am I encouraging half-baked comments?

What about all the comments that say something well but are repeating what was previously said but less clearly? Is it fair to mark them redundant? I generally avoid this since I don't want to discourage clear discussion, but I wish they would add more than a clear restatement. I tend to skip them but it nags me that they deserve to be modded up for insight and down for redundancy at the same time.

Diamond in the rough comments. These bother me less than others. In those instances where I find a comment that is particularly well stated, insightful or helpful I enjoy modding it up. I tend to skip funny since there are plenty of people who spend time modding those up, but it bothers me that I can't do more for these types of comments. I actually can find other comments the same person has made and mod those up as well to encourage them but I don't because it seems a waste of the mod points to make those comments I might have ignored otherwise more visible. I just wish I had a +3 sometimes. I'd even take a hit on karma to be able to do that.

Manipulating the system. Are you ever tempted to set up multiple accounts on slashdot and have them automatically behave like normal ones (programatically) so that you can mod yourself up and thus increase your own karma on an "I'll scratch my back and then I'll scratch my back in return" scenario? I don't because it seems unethical, but I do wonder how some comments get such high ratings when they seem so undeserving. Would it be wrong to try to identify those and mod them down in an attempt to use my own moderation to try to balance against bad moderation? I have not so far but sometimes my frustration with the sytem tempts me. I just don't know if it would be wrong or not.

What do you think of my strategies? Do you have suggestions? What do you do in the situations I outlined and why?

User Journal

Journal Journal: Etics, voting, marriage and genocide

Dang it, I usually try to stay out of moral debates, espically off topic ones, but I think I actually see the tie in. Voting is important, judges are saying it isn't when they pass laws to force legislation to change. Judges are supposed to uphold the law and voting machines are supposed to uphold the will of the people. The will of the people should somehow be related to law.

First a digression, but stick with me.

Gay marriage, voting and genocide are all important but every question considered must also consider the ability of the people discussing it to have an effect on the outcome of the issue. Sure, I'll agree that genocide is bad, but I don't get to vote on it or even on who gets to vote on it. Heck, I don't even get the right to sit in on the debate among the people who may implement it. Instutionalized marraige and voting machines are issues that I might have some tiny effect on.

My opinion on gay marraige? I don't think the state should care about it unless they are going to actually make marriage important legally as well. If the state (or any level of government) makes marriage a significant contract, with substantial penalties for breach of contract, then how they define marriage would suddenly become very important.

How about legislation saying that any marriage dissolved due to at fault actions proven to a court, with the right to a jury court, carries a mandatory fine of 20% of lifetime earnings from the time of the void of contract? Then I care a lot what the state defines marriage as.

If they are talking about rewarding marriage (via tax credits or whatever) we still need to do the same thing but nobody likes to admit greed so everybody talks about morals and rights instead. Once we have a standard for how important we as a voting citizenry feel marriage is in terms of MONEY and/or PRISON, then we can talk about how to limit it or protect it as a right.

The real issue with the court in NJ is that it (big emphasis on one judge) has attempted a legislation change disregarding the votes and preferences of a majority. This was not a call for an election, it was a mandate that the legislation make laws to do what the court, rather than the elected legislators, deemed the right thing to do.

Which comes back to the question of giving the electorial process to criminals. The real issue is that criminals who break the law, by virtue of bad decisions on how to incorporate the benefits of technology with handling voting results, have more potential control of elections than people following the law.

I think most people would agree that letting criminals control the outcomes of elections is a bad thing.

Full circle, why? Because the will of the people is supposed to rule in a democratic society. We who appreciate that goal don't like seeing the process demolished by a small group of people ignoring it and forcing their own preferences on all of the people against the will of the majority of the people. The judge in NJ and the stupid voting machine implementations both make it possible for a minority to force their will on the majority of the people.

These are only a couple of examples of ursurped rights, but I'll stick to the open topics.

One other thing I don't like to do is criticize without offering suggestions for improvement. Here are a couple:
  1. Make voting machines reliable. Publish every single vote, giving a number to each person when they finish voting as the only way to associate them directly with that vote. Let them decide whether to write it down, memorize it, forget it or whatever and print the results out on a receipt roll the voter can see but not access. Show a running count of voters at each polling station and make the numbers given be tied to the vote number. If election fraud is a concern, enough people will say that the published votes didn't match their intent and then go to the paper receipts to confirm.
  2. Make voting machines a publically determined policy. If we want to pay more to have our votes counted, then make it clear that is what we are doing. Let us make the decisions of which technology is approved and when. If we're going to be defrauded of our votes, give us the accountability for allowing it to happen.
  3. Ignore judges who mandate law. They never had that right, they don't have it now and we shouldn't be bending to their will when they want more control than they were given. Its only a check when the legislature makes the laws and the judges uphold them. If the judiciary madates the laws then it isn't balanced.
  4. Make marriage either mean something or not. If it doesn't mean anything then the state should get out of the business of rewarding it. If it does mean something then give it real importance and actually severely punish those who do harm to it.
  5. Power to the people! Let our votes mean something and be counted. If we want to vote to give equal rights to gay marriage, then so be it. If we want to limit it to one man and one woman, fine. If we want to make it between one man and one woman within two years of age, being within five inches in height, having the same eye color and only in agreement to acknowledge the FSM as the supreme ruler of the universe, let it be so. Let the people decide what is right and wrong as a voting majority.

Disclaimer: People are sometimes stupid, even large groups of voting people are sometimes stupid, but I cannot trust any person or group of people to be wiser than the majority of the people affected by their choices.

User Journal

Journal Journal: About X security risk

Recently someone wondered if/how X was a security risk. (24 July 2005)

I've read in several security books about the security risks of using X as well. Many advise not using X at all because of it, but most are kind of vague about why.

As far as I can tell, it is because between the server and the X system, the data is not encrypted and someone with access to the system could potentially see what was being done in the X system of another user.

I've never read about how it is done so its all theoritical as far as I am concerned. I expect the security concern is only really an issue if you have multiple or untrusted users with access to the server itself with a shell account for example.

Slashdot Top Deals

Real Programmers think better when playing Adventure or Rogue.