[9fans] ISP filtering - update

[9fans] ISP filtering - update

[Aharon Robbins]

Well, the ISP's filtering consists essentially of removing the virus
or rather the attachment with the virus in it.  The letter itself still
comes through.  This is still an improvement; the emails are around 4K
in size instead of 140K.  But I still have to postprocess the results of
my current (underpowered) spam filter.  At least it all downloads a
lot faster now.

FWIW.

Arnold

Re: [9fans] ISP filtering - update

[boyd, rounin]

yeah, i wanted my filer to be fail safe, so it'd save the rejected
message in an 'al' file with deliver.  this prooved to be impractical,
so now i just save the headers:

the code reads:

    # so we can $upas/fs it later, if necessary
    #
    # this is lunacy, but correct
    #$upas/deliver $to $mbox/replyto $audit < $mbox/raw

    # this is manageable, but not correct
    $upas/deliver $to $mbox/replyto $audit < $mbox/rawheader

Re: [9fans] ISP filtering - update

[ron minnich]

On Thu, 25 Sep 2003, Aharon Robbins wrote:

> FWIW.

not a lot, over time. I had 5,000 messages to deal with on the linuxbios
list from this thing (oh, wait, rm -r, that was easy). Not having
attachments didn't help much.

ISPs say that something like 90+% of their BW goes to SPAM now. Two SPAM
blacklisting services just shut down due to DDOS attacks.

Whatever we're doing, it ain't working very well.

ron

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, ron minnich wrote:

> ISPs say that something like 90+% of their BW goes to SPAM now. Two SPAM
> blacklisting services just shut down due to DDOS attacks.

That is good, where do you think spammers get their lists of relays and
such? Besides they commit trespass and harassment in the process of doing
their supposedly 'good' deeds. Blah, may the fascist bastards rot in hell.

> Whatever we're doing, it ain't working very well.

That's because 99.9% of you don't understand the problem. You need to be
using the existing harassment and trespass laws and careful choice of case
to set precedent.

Just think of somebody ringing your doorbell over and over...

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Thu, Sep 25, 2003 at 09:48:26AM -0500, Jim Choate wrote:
> On Thu, 25 Sep 2003, ron minnich wrote:
>
> > ISPs say that something like 90+% of their BW goes to SPAM now. Two SPAM
> > blacklisting services just shut down due to DDOS attacks.
>
> That is good, where do you think spammers get their lists of relays and
> such? Besides they commit trespass and harassment in the process of doing
> their supposedly 'good' deeds. Blah, may the fascist bastards rot in hell.
>
To some extent, I agree with you.  Early days of the Internet,
disconnections were instigated by net-deities that had the respect
of the community, these days, it's a matter of self-appointed,
never challenged authority.  On the other hand, the enemy isn't
exactly playing clean either.

> > Whatever we're doing, it ain't working very well.
>
> That's because 99.9% of you don't understand the problem. You need to be
> using the existing harassment and trespass laws and careful choice of case
> to set precedent.
>
Not in the USA (or anywhere else where there exists a culture of
litigation).  It used to be that "Justice is the interest of the
strongets" (Aristotle, if I recall right) but power is now in the
hands of the plutocrats.

> Just think of somebody ringing your doorbell over and over...
>
More like somebody having wired your doorbell to a remote control that
you can't disconnect.  Not really a good analogy.  And it's going to
be expensive to prosecute in a court of law.

Maybe if Oprah comes out strongly against SPAM, will we see some
results.

++L

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Lucio De Re wrote:

> On Thu, Sep 25, 2003 at 09:48:26AM -0500, Jim Choate wrote:
> > On Thu, 25 Sep 2003, ron minnich wrote:
> >
> > > ISPs say that something like 90+% of their BW goes to SPAM now. Two SPAM
> > > blacklisting services just shut down due to DDOS attacks.
> >
> > That is good, where do you think spammers get their lists of relays and
> > such? Besides they commit trespass and harassment in the process of doing
> > their supposedly 'good' deeds. Blah, may the fascist bastards rot in hell.
> >
> To some extent, I agree with you.  Early days of the Internet,
> disconnections were instigated by net-deities that had the respect
> of the community, these days, it's a matter of self-appointed,
> never challenged authority.  On the other hand, the enemy isn't
> exactly playing clean either.

Nope, never have they been 'good'. I can say from personal experience that
everytime I move my physical IP I see a pattern. The first is the hackers,
the record so far is 24 minutes from going live to first port scans. Not a
problem. What's interesting is that the spam load is nearly zero (as in
1-2 a day) until the first blacklist probes happen. Then within 72 hours
there is a avalanche of spam. You call the blacklist and explain it to
them and ask them to both remove you from their database (which if refused
is basically indentured servitude since they make money off your system
yet don't pay you for your participation) and cease probes of the machines
(which after the first request to cease qualifies as harassment) and what
do yo get? A "Fuck off". Why? Because they want the double stream of
income.

> > > Whatever we're doing, it ain't working very well.
> >
> > That's because 99.9% of you don't understand the problem. You need to be
> > using the existing harassment and trespass laws and careful choice of case
> > to set precedent.
> >
> Not in the USA (or anywhere else where there exists a culture of
> litigation).  It used to be that "Justice is the interest of the
> strongets" (Aristotle, if I recall right) but power is now in the
> hands of the plutocrats.

If you want to be a victim of circumstances then you have the first clue
of why you're observation has any truth.

> > Just think of somebody ringing your doorbell over and over...
> >
> More like somebody having wired your doorbell to a remote control that
> you can't disconnect.  Not really a good analogy.

Actually it is, the law sees no different between doing an act yourself or
via a proxy.

>  And it's going to
> be expensive to prosecute in a court of law.

The first time.

> Maybe if Oprah comes out strongly against SPAM, will we see some
> results.

Spam is speech, people have a right to try to talk to you. It is your
responsibility to hand the 'no soliciting' or 'no trespass' signs on the
property line. That's the fundamental flaw with the current mail
mechanisms.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

Jim Choate:

> That's because 99.9% of you don't understand the problem. You need to be
> using the existing harassment and trespass laws and careful choice of case
> to set precedent.
>
> Just think of somebody ringing your doorbell over and over...

...in which case you look out the window to get a good look at the
perpetrator, call the cops and give a reliable description, perhaps
including a car description, license plate, etc. Either that or you open the
door and punch his lights out.

Where do we get reliable ID information from a mail header? The bell is
being rung by an innocent neighbor turned into a zombie by the real, unknown
perpetrator.

Boyd had the right idea (not the current one (though that one's good too))
but... let's see if I can find it... quoted it in my book...

The final solution is to either beef up IP (bad idea) or replace

it with a mutually authenticaticated, encrypted protocol.



When you have identity you can resort to your nice, civilized due process.
Until then it's terror, plain and simple. If applying harrassment and
trespass laws is effective against terror then our other big problem is
solved, just serve criminal complaints and lawsuits against bin Laden et al.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[Douglas A. Gwyn]

Jim Choate wrote:
> Spam is speech, people have a right to try to talk to you.

Not unless you invite them to.
If you're thinking about the 1st Amendment to the US constitution,
that is just a prohibition against government suppression of
otherwise normal political discourse, not permission for others
to intrude themselves upon your attention.

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> That's because 99.9% of you don't understand the problem.

You know, Jim, every once in a while you start to make some sense, and
say something that folks might find it worthwhile to listen to, and
then you make a statement like this and come across as a megalomaniac,
and it turns people off and they go back to ignoring you.  If you want
to make a difference, then I strongly suggest you change your approach
slightly.  A different demeanor would make all the difference in the
world.

	- Dan C.

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Douglas A. Gwyn wrote:

> Jim Choate wrote:
> > Spam is speech, people have a right to try to talk to you.
>
> Not unless you invite them to.

Wrong, and it's demostrated many times before why this is wrong.

If they don't have a right to try to contact you then how do they get your
permission? The fundamental flaw in the 'unsolicted email' approach. It's
called a "Catch 22".

There is a deeper philosophical problem with respect to what is meant by
democracy, individualism, and privacy. I suggest the following,

Individualism and Economic Order
F.A. Hayek
ISBN 0-226-3209306

In particular read chapter 1, "Individualism: True or False", as it
addresses this supposition head on, and demolishes it.

If you withdraw from society, you lose your say in that society. You have
no right to reap the benefits of a society if you don't participate.
Otherwise it is simply theft. There are two types of activity in a
democratic society, passive and active. In a democratic society the active
options are left to your personal choice (ala Zamyatkins "We"), however
the passive components are what -you owe others- as a member of that
society.

Freedom is not free.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Wes Kussmaul wrote:

> ...in which case you look out the window to get a good look at the
> perpetrator, call the cops and give a reliable description, perhaps
> including a car description, license plate, etc. Either that or you open the
> door and punch his lights out.

What a bullshit example, you sit at home all day peeking out the window?

What a paranoid streak you have.

Face it, you live in a fantasy world of your paranoia.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> On Thu, 25 Sep 2003, Wes Kussmaul wrote:
> > ...in which case you look out the window to get a good look at the
> > perpetrator, call the cops and give a reliable description, perhaps
> > including a car description, license plate, etc. Either that or you open the
> > door and punch his lights out.
>
> What a bullshit example, you sit at home all day peeking out the window?
>
> What a paranoid streak you have.
>
> Face it, you live in a fantasy world of your paranoia.

[This is a perfect example backing up my earlier thesis.]

But to address the point....  If you're not home, why would you care if
someone stood outside your house all day ringing your doorbell, which
was the example you gave?  As long as it's not disturbing your pets,
who cares?  They're hardly wasting your time, just their own.

Then again, if someone is repeatedly ringing your doorbell, and you're
home, and it bothers you, it doesn't take that big a stretch of the
imagination to come to the conclusion that you could then, at that
point, have a look out the window and see who's doing it (or punch his
or her or their lights out [or call their mom]).

	- Dan C.

Re: [9fans] ISP filtering - update

[David Presotto]

As far as I can tell, using laws to stop spammers is not
very effective.  Spam is essentially a nuisance.  There
are indeed many local nuisance laws.  However, an attempt
to injunct someone in another state from bothering you
is pretty hard.

Local laws against bulk faxing got passed partially with the
support of businesses that claimed the fax spam was wasting
their paper and losing them business when their fax machines
didn't have paper to take orders.  Similar argument may work
with spam but only once the problem gets much worse than
it is.  Read HR 2515 for a fairly reasoned description of
the problem, though the solution wouldn't really help much.
They request that each sender (not transmitter) of spam
have an opt-out mechanism and that they have valid reply
info so that you can opt out.  However, you get into the same
problem as opting out of telemarketing calls.  If you have
to opt-out with each spammer, you could easily spend your
whole life opting out.

A opt-out registry would be nice, but look what's happening
with the FTC's do-not-call registry.

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> You really should take your own advice.

You're projecting again.

> Try arguing with facts instead of ad hominims which seems to be your
> forte.

Wow, you know, you really amaze me.  You really do live in a fantasy
world.

	- Dan C.

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Dan Cross wrote:

> You know, Jim, every once in a while you start to make some sense, and
> say something that folks might find it worthwhile to listen to, and
> then you make a statement like this and come across as a megalomaniac,
> and it turns people off and they go back to ignoring you.  If you want
> to make a difference, then I strongly suggest you change your approach
> slightly.  A different demeanor would make all the difference in the
> world.

You really should take your own advice.

Try arguing with facts instead of ad hominims which seems to be your
forte.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Dan Cross]

David Presotto <presotto@closedmind.org> writes:
>
> As far as I can tell, using laws to stop spammers is not
> very effective.  Spam is essentially a nuisance.  There
> are indeed many local nuisance laws.  However, an attempt
> to injunct someone in another state from bothering you
> is pretty hard.
>
> Local laws against bulk faxing got passed partially with the
> support of businesses that claimed the fax spam was wasting
> their paper and losing them business when their fax machines
> didn't have paper to take orders.  Similar argument may work
> with spam but only once the problem gets much worse than
> it is.  Read HR 2515 for a fairly reasoned description of
> the problem, though the solution wouldn't really help much.
> They request that each sender (not transmitter) of spam
> have an opt-out mechanism and that they have valid reply
> info so that you can opt out.  However, you get into the same
> problem as opting out of telemarketing calls.  If you have
> to opt-out with each spammer, you could easily spend your
> whole life opting out.

Or they just set up shop off-shore and ignore your laws.  Unlike
international phone calls, the cost deterent for doing so isn't
nearly as strong.

> A opt-out registry would be nice, but look what's happening
> with the FTC's do-not-call registry.

Actually, I understand that Congress fast-tracked a bill granting the
FTC explicit permission to host a national do-not-call registry,
effectively voiding the court's descision that it was out of the scope
of the FTC's authority.  I believe it goes to the Senate later today
(or maybe tomorrow or something).  Anyway, with luck, it'll be signed
into law before October 1, unless Bush decides it would hurt his
buddies in the telemarketing business.

	- Dan C.

Re: [9fans] ISP filtering - update

[D. Brownlee]

It looks as though the congress is acting to pass
a law that would effect much of what the administrative
law would do, with respect to the do-not-call list.

For the spam problem, we need a "killer-app,"
mailizard, which, like a lizard, just hangs-out
waiting for insects to come by.


David Presotto wrote:
> As far as I can tell, using laws to stop spammers is not
> very effective.  Spam is essentially a nuisance.  There
> are indeed many local nuisance laws.  However, an attempt
> to injunct someone in another state from bothering you
> is pretty hard.
>
> Local laws against bulk faxing got passed partially with the
> support of businesses that claimed the fax spam was wasting
> their paper and losing them business when their fax machines
> didn't have paper to take orders.  Similar argument may work
> with spam but only once the problem gets much worse than
> it is.  Read HR 2515 for a fairly reasoned description of
> the problem, though the solution wouldn't really help much.
> They request that each sender (not transmitter) of spam
> have an opt-out mechanism and that they have valid reply
> info so that you can opt out.  However, you get into the same
> problem as opting out of telemarketing calls.  If you have
> to opt-out with each spammer, you could easily spend your
> whole life opting out.
>
> A opt-out registry would be nice, but look what's happening
> with the FTC's do-not-call registry.
>

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Dan Cross wrote:

> But to address the point....  If you're not home, why would you care if
> someone stood outside your house all day ringing your doorbell, which
> was the example you gave?

What makes you think they're going to sit there and do it over and over?
It's the same thing as if they do it once everyday at 4pm for a year.

Trespass isn't a crime if you're not home....hmmmmm How about if somebody
breaks into your house and watches your television when you're not home?
That's not burglary? The reality is that ones control over their property
and access to it is their right whether they are at home or not. It's the
principle that matters.

What happened to -your deciding what to do with your property-? You don't
believe in that apparently.

Dan, you have a fundamental conflict here you need to deal with, in a
manner other than emotional I might add.

Why is emotional argument worthless with respect to what is right or wrong
in a democracy? Why is one of the goals of this country the pursuit of
happiness, why not a guarantee of happiness? And why is happiness
important? First, people are inherently unhappy. Everybody. So somebody
saying you can't do this because it makes me unhappy is a empty argument.
Second, what can possibly make everyone happy? Nothing, we each have our
own goals and desires so a single approach to solving the problems of life
won't work. Not that it hasn't stopped many people from trying (eg
socialism).

Now let's address your earlier comment about my 99.9% statement. If it
were not true we wouldn't have topics like 'critical thinking' and we
wouldn't have the spam problem in the first place. Each of these people
would understand what their role and responsibility in society was and
they would follow it.

Since we do have this problem then clearly the vast majority of people
don't do it.

Hence, I stand by my statement. Most people don't think analytically very
well at all, they respond in emotional ways which in the long run are
self-defeating. If they weren't then again, why do we have the problems we
have?

In this entire discussion you haven't once offered real counter examples
or drilled down anywhere close to basic principles of personal
responsiblity. Your forte seems to be the strawman and the ad hominim.

As to megalomania, I'd say your behaviour is more akin to thinking oneself
to be grand than I. Your commentary is shallow and lacks any logical
depth.

You are of course welcome to your opinions, even if you can't back them up
with reasonable arguments or facts.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, David Presotto wrote:

> As far as I can tell, using laws to stop spammers is not
> very effective.  Spam is essentially a nuisance.

I"m with you 100% here, I see the only workable solution as a technical
one controlled by the individual or groups of individuals who share the
same views. The catch is that there must be a mechanism from that
behaviour getting out of hand and infringing others rights. That isn't a
technical solution, nor is it based in criminal law. The only solution
there is civil action.

The approaches that are being tried today are not based on this simple and
clear realization.


 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

From: "Jim Choate" <ravage@einstein.ssz.com>

> Try arguing with facts instead of ad hominims which seems to be your
> forte.

That's ad hominems, not ad hominims.

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Wes Kussmaul wrote:

>
> From: "Jim Choate" <ravage@einstein.ssz.com>
>
> > Try arguing with facts instead of ad hominims which seems to be your
> > forte.
>
> That's ad hominems, not ad hominims.

And you just commited it. Don't address the issue, but the speaker.

Go back to sleep wanna be english teacher.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Joel Salomon]

> That's because 99.9% of you don't understand the problem.

Are there a thousand of us that such a measurement means anything? Or are
there 500 9fans and one of us half understands something?

--Joel

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> >
> > > Try arguing with facts instead of ad hominims which seems to be your
> > > forte.
> >
> > That's ad hominems, not ad hominims.
>
> And you just commited it. Don't address the issue, but the speaker.
>
> Go back to sleep wanna be english teacher.

Hey, that's a GREAT example of an ad hominem for my first class! Thanks!

WK

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> On Thu, 25 Sep 2003, Dan Cross wrote:
> > But to address the point....  If you're not home, why would you care if
> > someone stood outside your house all day ringing your doorbell, which
> > was the example you gave?
>
> What makes you think they're going to sit there and do it over and over?
> It's the same thing as if they do it once everyday at 4pm for a year.

If they do it every day at the same time, and it bothers you, it's also
a big leap of imagination to see where someone might be peaking out the
window at that time one day to see who's bothering them.

If they're not doing it regularly and annoyingly, then it's not really
harassment, is it?  The Fedex guy rang my doorbell yesterday.  I opened
the door and got my package from him.  I hardly consider that harassment,
as I understand the term.

> Trespass isn't a crime if you're not home....hmmmmm How about if somebody
> breaks into your house and watches your television when you're not home?
> That's not burglary? The reality is that ones control over their property
> and access to it is their right whether they are at home or not. It's the
> principle that matters.
>
> What happened to -your deciding what to do with your property-? You don't
> believe in that apparently.

No, you just don't understand what I was saying.  Go back and reread it.
What I was saying is that if someone is actively harassing you, it's not
being `paranoid' to try and figure out who they are.  Maybe one way to
do that is peak out the window when someone is actually engaged in the
act of harassing you.  If, on the other hand, you don't know that someone
is trying to harass you, they can't really be said to be harassing you,
can they?  They're certainly not doing a bang-up job of it.  I would have
thought this was self-evident, as would most reasonable people.

> Dan, you have a fundamental conflict here you need to deal with, in a
> manner other than emotional I might add.

I've already proposed a technical solution.  Why don't you get your army
of programmers in OpenForge! to go implement it?  My arguments aren't
emotional.

> Why is emotional argument worthless with respect to what is right or wrong
> in a democracy? Why is one of the goals of this country the pursuit of
> happiness, why not a guarantee of happiness? And why is happiness
> important? First, people are inherently unhappy. Everybody. So somebody
> saying you can't do this because it makes me unhappy is a empty argument.
> Second, what can possibly make everyone happy? Nothing, we each have our
> own goals and desires so a single approach to solving the problems of life
> won't work. Not that it hasn't stopped many people from trying (eg
> socialism).

What does this have to do with anything?

> Now let's address your earlier comment about my 99.9% statement. If it
> were not true we wouldn't have topics like 'critical thinking' and we
> wouldn't have the spam problem in the first place. Each of these people
> would understand what their role and responsibility in society was and
> they would follow it.
>
> Since we do have this problem then clearly the vast majority of people
> don't do it.

No, we have the spam problem because some people aren't very nice and
are willing to take advantage of others.  Period.  Don't try to disect
this into some philosophical argument.  That's just elitist, and you're
not that clever.

> Hence, I stand by my statement. Most people don't think analytically very
> well at all, they respond in emotional ways which in the long run are
> self-defeating. If they weren't then again, why do we have the problems we
> have?

Once again, because there are some bad apples out there who took advantage
of a poorly-conceived technical infrastructure with so much mass that it's
almost impossible to displace now.  You can fault the vision of the people
who designed SMTP and didn't make provisions for authentication, but it
has nothing to do with the things you think it does.

> In this entire discussion you haven't once offered real counter examples
> or drilled down anywhere close to basic principles of personal
> responsiblity. Your forte seems to be the strawman and the ad hominim.

Because it has nothing to do with those things.  But let's talk about
personal responsibility:  you have a message you want to get across.
You have a responsibility to yourself to try and do so in the way that
will make your audience most receptive.  By all accounts, you fail at
that.

> As to megalomania, I'd say your behaviour is more akin to thinking oneself
> to be grand than I. Your commentary is shallow and lacks any logical
> depth.

Jim, why are you so hostile to having people debate your ideas?

> You are of course welcome to your opinions, even if you can't back them up
> with reasonable arguments or facts.

Projecting.

Ugh.  I'm amazed.  Jim, you're sick, and need help.  Go seek professional
councilling to deal with your feelings of inferiority that are manifesting
themselves in megalomania.  Really.  I can't spend any more time on it;
it just makes my head hurt.

	- Dan C.

Re: [9fans] ISP filtering - update

[mirtchov]

> Why is one of the goals of this country the pursuit of
> happiness, why not a guarantee of happiness?

Why not force people to be happy altogether?  (Btw, Zamyatin's "We"
was just as relevant in Soviet Russia as it is in Bush's America).

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> If this is the best reasoning you have then I pity your class. But they're
> young and there's hope they'll hit somebody who argues facts instead of
> feelings.

Like you, you mean?  One of these days, I'm going to write a Choate-bot
to spit out random Choate-like sentences.  Most of them will just be,
``consider suicide.''  ``Up the meds.''  ``I pity your class.''  ``Fuck
your T-shirts.''  ``Tact sucks.''  etc, etc, etc.

	- Dan C.

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Wes Kussmaul wrote:

> Hey, that's a GREAT example of an ad hominem for my first class! Thanks!

Actually it's not, he had no position to attack other than his desire to
denigrate via personal attack.

If this is the best reasoning you have then I pity your class. But they're
young and there's hope they'll hit somebody who argues facts instead of
feelings.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[ron minnich]

On Thu, 25 Sep 2003, Dan Cross wrote:

> Or they just set up shop off-shore and ignore your laws.  Unlike
> international phone calls, the cost deterent for doing so isn't
> nearly as strong.

that was the complaint of the blacklisters. It was hard to take anonymous
people in China to court under US Laws. China, for some reason, did not
appear to want to cooperate.

Actually, concerning the current tone of this discussion, is it not
comforting that we didn't end up with a world where us rational, logical,
scientific types run the show? Man, what a place that would be if our
words on this list could be backed up with an army and secret police ...
oh yeah ... been there, done that, ca. Oct. 1917.

ron

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003 mirtchov@cpsc.ucalgary.ca wrote:

> > Why is one of the goals of this country the pursuit of
> > happiness, why not a guarantee of happiness?
>
> Why not force people to be happy altogether?  (Btw, Zamyatin's "We"
> was just as relevant in Soviet Russia as it is in Bush's America).

Actually it's the book that caused both 1984 and Brave New World to be
written.

It's amazing how time after time people who steal with skill get fame and
fortune but the people who did the actual original work get forgotten but
for a few (eg Tesla and radio).

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 100 bytes --]

The Bush regime is trying to correct that slight problem.  Two
countries down, a whole bunch to go.

[-- Attachment #2: Type: message/rfc822, Size: 3156 bytes --]

From: ron minnich <rminnich@lanl.gov>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ISP filtering - update
Date: Thu, 25 Sep 2003 12:12:41 -0600 (MDT)
Message-ID: <Pine.LNX.4.44.0309251209530.5512-100000@maxroach.lanl.gov>

On Thu, 25 Sep 2003, Dan Cross wrote:

> Or they just set up shop off-shore and ignore your laws.  Unlike
> international phone calls, the cost deterent for doing so isn't
> nearly as strong.

that was the complaint of the blacklisters. It was hard to take anonymous
people in China to court under US Laws. China, for some reason, did not
appear to want to cooperate.

Actually, concerning the current tone of this discussion, is it not
comforting that we didn't end up with a world where us rational, logical,
scientific types run the show? Man, what a place that would be if our
words on this list could be backed up with an army and secret police ...
oh yeah ... been there, done that, ca. Oct. 1917.

ron

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Dan Cross wrote:

> Like you, you mean?  One of these days, I'm going to write a Choate-bot
> to spit out random Choate-like sentences.  Most of them will just be,
> ``consider suicide.''  ``Up the meds.''  ``I pity your class.''  ``Fuck
> your T-shirts.''  ``Tact sucks.''  etc, etc, etc.

Dan, as usual your argument is so full of holes. Now go back and look at
the context of those statements instead of taking them out of it and using
them to your own emotional ends.

Each one of them was in response to others out of line behaviour. I stand
behind them in their context.

Let's pick one, it's my favorite, 'fuck your t-shirts' was said to the
VN rep who made one of the most snide and stupid comments I've ever heard
from a commercial rep to a user group. It deservicd a lot more than that,
why did I say it? Becuase VN has been completey irresponsible in the way
it deals with user groups and the promotion of Plan 9. The amount of
effort and work they've put into is clearly demonstrates they really have
no intent on selling Plan 9 to a -growing- audience. That attitude is what
I say 'fuck you' to and say so today.

Oh, you forgot the 'inbred' comment....you're slipping.

It says a lot that you keep this on hand saved up for an attempted shot
across the bow.


 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Joel Salomon wrote:

> > That's because 99.9% of you don't understand the problem.
>
> Are there a thousand of us that such a measurement means anything? Or are
> there 500 9fans and one of us half understands something?

300M is a decent estimate of the current population.

OK, if you understand the problem Joel what is your solution?

Don't have one? Then I guess you go in that 99.9% who don't understand it.


 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, ron minnich wrote:

> Actually, concerning the current tone of this discussion, is it not
> comforting that we didn't end up with a world where us rational, logical,
> scientific types run the show? Man, what a place that would be if our
> words on this list could be backed up with an army and secret police ...
> oh yeah ... been there, done that, ca. Oct. 1917.

There was nothing rational or scientific about socialism. Socialism is
based on fear. Stalin and Lenin were neither sane nor scientific. Consider
their biology program as an example.

You cast one as another, and do a disservise in the process.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Dan Cross]

Jim Choate <ravage@einstein.ssz.com> writes:
> Dan, as usual your argument is so full of holes. Now go back and look at
> the context of those statements instead of taking them out of it and using
> them to your own emotional ends.
>
> Each one of them was in response to others out of line behaviour. I stand
> behind them in their context.

Wow.  What a great way to resolve your disagreements with others.
Whenever someone says something you don't like, extend your middle
finger and shout, ``fuck you!''

> Let's pick one, it's my favorite, 'fuck your t-shirts' was said to the
> VN rep who made one of the most snide and stupid comments I've ever heard
> from a commercial rep to a user group. It deservicd a lot more than that,
> why did I say it? Becuase VN has been completey irresponsible in the way
> it deals with user groups and the promotion of Plan 9. The amount of
> effort and work they've put into is clearly demonstrates they really have
> no intent on selling Plan 9 to a -growing- audience. That attitude is what
> I say 'fuck you' to and say so today.

Actually, you made the comment to presotto, who doesn't work for Vita
Nuova, and as far as I know, never did.  What's more, you flipped out
over something that Charles Forsyth said that was entirely innocent and
not rude at all, but you interpreted it as such.  When it was pointed
out to you why it wasn't rude, your flared.

> Oh, you forgot the 'inbred' comment....you're slipping.

Yes, I did forget it.  But there's such a large corpus to choose from,
I can hardly be faulted for it.

> It says a lot that you keep this on hand saved up for an attempted shot
> across the bow.

Please.

	- Dan C.

Re: [9fans] ISP filtering - update

[ron minnich]

On Thu, 25 Sep 2003, Jim Choate wrote:

> You cast one as another, and do a disservise in the process.

you're right. we're worse.

ron

Re: [9fans] ISP filtering - update

[Joel Salomon]

Will someone accept a new name for the anti-neutron? Even with the
neutron's charge, an antiparicle *still* exists.

--Joel

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

ron minnich wrote

> that was the complaint of the blacklisters. It was hard to take anonymous
> people in China to court under US Laws. China, for some reason, did not
> appear to want to cooperate.

And there is more recourse against the operator of a server in China than,
say, an operator of a dozen servers with one in Nigeria, one in Antigua, one
in the Jersey Islands, etc. Picture an Akamai for thieves and pornographers.

> Actually, concerning the current tone of this discussion, is it not
> comforting that we didn't end up with a world where us rational, logical,
> scientific types run the show? Man, what a place that would be if our
> words on this list could be backed up with an army and secret police ...
> oh yeah ... been there, done that, ca. Oct. 1917.

Isn't Slobodan Milosevic a psychiatrist?

Howbout the remarkable intellectual named Josef Goebbels?

wk

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Dan Cross wrote:

> Wow.  What a great way to resolve your disagreements with others.
> Whenever someone says something you don't like, extend your middle
> finger and shout, ``fuck you!''

No Dan, that's you. It's not that I don't agree with them, that is
irrelevant to the comments I made. My response, as with you butthead, is
to the tone of your submission and it's intent.

There are three ways to say something,

positive, neutral, and negative.

Say something to me negative expect to get a negative back. I don't start
it but I'll damn well finish it if I have to.

As usual you take it out of context.

Ta ta.


 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, ron minnich wrote:

> On Thu, 25 Sep 2003, Jim Choate wrote:
>
> > You cast one as another, and do a disservise in the process.
>
> you're right. we're worse.

I'm not sure I agree with that. I can say that during the 20th century
several million peoples were killed simply because they didn't agree with
one party or another.

I have no desire to see that continued.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

 From Jim Choate

> Dan, as usual your argument is so full of holes. Now go back and look at
> the context of those statements instead of taking them out of it and using
> them to your own emotional ends.
>
> Each one of them was in response to others out of line behaviour. I stand
> behind them in their context.

Hey, Jim, I admit the spelling correction was just to push your buttons (and
I admit to enjoying the result) but how was my preceding message that
continued your doorbell metaphor out of line?

Wes

Re: [9fans] ISP filtering - update

[David Presotto]

nortuen?

nice to see some relevance coming to the discussion.

Re: [9fans] ISP filtering - update

[David Presotto]

On Thu Sep 25 14:04:56 EDT 2003, salomo3@cooper.edu wrote:
> > That's because 99.9% of you don't understand the problem.
>
> Are there a thousand of us that such a measurement means anything? Or are
> there 500 9fans and one of us half understands something?
>
> --Joel

Or maybe we're just 2000 halfwits.

Re: [9fans] ISP filtering - update

[mirtchov]

> There was nothing rational or scientific about socialism. Socialism is
> based on fear. Stalin and Lenin were neither sane nor scientific. Consider
> their biology program as an example.

Marx and Engels were scientific.  Lenin too, to the extent that he
contemplated on the previous two's musings.  Socialism (and Communism
for that matter) are based on a very solid theoretical background.
Pity they didn't force you to read "Das Kapital" in high school :)

Ultimately it didn't work in Russia for the same reason it wouldn't
work in Texas -- the people aren't right for it there.

It works on other places -- look at Sweden.  So many russians come to
Canada to discover that indeed socialism could be, and is,
implemented.

But I digress.  What was the original topic of discussion again?  Oh,
right, Plan 9...

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003, Wes Kussmaul wrote:

> Hey, Jim, I admit the spelling correction was just to push your buttons (and
> I admit to enjoying the result) but how was my preceding message that
> continued your doorbell metaphor out of line?

I wasn't addressing that message.

The point of the doorbell analogy is to make some comparison between well
understood limits on behavior and how that maps onto new technology.

It's just like the 4th search and the courts running around asking
questions about this that or the other being allowed. The bottem line  is
that if you have probable cause any method is allowed. What the courts
want to avoid is the probable cause in the first place. In general (and if
it isn't general why are the laws there and were passed with so little
opposition?) the powers that be want to make sure that we keep doing the
same old same old. It means the status quo stays, but that isn't the point
of a free market. The point of a free market is to find better ways, this
means those who stick to the old ways lose what they got. Simply because
you're rich today doesn't mean you have a right to keep it tomorrow, if it
did how did you get it in the first place (I'm assuming your business was
more efficient and not more criminal but examples of both abound)?

The real point that few seem to get is that the means or mechanism isn't
the issue. How one does something abusive is irrelevant, what we punish is
being abusive.

That the current law recognized electrons tied to a person as sufficient
to hold the person accountable for their behavior yet doesn't recognize
that other electrons acting in proxy for that person in another
technology doesn't is a flaw in the law, the technology is irrelevant.
Whether I ring your doorbell or your sendmail, it is still yours to decide
how it should be used (within limits of course).

The purpose of a doorbell is to let people know they have visitors. The
same for a street address or a email address. When somebody abuses that
then nail their scummy ass to the wall for a warning to the next
reprobate.

Another aspect is that business don't have rights (irrespective of the
wrong headed laws that was passed after the Civil War) and yet we as
citizens have sat on our butts and been lead to a world where business now
controls the very system that was put up to protect us from it. It amazes
me that so few people understand Santyana.

Part of that was the growth of socialism in the late 1800's and how
different ideas have crept into other political views. Look at the way the
personal income tax was passed. The mechanism alone is enough, in a honest
democracy, to have it invalidated. Consider, my right to religion and the
1st stricture against infringing it. Yet the tax laws do that every time
that a person is put to death using public funds. I am forced to
participate in the murder of another human being. Now some will argue that
what they did justified this. Bullshit. Let he without stone cast the
first stone. And what did the person in that example who was without sind
od? Told the adultress to go home and sin no more. Stop throwing stones.
One persons failure does not justify your own. But one does have a right
to use force in -immediate- self defence to ensure that such an attack
against themselves and future attacks against others are stopped at that
point in time. Once that immediacy issue is over, the killer is in
custody, no immediate threat remains and hence no justification for
capital punishment remains.

A similar failure in legal logic is the 'fire in a theatre' argument about
controlling speech. Consider if I cause damage in a theatre, even with
speech, the owner of the theatre and the patrons harmed have both civil
and criminal recourse to make me pay. However, the courts use this in a
very slimey manner to justify -a priori- limitations on speech with the
supposition that harm -might- occur. Mainly harm to their political or
economic position.

It's just a guess on my part but a reasonably well democracy could
probably function on about 200 laws. They just need to be based on
principle and not political/economic expediency.

Hope that is clearer.

To all and sundry, I've other things to do now that are way more
important. I'm out of here, color me Casper as I'm going to d-key on my
end from this point on.


 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Jim Choate]

On Thu, 25 Sep 2003 mirtchov@cpsc.ucalgary.ca wrote:

> Marx and Engels were scientific.

Not hardly, they certainly threw numbers around but that's hardly
scientific.

Try reading a Communist Manifesto sometime. I can hardly get through the
first section without giving up in frustration.

 -- --

God exists because mathematics is consistent, and the Devil exist because we
can't prove it.
                          Andre Weil, in H. Eves, Mathematical Circles Adieu

      ravage@ssz.com                            jchoate@open-forge.com
      www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[boyd, rounin]

> There are three ways to say something,
>
> positive, neutral, and negative.
>
> Say something to me negative expect to get a negative back. I don't start
> it but I'll damn well finish it if I have to.

there are 3 answers to every question:

    - yes
    - no
    - hmm, judgement call

most Spec Ops forces do mock interrogations.  what they want is intelligent
killers and not serious psychopaths.  the latter are always failed.

Re: [9fans] ISP filtering - update

[mirtchov]

> Not hardly, they certainly threw numbers around but that's hardly
> scientific.

*poof*, there goes 70 years worth of Dialectic Materialism in the
Soviet Union..  they've been living a lie all these years, behind the
Iron Courtain :)

With apologies to D. Adams:

	"The Great Hyperlobic Omni-Cognate Neutron Wrangler," said
	Deep Thought thoroughly rolling the r's, "could talk all four
	legs off an Arcturan MegaDonkey - but only Choate could
	persuade it to go for a walk afterwards."

Re: [9fans] ISP filtering - update

[boyd, rounin]

> I'm not sure I agree with that. I can say that during the 20th century
> several million peoples were killed simply because they didn't agree with
> one party or another.
>
> I have no desire to see that continued.

There's nothing wrong with shooting, just as long as the right people get shot.

    -- Harry Calahan

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Will someone accept a new name for the anti-neutron? Even with the
> neutron's charge, an antiparicle *still* exists.

charge?  iirc they are notoriously hard to detect, 'cos they have no charge.

or did you mean anti-neuron? ;)

Re: [9fans] ISP filtering - update

[boyd, rounin]

> It works on other places -- look at Sweden.

oh no it don't.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Boyd had the right idea (not the current one (though that one's good too))
> but... let's see if I can find it... quoted it in my book...
>
>     The final solution is to either beef up IP (bad idea) or replace
>     it with a mutually authenticaticated, encrypted protocol.

that's it.  thanks.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> The final solution is to either beef up IP (bad idea) or replace
> it with a mutually authenticaticated, encrypted protocol.

i need to read up on ZKPs, but not today.  well, i read a 'bit' :)

a simpler solution would be to add to ESMTP some cool
auth option.  maybe there is one, but i already have too
many things to juggle, read and do.  if i'm gonna read an
rfc it's gonna burn a lotta energy.

you _do not_ mis-implement an rfc.  not in my beloved corps.

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> > Boyd had the right idea (not the current one (though that one's good
too))
> > but... let's see if I can find it... quoted it in my book...
> >
> >     The final solution is to either beef up IP (bad idea) or replace
> >     it with a mutually authenticaticated, encrypted protocol.
>
> that's it.  thanks.

It really is the right place to start.

Now the trick(s) is (are)

1. Who can you rely on to authenticate identities and enroll people with
meaningful credentials, i.e. key pairs

2. How do you protect individual privacy once people start using these
universal identifiers

3. (ducking) access to key escrow for law enforcement

4. Reality check: who's going to pay for it

Please please please do not start a flame war over #3. We are all way too
busy for that.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Now the trick(s) is (are)

i'm workin' on it ;)

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

----- Original Message -----
From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Sent: Thursday, September 25, 2003 4:16 PM
Subject: Re: [9fans] ISP filtering - update


> > The final solution is to either beef up IP (bad idea) or replace
> > it with a mutually authenticaticated, encrypted protocol.
>
> i need to read up on ZKPs, but not today.  well, i read a 'bit' :)

Stefan Brands,  _Rethinking Public Key Policy & Building In Privacy_ , ISBN
0262024918

> a simpler solution would be to add to ESMTP some cool
> auth option.  maybe there is one, but i already have too
> many things to juggle, read and do.  if i'm gonna read an
> rfc it's gonna burn a lotta energy.
>
> you _do not_ mis-implement an rfc.  not in my beloved corps.

Instead you write a new one. And since a lot of what's called for is outside
the realm of technology, you need a new organization to deal with the
non-tech parts. That's the formal source of the rfc.

wk

Re: [9fans] ISP filtering - update

[David Presotto]

esmtp is a pretty quick read.  If I were to do something for
mutual auth, that's a reasonable place.  The biggest problem
is controlling entry into the `good guys' group of authenticated
entities.  Who gets to say yeah/nay to people wanting to get in?
At first its easy since there are no grey areas.  I would be
perfectly happy if entry was controlled by the conjunction
of boyd, cross, and choate.  I figure anyone that all three found
acceptable would be pretty milktoast.  Over time, it'll become
harder but I'ld be happy with a single registry that contains
certificates of good guys.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Over time, it'll become harder but I'ld be happy with
> a single registry that contains certificates of good guys.

funny you mention that.  i was idly thinking about how you'd build one.

oh shit, i split an infinitive.

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Thu, Sep 25, 2003 at 11:25:19PM +0200, boyd, rounin wrote:
> oh shit, i split an infinitive.

So what?  This is English not Latin.

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Thu, Sep 25, 2003 at 12:45:20PM -0500, Jim Choate wrote:
>
> Trespass isn't a crime if you're not home

Rather depends upon the nature of the respective legal system.
Here there is no such crime as trespass.  Go a hundred miles or so south,
and there is.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> > Trespass isn't a crime if you're not home
>
> Rather depends upon the nature of the respective legal system.

bingo.

iirc i know one legal system where you are only trespassing _after_
you have been asked to leave and refuse to.

Re: [9fans] ISP filtering - update

[Andrew Simmons]

At 22:36 25/09/2003 +0100, you wrote:
>On Thu, Sep 25, 2003 at 11:25:19PM +0200, boyd, rounin wrote:
> > oh shit, i split an infinitive.
>
>So what?  This is English not Latin.

It wasn't an infinitive anyway. Is it even possible to split an infinitive
in Latin?

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Thu, Sep 25, 2003 at 11:47:44PM +0200, boyd, rounin wrote:
> iirc i know one legal system where you are only trespassing _after_
> you have been asked to leave and refuse to.

As I recall,  that's the case (at least sometimes) in England.

e.g. if someone walks up your garden path,  they aren't trespassing
'til asked to leave.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> It wasn't an infinitive anyway.

yeah, it wasn't.  the 'grammar war' and 3 hours sleep have not
improved my thinking.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> As I recall,  that's the case (at least sometimes) in England.
>
> e.g. if someone walks up your garden path,  they aren't trespassing
> 'til asked to leave.

yup it's oz law, based on english law.

i think it gets kinda vague if you open the door and watch the tv.

maybe you'd be done for 'entering' (as in 'breaking and entering'), if
such a crime exists.  theft, maybe, 'cos you 'stole' the electricity
by turning the tv on, but i digress ...

Re: [9fans] ISP filtering - update

[Tristan Seligmann]

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

On Fri, Sep 26, 2003 at 09:50:17 +1200, Andrew Simmons wrote:
> It wasn't an infinitive anyway. Is it even possible to split an infinitive 
> in Latin?

No, it's not.

mithrandi

[-- Attachment #2.1: Type: text/plain, Size: 309 bytes --]

The following attachment had content that we can't
prove to be harmless.  To avoid possible automatic
execution, we changed the content headers.
The original header was:

	Content-Type: application/pgp-signature; name="signature.asc"
	Content-Description: Digital signature
	Content-Disposition: inline

[-- Attachment #2.2: signature.asc.suspect --]
[-- Type: application/octet-stream, Size: 196 bytes --]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/c2fsgfSlm3IcLfgRAs8uAJ4/cETIi1TIvZvvu1Q6b+EowmCnmACfU18T
upp2qrpCGme/xB9/KW466WI=
=sTYR
-----END PGP SIGNATURE-----

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Fri, Sep 26, 2003 at 09:50:17AM +1200, Andrew Simmons wrote:
>
> It wasn't an infinitive anyway. Is it even possible to split an infinitive
> in Latin?

That's the point.  Latin has single word infinitives,  English doesn't.

The whole 'split infinitive' crusade seems to have been started by some
nutty Grammer School teachers who have wanted to make comparisions to
Latin.

Re: [9fans] ISP filtering - update

[Dan Cross]

David Presotto <presotto@closedmind.org> writes:
> [...] I would be
> perfectly happy if entry was controlled by the conjunction
> of boyd, cross, and choate.  I figure anyone that all three found
> acceptable would be pretty milktoast.  [...]

That would only be true if you accepted the axiom of choice.

	- Dan C.

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Fri, Sep 26, 2003 at 12:08:14AM +0200, boyd, rounin wrote:
>
> i think it gets kinda vague if you open the door and watch the tv.
>
> maybe you'd be done for 'entering' (as in 'breaking and entering'),

Yeah - I'm not sure there either,  though I suspect the common law will
be that if there was no form of lock,  then there is no crime.

> if such a crime exists.  theft, maybe, 'cos you 'stole' the electricity

I guess.  I recal before the 'computer crime' laws were added,  people were
charged (amost other things) with stealing electricity.

Mind I'm not sure if burglary would apply unless you put the electricity
in a bucket and carried it away with you.

Re: [9fans] ISP filtering - update

[ron minnich]

On Thu, 25 Sep 2003, boyd, rounin wrote:

> oh shit, i split an infinitive.


when you do that, do you get a finitive and a -finitive? this physics
stuff always leaves me confused.

I remember hearing that Plan 9 once ran the 800 service for ATT. A
registry of good guys would be a bit smaller than the register of 800
numbers, I hope. Seems like a plan.

ron

Re: [9fans] ISP filtering - update

[boyd, rounin]

how about putting the text in the message body and not as attachments?

Re: [9fans] ISP filtering - update

[boyd, rounin]

> That's the point.  Latin has single word infinitives,  English doesn't.

eh?  to boldy go ...

Re: [9fans] ISP filtering - update

[boyd, rounin]

> David Presotto <presotto@closedmind.org> writes:
> > [...] I would be
> > perfectly happy if entry was controlled by the conjunction
> > of boyd, cross, and choate.  I figure anyone that all three found
> > acceptable would be pretty milktoast.  [...]
>
> That would only be true if you accepted the axiom of choice.

i fear it would be the null list with such a 'trinity'.

anyway what is 'milktoast', apart from a band, a guy i refused to hire,
given he had such a login name and didn't belong in my beloved corps?

Re: [9fans] ISP filtering - update

[D. Brownlee]

>
> That's the point.  Latin has single word infinitives,  English doesn't.
>

Latin actually has some two-worded infinitives; for example,
"portaturus esse" -- "to be about to carry" (future infinitive),
where the present infinitive is "portare." So, a Latin infinitive
could be "split," if "to split" is to insert something between the
first and second words.

"portatus esse" may be the perfect passive infinitive -- I may
be mistaken.

Re: [9fans] ISP filtering - update

[Andrew Simmons]

At 16:10 25/09/2003 -0700, you wrote:

>>That's the point.  Latin has single word infinitives,  English doesn't.
>
>Latin actually has some two-worded infinitives; for example,
>"portaturus esse" -- "to be about to carry" (future infinitive),
>where the present infinitive is "portare." So, a Latin infinitive
>could be "split," if "to split" is to insert something between the
>first and second words.
>
>"portatus esse" may be the perfect passive infinitive -- I may
>be mistaken.

That's the trouble with this list. No matter what topic I choose to spout
ill-informed drivel on, there's always some one who knows what they're
talking about.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> That's the trouble with this list. No matter what topic I choose to spout
> ill-informed drivel on, there's always some one who knows what they're
> talking about.

i disagree.  99.9% of the readers are idiots ;) or whatever the choate-ism was
:(

Re: [9fans] ISP filtering - update

[Derek Fawcus]

On Thu, Sep 25, 2003 at 04:10:59PM -0700, D. Brownlee wrote:
>
> > That's the point.  Latin has single word infinitives,  English doesn't.
>
> Latin actually has some two-worded infinitives; for example,
> "portaturus esse" -- "to be about to carry" (future infinitive),
> where the present infinitive is "portare." So, a Latin infinitive
> could be "split," if "to split" is to insert something between the
> first and second words.
>
> "portatus esse" may be the perfect passive infinitive -- I may
> be mistaken.

Well what d'ya know.   So I guess it must come (ref to anal latin teachers)
from there being some rule in latin grammer that such infinitives shouldn't
have another word inserted between them?  Whereas english has alowed this
form.

actually one quote I always liked (can't remember from whom) is that

   "grammer is the dead husk left as a language evolves"

DF

Re: [9fans] ISP filtering - update

[D. Brownlee]

Dunno -- can't cite any examples.
But even the Romans took liberties.
In the case of the two-worded infinitives,
the second word, "esse," may be omitted.

So, I just looked-up "split infinitives" in a dusty
"Harbrace College Handbook" (must have been printed
on acid-free paper), and it says:

   AWKWARD You should now begin to, if you wish to succeed,
           hunt for a job.

   BETTER  If you wish to succeed, you should now begin
           to hunt for a job.

   Note: Although all split infinitives were once considered
   undesirable, those needed for smoothness or clarity are now
   acceptable.

     Americans seem to always be searching for something new.
                                                   - NEWSWEEK

In English, or any language, in my occasionally mistaken opinion,
it shouldn't matter as long as an "ungrammatical" expression
is understandable; "he be over there," for example.


Derek Fawcus wrote:
> On Thu, Sep 25, 2003 at 04:10:59PM -0700, D. Brownlee wrote:
>
>>>That's the point.  Latin has single word infinitives,  English doesn't.
>>
>>Latin actually has some two-worded infinitives; for example,
>>"portaturus esse" -- "to be about to carry" (future infinitive),
>>where the present infinitive is "portare." So, a Latin infinitive
>>could be "split," if "to split" is to insert something between the
>>first and second words.
>>
>>"portatus esse" may be the perfect passive infinitive -- I may
>>be mistaken.
>
>
> Well what d'ya know.   So I guess it must come (ref to anal latin teachers)
> from there being some rule in latin grammer that such infinitives shouldn't
> have another word inserted between them?  Whereas english has alowed this
> form.
>
> actually one quote I always liked (can't remember from whom) is that
>
>    "grammer is the dead husk left as a language evolves"
>
> DF
>

Re: [9fans] ISP filtering - update

[Adrian Tritschler]

Douglas A. Gwyn wrote:

> Jim Choate wrote:
> 
>>Spam is speech, people have a right to try to talk to you.

A "right"?  According to what, I can't see any reference to it in the UN 
declaration of human rights.  Even there it wouldn't help much, since 
many places don't accept that document, or enshrine it in local law.

> Not unless you invite them to.
> If you're thinking about the 1st Amendment to the US constitution,

Is that relevant to an account in Australia receiving spam from Turkey 
via a Korean spammer?

> that is just a prohibition against government suppression of
> otherwise normal political discourse, not permission for others
> to intrude themselves upon your attention.

Maybe *your* government against suppression of *your* political 
discourse, not particularly relevant w.r.t. the international nature of 
the Internet.

We can't even successfully prosecute the law between seperate states in 
a single country, what chance has an attempt at prosecuting spammers in 
law got?

	Adrian

---------------------------------------------------------------
Adrian Tritschler                          mailto:ajft@ajft.org
Latitude 38°S, Longitude 145°E, Altitude 50m,      Shoe size 44
---------------------------------------------------------------

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Thu, Sep 25, 2003 at 04:46:06PM -0400, David Presotto wrote:
>
> esmtp is a pretty quick read.  If I were to do something for
> mutual auth, that's a reasonable place.  The biggest problem
> is controlling entry into the `good guys' group of authenticated
> entities.  Who gets to say yeah/nay to people wanting to get in?
> At first its easy since there are no grey areas.  I would be
> perfectly happy if entry was controlled by the conjunction
> of boyd, cross, and choate.  I figure anyone that all three found
> acceptable would be pretty milktoast.  Over time, it'll become
> harder but I'ld be happy with a single registry that contains
> certificates of good guys.

Agreed on the entrance qualifications.  But as for the contents of
the list, the same judges could be used in an "or" rather than
"and" fashion to promote a blacklist (Choate would be in an envious
position, although he'd squirm his way out of it with some hand
waving of philosophical higher principle) that requires you to
justify being dropped.

Hm, how do we put everyone in there to start with?

No, the right idea is to build your own, white- or blacklist.  In
PGP, you ask your friends to sign your key, eventually you may be
lucky to hit common signatories and the web of trust starts happening.
Can't say I've seen it in action, but it may well work.

A new RFC suits me just fine, I'll toss PGP or the PKI web of trust
Thawte suggested (someone mailed me a URL, but I didn't get to it
- still, I may be able to approach Shuttleworth if it's necessary)
as the authentication/non-repudiation protocol, with legal implications
(call it a contract to avoid having to legislate it) if a sender
turns out to be harrassing its recipients.

++L

Re: [9fans] ISP filtering - update

[David Lukes]

boyd, rounin wrote:

>maybe you'd be done for 'entering' (as in 'breaking and entering'), if
>such a crime exists.  theft, maybe, 'cos you 'stole' the electricity
>by turning the tv on, but i digress ...
>
>
Maybe you don't digress ...
it wouldn't surprise me if the first criminal prosecution of a spammer
was under some ancient common law such as deprivation right to natural light
by sending spams with black backgrounds.

BTW: regarding the
"you wouldn't be stealing the electricity unless you took the electrons
off the premises in a bucket" argument":
remind me to walk into the proponents house,
   eat the contents of their refrigerator then leave (after digestion,
of course).

An afterthought: you have stolen the photons that landed on your retinas.

Now back to normal programming ...
After these messages: ChoateWar!!!

    Dave.

Re: [9fans] ISP filtering - update

[Marcus Andersson]

ravage@einstein.ssz.com (Jim Choate) wrote in message news:<Pine.LNX.4.33.0309251405400.3289-100000@einstein.ssz.com>...
> On Thu, 25 Sep 2003 mirtchov@cpsc.ucalgary.ca wrote:
> 
> > Marx and Engels were scientific.
> 
> Not hardly, they certainly threw numbers around but that's hardly
> scientific.

Whatever one thinks of Mr Marx...  but it is a fact that parts of
marxist theory is taken seriously in all university basic economics
classes.



> Try reading a Communist Manifesto sometime. I can hardly get through the
> first section without giving up in frustration.
> 
>  -- --
> 
> God exists because mathematics is consistent, and the Devil exist because we
> can't prove it.
>                           Andre Weil, in H. Eves, Mathematical Circles Adieu
> 
>       ravage@ssz.com                            jchoate@open-forge.com
>       www.ssz.com                               www.open-forge.com

Re: [9fans] ISP filtering - update

[Marcus Andersson]

mirtchov@cpsc.ucalgary.ca wrote in message news:<333a733fcdfce696b4a6019f4ee60cce@plan9.ucalgary.ca>...
> > There was nothing rational or scientific about socialism. Socialism is
> > based on fear. Stalin and Lenin were neither sane nor scientific. Consider
> > their biology program as an example.
> 
> Marx and Engels were scientific.  Lenin too, to the extent that he
> contemplated on the previous two's musings.  Socialism (and Communism
> for that matter) are based on a very solid theoretical background.
> Pity they didn't force you to read "Das Kapital" in high school :)
> 
> Ultimately it didn't work in Russia for the same reason it wouldn't
> work in Texas -- the people aren't right for it there.


People aren't right for it anywhere.


> It works on other places -- look at Sweden.  

No it doesn't.

> So many russians come to
> Canada to discover that indeed socialism could be, and is,
> implemented.

Why would they discover that in Canada of all places? 

> But I digress.  What was the original topic of discussion again?  Oh,
> right, Plan 9...

Re: [9fans] ISP filtering - update

[boyd, rounin]

> A new RFC suits me just fine, I'll toss PGP or the PKI web of trust
> Thawte suggested (someone mailed me a URL, but I didn't get to it

no way am i gonna pay ~$50 for an x.509 bit stream which has been 'blessed'.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> > It works on other places -- look at Sweden.
>
> No it doesn't.

it most certainly doesn't work.  i came, i saw, i got the fuck out.

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 378 bytes --]

> No, the right idea is to build your own, white- or blacklist.  In
> PGP, you ask your friends to sign your key, eventually you may be
> lucky to hit common signatories and the web of trust starts happening.
> Can't say I've seen it in action, but it may well work.

SMTP mostly comes from providers (ISP's) and not your friends (unless
your friends happen to own ISP's).

[-- Attachment #2: Type: message/rfc822, Size: 4203 bytes --]

From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 06:33:28 +0200
Message-ID: <20030926063328.C19995@cackle.proxima.alt.za>

On Thu, Sep 25, 2003 at 04:46:06PM -0400, David Presotto wrote:
>
> esmtp is a pretty quick read.  If I were to do something for
> mutual auth, that's a reasonable place.  The biggest problem
> is controlling entry into the `good guys' group of authenticated
> entities.  Who gets to say yeah/nay to people wanting to get in?
> At first its easy since there are no grey areas.  I would be
> perfectly happy if entry was controlled by the conjunction
> of boyd, cross, and choate.  I figure anyone that all three found
> acceptable would be pretty milktoast.  Over time, it'll become
> harder but I'ld be happy with a single registry that contains
> certificates of good guys.

Agreed on the entrance qualifications.  But as for the contents of
the list, the same judges could be used in an "or" rather than
"and" fashion to promote a blacklist (Choate would be in an envious
position, although he'd squirm his way out of it with some hand
waving of philosophical higher principle) that requires you to
justify being dropped.

Hm, how do we put everyone in there to start with?

No, the right idea is to build your own, white- or blacklist.  In
PGP, you ask your friends to sign your key, eventually you may be
lucky to hit common signatories and the web of trust starts happening.
Can't say I've seen it in action, but it may well work.

A new RFC suits me just fine, I'll toss PGP or the PKI web of trust
Thawte suggested (someone mailed me a URL, but I didn't get to it
- still, I may be able to approach Shuttleworth if it's necessary)
as the authentication/non-repudiation protocol, with legal implications
(call it a contract to avoid having to legislate it) if a sender
turns out to be harrassing its recipients.

++L

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 08:07:16AM -0400, David Presotto wrote:
>
> > No, the right idea is to build your own, white- or blacklist.  In
> > PGP, you ask your friends to sign your key, eventually you may be
> > lucky to hit common signatories and the web of trust starts happening.
> > Can't say I've seen it in action, but it may well work.
>
> SMTP mostly comes from providers (ISP's) and not your friends (unless
> your friends happen to own ISP's).

But SMTP "has" to specify a MAIL FROM which should match a whitelist
entry (with certificate to stop repudiation).  That doesn't take
much unless the certificate needs to be exchanged too.

The other option is to use SSL or TLS to carry SMTP (surely such
a thing already exists?) and assign responsibility for delivered
spam to the client establishing the session.  In other words, I
inspect your certificate, decide I can identify you in front of
a judge and accept the mail.  Otherwise, you're out of luck.

++L

Re: [9fans] ISP filtering - update

[boyd, rounin]

> SMTP mostly comes from providers (ISP's) and not your friends (unless
> your friends happen to own ISP's).

yup, i'm thinking about a clever auth method based on a cryptographic hash:

    - 'public key' is some random string
    - shared secret is a shared string
    - cat the two and hash them

i need to think about this more.

i don't care about encryption.  i want authentication [ZKP]. reading
_network security_ i see the example is based on transforms on large
graphs.

the public key is a list of large [500 node] graphs while the private key
is the transform between randomly chosen graphs and an isomorphic
graph.  as the doc says 'this is impracticle'.

then i started to think about graphs.  now, what is the web?

this is all probably flawed, but i haven't given up yet.  buddy, can you
spare a neuron?

Re: [9fans] ISP filtering - update

[David Presotto]

On Fri Sep 26 08:15:58 EDT 2003, lucio@proxima.alt.za wrote:
> The other option is to use SSL or TLS to carry SMTP (surely such
> a thing already exists?) and assign responsibility for delivered
> spam to the client establishing the session.

It does indeed, our SMTP supports it thanks to Dan.

>   In other words, I
> inspect your certificate, decide I can identify you in front of
> a judge and accept the mail.  Otherwise, you're out of luck.

Yes that is indeed the scheme we're talking about.  The problem is
proving anything.  If most mail is delivered by a third party
(i.e. an ISP) and you only have certs belonging to your friends
then you have nothing to check unless you have CERTs for the
ISPs.  Somewhere we need a list of credible ISP CERTs.

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 08:21:51AM -0400, David Presotto wrote:
>
> It does indeed, our SMTP supports it thanks to Dan.
>
Yes, I've been meaning to explore this in detail, but I've been
accepting it as gospel truth in the meantime :-(

> >   In other words, I
> > inspect your certificate, decide I can identify you in front of
> > a judge and accept the mail.  Otherwise, you're out of luck.
>
> Yes that is indeed the scheme we're talking about.  The problem is
> proving anything.  If most mail is delivered by a third party
> (i.e. an ISP) and you only have certs belonging to your friends
> then you have nothing to check unless you have CERTs for the
> ISPs.  Somewhere we need a list of credible ISP CERTs.

Well, the alternative I had in mind was to have a short dialogue:

S: Are you willing to accept responsibility for this piece of mail?
C: Me?! you must be joking!  This is spam disguised as a virus.
S: Cool, go try your luck elsewhere.

Also, I'm not sure so many ISPs are responsible for delivering mail
over SMTP.  Certainly, I have been proposing to my clients that
they set up a small dial-in server for their travelling users to
dial into instead of risking ISP inspection of what could be
confidential information.  Over time, I think this may well become
a trend unless (or maybe especially if) the POTS migrates to IP.

Then again, my life brightens up when people suggest using UUCP to
deliver mail (or transfer files from Windows, as I wish I could do
in one recent instance).  Has nobody tried to port BNU or Taylor
UUCP to Plan 9?

++L

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 977 bytes --]

-> random1
<- random2, hmac(random1, shared key)
-> hmac(random2, shared key)

This is incredibly weak authenitcation (susceptible to main in the middle)
but works if all you're trying to do is keep out spammers who ar just
injecting messages from their home machines.  They can't authenticate
without knowing the shared key.

The problem is always how many shared keys are there.  You could have
one per pair of communicating individuals but then you need an introduction
protocol.  You could have a trusted third party to automate that
introduction and you've essentially got plan 9's authentication protocol
(we mix with DES rather than a keyed hash but its pretty much the same).

Public keys have the advantage that the amount of cruft kept secret
is small, i.e., your own private key part and nothing else.  You don't
need cert's per se.  Just a place to get public keys that you trust.
That could be a place that just has to be kept secure, not secret.

[-- Attachment #2: Type: message/rfc822, Size: 2875 bytes --]

From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 14:14:13 +0200
Message-ID: <063c01c38427$b3339900$b9844051@insultant.net>

> SMTP mostly comes from providers (ISP's) and not your friends (unless
> your friends happen to own ISP's).

yup, i'm thinking about a clever auth method based on a cryptographic hash:

    - 'public key' is some random string
    - shared secret is a shared string
    - cat the two and hash them

i need to think about this more.

i don't care about encryption.  i want authentication [ZKP]. reading
_network security_ i see the example is based on transforms on large
graphs.

the public key is a list of large [500 node] graphs while the private key
is the transform between randomly chosen graphs and an isomorphic
graph.  as the doc says 'this is impracticle'.

then i started to think about graphs.  now, what is the web?

this is all probably flawed, but i haven't given up yet.  buddy, can you
spare a neuron?

Re: [9fans] ISP filtering - update

[David Presotto]

On Fri Sep 26 08:46:00 EDT 2003, lucio@proxima.alt.za wrote:
> Also, I'm not sure so many ISPs are responsible for delivering mail
> over SMTP.  Certainly, I have been proposing to my clients that

Surely you jest.  Every cable provider, DSL provider, telco, railroad,
band big company in the USA is a store and forward SMTP server.

I think they could all be brought into the fold since it only increases
the cost of entering their club.  I'm worried about places like China
though.  My friends there have the choice of using multiple ISP's
all of whom are also great spam generators.  I can't trust them
in any case but don't want to stop talking to my friends.

If I have authenticated SMTP agents, I also need authenticated mail
messages to cover the people who can't use authenticated SMTP agents.

Re: [9fans] ISP filtering - update

[rog]

[-- Attachment #1: Type: text/plain, Size: 277 bytes --]

none of this works if spammers use dubious means
(e.g. viruses) to harness home machines (and by implication
the authentication info that allows the home user to send emails)
to send their spam for them.

doesn't this already happen?
or is it just for the DDOS attacks?

[-- Attachment #2: Type: text/plain, Size: 1087 bytes --]

Content-Disposition: inline
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

-> random1
<- random2, hmac(random1, shared key)
-> hmac(random2, shared key)

This is incredibly weak authenitcation (susceptible to main in the middle)
but works if all you're trying to do is keep out spammers who ar just
injecting messages from their home machines.  They can't authenticate
without knowing the shared key.

The problem is always how many shared keys are there.  You could have
one per pair of communicating individuals but then you need an introduction
protocol.  You could have a trusted third party to automate that
introduction and you've essentially got plan 9's authentication protocol
(we mix with DES rather than a keyed hash but its pretty much the same).

Public keys have the advantage that the amount of cruft kept secret
is small, i.e., your own private key part and nothing else.  You don't
need cert's per se.  Just a place to get public keys that you trust.
That could be a place that just has to be kept secure, not secret.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> -> random1
> <- random2, hmac(random1, shared key)
> -> hmac(random2, shared key)

i know.  i really want my final solution:

    The final solution is to either beef up IP (bad idea) or replace
    it with a mutually authenticaticated, encrypted protocol.

but there are problems with that too:  backwards compatibility,
a heap of work, integration, testing, QA, ...

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 08:58:42AM -0400, David Presotto wrote:
> On Fri Sep 26 08:46:00 EDT 2003, lucio@proxima.alt.za wrote:
> > Also, I'm not sure so many ISPs are responsible for delivering mail
> > over SMTP.  Certainly, I have been proposing to my clients that
>
> Surely you jest.  Every cable provider, DSL provider, telco, railroad,
> band big company in the USA is a store and forward SMTP server.
>
I actually don't, but that's because here in Africa bandwidth is
still the currency of the Internet.  But I ought to have pointed
out that there are (meant to be) damn few open SMTP relays, so ISPs
ought (and are able) to identify the clients that stray.  Once this
goes to court instead of the client being dismissed (we have
ridiculously tight, recent legislation in respect of identification
of users of telecommunications service in South Africa; laughable,
in fact, but it could be made to have teeth) with a rap on the
knuckles or less, it may slow spamming and malicious mailing down.

> I think they could all be brought into the fold since it only increases
> the cost of entering their club.  I'm worried about places like China
> though.  My friends there have the choice of using multiple ISP's
> all of whom are also great spam generators.  I can't trust them
> in any case but don't want to stop talking to my friends.
>
Ideally, the ISP ought to be the "agent" for the endpoint.  It
baffles me that we find it so difficult to deal with direct
connections.  After all, if Plan 9 smtpd does authentication, what
would it take for you to issue your Chinese friends with certificates,
ask them to connect directly to Bell Labs' server if their mail by
another path is rejected?  How much would SMTP need to change to
escalate the connection at the user agent level?  To put (hopefully)
more plainly, Outlook speaks SMTP, attempts to deliver through ISP
server, gets rejected (oops, that will be store and forward, so
notification will take a little while, unfortunately) so uses a
direct circuit to Bell Labs second time 'round.

The opposite may also work: try the MX for the destination first,
with a bit of luck you'll have a certificate to grant you access.
If not, you're stuck with your most accommodating ISP.

> If I have authenticated SMTP agents, I also need authenticated mail
> messages to cover the people who can't use authenticated SMTP agents.

That is an orthogonal issue, isn't it?

++L

Re: [9fans] ISP filtering - update

[David Presotto]

My friends in china have dial ups.  The cost of a call to the US
is prohibitive.  Having to change their configuration to call
the US only for mail messages to me is just silly.

If we're looking for a solution that only works for people on
9fans to talk to each other, then we don't have to think very
hard.

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 09:33:11AM -0400, David Presotto wrote:
>
> My friends in china have dial ups.  The cost of a call to the US
> is prohibitive.  Having to change their configuration to call
> the US only for mail messages to me is just silly.
>
Hey, that's not what I meant!  Or, yes, I _did_ consider it for my
clients that can afford even (short) international calls, but I
can dial an ISP and establish an SMTP connection with "sources"
through it, surely?  Well, maybe not "sources", but whatever Bell
Labs use as the incoming SMTP server?

> If we're looking for a solution that only works for people on
> 9fans to talk to each other, then we don't have to think very
> hard.

That wasn't it, at all.  I'm just thinking that SMTP with a little
savvy and moderate security (I like to think of it as Certified
MTP, but I'm probably misusing the English language), will go a
long way and requires much greater social adjustment than technical
change.  The former is long overdue anyway.

Sorry if in my terseness I manage to be cryptic too.

++L

Re: [9fans] ISP filtering - update

[rog]

fundamental problem:

i like the fact that people i haven't previously contacted on the net
can email me (but not spammers!).

i like the fact that i can send email out of the blue to someone on
the net (but i'm not a spammer!).


if everyone charged a small sum (e.g.  $.01) for each item of incoming
mail from an address that's not on their whitelist, the spammers
might find it hard going.

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 1681 bytes --]

On Fri Sep 26 09:51:53 EDT 2003, lucio@proxima.alt.za wrote:
> Hey, that's not what I meant!  Or, yes, I _did_ consider it for my
> clients that can afford even (short) international calls, but I
> can dial an ISP and establish an SMTP connection with "sources"
> through it, surely?  Well, maybe not "sources", but whatever Bell
> Labs use as the incoming SMTP server?

You're right, sort of.  Their connectivity is really crappy with very
long delays.  They'ld have to stay connected for a very long time to
make sure of delivery after multiple retries.  Still too much of an
onus to assign them just so they can send mail to me.

On Fri Sep 26 09:53:48 EDT 2003, rog@vitanuova.com wrote:
> fundamental problem:
>
> i like the fact that people i haven't previously contacted on the net
> can email me (but not spammers!).
>
> i like the fact that i can send email out of the blue to someone on
> the net (but i'm not a spammer!).
>

This too is my problem.  If all the major SMTP servers were in the scheme
it would be less of one but still a problem.  Once we started including
enough servers to make the scheme useful to me, it would start letting
spam in.

>
> if everyone charged a small sum (e.g.  $.01) for each item of incoming
> mail from an address that's not on their whitelist, the spammers
> might find it hard going.
>

It's been proposed often.  One possible way to do it is to do something
computationally difficult to slow the home spammer down.  If it takes a
long time to send each message, it would stop being useful.  You could even
drop the requirement for servers you like so that it doesn't slow down all
communication.

[-- Attachment #2: Type: message/rfc822, Size: 3523 bytes --]

From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 15:46:01 +0200
Message-ID: <20030926154600.P19995@cackle.proxima.alt.za>

On Fri, Sep 26, 2003 at 09:33:11AM -0400, David Presotto wrote:
>
> My friends in china have dial ups.  The cost of a call to the US
> is prohibitive.  Having to change their configuration to call
> the US only for mail messages to me is just silly.
>
Hey, that's not what I meant!  Or, yes, I _did_ consider it for my
clients that can afford even (short) international calls, but I
can dial an ISP and establish an SMTP connection with "sources"
through it, surely?  Well, maybe not "sources", but whatever Bell
Labs use as the incoming SMTP server?

> If we're looking for a solution that only works for people on
> 9fans to talk to each other, then we don't have to think very
> hard.

That wasn't it, at all.  I'm just thinking that SMTP with a little
savvy and moderate security (I like to think of it as Certified
MTP, but I'm probably misusing the English language), will go a
long way and requires much greater social adjustment than technical
change.  The former is long overdue anyway.

Sorry if in my terseness I manage to be cryptic too.

++L

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 02:55:06PM +0100, rog@vitanuova.com wrote:
>
> fundamental problem:
>
> i like the fact that people i haven't previously contacted on the net
> can email me (but not spammers!).
>
Of course it's a problem: spammers have effectively eliminated this
option altogether.

> i like the fact that i can send email out of the blue to someone on
> the net (but i'm not a spammer!).
>
... and this one, reflexively.
>
> if everyone charged a small sum (e.g.  $.01) for each item of incoming
> mail from an address that's not on their whitelist, the spammers
> might find it hard going.

Charging requires authentication, unless we invent the equivalent
of postage stamps (that's an interesting idea in itself, as the
solution addresses both the issue of microcharging and a global
'net currency).

But once you can extort money out of someone, you can equally
successfully sue them for damages, however small, if they send you
unsolicited mail.  With some legislation in place to exaggerate
the financial impact, the effect will be the same as charging per
message.

++L

Re: [9fans] ISP filtering - update

[rog]

> > if everyone charged a small sum (e.g.  $.01) for each item of incoming
> > mail from an address that's not on their whitelist, the spammers
> > might find it hard going.
>
> It's been proposed often.  One possible way to do it is to do something
> computationally difficult to slow the home spammer down.  If it takes a
> long time to send each message, it would stop being useful.  You could even
> drop the requirement for servers you like so that it doesn't slow down all
> communication.

that shouldn't be hard to do. using SMTP, the protocol might look like:

-> HELO (optional-pk-signature-of-message)
<- 9999 computation required (challenge)
-> COMPUTED (response)
<- 250 go ahead and send me mail
-> MAIL FROM: blahdiblah
etc...

the signature could be taken from the subject line of the message by
the SMTP client; if the public key is not on the recipient's
white-list, or if no signature is provided, then some compute
resources are requested at the client side.

for backward compatibility, you could make the style of HELO
different; mail delivered using old style HELO gets shunted through
the usual spam filtering channels, or (in time) just binned.

in this way, you can give the public keys of those people you like to
the smtp agent, so they don't have to pay the compute cost, but others
can still get through to you. you also have the ability to drop the
connection before receiving any of the message.

i'm probably missing something.

Re: [9fans] ISP filtering - update

[Joel Salomon]

>> Will someone accept a new name for the anti-neutron? Even with the
>> neutron's charge, an antiparicle *still* exists.
>
> charge?  iirc they are notoriously hard to detect, 'cos they have no
> charge.
>
> or did you mean anti-neuron? ;)
>
>

I was commenting on the "three ways to say something: positive, neutral,
and negative." and the fact that some neutral stimuli can provoke violent
reactions.


--Joel

Re: [9fans] ISP filtering - update

[rog]

> the signature could be taken from the subject line of the message by

oops, for "subject line", read "header".

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> i know.  i really want my final solution:
>
>     The final solution is to either beef up IP (bad idea) or replace
>     it with a mutually authenticaticated, encrypted protocol.
>
> but there are problems with that too:  backwards compatibility,
> a heap of work, integration, testing, QA, ...

It is nothing less than building a new layer on top of the Internet.

But if you step back you see that it solves so many problems that it has a
chance.

The thing to start with is not the solution but rather the buzz. How do you
get lots of people thinking along these lines.

(I have some ideas) (as if I needed to mention that.) (488 pages worth)

Re: [9fans] ISP filtering - update

[D. Brownlee]

Is there an analogy here:

We have the post office and several alternate
carriers, like UPS and FedEx. They all use
the same infrastructure to make deliveries:
roads, bridges, etc., but the trucks, offices
and employees are different.

Where is the separation with email?
It seems that all the email carriers use
some of the same infrastructure, like
cables, satellites and networking equipment,
but is software part of that infrastructure? SMTP?

Re: [9fans] ISP filtering - update

[Dan Cross]

> if everyone charged a small sum (e.g.  $.01) for each item of incoming
> mail from an address that's not on their whitelist, the spammers
> might find it hard going.

If you can find them to make them pay.

Some people used to advertise web pages where they would `correct the
spelling of email sent to the following address:'.  The cost would be
US$500/Hour, with a minimum of two hours.  You accepted their services
by sending them email.

Naturally, it didn't work; how do you go through the end of the
anonymous pipe to find who to bill your time to?

One way is just to send Boyd after them with this 92FS (I'd choose a
Ka-Bar, myself).

	- Dan C.

Re: [9fans] ISP filtering - update

[Michael Jeffrey]

What size are you? I'll have a T-shirt despatched today.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> The opposite may also work: try the MX for the destination first,
> with a bit of luck you'll have a certificate to grant you access.
> If not, you're stuck with your most accommodating ISP.

say there are no MX's but the host you are mailing has multiple
IP addresses and they might be forwarders or whatever.

one thing i do know is that BIND returns the A records randomly;
it's there to provide load balancing.

this is a non-trivial problem, in the general case.  i want a solution
for the general case.

patching [E]SMTP is a waste of time.

the whole thing is a nightmare.  it's like a jigsaw puzzle (or IKEA
furniture) and the pieces don't fit.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> It's been proposed often.  One possible way to do it is to do something
> computationally difficult to slow the home spammer down.

i like this idea.  then again, it means i have more procs
hanging around filling up my proc table :(

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Charging requires authentication, unless we invent the equivalent
> of postage stamps ...

sort of, but presotto is right.  slow 'em down, but that means hacks
at the smtp level (as i have outlined).  and they are hacks.  they are
not clean.

i'd like to try out my hack, but just at a logging of what it would do
as a first cut;  leave no man behind, drop no valid message.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> i'm probably missing something.

you are.  you don't get to see the Subject: line (if there is one)
until after DATA and then it's too late.

Re: [9fans] ISP filtering - update

[David Presotto]

our dns also returns the A records randomly

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 33 bytes --]

Not really, they'ld just give up.

[-- Attachment #2: Type: message/rfc822, Size: 2272 bytes --]

From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 21:23:58 +0200
Message-ID: <077801c38463$bcad2b40$b9844051@insultant.net>

> It's been proposed often.  One possible way to do it is to do something
> computationally difficult to slow the home spammer down.

i like this idea.  then again, it means i have more procs
hanging around filling up my proc table :(

Re: [9fans] ISP filtering - update

[David Presotto]

Actually its not a hack, just a payment scheme.  They're paying you
with their cycles.  Now if we could give them some useful work to
do as the computation, we'ld have a really good scheme.

Re: [9fans] ISP filtering - update

[boyd, rounin]

> One way is just to send Boyd after them with this 92FS (I'd choose a
> Ka-Bar, myself).

knives -- i don't like knives 'cos there's no 'stand off' range.

with the M-9/92FS/G-1 i have a 10 metre standoff range (i'm pretty good at 10m
;).

Re: [9fans] ISP filtering - update

[boyd, rounin]

> our dns also returns the A records randomly

cool.  i learnt this thing 'cos mockapetris did a full blown sim on a PDP-10.

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Fri, Sep 26, 2003 at 09:18:42PM +0200, boyd, rounin wrote:
>
> > The opposite may also work: try the MX for the destination first,
> > with a bit of luck you'll have a certificate to grant you access.
> > If not, you're stuck with your most accommodating ISP.
>
> say there are no MX's but the host you are mailing has multiple
> IP addresses and they might be forwarders or whatever.
>
Well, you could tighten up the rules, we are after all trying to
solve a problem.  But multiple MXs remain a problem, as you'd want
to talk to the exchanger that knows you and there is no guarantee
that all MXs have the same certificate list.  Part of the weakness
in RFC-821/2 lies in its fallback recovery features, which is really
where SPAM has hurt the most, forcing Internet services to be
trimmed.

It may be a philosophical point, but I'd still like to make it:
abuse has led to the loss of the socially desirable features of
the Internet.  Addressing the technological issues without restoring
the trust will not bring back the good ole days and that, at the
very minimum, is a shame.

> the whole thing is a nightmare.  it's like a jigsaw puzzle (or IKEA
> furniture) and the pieces don't fit.

I agree, but there are enough people interested that one can seek
and will probably find a solution.  It is a matter of critical mass
(what an ugly pun!) and a touch of unselfish development.

In fact, against my principles, I'd advocate prototyping something
that even half works at identifying the participants and spreading
it as far as it will reach.  Hard to do, but there are places like
slashdot and even google where one can broadcast the details and
presumably find a receptive audience (no comments required about
the neurological complexity of these collective brains!).

In my opinion, the biggest failing in RFC-821/2 lies with the
redundancy provided by the envelope and the message headers and
the contradictions these can lead to.  I believe this feature ought
to be the first thing to be eliminated, which is no small change.

I also can't help agreeing with Heinlein that a society that demands
identification documents is best abandoned, but I fail to see a
viable alternative.  Whichever way one turns, one needs to be able
to create a boundary between the perceived good and evil. Wasn't
that the first step in the evolution of life on Earth?

Just for the sake of stirring the pot, I've been considering an
anonymising mail server ever since anon.penet.fi (it's been such
a long time I can't even tell if I got the right name) was established
and recent thinking was along the lines of a public pool of messages
that could be indexed by the user's certificate hash value (I guess
Venti has had quite an impact on my thinking).  If the message is
encrypted, only the recipient would be able to decrypt it, more or
less minimising the likelihood that anyone else would want to
collect it.  I don't quite see that this would assist in our current
objective, but it may be worth something elsewhere in the development
of a different electronic mail exchange scheme.

++L

Re: [9fans] PEM

[boyd, rounin]

i had a quick re-cap on PEM last night.  i'm not sure outlook supports it
but it would raise the bar in that it would be simple to just filter on having
the right sort of PEM glop in the message body.  this is just for auth,
not for encryption; the message is sent in the clear.

the PEM glop could even be fake ;)  avoiding the hideous x.509 root
CA nightmare.  now, if i could get my hands on a CA that i could trust
without chucking money at Verisad (sic) [who i don't trust] et al ...

Re: [9fans] ISP filtering - update

[boyd, rounin]

> Just for the sake of stirring the pot, I've been considering an
> anonymising mail server ever since anon.penet.fi (it's been such
> a long time I can't even tell if I got the right name) was established

what was the screwup where an anonymiser spat out everyone
in the clear?  anyway, i don't want to be anonymous.  i just wanna
takes these T's [spammers] down.

Re: [9fans] PEM

[boyd, rounin]

> The problem is that Ron's requirements are not being met: the
> message has to be accepted before being scanned, whereas it ought
> to be rejected at the envelope level.

don't i bloody know it :(

Re: [9fans] PEM

[Lucio De Re]

On Sat, Sep 27, 2003 at 10:00:19AM +0200, boyd, rounin wrote:
>
> i had a quick re-cap on PEM last night.  i'm not sure outlook supports it
> but it would raise the bar in that it would be simple to just filter on having
> the right sort of PEM glop in the message body.  this is just for auth,
> not for encryption; the message is sent in the clear.
>
PEM is not supported, to the best of my knowledge, by any mail user
agent, presumably it never got taken seriously.  There may have
been add-ons out there, but they'd be forgotten by now.

S/MIME is the successor to PEM and a logical one at that, even
though it is saddled with the unavoidable bloat of MIME.  There was
another contender for that crown, way back early days, but I can't
recall the details.

> the PEM glop could even be fake ;)  avoiding the hideous x.509 root
> CA nightmare.  now, if i could get my hands on a CA that i could trust
> without chucking money at Verisad (sic) [who i don't trust] et al ...

PGP imitates PEM pretty closely in the e-mail context, so you could
check for PGP signatures and their ilk in the message body.
Expecting the headers to contain certificates etc would be a bit
much.

The problem is that Ron's requirements are not being met: the
message has to be accepted before being scanned, whereas it ought
to be rejected at the envelope level.  And the envelope is [E]SMTP.
SSL is one mechanism, but then Dave's Chinese friends have a problem
because their certificate is inside the message.

++L

Re: [9fans] ISP filtering - update

[Lucio De Re]

On Sat, Sep 27, 2003 at 10:02:29AM +0200, boyd, rounin wrote:
>
> > Just for the sake of stirring the pot, I've been considering an
> > anonymising mail server ever since anon.penet.fi (it's been such
> > a long time I can't even tell if I got the right name) was established
>
> what was the screwup where an anonymiser spat out everyone
> in the clear?  anyway, i don't want to be anonymous.  i just wanna
> takes these T's [spammers] down.

That's a programming error, they deserve what they got :-)

In the PEM spec is an option whose name escapes me now (I have the
PEM RFCs not quite at hand) where the certificate asserts you
_are_not_ the designated (oh, yes!) "persona".  That is how an
anonymous server would operate.

You submit your PGP public key in the name of <poltroon@anon.co.za>
and I file it in the database.  All mail encrypted with your private
key (identified by your key hash) is decrypted using your public
key and re-encrypted with the server private key before being
forwarded to the recipients.  You can naturally encrypt the contents
with the recipients' keys to ensure the server does not have access
to information you want to protect.  Seeing that you're already
using one level of encryption, you may as well use two, if it's
worth it.

Likewise, all mail to <poltroon@anon.co.za> will be encrypted on
arrival with your public key and posted to a public queue.  You can
then request your messages by PGP key hash.  I haven't thought of
a sensible removal mechanism, but I suppose you could have a proper
identity on the server and use standard filesystem permissions - at
which point one may as well provide POP or IMAP services - or I
could just expire the messages after some agreed time period and
you'd have to figure how to avoid repeatedly reading the same
information.

Quite frankly, upas/fs would seem perfectly suitable here.  Use
the PGP hash (or equivalent for PKI suckers) as the user ID.  I
just thought that having a public pool of messages would be somehow
worthwhile, maybe as a newsboard?

As the sole details I have of your identity are the hash and a
public key that asserts you _are_not_ <poltroon@anon.co.za>, there
isn't much an authority could do to force me to reveal who you are.

++L

PS: this is not as remote as one may think, I already need to
upgrade the HIVEMIND.NET server that provides a number of mailing
list services to the broad Internet community in South Africa.  I
may well add ANON capabilities to it: it also serves the local
NetRaver community and there have been many requests to/not to
archive the mail for obvious reasons, so ANONimising their mail
would probably be well received there.

PPS: I'd appreciate if anyone who can identify loopholes in the above
would raise the issue with me, as I'm not very good at conceiving
all possible facets in a situation such as this.

PPPS: One more OT thing.  I use RAV Antivirus on the NetBSD servers
at my clients.  It isn't perfect, but it sure beats not having it.
It isn't either pricey or cheap, I think it's fairly priced.  But
having looked at its functionality as well as the dreadful offering
from F-Secure as regards central management of their perfectly
reasonable workstation-level virus checker, it struck me that
Inferno would be the perfect platform to deploy an e-mail infrastructure
for the medium, possibly large corporation.  In other words, as
soon as MS-Exchange collapses under the weight of thoughtless
implementation combined with multiple global attacks by more and
more aggressive viruses and spam, there will be a huge gap for a
replacement tool developed entirely as an Inferno application.
Vitanuova Notes, anyone?

Re: [9fans] ISP filtering - update

[Geoff Collyer]

Taylor uucp 1.07 compiles under APE after the usual fighting with
configure and fixing a few type errors.  This time I ran configure on
Mac OS X to generate the Makefiles, copied the source tree to Plan 9
and corrected the Makefiles and config.h by hand.  config.h was way
off for Plan 9 and I deleted all the .Po crud in the Makefiles to
avoid recompiling the world on every `make'.  I also simplified uucp.h
(read `deleted huge chunks') by making the simplifying assumption of
an ANSI C implementation, *as any sane person would nowadays*!

Re: [9fans] ISP filtering - update

[Tristan Seligmann]

On Fri, Sep 26, 2003 at 14:01:25 +0100, rog@vitanuova.com wrote:
> none of this works if spammers use dubious means
> (e.g. viruses) to harness home machines (and by implication
> the authentication info that allows the home user to send emails)
> to send their spam for them.
>
> doesn't this already happen?
> or is it just for the DDOS attacks?

According to what I've read, none of the big spammers are doing that. Of
course, they might resort to that if forced.

mithrandi

Re: [9fans] ISP filtering - update

[Douglas A. Gwyn]

Frankly, that only works to a limited degree, because the problem
is that communicants in whom you initially have trust are being
used as proxies by the virus; whatever authentication is done
will have to accept what a proxy sends you.

Full authentication might  allow you to build an "ignore" list
when you see you have received a virus from infected hosts, but
you'll end up with millions of entries in that list, after you
have flagged millions of pieces of spams.  Not a solution.

If the authentication was really good *and* absolutely required
embedding of all source identities in an irrevocable way, one
could at least nail down the identity of the *originator* of a
virus; but even that doesn't work since the proxy *is* the
originator.  The only mechanism I know of that can overcome that
problem (which is much like a "man in the middle" attack) is to
use "capabilities" with absolute enforcement down to the lowest
levels.  Even then it seems that one could always simulate the
hardware and in effect create fake hosts that *originate* on some
proxy host, meaning that that is as far back as you could trace
them.

If you try to build a "ring of trust" a la PGP, the moment there
is one breakage by anyone in the ring, the whole ring becomes
infected and untrustworthy.

Even replacing SMTP with a new protocol for which an official
rule would be, no active enclosures, doesn't work, because
Microsoft would go ahead and do as they have done in the past,
namely tunnel active elements into their mail readers, making
their hosts proxies for viruses.

Perhaps trying to solve this problem via technology is much
like trying to eliminate terrorists by killing mature ones
rather than indoctrinating potential ones.  I.e. the root cause
is social, not technical, and since a good solution would need
to deal with the cause, we need to better raise our youth so
they aren't inclined to engage in such activity.  Of course
there would still be the professional terrorist and career
criminal to deal with, but they started out as youth and formed
their value systems then, for the most part, so that is still
where we need to concentrate attention.  I frankly don't think
it's going to happen, thus this problem is never going to be
solved.

Re: [9fans] ISP filtering - update

[boyd]

    Full authentication might  allow you to build an "ignore" list
    when you see you have received a virus from infected hosts, but
    you'll end up with millions of entries in that list, after you
    have flagged millions of pieces of spams.  Not a solution.

yes, i know i want to minimise that.  it has to be a scaleable solution.

    Perhaps trying to solve this problem via technology is much
    like trying to eliminate terrorists by killing mature ones
    rather than indoctrinating potential ones.

cut the heads of their C & C and that will (either) get their attention
or leave them in dissarray;  snipers _always_ kill officers first,
unless the REMFs get in their way or the stupid ROEs.

    I frankly don't think it's going to happen, thus this problem is
    never going to be solved.

i have a 'bad feeling' you're right, but i'm not done with 'em yet.

maybe i am crazy enough to beat 'em ;)

Re: [9fans] ISP filtering - update

[Ralph Corderoy]

Hi Arnold,

> Well, the ISP's filtering consists essentially of removing the virus
> or rather the attachment with the virus in it.  The letter itself
> still comes through.  This is still an improvement; the emails are
> around 4K in size instead of 140K.  But I still have to postprocess
> the results of my current (underpowered) spam filter.  At least it all
> downloads a lot faster now.

I ssh into my ISP and run a little Python script that talks POP3 to the
ISP to get the first 60 lines of each email and delete it if it matches
one of two regexps.  The POP3 is within the ISPs network so is fast.
The ssh is done using .fetchmailrc's `options preconnect'.  The end
result is I don't notice it happening unless I want to read the output
of what text matched with regexp and how many were deleted.

Means this 33.6 modem is still usable.

Cheers,

--
Ralph Corderoy.      http://inputplus.co.uk/ralph/     http://troff.org/

Re: [9fans] ISP filtering - update

[Ralph Corderoy]

Hi David,

> > if everyone charged a small sum (e.g.  $.01) for each item of
> > incoming mail from an address that's not on their whitelist, the
> > spammers might find it hard going.
>
> It's been proposed often.  One possible way to do it is to do
> something computationally difficult to slow the home spammer down.  If
> it takes a long time to send each message, it would stop being useful.
> You could even drop the requirement for servers you like so that it
> doesn't slow down all communication.

hashcash is an example.

    http://www.cypherspace.org/hashcash/

Cheers,


Ralph.

Re: [9fans] ISP filtering - update

[boyd]

double edged sword.

Re: [9fans] ISP filtering - update

[Ralph Corderoy]

Hi boyd,

> double edged sword.

If you don't bother giving your opinion as to why, your post is useless
noise.  Please either refrain from posting or spend that little more
time making a useful post.

Thanks,


Ralph.

Re: [9fans] ISP filtering - update

[boyd]

    > double edged sword.

    If you don't bother giving your opinion as to why, your post is useless
    noise.  Please either refrain from posting or spend that little more
    time making a useful post.

like i said above:  doomed if you post to little, doomed if you post too much.

perhaps i should get you to edit my posts for me?

Re: [9fans] ISP filtering - update

[Christopher Nielsen]

I discovered it when I implemented 48-bit LBA. I didn't
bother with it at the time, but adding support to the
driver might be useful for some.

Also, as soon as I can get my hands on a SATA card, I'll
add support to the ATA driver, unless someone beats me to
it.

On Mon, Oct 06, 2003 at 08:55:34AM -0400, David Presotto wrote:
> I didn't even realize that there were hardware enforced passwords on
> disks.  I just looked up ata specs and found a whole slew of security
> cruft I never knew about.  Thanks.

> From: Ralph Corderoy <ralph@inputplus.co.uk>
> To: 9fans@cse.psu.edu
> Date: Mon, 6 Oct 2003 09:01:20 GMT
> Subject: Re: [9fans] ISP filtering - update
>
> Hi David,
>
> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> What I don't understand is why the worms don't trigger some harm at some
> point in the future, like setting the hard drive password to a random
> string.  Requiring the `master' password from the drive manufacturer or
> OEM would cause enourmous amounts of hassle.  The worm would have
> meanwhile re-produced elsewhere so its not `shooting itself in the
> head'.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 175 bytes --]

I didn't even realize that there were hardware enforced passwords on
disks.  I just looked up ata specs and found a whole slew of security
cruft I never knew about.  Thanks.

[-- Attachment #2: Type: message/rfc822, Size: 2535 bytes --]

From: Ralph Corderoy <ralph@inputplus.co.uk>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ISP filtering - update
Date: Mon, 6 Oct 2003 09:01:20 GMT
Message-ID: <2889.3f7d9e85.4e7aa@blake.inputplus.co.uk>

Hi David,

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

What I don't understand is why the worms don't trigger some harm at some
point in the future, like setting the hard drive password to a random
string.  Requiring the `master' password from the drive manufacturer or
OEM would cause enourmous amounts of hassle.  The worm would have
meanwhile re-produced elsewhere so its not `shooting itself in the
head'.

Cheers,

--
Ralph Corderoy.      http://inputplus.co.uk/ralph/     http://troff.org/

Re: [9fans] ISP filtering - update

[Ralph Corderoy]

Hi David,

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

What I don't understand is why the worms don't trigger some harm at some
point in the future, like setting the hard drive password to a random
string.  Requiring the `master' password from the drive manufacturer or
OEM would cause enourmous amounts of hassle.  The worm would have
meanwhile re-produced elsewhere so its not `shooting itself in the
head'.

Cheers,

--
Ralph Corderoy.      http://inputplus.co.uk/ralph/     http://troff.org/

Re: [9fans] ISP filtering - update

[boyd, rounin]

> ... a la boyd ('either i don't like you...'), witch ...

[à la :-]

i was thinking more along the lines of GnR:

   back off, back off bitch
   down in the gutter dyin' in the ditch

Re: [9fans] ISP filtering - update

[Dan Cross]

> > > The worm/virus problem is not really addressed.  If they take over
> > > your machine and you have a legitimate way to send authenticated
> > > email, we're screwed.
> >
> > If they take over your machine, you're a lot more screwed than just by
> > them sending mail.
>
> I think you didn't read the sentence very well.  If they take over MY
> machine, I am indeed screwed.  However, the sentence said YOUR and WE.
> I was just agreeing with rog that if the prevalent source of spam were
> attacks, then this would indeed be useless.  However, it is not.

There's that too.  The fact of the matter is, everybody's screwed.

``Can I screw you?''
``What would you want to screw me for?  I'm a lawyer!''
``Punative damages.  Screw you, screw me, screw everybody!''

	- Dan C.

(Apologies to the Jerky Boys.)

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> > > The worm/virus problem is not really addressed.  If they take over
> > > your machine and you have a legitimate way to send authenticated
> > > email, we're screwed.
> >
> > If they take over your machine, you're a lot more screwed than just by
> > them sending mail.
>
> I think you didn't read the sentence very well.  If they take over MY
> machine, I am indeed screwed.  However, the sentence said YOUR and WE.
> I was just agreeing with rog that if the prevalent source of spam were
> attacks, then this would indeed be useless.  However, it is not.

You're right, I didn't properly note the pronouns. I stand corrected.

However, the point remains that today's prevalent souce of spam may not be
tomorrow's. We're thinking about two different problems: fixing today's spam
problem asap and fixing the whole online infrastructure before it gets
hijacked.

I admit mine is OT. But it does need attention.

I'll go back to work now.

Re: [9fans] ISP filtering - update

[David Presotto]

> a DDOS server. The worms that immediately destroy registry files etc. seem
> to get the media attention but they are relatively a thing of the past. The
> modern ones don't call attention to themselves.

Ehg noted recently that one DSL provider says that 1/3 of the machines attaching
to his service are already infected and the owners don't know it.  Perhaps they're
switching from Cable to DSL because the cable network seems to have gotten slower...

Re: [9fans] ISP filtering - update

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 551 bytes --]

> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

I think you didn't read the sentence very well.  If they take over MY
machine, I am indeed screwed.  However, the sentence said YOUR and WE.
I was just agreeing with rog that if the prevalent source of spam were
attacks, then this would indeed be useless.  However, it is not.

[-- Attachment #2: Type: message/rfc822, Size: 3083 bytes --]

From: "Wes Kussmaul" <wes@village.com>
To: <9fans@cse.psu.edu>
Subject: Re: [9fans] ISP filtering - update
Date: Fri, 26 Sep 2003 13:23:24 -0400
Message-ID: <11f801c38452$e4a1cea0$6400a8c0@dell01>


> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

Yes, but with the latest worms you may not know you're screwed for months or
longer. Meanwhile your machine is cranking away as a spam server, espionage
server (credit card #s, kids' usernames etc.) and perhaps with a side job as
a DDOS server. The worms that immediately destroy registry files etc. seem
to get the media attention but they are relatively a thing of the past. The
modern ones don't call attention to themselves.

There is no doubt in my mind that some group among the worm underground is
planning attacks on critical infrastructure. They're just in development
mode now. If we don't do something, someday we will wish for the good old
days when the worst we had to worry about was spam.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[Wes Kussmaul]

> > The worm/virus problem is not really addressed.  If they take over
> > your machine and you have a legitimate way to send authenticated
> > email, we're screwed.
>
> If they take over your machine, you're a lot more screwed than just by
> them sending mail.

Yes, but with the latest worms you may not know you're screwed for months or
longer. Meanwhile your machine is cranking away as a spam server, espionage
server (credit card #s, kids' usernames etc.) and perhaps with a side job as
a DDOS server. The worms that immediately destroy registry files etc. seem
to get the media attention but they are relatively a thing of the past. The
modern ones don't call attention to themselves.

There is no doubt in my mind that some group among the worm underground is
planning attacks on critical infrastructure. They're just in development
mode now. If we don't do something, someday we will wish for the good old
days when the worst we had to worry about was spam.

Wes Kussmaul

Re: [9fans] ISP filtering - update

[Dan Cross]

> The worm/virus problem is not really addressed.  If they take over
> your machine and you have a legitimate way to send authenticated
> email, we're screwed.

If they take over your machine, you're a lot more screwed than just by
them sending mail.

	- Dan C.

RE: [9fans] ISP filtering - update

[Tiit Lankots]

>i'm probably missing something.

and when the other party fails to calculate the response
to the challenge, we send a bounce a la boyd ('either i
don't like you...'), witch
	1) lets us use this beefed-up SMTP while the rest
	of the world catches up;
	2) gives the other side an opportunity to send us
	their public key for addition into the whitelist.

Tiit

Re: [9fans] ISP filtering - update

[David Presotto]

> none of this works if spammers use dubious means
> (e.g. viruses) to harness home machines (and by implication
> the authentication info that allows the home user to send emails)
> to send their spam for them.
>
> doesn't this already happen?
> or is it just for the DDOS attacks?

Not really.  Most spam is generated willingly on machines.  Lots of
it is redirected using open relay sites.

The worm/virus problem is not really addressed.  If they take over
your machine and you have a legitimate way to send authenticated
email, we're screwed.

Re: [9fans] ISP filtering - update

[Sven Lundquist]

> there's always some one who knows what they're
talking > about.

How come it's never Choate?

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk