Jargons of Info Tech industry

[Roedy Green]

It's gone

arghh. try http://mindprod.com/projects/mailreadernewsreader.html

 

[Roedy Green]

The term you want is "wrong", not "confusing".

In encryption the key you give others to encrypt messages to you is
called the "public key". It is not public in the sense of everyone
knows it.

What term do you suggest?

 

[Roedy Green]

The downside is that I have no idea how many people try to contact me
out of the blue, or from an address other than the one I sent mail to,
but don't bother to answer the response.

This is why I wanted a protocol where that was automated.

 

[Roedy Green]

Right. Nobody sends email to addresses that come off business cards,
or off a web site, or ....

Nowadays website email addresses are becoming rarer. Instead you fill
in a form to initiate your conversation.

In a business card exchange both parties might set up a permission for
the other, so they are not exactly strangers.

There are some people who naturally get mail from the general public,
e.g. newspaper editors, salesmen, me. However, if you block a
sufficiently high percentage of spam, the spam industry will go away
and these people will be the natural beneficiaries.

You don't need 100% spam blocking to effectively solve the spam
problem. You just have to make spam uneconomic.

There was an analogous problem with telephone spam. It was even
easier for the telepest to get addresses, just add one. That was
solved by legal means. It could come back as long distance rates drop
and some country harbours them.

 

[Roedy Green]

that should read:
http://mindprod.com/projects/mailreadernewsreader.html

 

[Roedy Green]

I think one necessary function of email and USENET is that it should
allow you to SAFELY communicate with strangers or, worse, people
you know but do not trust at all,

Yes, but with spam ANY communication with an unwanted stranger is a
nuisance.

There are two kinds of stranger:

1. ones you want to talk to
2. ones you don't.

How can you sort people?

1. ones that appear to be trying to sell something

2. ones that others have said were pests.

3. ones you have given temporary/special permission to contact you ---
a code word in a personal ad or newsgroup post.

4. Ones who can convince you of their case in a single sentence.

5. Ones who have a reputation as non-spammers (by some sort of
consumer reports bureau that issues digital ids.)

6. Ones you have rejected in past (aided by digital ids expensive
enough people won't change them like underwear).

 

[Roedy Green]

Likewise I avoid emails that are broken. If it looks like it will contain
web-bugs, javascript exploits, or badly formatted unreadable text, then I
avoid any mail client that can't display it in plain text.

And by "looks like", I mean "contains any HTML".

That is overreacting. All you need is a something that refuses to run
code. There is no need to ignore the formatting.

I have well meaning friends who send me rather syrupy emails,
formatted. I don't run any enclosures, but I look at the pictures and
the message. They are not spam.

If people like sending such messages to each other it is not our
business to interfere. On the contrary. Our job it help people send
arbitrary messages to each other as easily as possible. Censoring
content and style is none of our business. Our job is to help get
messages through reliably, safely and efficiently.

 

[Roedy Green]

And they don't know about attachments?

Attachments are geeky kludge.

 

[Roedy Green]

What makes you think I don't have a copy of Opera? Just so happens
I've got a registred copy on my newest computer.


My copy of Opera doesn't have that menu entry. I suspect you're making
platform-specific suggestions.

Because you did not seem to be aware of the Opera features. I don't
know what version you have or what platform you are using. The only
one I can help you with is Opera 8.5 for Windows.

 

[Roedy Green]

Formatted spam can include pictures of words. That's a common spam
tactic - send a multipart/alternative with a text part that look like
a letter from aunt jane - and mention that you're sending a
picture. The picture part is basically a jpeg of a flyer for the spam
companies product.

Such a jpg would have a lot more sharp edges than a usual photo. Also
you tend to have areas of just two colours. Some edge detecting
software might have a go at it.

However, my rule of thumb is I would not accept photos from the
general public, only from a subset of my correspondendents. That
makes a photo a strong spam indicator. Then there are small corporate
logos, which are innocuous. Spamnix does not have such a filtering
rule.

 

[Flash Gordon]

Roedy Green wrote:

<snip stuff off topic for comp.lang.c>

Can all of you please take comp.lang.c out of this thread (and all its
sub-threads, since it is totaly off topic and NONE of the people on this
thread are posting to anything else on comp.lang.c so I doubt any of you
are reading it here.

 

[Gordon Burditt]

However, formatted text is not code.

HTML is much more than formatted text.

Pictures are not code. It is
unfair to tar them with the brush of JavaScript or the goofy things
Outlook does with enclosures.

If you take all the dangerous stuff out of HTML, like:
Links
Javascript
Forms
References to other files

you'd have very little left. I suggest that for formatted text,
TROFF would be a better start.

Gordon L. Burditt

 

[Steven D'Aprano]

Viruses can mail out change of address messages to everyone in the
compromised machine's address book today.

Of course, viruses don't bother doing that - since it's stupid and
pointless.

If you've compromised someone's machine there are typically lots more
rewarding things to do with it than spoof change-of-address notices.

Yes. But erasing hard drives is stupid and pointless, and viruses written
by digital vandals do exactly that.

Viruses *these days* are mostly written by criminals looking to make
money, not criminals looking to do the equivalent of smashing your windows
and running away.

Suppose I wanted to gather industrial espionage about, oh, say Roedy
Green. If my virus could impersonate him, I could tell everyone in sight
that his email has changed to (e-mail address removed) (or wherever). I would
harvest his email, forward it on to him so he doesn't even notice, and
sell the data to the highest bidder. Or use it for blackmail. Or sell it
to companies who want to buy demographic and purchasing information ("I
see he has bought seven books from Amazon this month...").

If you think this is too ridiculous for words, think of this: how valuable
to Steve Ballmer and Bill Gates do you think Google's internal emails
would be?

Information is power, and power makes money.

 

[Roedy Green]

What if, instead of that crap Outlook produces, which is a mishmash of
malformed html, Javascript viruses, self-installing enclosures etc.

It were replaced by a rich text that were something like a CSS-style
HTML, validated, and preparsed, and compacted for rapid rendering.

It would have no hooks in it for viruses or code launching, though it
would have clearly marked hypertext links.

The question I am getting at is what is bugging you the most?

1. spam which is often associated with formatted mail

2. Trojans that exploit MS email.

3. cutsie pie dancing bears

4. sloppy implementation

5. slow email downloads

6. Puritanical objection to any variation in colour and font. It is
unmanly.

7. want it impossible to embed images, not just for you but for
everyone. No one has a legitimate interest to embed images.

Let us say your answer is all 7. My response is the solution is not
to revert to plain text for email. It won't happen. The solution is
to move forward and fix the implementations.

It is one thing to demand all mail sent to you have no formatting, but
quite another to demand all mail sent by anyone to anyone have no
formatting or embedded images.

I think a modern email system should let your correspondents
automatically know of your eccentricity so that mail will
automatically be stripped to the bone before sending it to you.
My ISP has this quirk and gets irate if I ever slip and send him a
formatted mail. I would love it if Eudora remembered that for me and
automatically prevented me from doing that.

Formatted email has quite legit functions. For example the Health
Action Network Society has an optional mailing list that will let you
know of any upcoming events relevant to alternative health. The mail
looks like a little poster for the event.

 

[Mike Meyer]

As if what we are living with now were preferable to what I propose.

Nope. Any of the rejected proposals would be better than what we have
now.

It is inertia. It is herd mentality that dare not leap out of the
current rut. It is not a particularly difficult technical problem. It
is figuring out how to get people to switch over.

Yup, you solved an easy problem - designing a spam-proof email
system. That's been done any number of times. The hard part is a
deployment strategy that will actually get the world to transition to
such a system. That's why earlier nearly identical proposals got
rejected - nobody could come up with a workable transition plan.
Without a transition plan, a better email system is only of academic
interest - and not even much of that at this late date.

And yes, it's just inertia. Sort of like why the world stays in it's
orbit is just inertia. If you could get enough people to agree on a
solution and switch to it at the same time, you'd be done. But
"enough" is everyone who uses email, so realistically you need a plan
- and a system - that lets things interoperate during the transition.

<mike

 

[Mike Meyer]

This is why I wanted a protocol where that was automated.

Um - I don't recall seeing anything in you plan that would provide
information I'm missing. I'm sure you could tweak the software to
collect it once it were in place. But I could do the same.

<mike

 

[Mike Meyer]

Such a jpg would have a lot more sharp edges than a usual photo. Also
you tend to have areas of just two colours. Some edge detecting
software might have a go at it.

It's probably possible. No one has done it yet.

However, my rule of thumb is I would not accept photos from the
general public, only from a subset of my correspondendents. That
makes a photo a strong spam indicator.

Censoring content and style is none of our business.

Spam is all about censoring content. But you're proposing censoring
style to deal with pictures of words.

<mike

 

[Mike Meyer]

or quoted :
You don't need 100% spam blocking to effectively solve the spam
problem. You just have to make spam uneconomic.

There are good reasons to doubt this. Most notably, there's no proof
that spam is economic now. There's also evidence that non-trivial
percentages of spam are more a form of ddos attack than any real
attempt to send mail.

There was an analogous problem with telephone spam. It was even
easier for the telepest to get addresses, just add one. That was
solved by legal means. It could come back as long distance rates drop
and some country harbours them.

Just making it illegal won't do anything. Most spam today is the
result of illegal activity, and is part of an illegal or semi-legal
activity even if you ignore that.

You've got to convince the spammers that large men with guns will show
up on their doorstep if they keep it up.

<mike

 

[Roedy Green]

uOn Wed, 12 Oct 2005 22:02:23 GMT, (e-mail address removed) (Dave Hansen)
wrote or quoted :

Summary: a buffer overflow problem in Microsoft's JPEG redering
library, used my almost all Windoze email and web clients, would allow
an attacker to execute any arbitrary code he wished on your computer
simply by tricking you into viewing a doctored JPEG image. Since
solved (this problem is _so_ last year, dahling), but it belies your
assertion that "pictures are not code."

By your definition all socket communications contains code because of
the existence of buffer overrun "bugs" -- probably deliberately put
there by unscrupulous employees.

The pictureness is not at fault. MS was at fault.

No wonder the community has failed to solve spam with attitudes like
that -- extreme naysaying, misplacing the source of the problem, and
calling each other "dahling" is bound to get everyone out of a
problem-solving mode.

You probably were all told the story of the three sillies as a child
about people who wept themselves to inaction worrying imagined futures
rather than dealing with the realities of the present. I think
fretting about minutiae, and the desire for a perfect ant-spam
solution has blocked getting on with a reasonable solution.

 

[Roedy Green]

Links
Javascript
Forms
References to other files

the only piece of that particularly dangerous is JavaScript. So long
as you have a scheme to unmask where links are really going links are
no more dangerous than they are in browser.

Even a form is not dangerous. You have to fill it in and hit submit.