Jargons of Info Tech industry
(A Love of Jargons)
Xah Lee, 2002 Feb
People in the computing field like to spur the use of spurious jargons.
The less educated they are, the more they like extraneous jargons, such
as in the Unix & Perl community. Unlike mathematicians, where in
mathematics there are no fewer jargons but each and every one are
absolutely necessary. For example, polytope, manifold,
injection/bijection/surjection, group/ring/field.., homological,
projective, pencil, bundle, lattice, affine, topology, isomorphism,
isometry, homeomorphism, aleph-0, fractal, supremum/infimum, simplex,
matrix, quaternions, derivative/integral, ... and so on. Each and every
one of these captures a concept, for which practical and theoretical
considerations made the terms a necessity. Often there are synonyms for
them because of historical developments, but never “jargons for
jargon's sake” because mathematicians hate bloats and irrelevance.
The jargon-soaked stupidity in computing field can be grouped into
classes. First of all, there are jargons for marketing purposes. Thus
you have Mac OS “X”, Windows “XP”, Sun OS to Solaris and the
versioning confusion of 4.x to 7 to 8 and also the so called
“Platform” instead of OS. One flagrant example is Sun Microsystem's
Java stuff. Oak, Java, JDK, JSDK, J2EE, J2SE enterprise edition or no,
from java 1.x to 1.2 == Java 2 now 1.3, JavaOne, JFC, Jini, JavaBeans,
entity Beans, Awk, Swing... fucking stupid Java and fuck Sun
Microsystems. This is just one example of Jargon hodgepodge of one
single commercial entity. Marketing jargons cannot be avoided in modern
society. They abound outside computing field too. The Jargons of
marketing came from business practice, and they can be excusable
because they are kinda a necessity or can be considered as a naturally
evolved strategy for attracting attention in a laissez-faire economy
system.
The other class of jargon stupidity is from computing practitioners, of
which the Unix/Perl community is exemplary. For example, the name Unix
& Perl themselves are good examples of buzzing jargons. Unix is
supposed to be opposed of Multics and hints on the offensive and
tasteless term eunuchs. PERL is cooked up to be “Practical Extraction
& Reporting Language” and for the precise marketing drama of being
also “Pathologically Eclectic Rubbish Lister”. These types of
jargons exudes juvenile humor. Cheesiness and low-taste is their
hall-mark. If you are familiar with unixism and perl programing, you'll
find tons and tons of such jargons embraced and verbalized by unix &
perl lovers. e.g. grep, glob, shell, pipe, man, regex, more, less,
tarball, shebang, Schwartzian Transform, croak, bless, interpolation,
TIMTOWTDI, DWIM, RFC, RTFM, I-ANAL, YMMV and so on.
There is another class of jargon moronicity, which i find them most
damaging to society, are jargons or spurious and vague terms used and
brandished about by programers that we see and hear daily among design
meetings, online tech group postings, or even in lots of computing
textbooks or tutorials. I think the reason for these, is that these
massive body of average programers usually don't have much knowledge of
significant mathematics, yet they are capable of technical thinking
that is not too abstract, thus you ends up with these people defining
or hatching terms a-dime-a-dozen that's vague, context dependent,
vacuous, and their commonality are often a result of sopho-morons
trying to sound big.
Here are some examples of the terms in question:
• anonymous functions or lambda or lamba function
• closure
• exceptions (as in Java)
• list, array, vector, aggregate
• hash (or hash table) ← fantastically stupid
• rehash (as in csh or tcsh)
• regular expression (as in regex, grep, egrep, fgrep)
• name space (as in Scheme vs Common Lisp debates)
• depth first/breadth first (as in tree traversing.)
• operator
• operator overloading
• polymorphism
• inheritance
• first class objects
• pointers, references
• tail recursion
My time is limited, so i'll just give a brief explanation of my thesis
on selective few of these examples among the umpteen.
In a branch of math called lambda calculus, in which much theories of
computation are based on, is the origin of the jargon _lambda function_
that is so frequently reciprocated by advanced programering donkeys. In
practice, a subroutine without side-effects is supposed to be what
“lambda function” means. Functional languages often can define them
without assigning them to some variable (name), therefore the
“function without side-effects” are also called “anonymous
functions”. One can see that these are two distinct concepts. If
mathematicians are designing computer languages, they would probably
just called such thing _pure functions_. The term conveys the meaning,
without the “lamba” abstruseness. (in fact, the mathematics
oriented language Mathematica refers to lambda function as pure
function, with the keyword Function.) Because most programers are
sopho-morons who are less capable of clear thinking but nevertheless
possess human vanity, we can see that they have not adopted the clear
and fitting term, but instead you see lambda function this and that
obfuscations dropping from their mouths constantly.
Now the term “closure” can and indeed have meant several things in
the computing field. The most common is for it to mean a subroutine
that holds some memory but without some disadvantages of modifying a
global variable. Usually such is a feature of a programing language.
When taken to extreme, we have the what's called Object Oriented
Programing methodology and languages. The other meaning of
“closure” i have seen in text books, is for it to indicate that the
things in the language is “closed” under the operations of the
language. For example, for some languages you can apply operations or
subroutines to any thing in the language. (These languages are often
what's called “dynamic typing” or “typeless”). However, in
other languages, things have types and cannot be passed around
subroutines or operators arbitrarily. One can see that the term
“closure” is quite vague in conveying its meaning. The term
nevertheless is very popular among talkative programers and dense
tutorials, precisely because it is vague and mysterious. These
pseudo-wit living zombies, never thought for a moment that they are
using a moronic term, mostly because they never clearly understand the
concepts behind the term among the contexts. One can particular see
this exhibition among Perl programers. (for an example of the
fantastically stupid write-up on closure by the Perl folks, see
“perldoc perlfaq7” and “perldoc perlref”.)
in the so-called “high-level” computing languages, there are often
data types that's some kind of a collection. The most illustrative is
LISt Processing language's lists. Essentially, the essential concept is
that the language can treat a collection of things as if it's a single
entity. As computer languages evolve, such collection entity feature
also diversified, from syntax to semantics to implementation. Thus,
beside lists, there are also terms like vector, array, matrix, tree,
hash/“hash table”/dictionary. Often each particular term isto
convey a particular implementation of collection so that it has certain
properties to facilitate specialized uses of such groupy. The Java
language has such groupy that can illustrate the point well. In Java,
there are these hierarchy of collection-type of things:
Collection
Set (AbstractSet, HashSet)
SortedSet (TreeSet)
List (AbstractList, LinkedList, Vector, ArrayList)
Map (AbstractMap, HashMap, Hashtable)
SortedMap (TreeMap)
The words without parenthesis are Java Interfaces, and ones in are
implementations. The interface hold a concept. The deeper the level,
the more specific or specialized. The implementation carry out
concepts. Different implementation gives different algorithmic
properties. Essentially, these hierarchies of Java show the potential
complexity and confusion around groupy entities in computer languages.
Now, among the programers we see daily, who never really thought out of
these things, will attach their own specific meaning to
list/array/vector/matrix/etc type of jargons in driveling and
arguments, oblivious to any thought of formalizing what the fuck they
are really talking about. (one may think from the above tree-diagram
that Java the language has at least put clear distinction to interface
and implementation, whereas in my opinion they are one fantastic fuck
up too, in many respects.)
---------------------
This post is archived at http://xahlee.org/UnixResource_dir/writ/jargons.html
© Copyright 2002 by Xah Lee.
Xah xa*@xahlee.org
∑ http://xahlee.org/
Nov 15 '05
336  13780 
Oh, and another point...
On Sun, 09 Oct 2005 00:03:05 +0200, Lasse Vgsther Karlsen wrote: But trying to keep your email world into a pure text-based
no-formatting-whatsoever world, that's a fantasy bubble that is bound to
burst, sooner rather than later.
Nonsense. I can easily set up a filter to dump non-plain text email
straight into the trash. If I choose, I never need see a HTML mail. Ever.
In fact, since the single strongest predictor of spam is the use of HTML,
I predict that a lot more people than you think have HTML emails either
deleted or dumped in a spam folder.
--
Steven.
On Sat, 08 Oct 2005 22:25:23 +0000, Roedy Green wrote about HTML emails: Just how long do you want to stall evolution?
Evolution doesn't mean "use whatever broken solution Microsoft and Hotmail
popularized, just because all my friends are using it."
If and when somebody puts out a good rich text email format, I'll use it.
Until then, I won't use HTML.
Do you imagine people 200 years from now will be still be using pure
ASCII text unable to find a solution to JavaScript viruses (turn off
JS), pop-up( disable popups) etc.?
Firstly, I don't care what people will be using in 200 years. I don't care
if in 200 years the default email format is so big and bloated that it
takes three weeks to download even a single sentence, because I won't be
around to suffer.
If you think that people will be using the current data formats for email
in two centuries, you're crazy.
--
Steven.
Roedy Green <my******************************@munged.invalid > writes: I read mail over an ssh connection to a Unix shell. I have no easy
way to read html email with a graphics browser.
So the rest of the world should forgo rich communication because of
your obsolete software? How could anything every evolve with that
attitude?
There is nothing obsolete about lynx. It completely conforms to the
w3 standard. Anyway, email is a text medium and attempts to "evolve"
it almost always make it worse.
On Sun, 09 Oct 2005 07:19:29 +0000, Roedy Green wrote: On Sat, 08 Oct 2005 23:33:13 GMT, Rich Teer <ri*******@rite-group.com>
wrote or quoted :
WHat the hell has that got to do with HTML email? Sending photos
is an example of what attachments are for.
Normally you send photos to grandma with captions under each photo.
No, normally YOU send photos to grandma with captions under each photo.
My grandma doesn't put captions in her photo album, and she doesn't need
captions on her photos in email.
That is far more convenient for the technopeasant receiver than
dealing with multiple attachments.
Only if your photos are so obscure and confusing that they need captions.
"Here's Johnny with the dog. Here is Johnny with the dog again. This one
is Johnny on his own. Here is the dog. Oh look, it is Johnny with the dog
again -- that's the dog on the left, in case it isn't clear. Just for a
change, this is Johnny wearing a hat. It is blue with a feather in it,
in case you couldn't tell from, oh I don't know, looking at the actual
picture."
--
Steven.
Roedy Green <my******************************@munged.invalid > writes: On Sat, 08 Oct 2005 19:56:50 -0400, Mike Meyer <mw*@mired.org> wrote
or quoted :
Show us *examples*! Do you create a style sheet for every site you
visit that overrides there classes? What?
Why don't you download a copy of Opera, see
http://mindprod.com/jgloss/opera.html
What makes you think I don't have a copy of Opera? Just so happens
I've got a registred copy on my newest computer.
Then try out the feature. Click View | style | user
My copy of Opera doesn't have that menu entry. I suspect you're making
platform-specific suggestions.
Trying it on a different platform, it looks like it does what I said
earlier: user mode simply disables the authors style sheets. None of
the "merging" you suggested was going on is actually happening
Can you demonstrate this "merging" you talked about? For example, show
me how to get the "Opera help" page to display with the authors layout
but my fonts.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
On Sun, 09 Oct 2005 07:40:55 +0000, Roedy Green wrote: There is nothing wrong with formatted text. You are confusing
formatted text with spam.
No. YOU are confusing HTML email (broken, dangerous, bad) with formatted
text (maybe good, maybe bad).
I've hated HTML emails well before I received my first spam. I still hate
it, long after I've got my spam problem under control.
If and when somebody comes up with a non-broken, non-dangerous way of
allowing formatting in emails, I'll consider it. But HTML is not and never
will be that format.
--
Steven.
On Sun, 09 Oct 2005 07:42:18 +0000, Roedy Green wrote: On 08 Oct 2005 18:59:39 -0700, Paul Rubin
<http://ph****@NOSPAM.invalid> wrote or quoted :
I read mail over an ssh connection to a Unix shell. I have no easy
way to read html email with a graphics browser.
So the rest of the world should forgo rich communication because of
your obsolete software? How could anything every evolve with that
attitude?
Hardly obsolete, any more than hammers are obsolete just because we have
Concords.
(The Concord... now *there* is an obsolete technology.)
You may have noticed that even Microsoft have acknowledged the power and
flexibility of text-based shells, and will be (if they get the technology
right in time) building one into Vista.
--
Steven.
On Sat, 08 Oct 2005 23:39:27 +0000, John Bokma wrote: Rich Teer <ri*******@rite-group.com> wrote:
On Sat, 8 Oct 2005, Roedy Green wrote:
Some people use email PRIMARILY for sharing photos.
WHat the hell has that got to do with HTML email?
The photo doesn't have to be included (as in attached)? with the email?
I'll repeat the question: what do attachments have to do with HTML emails?
--
Steven.
Roedy Green <my******************************@munged.invalid > writes: There is no fundamental reason that formatted spam should have an
easier time penetrating your defenses than plain text spam.
Formatted spam can include pictures of words. That's a common spam
tactic - send a multipart/alternative with a text part that look like
a letter from aunt jane - and mention that you're sending a
picture. The picture part is basically a jpeg of a flyer for the spam
companies product.
If you've got a spam filter that can determine that a picture of words
is spam, I'd like to know about it.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
"Dr.Ruud" <rv********@isolution.nl> writes: Let procmail make all those decisions and transformations for you.
I prefer qmail dot-commands. It provides an architecture for
controlling the delivery of email, and lets you write the smarts of
the mail processing in whatever language you want.
I have a maildir called 'raw' where I keep a copy of all non-spammish
mail.
I call mine archives. I also remove duplicate email before it gets to
the mailbox.
Copies of the same messages also get delivered in the right mailboxes,
by procmail.
Yup, qmail does that for me.
A message that contains only html, is piped though lynx -dump -stdin.
I build a bounce message explaing that it wasn't read, and send that
back to the sender.
A message containing both HTML and a plain/text-part, is de-mime-d,
leaving only the plain/text-part (unless that part contains only a silly
remark).
Footers and long signatures are limited or even deleted. Etc., etc. (I
like my mail cooked.)
I don't do those things. Then again - my mail reader makes deals with
them on request.
One of the reasons that I started with Perl, is that I want to rewrite
procmail in Perl.
Try qmail - it may solve the problem with a lot less work.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
On Sat, 08 Oct 2005 22:39:38 GMT
Roedy Green <my******************************@munged.invalid > wrote: So from an aesthetic point of view, once people learn how it works,
CSS lets sender and receiver compromise on what the message looks
like. No other medium gives ANY control to the receiver about how a
message is formatted.
My mail reader renders HTML as text. Usually, that gets the message
through without the impediments the sender included.
Of course one can render anything in one's computer exactly the way one
wants, given comptence and time. Mutual agreement on a CSS is possible,
but for widespread usage it needs to be a standardised CSS, and then
we're back in the featuritis spiral.
One of the most important changes in the ability to select special
fonts for the those without prefect vision and larger fonts.
That's exactly why I don't want people to muck with the presentation of
an email. I've set up my machine to render standard ASCII emails
execatly the way I want, with the font that I can read, in a size that
optimises ease and visible text. I don't care that someone would like
to inline a 5000x3000 JPEG from their 15 megapixel camera, or render
text in white on black, or any other silly format. If they want me to
see a document in _exactly_ the way they prepared it, let them use PDF.
It's there, and it works well.
There is also the philosophical question. When my nephew sends me a
message, do I have a right to warp his intent even if I don't like the
aesthetics? That is part of his message.
That question is answered above - if your nephew wants you to see
exactly what he produced, let him use the format specifically designed
for the purpose. And yes, philosophically speaking the recipient can do
anything they like with the message, including not reading it at all.
Anything else would be preposterous.
Should my email reader fix the spelling mistakes in the emails sent me
by angry US soldiers? Or is that part of the message?
If you want it to do that, yes. Wheter including the corrected message
in the reply is a good idea is another question (mostly related to how
the relation is, how it should be, and how big the soldier in question
is).
There are three different issues getting muddled together:
1. avoiding spam
Which happens to use HTML to obfuscate the message and avoid getting
caught by filters.
2. making mail from well meaning but inept friends more readable.
Who happen to use HTML because they don't have a clue.
3. what constitutes a good general style for general correspondence.
How should you use rich text appropriately.
Which happens to be largely superfluous as far as conveying intent is
concerned.
Email works well without rich text, especially when combined with
attachments that use a format sender and recipient have agreed to.
We don't need more, and we shouldn't assume that more complex
technology equates to an improvement. Example: it's not because we can
use a gazillion typefaces in pastel colours that documents that we
should do so.
Take care,
--
Stefaan
--
As complexity rises, precise statements lose meaning,
and meaningful statements lose precision. -- Lotfi Zadeh
Mike Meyer: Try qmail - it may solve the problem with a lot less work.
I checked my .procmailrc, and saw that mail with qmail anywhere in the
headers, goes to a spambox here.
;)
--
Affijn, Ruud <http://www.pandora.com/?sc=sh770781&cmd=tunermini>
"Gewoon is een tijger."
In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: The technial problems have been solved for over a decade. NeXT shipped
systems that used text/richtext, which has none of the problems that
HTML has. The problems are *social* - you've got to arrange for
people to use mail/news readers that understand a rich text format
that isn't a vector for viruses.
It's not HTML that has problems, it's Microsoft's crappy software.
Writing virus-free HTML renderers is not hard - but of course
Microsoft can still screw it up.
Don't blame HTML for viruses - *every* document format Microsoft has
anything to do with becomes a vector for viruses.
They *even* managed to get virulent spreadsheets and word processor
documents!
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
In comp.lang.java.programmer Steven D'Aprano <st***@removethiscyber.com.au> wrote or quoted: On Sun, 09 Oct 2005 07:19:29 +0000, Roedy Green wrote: Rich Teer <ri*******@rite-group.com>:
WHat the hell has that got to do with HTML email? Sending photos
is an example of what attachments are for.
Normally you send photos to grandma with captions under each photo.
No, normally YOU send photos to grandma with captions under each photo.
My grandma doesn't put captions in her photo album, and she doesn't need
captions on her photos in email.
That is far more convenient for the technopeasant receiver than
dealing with multiple attachments.
Only if your photos are so obscure and confusing that they need captions.
"Here's Johnny with the dog. Here is Johnny with the dog again. This one
is Johnny on his own. Here is the dog. Oh look, it is Johnny with the dog
again -- that's the dog on the left, in case it isn't clear. Just for a
change, this is Johnny wearing a hat. It is blue with a feather in it,
in case you couldn't tell from, oh I don't know, looking at the actual
picture."
What have you got against captions?
Giving photos captions is a *very* common practice.
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: Roedy Green <my******************************@munged.invalid > writes: Read my essay.
http://mindprod.com/projects.html/ma...ewsreader.html
I talk around those problems.
Actually, you present a design that forces a solution that makes them
do what you want down their throats, never mind what they want, or
what they've been doing. It shows an amazing ignorance about the
internet and how people behave on it. Like most antispam proposals, it
won't actually stop spam, just force spammers to concentrate on
different channels. You seem to have randomly broken quoting for
people who download mail and read it offline, and for any medium
that's unreliable or doesn't reliably deliver messages "in order" -
which includes mail and news. Virus writers will love the ability to
change peoples address books remotely.
Since - in Roedy's essay - messages are digitally signed, authority
to advise about any email address updates would presumably be confined
to those people with access to the sender's private key.
Even /without/ any form of authentication, a standard change-of-address
message - which is understood by mail readers - is a fine and sensible
idea.
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
Tim Tyler wrote:
<snip> Only if your photos are so obscure and confusing that they need captions.
"Here's Johnny with the dog. Here is Johnny with the dog again. This one
is Johnny on his own. Here is the dog. Oh look, it is Johnny with the dog
again -- that's the dog on the left, in case it isn't clear. Just for a
change, this is Johnny wearing a hat. It is blue with a feather in it,
in case you couldn't tell from, oh I don't know, looking at the actual
picture."
What have you got against captions?
Giving photos captions is a *very* common practice.
Perhaps he has a search engine that can find blue hats in an image and
recognize people?
--
Lasse Vgsther Karlsen http://usinglvkblog.blogspot.com/
mailto:la***@vkarlsen.no
PGP KeyID: 0x2A42A1C2
In comp.lang.java.programmer Roedy Green <my******************************@munged.invalid > wrote or quoted: Read my essay.
http://mindprod.com/projects.html/ma...ewsreader.html
FYI, this bit:
``Like ICQ, someone cannot send you mail without your prior permission.
They can't send you mail because they don't have your public key to
encrypt the mail.''
....is pretty confusing - because "public key" is a term with a technical
meaning in cryptography - and a public key really *is* public.
If you want to allow email only from a list of senders, then you use
a simple white list. Cryptography is not needed or desirable if this
is the intended goal.
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
In comp.lang.java.programmer Paul Boddie <pa**@boddie.org.uk> wrote or quoted: Roedy Green wrote: Just how long do you want to stall evolution? Do you imagine people
200 years from now will be still be using pure ASCII text unable to
find a solution to JavaScript viruses (turn off JS), pop-up( disable
popups) etc.?
People in their sky-cars turning off JavaScript in their browsers: what
a thought!
Javascript can be turned off in *mail readers* - by their manufacturers.
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: Roedy Green <my******************************@munged.invalid > writes: On Sat, 08 Oct 2005 19:56:50 -0400, Mike Meyer <mw*@mired.org> wrote
Show us *examples*! Do you create a style sheet for every site you
visit that overrides there classes? What?
Why don't you download a copy of Opera, see
http://mindprod.com/jgloss/opera.html
What makes you think I don't have a copy of Opera? Just so happens
I've got a registred copy on my newest computer.
Then try out the feature. Click View | style | user
My copy of Opera doesn't have that menu entry. I suspect you're making
platform-specific suggestions.
Trying it on a different platform, it looks like it does what I said
earlier: user mode simply disables the authors style sheets. None of
the "merging" you suggested was going on is actually happening.
The "user mode" uses style sheets you specify.
There's a whole bunch of built-in ones - and you can cascade them:
``User style sheets
``There is also the inclusion of 12 packaged user style sheets and an easy
menu application interface (View > Style). These sheets can be cascaded
together, with or without the page's styles. They are mostly for
accessibility, accessible web design and plain coolness: Emulate text
browser, Nostalgia, Accessibility Layout, Show images and links only,
High contrast, Hide non-linking images, Disable tables and Use default
forms design.
There are also three style sheets that are worth mentioning specially:
Hide certain-sized elements, Debug with outline, and Show structural
elements. Hide certain-sized elements is basically that CSS-powered
inline ad-killer that Eric A. Meyer came up with a few years ago. Debug
with outline uses the newly added support for the "outline" property to
display key elements. Finally, Show structural elements, which with the
acrobatic use of generated content, attribute selectors and counters,
shows the HTML tags inline, as well as the meta and link data, and a
report on the number of font tags and nested tables. Now this is cool!''
- http://www.evolt.org/article/Opera_7_Released/1/54851/
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: Roedy Green <my******************************@munged.invalid > writes: On Sat, 08 Oct 2005 17:41:38 -0400, Mike Meyer <mw*@mired.org> wrote:
If you've got a browser with a better solution, what's the browser,
and what's the solution?
Try Opera. You can merge the two.
Merge the two CSS files? Most browsers do that - that's why they call
them "cascading" style sheets. Got a sample style sheet that you use
that prevernts authors from overriding things?
Custom style sheets are usually applied after those in the document -
when they are both being applied.
That way, the custom style sheet has the final word.
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
On Sun, 9 Oct 2005 13:44:42 GMT
Tim Tyler <ti*@tt1lock.org> wrote: In comp.lang.java.programmer Roedy Green
<my******************************@munged.invalid > wrote or quoted:
Read my essay.
http://mindprod.com/projects.html/ma...ewsreader.html
It's gone :-)
FYI, this bit:
``Like ICQ, someone cannot send you mail without your prior
permission. They can't send you mail because they don't have your
public key to encrypt the mail.''
...is pretty confusing - because "public key" is a term with a
technical meaning in cryptography - and a public key really *is*
public.
If you want to allow email only from a list of senders, then you use
a simple white list. Cryptography is not needed or desirable if this
is the intended goal.
But what is desirable is the possibility to authenticate the sender of
the message as genuine, given the ease with which SMTP headers can be
spoofed. Maybe this is suggested in Mr Green's essay, but
cryptographically signed email (using the originator's _private_ key),
where the signature and hence the originator of the mail can be verified
independently, would be very useful. The problem is to get everyone to
use digital signatures, and to ensure that such a signature can be
linked to an individual or business. I've no illusions here.
Take care,
--
Stefaan
--
As complexity rises, precise statements lose meaning,
and meaningful statements lose precision. -- Lotfi Zadeh
On Sun, 09 Oct 2005 13:36:26 +0000, Tim Tyler wrote: Since - in Roedy's essay - messages are digitally signed, authority
to advise about any email address updates would presumably be confined
to those people with access to the sender's private key.
If I have the sender's private key, then I can pretend to be him. That
would mean that when you received an email from the sender, you couldn't
be sure if it actually came from him or not, thus defeating the purpose of
having a private key.
Even /without/ any form of authentication, a standard change-of-address
message - which is understood by mail readers - is a fine and sensible
idea.
So any random person -- or bot -- could send an email to my business
associates, telling them that my email address had changed to in******************@spyware.com, please send all your confidential
information directly there thank you very much.
Yeah. Fine *and* sensible.
--
Steven.
On Sun, 09 Oct 2005 13:44:42 +0000, Tim Tyler wrote: In comp.lang.java.programmer Roedy Green <my******************************@munged.invalid > wrote or quoted:
Read my essay.
http://mindprod.com/projects.html/ma...ewsreader.html
FYI, this bit:
``Like ICQ, someone cannot send you mail without your prior permission.
They can't send you mail because they don't have your public key to
encrypt the mail.''
...is pretty confusing - because "public key" is a term with a technical
meaning in cryptography - and a public key really *is* public.
The term you want is "wrong", not "confusing".
--
Steven.
On Sun, 09 Oct 2005 15:50:12 +0200, Lasse Vgsther Karlsen wrote: Tim Tyler wrote:
<snip>Only if your photos are so obscure and confusing that they need captions.
"Here's Johnny with the dog. Here is Johnny with the dog again. This one
is Johnny on his own. Here is the dog. Oh look, it is Johnny with the dog
again -- that's the dog on the left, in case it isn't clear. Just for a
change, this is Johnny wearing a hat. It is blue with a feather in it,
in case you couldn't tell from, oh I don't know, looking at the actual
picture."
What have you got against captions?
Giving photos captions is a *very* common practice.
Perhaps he has a search engine that can find blue hats in an image and
recognize people?
Yes. It is called "eyes". I look at the image, and miracle upon miracles,
I recognise Johnny wearing a hat.
Then, if I have any need to save that image rather than trash it, I name
it and file it in a directory appropriately, so that I can instantly find
it later without needing to call up a search engine.
Honestly, anyone would think that photos and photo albums never existed
before Google. Why force one particular bad technological solution on
everyone for the sake of something which many people don't even perceive
as a problem?
--
Steven.
Steven D'Aprano wrote: On Sat, 08 Oct 2005 23:39:27 +0000, John Bokma wrote:
Rich Teer <ri*******@rite-group.com> wrote:
On Sat, 8 Oct 2005, Roedy Green wrote:
Some people use email PRIMARILY for sharing photos.
WHat the hell has that got to do with HTML email?
The photo doesn't have to be included (as in attached)? with the email?
I'll repeat the question: what do attachments have to do with HTML emails?
His reply wasn't exactly clear, but I that he means that wen you use HTM
mail, you don't have to attach the photo with the email. You can also
use the HTML to refer to an image somewhere on a webserver.
Doesn't seem such a good idea to me, since the possibility of external
images gives spammers the possibility to track who opens their mails.
--
If I have been able to see further, it was only because I stood
on the shoulders of giants. -- Isaac Newton
Roel Schroeven
On Sun, 9 Oct 2005, Roedy Green wrote: Normally you send photos to grandma with captions under each photo.
That is far more convenient for the technopeasant receiver than
dealing with multiple attachments.
And even more convenient is "Hey grandma, check out the latest
photos on my web site: www.example.com/rich/photos".
People keep thinking of email as a techie preserve.
Worse, people keep misusing email.
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich
On Sun, 9 Oct 2005, Roedy Green wrote: This is pulling a King Canute. There is not even a mechanism in email
protocols to warn your correspondents of your demand. I have been
Yes there is: the message my server sends someone sending me HTML
says so quite plainly. That Outhouse (and presumably other WIndoze
email clients) choses to not display the real message and put up
some other generic, "user friendly" (but totally techie useless)
message besides the point.
There is nothing wrong with formatted text. You are confusing
formatted text with spam.
You think you hated formatted text, but you really hate spam.
Please don't presume to think for me. I've been using email and
the Internet for over 10 years, and I think I can differentiate
between spam and formatted text. I hate spam, that's a given.
But I hate spam that's in plain text as well as formatted text.
I hate HTML email for several reasons, including:
1. it's wasteful of bandwidth
2. it enourages people to put form over content
3. it doesn't display properly on my email client of choice,
which, BTW, I've been using in various versions for 10+
years.
There are probably others, but you get my drift. You'll also notice
that I deliberately didn't list the security issues. HTML is for
web sites, not email.
If your lover sent you a message with photo, and even musical
accompaniment, I doubt you would feel offended. It is the CONTENT
bugging you, not the HTML.
No it isn't. And my wife knows better than to do that. When she
sends me virtual boquets, she does so in the correctmanner: she
sends me a plain text link to a web site that does all the fancy
stuff, including background music. That is how it should be.
You imagine that the two are inexplicably linked. That is just because
No I don't.
Eudora warns you of deceptive links in HTML. There are many more such
I am fortuanate enough to not use Windoze.
unfair to blame formatting for the foolish practice off allowing
untrusted code to run without even an ok. They have nothing to do
with each other.
Agreed. But as I said above, I have many other issues with HTML emails,
over and above the security concerns.
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich
On Sun, 09 Oct 2005 16:14:32 GMT, Roel Schroeven
<rs****************@fastmail.fm> wrote or quoted : His reply wasn't exactly clear, but I that he means that wen you use HTM
mail, you don't have to attach the photo with the email. You can also
use the HTML to refer to an image somewhere on a webserver.
There is that and also the use of HTML formatting, embedded images,
captioning, rows, borders to make the message look more like a page
from a photo album.
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
On Sun, 09 Oct 2005 20:54:32 +1000, Steven D'Aprano
<st***@REMOVETHIScyber.com.au> wrote or quoted : Only if your photos are so obscure and confusing that they need captions.
That is a hair shirt approach. What if someone is sending photos of
their new house? What if I am sending diagrams to help someone repair
their computer? It is ridiculous to tie people's arms behind their
backs. What you do instead is work to prevent abuse. Captions in and
of themselves are not dangerous things.
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
On Mon, 10 Oct 2005 01:40:34 +1000, Steven D'Aprano
<st***@REMOVETHIScyber.com.au> wrote or quoted :
Yes. It is called "eyes". I look at the image, and miracle upon miracles,
I recognise Johnny wearing a hat.
Even for a limited application like children's birthday parties
captions could say things like:
Johnny with this friend Pete, the one I told you about who has
leukemia....
Here is Johnny opening your present, the sweater you knitted him.
If you want to communicate with text and with pictures obviously there
are times when you want to communicate with both text and pictures.
Imagine a main sending emailed floor tile samples to his wife on a
business trip for her final veto and not being allowed to caption
them.
The point I can't pound enough is that rich text and pictures with
captions are not INHERENTLY dangerous or spam. (Note that the most
common spam is the Nigerian con and variants which comes as a
non-formatted message.) Many have mentally linked rich text with
danger and spam because of Microsoft's incompetent email software. The
solution is to fix the software not block everyone from communicating
with rich text and pictures.
You don't have to use Outlook. see http://mindprod.com/jgloss/email.html
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
Roedy Green: (Note that the most
common spam is the Nigerian con and variants which comes as a
non-formatted message.)
Don't think that that is true for everybody. For example not for people
that are behind central filters that already cope with common spam.
--
Affijn, Ruud <http://www.pandora.com/?sc=sh770781&cmd=tunermini>
"Gewoon is een tijger."
On Sun, 09 Oct 2005 16:16:57 GMT, Rich Teer <ri*******@rite-group.com>
wrote or quoted : And even more convenient is "Hey grandma, check out the latest
photos on my web site: www.example.com/rich/photos".
that is what my sister does. And there is now a service that will do
that See http://storymill.com/tidepool/
I find it amusing that people who complain about me giving links in my
posts rather that expounding inline are willing to insist others do
their emails via links where you need to fire up a separate browser
to see the images.
The other problem is maintaining a website is probably a skillset
Grandma is not willing to acquire. Even image inserting into emails is
pushing it. Further the website is yet an additional monthly expense
that could be avoided by using HTML in emails.
You might say what about those free 10 mb websites? That's not very
many images with today's megapixel digital cameras.
I think we computer folk owe the public an email system that works and
that is easy to use. It should at LEAST work better than the snail
mail system. The essential problem is it was designed overnight as a
proof of concept and has not been designed to deal with the problem of
spam or tracking conversational threads. Enclosures were a kludge.
Mail should be 8-bit binary transport with a system something like the
US post uses for large parcels. They don't show up directly in your in
mail box. You have to ok their delivery.
The biggest disincentive to spam would be to make sender pay a fee to
the receiver or to backbone maintenance. For most people it would all
balance out. Spammers would have to become more selective in their
targets. If they were sufficiently selective, they would not be a
nuisance. They could even be helpful sometimes.
I wrote an essay years ago on how such an email system might work. At
this point I think the most likely evolution is via Instant messaging
acquiring all the abilities of regular email. Instant mail interfaces
were designed to be computer friendly and extendable, so even though
there are a great many of them, people have written software that can
interface to many of them such as Trillian or Jabber.
see http://mindprod.com/projects/mailreadernewsreader.html
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
> My grandma doesn't put captions in her photo album, and she doesn't need captions on her photos in email.
She doesn't need captions in the album because she will explain the
pictures, at length, every single one of them, to anyone who comes
within grabbing distance.
"Here's Johnny with the dog. Here is Johnny with the
dog again. This one is Johnny on his own. Here is the
dog. Oh look, it is Johnny with the dog again -- ...
If your photos are so banal then only people who would recognise the
people would care about them.
Captions are for people who won't recognise the subject of the photo.
When you send a photo of a house to Granma is she supposed to just
_know_ that it your new house, or the one across the road, or the one
that burnt down last week ?
On Sun, 09 Oct 2005 05:55:01 -0400, Mike Meyer <mw*@mired.org> wrote
or quoted : Virus writers will love the ability to
change peoples address books remotely.
Since this is just a broad brush view, I find it odd you can predict
just what bugs there will be in the early implementations.
You sound almost as if you were the author of the current system and
feel personally attacked by others looking for ways to improve it.
In my scheme, every message is digitally signed, even a change of
address message.
Surely for a virus to send out a digitally signed change of address
message is more difficult than sending out an unsigned one, which they
can do today.
You have two problems you want to avoid:
1. the practical problem: failure to inform your correspondents, not
just your address list, of your new address (at least the ones you
don't consider spam or pests).
2. the potential problem: rogue software sending out fake change of
address notices.
In my scheme, The receiver of the change of address message ignores
it unless it is properly signed. Surely that is a more secure system
than we have today and that handles (1) without effort. At worst, a
very clever virus could change the one address book entry, the one for
this computer, in other's machines. It could not generally corrupt
other machines.
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
On Sun, 9 Oct 2005 13:44:42 GMT, Tim Tyler <ti*@tt1lock.org> wrote or
quoted : ``Like ICQ, someone cannot send you mail without your prior permission.
They can't send you mail because they don't have your public key to
encrypt the mail.''
...is pretty confusing - because "public key" is a term with a technical
meaning in cryptography - and a public key really *is* public.
What I envisioned was you would give a "public" key to someone you
wanted to converse with you. He would encrypt all mail with that. He
could give that key to someone else, who could then impersonate him.
Most likely that second person would be his laptop.
Let's say he posted the key in the New York Times, then anyone could
impersonate him. You would the deactivate him, just as if he were a
spammer. You might or might not give him a new key when he begged for
permission to communicate.
In my opinion, the weakest link in my scheme is the initial beg for
permission to send. Here a stranger has to, in one line, tell you who
he is and why he wants to talk to you. This is much like a spam title
that tries to trick you into reading the body of the message. You
still need spam list to help filter these types out.
My scheme should work fine if you are not someone like me who gets a
lot of legit mail from strangers.
Perhaps you could slow them down with some randomly chosen questions
to prove they know something about you. Companies could do the same
thing.
You can inconvenience the sender to a fair degree since most people
don't often write strangers with the expectation of a personal
correspondence.
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
On Sun, 09 Oct 2005 05:55:01 -0400, Mike Meyer <mw*@mired.org> wrote
or quoted : Actually, you present a design that forces a solution that makes them
do what you want down their throats, never mind what they want, or
what they've been doing. It shows an amazing ignorance about the
internet and how people behave on it. Like most antispam proposals, it
won't actually stop spam, just force spammers to concentrate on
different channels. You seem to have randomly broken quoting for
people who download mail and read it offline, and for any medium
that's unreliable or doesn't reliably deliver messages "in order" -
which includes mail and news. Virus writers will love the ability to
change peoples address books remotely. The problem of differing
character sets is technically solved. Practically, the solution
doesn't work because people implementing the software ignore the
standards. What's your server going to do when it gets messages with
characters in them that aren't valid in the charset that it's declared
as being? Better yet, what's it going to do when the characters are
valid, but the declared charset isn't the one the author actually
used? You implementation sketch only covers the client talking to the
first server (in that it requires the client to encrypt a challange
phrase with the private key belonging the email id, which is
presumably what 2822 uses for the envelope sender). Most mail on the
internet goes through at least two servers, and news is much
worse. For instance, your messages apparently passed through 10
servers getting to me. You really have to deal with store and forward,
or convince a large number of corporations that potentially hostile
users should be allowed to talk directly to their mail servers, which
isn't very likely. Kudos for recognizing that spam needs to be dealt
with by people with guns, but you lose half of them for making ISPS
liable for it.
I also read the comment about wanting an automated "Ask them to run my
browser in my favorite configuration", which is equally naive. A lot
of sites have such cruft on them already. I find them funny - I surf
the web on three different platforms, none of them Windows. Any
pointer to download a new browser or plugin for Windows just impresses
me with the authors lack of skills. The only browser I know of that
runs on all three platforms is Opera, and it's something radically
different on one of the three. Even should you get the platform right,
almost nobody is going to bother upgrading following the download
links. The very small percentage of users who are real geeks will
silently thank you for the notice, and update their software. Most
users will ignore it so long as the page isn't obviously broken. For
those for whom it's broken, all but small percentage will simply find
some other site to visit. I'd suggest that anyone thinking about writing
Your post brings up a meta-issue. How long should posts be?
I note several schools of thought.
There is the initial post, sort of a mini lecture on something
covering perhaps 7 major points.
Then you can have the theatre-critic style response where each person
in turn goes through the 7 points saying when they think.
Then they repeat the 7 points each commenting on what each of the
others had to say on the seven points. etc.
Then there is the conversational style where you discuss one major
point at a time, perhaps with several threads, one for each point.
These threads meander or split off themselves.
My preference is to think of a post, other than perhaps the initial
essay post, as like a paragraph. It should stick to one main idea.
Seems to me google will have an easier time classifying posts if they
don't cover too much ground.
--
Canadian Mind Products, Roedy Green. http://mindprod.com Again taking new Java programming contracts.
Roedy Green <my******************************@munged.invalid > writes: His reply wasn't exactly clear, but I that he means that wen you use HTM
mail, you don't have to attach the photo with the email. You can also
use the HTML to refer to an image somewhere on a webserver.
There is that and also the use of HTML formatting, embedded images,
captioning, rows, borders to make the message look more like a page
from a photo album.
That's the worst of all. I certainly don't want my mail reader
opening network connections to arbitrary places when I read my mail.
I have no willingness at all to reveal my mail reading habits or IP
address to everyone who sends me email. If someone wants a return
receipt, they can use snail mail and fill out a form at the post
office for it.
"Roedy Green" <my******************************@munged.invalid > wrote in
message news:gm********************************@4ax.com...
Your post brings up a meta-issue. How long should posts be?
I note several schools of thought.
Your post brings up a usenetiquette issue. Why do you think that
perl/python/java/c people are interested in your personal discussions of
email?
Matt
On Sun, 09 Oct 2005 19:28:31 +0000, Roedy Green wrote: On Sun, 09 Oct 2005 20:54:32 +1000, Steven D'Aprano
<st***@REMOVETHIScyber.com.au> wrote or quoted :
Only if your photos are so obscure and confusing that they need captions.
That is a hair shirt approach. What if someone is sending photos of
their new house?
Oh gosh, pictures of a new house. Why didn't you say so??? If you're
sending pictures named "my_new_house1.jpg" etc then OF COURSE they have
to be imbedded in a HTML email, otherwise how could anyone know what they
were?
What if I am sending diagrams to help someone repair
their computer? It is ridiculous to tie people's arms behind their
backs. What you do instead is work to prevent abuse. Captions in and
of themselves are not dangerous things.
I didn't say they were. Obviously you haven't been reading my emails,
just reacting against them mindlessly. I use a mail client that gives
me the choice of displaying or not displaying HTML emails. If there is no
alternative to HTML, then I may _choose_ to render the HTML.
But there is always an alternative. You can always send me a Word
document, a PDF, an Powerpoint presentation showing the steps one per
page, why the possibilities are endless.
You could even send me a URL to a webpage.
--
Steven.
On Sun, 09 Oct 2005 19:40:30 +0000, Roedy Green wrote: Imagine a main sending emailed floor tile samples to his wife on a
business trip for her final veto and not being allowed to caption
them.
I don't have to imagine it, I've done it, more or less something like this:
"Dear wifey,
here are five pictures of the tiles I like. My favourite is tile02.jpg.
They are all in the price range we can afford. You pick the one you think
suits best, then call Freddy at TileMart on blah blah blah and order them.
We'll need X square metres."
Sheesh Roedy, to listen to you go anyone would think that human
communication was impossible before HTML email was invented.
--
Steven.
On Mon, 10 Oct 2005 08:49:32 +1000
Steven D'Aprano <st***@REMOVETHIScyber.com.au> wrote: On Sun, 09 Oct 2005 19:28:31 +0000, Roedy Green wrote:
What if I am sending diagrams to help someone repair
their computer? It is ridiculous to tie people's arms behind their
backs. What you do instead is work to prevent abuse. Captions in
and of themselves are not dangerous things.
I didn't say they were. Obviously you haven't been reading my emails,
just reacting against them mindlessly. I use a mail client that gives
me the choice of displaying or not displaying HTML emails. If there
is no alternative to HTML, then I may _choose_ to render the HTML.
Norm Reitzel said it all a while ago:
"I don't understand that attitude. Don't we want email that has dancing
bears, cute little videos, musical tunes, animated waving hands, sixty
fonts, and looks like it's been done with crayolas? Good grief, man,
think like a three year old!"
--
Stefaan
--
As complexity rises, precise statements lose meaning,
and meaningful statements lose precision. -- Lotfi Zadeh
On Sun, 09 Oct 2005 20:01:28 +0000, Roedy Green wrote: You might say what about those free 10 mb websites? That's not very
many images with today's megapixel digital cameras.
My system admins have a number of names for people who try to send
multi-megabyte files by email. The names start with "accursed of God"
and rapidly get worse. Email is not designed to cope with such large file
sizes, and if you are running virus scanners and spam filters -- and you
should be -- performance rapidly goes downhill from there.
I think we computer folk owe the public
We don't owe the public *anything* if they don't pay for it. We might
*choose* to build it for free, but that's our choice, not a duty.
[snip] I wrote an essay years ago on how such an email system might work.
Ah, I see. Another pie-in-the-sky replacement for email. Well, good luck
with it. I wish you every success, but don't ask me to buy shares in your
startup.
--
Steven.
>>And how do you fix the problem of unsolicited USENET articles? (*ALL* of them are unsolicited to someone). Or unsolicited
email?
Read my essay.
http://mindprod.com/projects.html/ma...ewsreader.html
I talk around those problems.
It requires a fresh start.
This URL does not work. However, from some of the other replies,
it seems that your suggestion involved identification of the sender
with digital signatures.
I think one necessary function of email and USENET is that it should
allow you to SAFELY communicate with strangers or, worse, people
you know but do not trust at all, and who are known to be malicious,
if you wish to do so, especially since meeting in person might
invoke the use of weapons of mass destruction (like, for example,
me and my hypothetical ex-wife).
For example, George W. Bush ought to be able to exchange email with
Osama Bin Laden without risking revealing nuclear launch codes.
Hitler and Winston Churchill should have been able to exchange email
(had it been available during World War II) without revealing state
secrets accidentally. I ought to be able to exchange email with
my boss without his being able to track if/when I read it. I ought
to be able to communicate with the Direct Marketing Association to
get them to take my name off a mailing list without risking spyware
installation or revealing my credit card numbers. Union leaders and
management should be able to negotiate by email without unwittingly
leaking information.
HTML is *mostly* dangerous. (links. Javascript. references to
other files on the user's computer. Forms.) It's a lot more than
text formatting. I suggest that if you want a text formatting
language, start with *TROFF* and take out the parts that refer to
other files. As far as I know, troff doesn't have any networking
references in it. Lots of people probably hate troff, but it's a
better start than HTML.
Gordon L. Burditt
Tim Tyler <ti*@tt1lock.org> writes: In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: The technial problems have been solved for over a decade. NeXT shipped
systems that used text/richtext, which has none of the problems that
HTML has. The problems are *social* - you've got to arrange for
people to use mail/news readers that understand a rich text format
that isn't a vector for viruses. It's not HTML that has problems, it's Microsoft's crappy software.
HTML is a problem on *other* peoples crappy software as well. It
wasn't designed to carry code content, but has been hacked up to do
that.
Writing virus-free HTML renderers is not hard - but of course
Microsoft can still screw it up.
Sure - just disable all the features that make people want to use HTML
instead of something else.
Don't blame HTML for viruses - *every* document format Microsoft has
anything to do with becomes a vector for viruses.
Which would mean that every open format that MS has had anything to do
with comes a vector for viruses. Somehow, I'm not buying it.
And HTML has more problems than just viruses - web bugs, for one. But
MIME's support for external bodies gives you that anyway.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Tim Tyler <ti*@tt1lock.org> writes: In comp.lang.java.programmer Mike Meyer <mw*@mired.org> wrote or quoted: Roedy Green <my******************************@munged.invalid > writes: > Read my essay.
> http://mindprod.com/projects.html/ma...ewsreader.html
>
> I talk around those problems.
Actually, you present a design that forces a solution that makes them
do what you want down their throats, never mind what they want, or
what they've been doing. It shows an amazing ignorance about the
internet and how people behave on it. Like most antispam proposals, it
won't actually stop spam, just force spammers to concentrate on
different channels. You seem to have randomly broken quoting for
people who download mail and read it offline, and for any medium
that's unreliable or doesn't reliably deliver messages "in order" -
which includes mail and news. Virus writers will love the ability to
change peoples address books remotely.
Since - in Roedy's essay - messages are digitally signed, authority
to advise about any email address updates would presumably be confined
to those people with access to the sender's private key.
It's not confined to just people - software can do this as well. In
particular, you should expect that the users mail agent will have to
have access to the key, so it can automatically send out the change of
address notice when the user changes their address (it actually needs
it to send any mail). Viruses regularly make users mail agents do
thing. "Change my address" becomes much more entertaining when that
triggers sending out change of addresses notices to everyone in the
address book. More likely, though, there'll be an API for getting the
key so that users can change mail agents without invalidating the
public key that everyone they correspond with has for them, and the
virus will just use that API.
This is also why his plan doesn't stop spam. Most spam comes from
zombies already. This will just cause them to masquerade as the owner
of the owned machine rather than somebody the author has a beef with.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Roedy Green <my******************************@munged.invalid > writes: Perhaps you could slow them down with some randomly chosen questions
to prove they know something about you. Companies could do the same
thing.
Challenge-response system are old hat. I use one, and it reduces my
spam by three orders of magnitude. Most of what's left is spam that
went to a list that I've subscribed to whose mail circumvents the
anti-spam feature, and nigerian scam type things, which violates one
of the assumptions that such systems make about spam.
The downside is that I have no idea how many people try to contact me
out of the blue, or from an address other than the one I sent mail to,
but don't bother to answer the response.
You can inconvenience the sender to a fair degree since most people
don't often write strangers with the expectation of a personal
correspondence.
Right. Nobody sends email to addresses that come off business cards,
or off a web site, or ....
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Roedy Green <my******************************@munged.invalid > writes: On Sun, 09 Oct 2005 05:55:01 -0400, Mike Meyer <mw*@mired.org> wrote
or quoted :Virus writers will love the ability to
change peoples address books remotely. Since this is just a broad brush view, I find it odd you can predict
just what bugs there will be in the early implementations.
I'm not predicting bugs in the implementations. I'm predicting how
people are going to abuse *features* of the implementations.
You sound almost as if you were the author of the current system and
feel personally attacked by others looking for ways to improve it.
Nah, I've just know people who spend a lot of time - and money -
dealing with spam, and we've discussed these issues at great
length. You haven't proposed anything that hasn't been proposed
before, and rejected for various reasons.
In my scheme, every message is digitally signed, even a change of
address message.
Yup, I assumed that.
Surely for a virus to send out a digitally signed change of address
message is more difficult than sending out an unsigned one, which they
can do today.
Maybe yes, maybe no. They can use existing APIs to send mail now. If
there's an API to sign a message - and there just about has to be,
otherwise changing mail readers will require sending out a change of
address form to change the public key - what prevents the virus from
simply using that to send out an encrpyted message? Yes, it's more
difficult, just like it's more difficult to send out mail with an
attachment than one that's just plain text. But the difference is just
more work, not something fundamentally different.
You have two problems you want to avoid:
1. the practical problem: failure to inform your correspondents, not
just your address list, of your new address (at least the ones you
don't consider spam or pests).
2. the potential problem: rogue software sending out fake change of
address notices.
In my scheme, The receiver of the change of address message ignores
it unless it is properly signed. Surely that is a more secure system
than we have today and that handles (1) without effort. At worst, a
very clever virus could change the one address book entry, the one for
this computer, in other's machines. It could not generally corrupt
other machines.
Depends on how convenient you make things. The problems aren't
technical, they're social. For instance, people will want their
address book to automatically send out change of address notices to
every non-pest if their address is changed. A virus can exploit this
by changing the address in the address book. No need for it to send
out mail - the users mail agent does it all for them. Fixing this
requires convincing the users that they should do a lot of work to
achieve point 1 - which sort of defeats your purpose.
Personally, I don't believe that you'll convince people to take do
more work to get more security. So you've got to convince all the
authors who deploy mail readers - and/or key security systems - to not
allow that. Since such a feature will be requested by users, and will
make their software more popular, that's not going to be easy either.
To be really secure, you store the private key encrypted, and ask the
user for a passphrase to decrypt it every time you want to sign a
message. So you make your interface do that, and it asks the user for
a key every time a message is signed. For true security, you have to
include the recipient address in the signatture, otherwise you're
liable to replay attacks sent different addresses, so changing your
address will involve providing your pass phrase once for everyone you
notify. Someone else will decide that's to inconvenient, and provide
an interface that stores the passphrase to reuse for some
user-specified length of time. Existing systems do this, and get lots
of use even thought they are less secure than doing it right. Then
you'll get a interface that ask for the key once a session. Then
you'll get one that asks once, and just keeps it forever. We've seen
this happen with access to web site passwords.
Guess which one users are going to prefer. Guess which one makes it
simple for viruses to hijack they system to send out mail that "you"
have signed.
<mike
--
Mike Meyer <mw*@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Roedy Green <my******************************@munged.invalid > wrote: On 8 Oct 2005 23:39:27 GMT, John Bokma <jo**@castleamber.com> wrote or
quoted :
Yeah, yeah, and 640K is enough for everybody. Same song, different tune.
For how long. Surely attachments are a stop gap. Can you imagine
people sharing images that way 100 years from now?
No, but I agree with you :-) I am not using HTML myself in email, but I
will when it makes things easier.
Why should we wait for the future? The problems blocking easy to use
photo sharing are not technological but social.
Yup, agreed. Like I already wrote, if I route all HTML email to /dev/null
I'll lose some customers, and some friends :-)
--
John Small Perl scripts: http://johnbokma.com/perl/
Perl programmer available: http://castleamber.com/
I ploink googlegroups.com :-)
Roedy Green <my******************************@munged.invalid > writes: On Sat, 08 Oct 2005 23:33:13 GMT, Rich Teer <ri*******@rite-group.com>
wrote or quoted :
What the hell has that got to do with HTML email? Sending photos
is an example of what attachments are for.
Normally you send photos to grandma with captions under each photo.
That is far more convenient for the technopeasant receiver than
dealing with multiple attachments.
I'd like to agree, but I haven't received *ANY* properly formatted,
captioned and readable list of photos in an HTML email message in a
long while. What I usually get it an email message with a completely
irrelevant subject -- usually a reply to a random thread that happened
to include my email address in the recipient list -- with a message
body as useless as:
Here's a photo collection
or even more useless, or empty.
This and other things, that show the original poster of the particular
HTML email message has _no_ intention to spend just *one* minute to
properly write a readable, useful email message, tend to be the main
reasons why I block all HTML email messages from non-work-related
email addresses, save them in a special folder and look at them only
when I really feel like spending some time to weed through the junk.
In comp.lang.perl.misc John Bokma <jo**@castleamber.com> wrote: Roedy Green <my******************************@munged.invalid > wrote:
On 8 Oct 2005 23:39:27 GMT, John Bokma <jo**@castleamber.com> wrote or
quoted :
Yeah, yeah, and 640K is enough for everybody. Same song, different tune.
For how long. Surely attachments are a stop gap. Can you imagine
people sharing images that way 100 years from now?
No, but I agree with you :-) I am not using HTML myself in email, but I
will when it makes things easier.
Why should we wait for the future? The problems blocking easy to use
photo sharing are not technological but social.
Yup, agreed. Like I already wrote, if I route all HTML email to /dev/null
I'll lose some customers, and some friends :-)
What I find is that when I see emails which are obviously spam, I
simply do not read them and delete them immediately. But then I
use Pine rather than a web browser... and while some forms of HTML
may be rendered, nothing is automatically pulled down.
Axel This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Xah Lee |
last post by:
Jargons of Info Tech industry
(A Love of Jargons)
Xah Lee, 2002 Feb
People in the computing field like to spur the use of spurious jargons.
The less educated they are, the more they like...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
