J
Jack
Art said:
I think this kind of "dumbing down" wrt. email is desirable. I didn't
realise that this was what you meant by "dumbing down".
Why can't DNS servers perform spam or mal-ware blocking/filtering?
I think this kind of "dumbing down" wrt. email is desirable. I didn't
realise that this was what you meant by "dumbing down".
A
Ant
Jack said:
A tall order.
On my current project we call them "software problem reports".
[...]
I'm sure you know that it's not only MS software that has these
problems - just look at the Bugtraq reports for the various 'nix
distributions. Of course MS defects are much more visible, what with
most of the general public being net-connected with Windows.
Non-trivial software is notoriously hard to create without defects.
Complexity is ever increasing, and so are the opportunities to
introduce more errors. I don't see new languages, development
practices, or software project management being able to solve this
soon. It's extremely costly to develop near-perfect software, and
customers are often unwilling to pay for good quality control. They
just want something that "works" delivered as fast as possible.
I like that; Bill's code has abusive angles. Perhaps the employee
called him obtuse
G
Guest
Jeffrey F. Bloss said:
That is a very lame reason. Lame lame lame. And - if Acme wasn't
blocking port-25 (and you WERE sending e-mail via the Xerox server) I
can still tell from the second "Received from:" line in the header of
the e-mail that it originated from your home IP address anyways. The
first "Recieved from:" line will say it came from Xerox
(pop.xerox.com) but the second will tell me that it really came from a
computer on Acme's network.
So send a BCC to back to your Acme address. By doing that, it WILL
"go through" the company server.
"dammage" ???
It doesn't even begin to compare to the amount of *real* dammage
(time, effort, spam-filtering solutions needed) caused by the spam
being sent from infected computers on residential networks.
How much back-door trojan/worm/viral mal-ware was written and
motivated BECAUSE so many PC's were sitting there ready and willing
AND ABLE to act as spam proxies?
As others have pointed out, if there are so many requirements that
Xerox puts on your e-mail (which I have countered above anyways) then
you should either get your ass back to your desk at Xerox and stop
working from home, or Xerox should get you a VPN or use an alternate
to port #25 (tell me that isin't a trivial solution) or buy a business
account for you (where your IP can be fixed, and Xerox can more easily
configure a secure connection between you and them). It they're not
doing any of that, then I really have to wonder if the requirements
you say they have for e-mail is really just fiction, and you're making
them up to put false arguments for not blocking port-25.
J
Jack
Ant said:
Difficult and expensive. So, yes, "tall", I suppose.
Yes, of course. But it is noteworthy that good Linux distros are
considered to be at least as reliable as Micro$oft products, despite the
voluntary nature of the code contributions to Linux projects. At least
on the server side, I have much more confidence in (for example) a
stable Debian distro than *any* Micro$oft server product.
Non-trivial software is incredibly complex - much more complex than most
mechanical products. Making defect-free software is going to be an
expensive game. But agreeing that it's not easy tends to lead into an
acceptance that bugs are unavoidable. And that, in turn, leads to us
shipping software that contains defects that we already know about.
That's just not acceptable, in my view, in product code. Arguably it's
more acceptable in bespoke code, but shipping commercial products with
known defects just shouldn't happen.
Yes yes yes. But then they want to whinge about the "bugs".
As you note, it's not a question of tools, or project-management
disciplines; making solid software is just expensive and time-consuming.
You have to hire really good staff (management, development, QA,
distribution), and you have to be able to handle the cash-flow situation
while a release is being prepared.
I still say it's a disgrace, and an embarassment to the industry, that
we ship products that are richer in defects than non-software products
are in features.
I like that; Bill's code has abusive angles. Perhaps the employee
called him obtuse
Thanks! I *knew* "abuse" was the wrong word, but the right word just
didn't step forward to the plate. I guess I might have been able to
express this correctly, had I not been posting to a net-obtuse newsgroup.
J
Jeffrey F. Bloss
Jack said:
Like I said and you ignored... you're free to give an example of any product
that's historically free from defects. Until you do you're just fantasizing
about something that most people easily comprehend as the impossible.
PRECISELY what happens when you find a defect in a car. Depending on the
scope of that defect you're penciled in for a later repair date, told to
wait for the company sponsored recall-repair (patch-release), or told to
bugger off until enough people complain to get that patch-release process
started.
If a defect breaks a piece of software entirely, a vendor typically takes
immediate action to get the thing working until a "permanent" fix can be
implemented (if necessary). Precisely like a tow truck might show up to
address your dead automobile, even if that demise is caused by some flaw in
it's design that's kludged until an official recall-repair-patch-release
can be implemented.
The more we examine the analogy, the more valid it becomes. Thank you.
I'll bet you wish I would, huh? Must be terribly frustrating to have someone
spot the holes in your arguments so easily and use them to prove how that
argument defeats itself to the point of bolstering the very thing you're
trying to argue against.
I used quotes to denote paraphrasing, as is often the case. Irrelevant
quibble discarded...
Of course. I'm also familiar with reality. You know, that little problem
seem to be unable to address where there's no such thing as a bug free
product.
You mean like defective tires on your SUV/Pickup, seat belts that bind or
fail to release, air bags that refuse to deploy, radios that catch fire,
transmissions that completely lock up, yadda, yadda, yadda...?
If you agree, what in the *hell* are you arguing about? For the sake of
doing so? If that's the case just say so and you're more than welcome to
have that be your final word.
Stomping your feet and screeching "IS NOT IS NOT IS NOT" can't change the
fact that the analogy gets stronger the more you try to poke holes in it.
Good analogies are funny that way.
Most drivers don't have the faintest idea that the guy sitting in the van
across the parking lot is really scoping out a likely victim. Probably one
with a certain type of operating syste... I mean car. Until it's too late.
Most people don't have the faintest idea that the guy coming around the next
bend is drunk off his ass. Until it's too late.
They know these things exist just like your average netizen knows of the
existence of viruses and other BadThings(tm), so they lock their doors and
pay attention to every other driver, but of course they still fall victim
to those nefarious activities. Just like people have their cars stolen or
meet drunk drivers on a personal level.
Actually it's more like letting your kids futz with the tuning on your
WhizBang car audio. Might muck it up a bit, but it's certainly no going to
make the thing crash into a bridge.
Most people *don't* let their children do break jobs. Just like most people
don't let their children open the computer case and swap out BIOS chips or
video cards.
My father was a 30+ year veteran insurance professional before he died.
There's no way in hell an insurance company can refuse to make good on your
homeowners' policy because you failed to lock your doors. They can use
incentives to convince you to do so, but that's as far as their arm
extends.
LOL!
Contributory negligence is a matter of mostly civil law where a party can
collect damages from someone else even if they're guilty of some level of
negligence themselves. It's a tool that's used to adjust compensation when
the victim is partially liable, not something that makes a victim solely
responsible, and NOT something that has anything to do with insurance
companies in any way save for the possibility that insurance companies are
involved in the litigation by matter of circumstance.
Please take the time to research your buzz words before attempting to pass
them off as meaningful to someone who might know a bit more than you do.
Yes. Fuzzy headed legislators do try and make the victim responsible for a
criminal's actions. Guns are a prime target of this addle minded thinking
because they can be painted as "eeevel" and non-thinkers gobble it down
like a starving whore after a Vienna sausage. Fortunately, such experiments
typically fail. For obvious reasons. Unless someone takes action that can
be defined as outside what the common man might do, those experiments are
normally found "lacking".
Perhaps in more draconian locations, but never where level heads prevail.
You just contradicted yourself. You just *plainly* stated no laws exist and
the responsibility falls on the individual to support you notion that "the
law" of flat service denial should be implemented to fight computer crime.
Fascinating.
The best kind. Always better to see things as black and white as possible.
And yet you're engaging in the foible practice of portraying computers as
some mystical machine, and automobiles as mundane. When the simplistic
truth is that both are just tools with known and unknown properties.
No, that's what *you're* saying. And you're wrong. Computers exist as they
are, just like automobiles. People purchase those tools and drive them down
their respective roads. Defects in automobiles and computers alike cause
havoc. Your abominable attitude is that computer users are responsible for
defects while automobile owners are not.
I'm sure you wish that was true, but I assure you it's not the case.
Of course not. There's sane ways to deal with problems and insane ways. Anal
retentive ax murdering of an entire protocol is like criminalizing the use
of rubber tires on Ford Explorers because Firestone slopped their dripper.
Clearly insane.
Then your knowledge is *far* less than mine, and your infancy factor
increases accordingly.
That's the core flaw in your abominable attitude. The fuzzy headed
criminalizing of an innocent victim. I take it you believe rape victims are
"asking for it" too...?
Your troubles are in vain, as that is *exactly* what they are. You made some
attempt to segregate computers from that classification by bringing up
"flaws", but as yet have failed to provide a single example of your fantasy
that a flawless product exists. According to your illogic, NO product is
consumer grade.
Never said it was. I merely pointed out the fact that it's not life
threatening, and thus doesn't need to be regulated as such. SPAM and
criminal driving need to be addressed with the diligence they're due, not
by applying the effect of one, to the other.
LOL! Straw grab noted.
Sure it is. I exactly meant that your idiotic use of the word "infant" was
subjective, and that you could just as easily be cast into the barrel with
the rest of the diaper wearers as anyone else.
I meant exactly what I said. I'm sure your narrow vision precludes the
possibility that you can see beyond the world of Windoze, but for someone
not at your infancy level there exists a whole world of operating systems.
Some are ripe for a gear head's picking.
Of course that was just one small point in a resume that makes me your
elder, and you the subjective noob.
The fact that your "infant" blubberings cease to be an issue as soon as they
pass your noobish experience level says as much about you as it does about
the failings of your arguments.
You certainly are, and you've clearly demonstrated that by looking down your
nose at a class of individuals who you seem to believe are not technical
equal, then discarding your own premise when someone points out that it's
*YOU* being viewed from a higher vantage point. You're an egocentric self
contradiction my infantile friend. Welcome to reality.
--
Hand crafted on October 15, 2005 at 10:15:56 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
J
Jeffrey F. Bloss
Norman L. DeForest wrote:
[snippitydo]
These are apparently message bounces, not something caused by C/R.
Don't get me wrong, I fully admit there's a problem I hadn't considered, I'm
honestly just trying to get a handle on exactly how bad that problem is in
the real world. Bounces and C/R are similar of course, and it could be
argued that for practical purposes *all* auto-responders should be put
down, but for purely academic reasons I'd like to differentiate between the
two for now.
--
Hand crafted on October 15, 2005 at 12:25:58 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
[snippitydo]
These are apparently message bounces, not something caused by C/R.
Don't get me wrong, I fully admit there's a problem I hadn't considered, I'm
honestly just trying to get a handle on exactly how bad that problem is in
the real world. Bounces and C/R are similar of course, and it could be
argued that for practical purposes *all* auto-responders should be put
down, but for purely academic reasons I'd like to differentiate between the
two for now.
--
Hand crafted on October 15, 2005 at 12:25:58 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
J
Jeffrey F. Bloss
Norman said:
In some/many/most(?) scenarios it's entirely possible. I don't even dispute
the fact that it's "better". The problem arises when making the transition
is more problematic than than the original problem.
Consider the logistics of converting hundreds of thousands of clients spread
across the globe, using thousands of servers scattered likewise. Salt in
the possibility that those clients might be using proprietary software
(good and bad in some respects I suppose). Consider the logistics on even
smaller scales, but magnified by the fact that each small "pocket" of users
is duplicated possibly hundreds of thousands of times.
As I said, this "experiment" is being undertaken as we speak, with less than
perfect results. For exactly the reasons I'm highlighting here. The change
simply isn't worth the benefit in many real world scenarios. It's great
that we can argue the problem from the lofty comfort of the theoretical,
but that nasty thing called every day life just keeps rearing its ugly
head. ;-)
--
Hand crafted on October 15, 2005 at 12:31:42 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
L
Leythos
I agree with the above, if you've been doing it so long, with the
planning to move to a proper method - when you consider the real issue
of spam, then you're going to be behind the 8-ball. Sure, it's a PITA,
but it has to be done to be a good online company.
There is tremendous benefit to the rest of the world - by a large
company providing a means to have legit communications without having to
utilize personal connections of home users that are the largest
spam/virus infection sources, they (the company) shows it's being a good
neighbor and caring for more than just the Old way fo doing things.
In most cases, there are simple means to connect users of dynamic IP's
to a company, and they don't have to be difficult.
G
Gabriele Neukam
On that special day, Spam Guy, ([email protected]) said...
Well, German owners of home-kept mail servers do for a different
reason: They want to keep full control over the incoming mail, and not
hand it over to a web hoster, which might botch it. Each downtime is
due to their own failure then. Obviously, they don't trust their ISPs
too much.
But that is a political reason, not a technical one.
Gabriele Neukam
(e-mail address removed)
Well, German owners of home-kept mail servers do for a different
reason: They want to keep full control over the incoming mail, and not
hand it over to a web hoster, which might botch it. Each downtime is
due to their own failure then. Obviously, they don't trust their ISPs
too much.
But that is a political reason, not a technical one.
Gabriele Neukam
(e-mail address removed)
G
Gabriele Neukam
On that special day, Jack, ([email protected]) said...
I once viewed a documentation about programmers that once worked for
Microsoft, and left later on, and one of them told a simliar story, but
there were some differences.
The criticized product was BASIC, and there was a certain funtion which
was implemented in an appearingly clumsy way. Mr newbie detected the
flaw in the source code, fixed it in a minute, and proudly told someone
in the corridor how easily he could do it. The person he talked to
began to grin widely, and said: "But if you compile it that way, some
other functions won't work any more." "How did you know this?" Mr.
newbie asked.
"Well I am the coder of this function. May I introduce myself, my name
is Bill Gates." Mr newbie worked more than eight years at Microsoft,
IIRC.
Gabriele Neukam
(e-mail address removed)
I once viewed a documentation about programmers that once worked for
Microsoft, and left later on, and one of them told a simliar story, but
there were some differences.
The criticized product was BASIC, and there was a certain funtion which
was implemented in an appearingly clumsy way. Mr newbie detected the
flaw in the source code, fixed it in a minute, and proudly told someone
in the corridor how easily he could do it. The person he talked to
began to grin widely, and said: "But if you compile it that way, some
other functions won't work any more." "How did you know this?" Mr.
newbie asked.
"Well I am the coder of this function. May I introduce myself, my name
is Bill Gates." Mr newbie worked more than eight years at Microsoft,
IIRC.
Gabriele Neukam
(e-mail address removed)
J
Jack
I used to live in a house that had a mechanical ("clockwork") doorbell.Jeffrey said:
It was perfect. The act of pressing the button on the outside of the
door caused the clapper to rotate in the bell-housing on the inside of
the door. The button and the clapper were connected by a shaft about
1/10" thick, which meant that you only had to drill a small hole. The
bell had worked for about 50 years, without any need for battery
replacements or mains supply. You didn't even have to wind it up - it
was powered directly by the act of pushing the button.
So I'm not fantasizing. The thing broke, in the end; but it lasted way
beyond what any reasonable person would have expected it's design-life
to be, and was pretty damned close to being a perfect manufactured
product. It certainly beats anything I can buy nowadays.
I wish you would quote my sentences properly. I take the trouble to
quote you so that your sentences are complete.
Not PRECISELY. If the defect is of the form "tyre explodes in warm
weather", the product is recalled.
Perhaps you work in the motor industry; you evidently don't work in the
software industry. Outside of the defence and medical sectors, software
is routinely shipped as released product, despite containing known,
serious defects.
The more we examine the analogy, the more valid it becomes. Thank
you.
Your smugness is irritating.
Your smugness is still irritating. How's about you stop your windbaggish
bragging, and present an argument?
Yes; but no. Because you didn't discard it; you quoted it, as a support
for some more smugness. And if you wish to paraphrase on Usenet, it is
inappropriate to pretend that *your* choice of terms is a direct
quotation. Some readers will not have access to the OP. Anyhow,
"perfect" is not an accurate paraphrasing of my original remark, which
is why I complained in the first place.
I can quote you in full, but it would be inappropriate to try to correct
your grammar at the same time. I take it you mean, simply, "there's no
such thing as a product that is free of manufacturing defects". I
disagree. See above.
I wouldn't know; I'm a cyclist. I would think that a defective seatbelt
or airbag would be cause for big-money legal action. But I wish you
would come back to the point; we were trying to discuss the blocking of
port 25 outbound, and you just seem to want to go on about your SUV.
Seems to me that your "inflated price" remark was just you puncturing
your own balloon; perhaps I misunderstood your overblown rhetoric. I
don't think you know what your own opinions are on this matter; I think
you are just a windbaggish show-off.
Stomping your feet and screeching "IS NOT IS NOT IS NOT" can't change
the fact that the analogy gets stronger the more you try to poke
holes in it. Good analogies are funny that way.
I don't screech (or SHOUT); and you are misquoting me again. Or rather,
you are inventing remarks that are nothing to do with me at all, and
then attributing them to me.
BTW, you should know that the (awful) analogy of motor cars with
computers was not invented by you.
http://www.funny.co.uk/stuff/art_71-1262-General-Motors-v-Microsoft.html
You are just plain wrong. Installing "free" software on a networked PC
often involves trojanising it, to the extent that the PC is immediately
0wned by a spammer. If we absolutely have to keep playing this stupid
analogy game, it's the equivalent of letting your kids give the car-keys
to that strange man in the parking lot.
But they let them install Kazaa, as if that was different.
You are simply wrong. Again. My guess is that your father was an
insurance *salesman*. What the salesman says is usually completely at
odds with what the loss-adjuster says (else the salesman is a wash-out).
The loss-adjuster relies on the small-print, which requires that you
install a five-lever lock, and that you use it. If an insurer can squirm
out of compensating their customer, then their shareholders will expect
them to do exactly that.
Of course, if you lie, and smash your own lock to "prove" that a
break-in occurred, you'll probably get your money. But that's
fraudulent, isn't it? If you tell the truth, and let on to your insurer
that the thief came through an open door, you will be ****ed.
The fact that your dad was "in insurance" apparently doesn't confer on
you the ability to discourse knowledgably about the subject. Or perhaps
insurance works differently in the USA; but I doubt it. Insurance
contracts are precisely a matter of "civil law", just like any other
contract.
"Might" being the operative word.
[zzzz]
You completely missed my point; if the gun was traceable to you, then
you are faced with having to convince the cops or even the court that it
wasn't you that used it.
I'm interested to know what meanings you assign to the terms "draconian"
and "level head". I lived in the Richmond, VA for a year. You must be
using Roadrunner from some other country than the USA that I lived in!
This is the country that permits the execution of mad people and
children, no?
Service denial by an ISP isn't anything to do with law, except inasmuch
as it is prescribed by the ISPs contract with their client; then it's
contract law (tort, common law).
I am not portraying computers in the way you say. I attributed the
remark to which you are referring to someone else. You know this. Anyone
reading the thread knows this.
It's possible that there is some case that you are trying to make; I
fersure can't figure out what it is. but attacking my posts on the
grounds that I've said something that I simply haven't said, seems like
picking an argument just to show how clever you are. This is rather
self-defeating; arguing against made-up quotes just doesn't work. I
believe it was you that introduced the term "straw man" to this thread?
Here's the meat, FWIW:
[That was me, and I could have expressed myself better]
My view is that computers are at present unsuited for sale to naive
users; and that (like automobiles) users should be required to
demonstrate competence, and purchase insurance, before taking them out
on the public internet. This would make connectivity more expensive for
me, but I still think that ISPs should require that their users are both
competent and insured.
....be what? You are very rude, to quote me in this slapdash manner.
I have yet to hear your "sane" proposition. And I haven't proposed the
abolition of any protocol at all.
Huh?
A car is a killing machine, just as effective as a gun. Leaving such a
machine in a public place and unsecured, is equivalent to keeping a
loaded gun on the porch. It may not be a crime (depending perhaps on the
jurisdiction), but it is terribly irresponsible.
No. That is just how they are sold. Asserting that something is a
"consumer product" doesn't make it so, whether you are a computer
salesperson, or just some troll picking an argument on Usenet.
I think I've made my case quite well, so I'm not going to repeat myself.
I know you disagree with me, and I guess most other people will also
disagree with me. If everyone already agreed with me, I would have
wasted my time making the case.
I am against legal regulation of the internet, which I think is
impossible anyway. I'm in favour of selective blocking of port 25
outbound, by the ISP (remember: that's what we were supposedly discussing).
Gawdawmighty, we are *not* discussing canned meat!
I am overwhelmed by your superior smugness. You may consider me
outsmugged by a furlong. Compared with your smugness, mine is just a
little weenie. I wish I had a smugness that was as long and hard as yours.
My smugness has just shrivelled up, as if it had been exposed to the
Canadian winter wind. Why don't I get spam advertising pills that can
make my smugness bigger? My penis is already huge; what I really want is
a bigger smugness.
I don't "look down my nose" at people whose skills differ from mine. I
do, however, discriminate between people. For example, I note that some
people are extremely puffed-up with smugness. I deal with people
differently, as I find them. It is obvious even to a blind man that some
computer work should not be undertaken by some people. I won't hire my
auntie to secure my internet connection.
FWIW, I'm not impressed by your bluffing about your technical
competence; I think your claim to have written an OS is bullshit. My
guess is that you can't even program. If you produce some evidence, I
will happily withdraw this observation. But right now, I'm calling you.
"Welcome to reality".
So: what OS did you write, where can I download it, and where is the
evidence that you wrote it?
J
Jack
Gabriele said:
I suspect that your version is more accurate than mine. And I think you
are right; the product was BASIC, not MSDOS (which Micro$oft didn't
write anyway - they just resold it to IBM).
I'm sorry the guy wasn't sacked, though; it makes the story better.
J
Jeffrey F. Bloss
Jack said:
So now your doorbell is proof of perfection? Because the one you had worked
to your satisfaction they were *all* perfect. There's no way someone could
have gotten a bad one, or thought it was too loud... not loud enough?
What a pathetic straw grab. I'd be thoroughly embarrased if I were you.
Your *perfect* door bell BROKE!! Say it isn't so!
LOL!!!
I quote more than enough to accurately represent your point, snip the chafe,
and reply to that point. It's called netiquette. It's called not
fullquoting an already way to large post.
If you can find some place where I've changed the meaning of your statements
by snipping, by all means show me. Otherwise you're just whining.
Yeah, and if the problem is essentially different, something else happens.
Lust like I said.
This is getting absolutely ludicrous.
Such as...?
It's not my job to coddle your ego. You can't blame me because you're
grabbing at straws and coming up empty. Or rather coming up with points in
*my* favor. You need to think your arguments through a little better,
that's all.
I presented my argument a long time ago. You stepped in and tried in vain to
refute it. You keep coming up with things you think apply, but don't. Or
do, but don't apply the way you think they do. I'm addressing them as you
bring them up.
Again, it's my contention that "blacklisting" a user because their machine
was compromised unbeknown to them, and used for something like a phishing
scam, is analogous to arresting an automobile owner because someone stole
their car and hit a pedestrian. The persons that own both tools are
victims, not criminals.
Now, do you wish to continue to try and refute this, or do you want tho
continue to whine about not being able to. Quite frankly I'm becoming bored
with the latter.
Oh for GOD'S sake. I used the quotes because that's NOT exactly what you
sad. It's called PARAPHRASING. Look it up if you're confused.
Screw this.
If you want to discuss something rather than play these little kiddy games
let me know. Until then...
<rest snipped unread>
--
Hand crafted on October 15, 2005 at 19:50:44 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
J
Jeffrey F. Bloss
Jack said:
Making defect free software is *impossible*. Even the simplest of shell
scripts can break on another machine, or in a different environment on the
same machine. Other software can muck it up, or the data the software works
with can throw a wrench in the works.
And that doesn't even begin to address the fact that the machines this
alleged "perfect" software runs on are imperfect themselves, and because of
that, imperfect software *must* be written. Coders have no choice.
There's never be another piece of software released ever again. What you're
proposing is utterly impossible.
The best coders in the world make mistakes, or aren't aware of all the
hardware quirks of every platform, or can't account for API variations
across different OS versions, or can't perfectly work around the
limitations of their tools, or can't guarantee that another software won't
step all over their own, or can't account for every bit of possible data a
software might encounter, or...... the list goes on and on.
Lemme guess... you're not a coder, right?
--
Hand crafted on October 15, 2005 at 20:28:53 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
J
Jeffrey F. Bloss
Spam said:
There's nothing "lame" about it. An email is expected to come from the
servers of the company your dealing with, and if it doesn't the customer
questions it. It's just the way things are. Sorry.
Irrelevant. Nobody cares if an amployee is working from home, they care that
the email is actually *coming* from that employee or some representative of
the company. A customer sent email to (e-mail address removed), and they at *least*
expect someone from acme.com to reply.
Think about it... you send an email to ACME.com saying you want one of their
$10 widgets. Someone from HOME.com replies and says "yea sure, send the $10
to this address and we'll get that right out to ya'".
YOU wouldn't question this??
Absolutely untrue. You miss the fact that mail servers both send and
receive, and that an audit of a given email includes where that email
originated and where it was sent. BCC to ACME completely breaks the audit
trail.
Yes damage. When you break something it's called damage.
You know this how? You're thoroughly acquainted with the logistics of
converting a behemoth like Xerox to another method, or migrating smaller
behemoths a thousand times over?
I don't know the precise figures, of the SPAM problem *or* the migration
problem. But 30+ years working in and around the industry tell me that
neither is trivial. That going balls to the walls in *either* direction is
a bad thing.
I don't work for Xerox any more. Not for 7 or 8 years now. Hell, they may in
fact be working on bolstering up their communications infrastructure right
now for all I know. God knows it needed fixing.
Look, I'm no more enamored than the next guy about the insecurity and
exploitability of plain vanilla email. If it were up to me I'd wave my
magic wand and fix the whole mess in one fell swoop. But my wand is in the
shop, and nobody else seems to have one, so were stuck with what we have.
Like it or not, flatly blocking *:25 outgoing breaks things.
It sounds *real* trivial until you take into consideration that it's tens of
thousands of people using thousands of servers on every continent on the
planet, by way of god knows how many client softwares, etc, etc, etc....
If it were a matter of changing a line in a config file and senting out a
notification to 20 addresses it might *be* trivial. That's *might*.
Butit ain't like that, sorry.
--
Hand crafted on October 15, 2005 at 20:44:29 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
G
Guest
Jeffrey F. Bloss said:
How many people have full-header-view turned on in their e-mail
program?
If the e-mail's "from:" or "reply-to:" says "(e-mail address removed)", then
what's the problem? Acme will let you send e-mail with your from
and/or reply-to set to "(e-mail address removed)".
I thought you cared, and that you cared so much that you didn't want
your e-mail "tainted" with passing through acme's server on it's way
to the customer.
I think you that a customer (who sends an e-mail to "(e-mail address removed)")
expects to get a reply from "(e-mail address removed)". It can be done, and it's
easy, when you set your "from" or "reply-to" to be "(e-mail address removed)" and
send your reply from your home account (through acme's mail server).
Just what aspect of this don't you understand?
You keep saying the customer will think it isin't coming from Xerox,
and I'm saying yes he will, because the "from" or Reply-to will be
"(e-mail address removed)".
NO!
First, you're confusing Amce with Xerox (if you're trying to use my
example).
Look. You have a home internet account with ->Acme<-. Acme is your
home ISP. You work for ->Xerox<-. You are Joe. Your Xerox e-mail
address is "(e-mail address removed)".
When you are at home, and you check for mail, you ARE NOT CHECKING
ACME MAIL.
You are checking mail on Xerox's mail server. You are checking for
and retrieving e-mail being sent to "(e-mail address removed)". Acme allows you
to do this. No problem.
A Xerox customer (say his name is Bob) sends you (joe) an e-mail. The
e-mail ends up being forward to you. Bob's e-mail is forwarded to
"(e-mail address removed)". Bob is expecting to get a reply from
"somebody"@xerox.com.
You (being at home, connected to the internet through your ISP -> Acme
Internet) retreives Bob's e-mail directly from Xerox's mail server.
You reply to Bob's e-mail. BUT - Because Acme is doing port-25
blocking, you can't connect to Xerox's e-mail server to send the
e-mail reply to Bob. So you set your out-going SMTP server setting to
point to Acme's SMTP server.
Remember, you've told your e-mail program that your e-mail address is
"(e-mail address removed)". When you reply to Bob, your e-mail response will be
handled (and sent by) Acme's mail server, but when it get's to Bob, he
will see that the "From:" and/or "Reply-to:" is "(e-mail address removed)". He
will think "oh, I just received an e-mail response from Joe. Joe
obviously works for Xerox, since Joe's e-mail address is
"(e-mail address removed)".
I don't know how to explain this any simpler.
Actually, I meant to say that the BCC is sent to Xerox. Sorry, my
mistake.
Pretend I said this:
-----
So send a BCC to back to your Xerox address. By doing that, it
WILL "go through" the company server.
-----
By the way, what CRM software does Xerox use that performs such
auditing of e-mail? Is it SAP?
Please explain what is broken in the scenario I gave (above).
Then why are you bringing this up as a problem (for you) if your home
ISP started port-25 blocking?
G
Guest
Gabriele said:
Incoming mail (or mail being sent) to server on a residential network
(presumably with a dynamic IP address) will have to use one of those
third-party DNS solutions that will let the world know what your
machine's IP address is when it gets a new assignment.
But regardless, what you are talking about are in-bound port-25
packets (ie those would be port-25 packets being sent by clients
outside the ISP's network and destined for the machine being operated
as a server). Port-25 blocking (of out-bound packets) would not
affect the operation of a home server that is ->receiving e-mail<-
from outside the ISP's network.
J
Jeffrey F. Bloss
Spam said:
Good question.
It doesn't matter. The email did *not* come from the company the customer
expected it to. Trying to "fool" them into believing it did is even worse
that just emailing from another location.
You wanna do business with people who forge email headers?
How disingenuous of you. I never stated anything of the sort. I said that
for a number of reasons it's preferable and/or necessary that an email come
from a business mail server. The path it takes to get *to* that server
isn't an issue, the fact that it passed *through* that server is.
Quit dodging questions.
If you sent an email to a company and got a reply from someone claiming to
be from that company, but from a different source, would you be so gullible
as to not question it? ESPECIALLY with your idiotic forged header trick?
It makes no difference at all. The mail needs to both enter AND leave the
company server to complete the audit trail. To make the log files and such
show that the mail was in fact *delivered to the customer from the server
being audited*. The most important part is that delivery, not the fact that
the mail "showed up" at the company.
Read back. I didn't.
--
Hand crafted on October 15, 2005 at 23:43:32 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
G
Guest
Jeffrey F. Bloss said:
The only fool around here is you.
(I'm throwing up my hands here people.)
You are a moron.
Someone sends an e-mail to Xerox, and a Xerox employee responds to it.
Tell me how that is somehow a fraud?
Tell me where the forgery happened? Tell me what was forged?
How on earth is some fake third party going to be in a position to
respond to the customer's e-mail anyways?
If I send an e-mail to Xerox and ask how much does their Widget-5000
cost, and I get a response back from "(e-mail address removed)" telling me that
the Widget-5000 costs $235.34, why should I doubt that the response
came from a Xerox rep? WHO ELSE COULD IT HAVE COME FROM AND STILL
GIVE ME AN ANSWER TO MY QUESTION?
And if the response came from "(e-mail address removed)", then how is that a
fraud? How is that a forgery?
You want to send an e-mail response directly from your home computer,
but you're not connected to Xerox's network. Isin't that fraud?
Isin't that forgery? You can't have it both ways buddy. Your idea of
sending a "clean" e-mail response to a customer leaves only one
solution -> dial-in access to Xerox's internal network, or VPN to
Xerox's network. Nothing else. The port-25 thing here is irrelevant
if you're taking the situation to this absurd level.
J
Jeffrey F. Bloss
Spam said:
How quaint. Appeal to the masses like you pretend you're giving up, then
launch into diatribe...
Be sure to salt in a few ad homs along the way, but by all means don't
answer any questins.
Did I say fraud? Are you so frightened of the answer to a perfectly simple
question that you have to change that question?
Once again:
If you sent mail to someone asking about purchasing a $10 widget, and the
reply came from somewhere other than the company you were attempting to
correspond with, would you be so naive you wouldn't question it? Especially
if the headers were forged to appear that the reply *did* come from that
company?
The message origin. You even said so yourself. You're entire rant is
centered around the fact that you think you can con people a whole lot
brighter than yourself with a fake From: header.
NOW you change the scenario to replying with a real but foreign to the
company address? Why?
Is this an admission that your "just put work.com in the From header" idea
went up in flames?
It could have come from anyone. The fact that it says work.com in the From
header but comes from home.com makes it even more suspicious.
Not in the least. You're using (e-mail address removed) from a work.com server rather
than a forged work.com From header with everything else pointing to
home.com.
Second best is to use your ISPs home.com server with *HOME.COM* in the from
header.
The absolute dumbest thing to do from the choices at hand is to use the
home.com server with a work.com From header. It may cut it when you're
sending cookie recipes to Grandma, but in the business world where people
often don't know each other well it's a truly bad thing.
For the very LAST time, nobody gives a rats ass about a "clean" email.
Nobody cares if Joe dials in to work, cranks up the latest whizbang VPN
3000 hardware appliance, taps the company server with good ol' SMTP, or
strips naked and skips all the way to work with a daisy stuck in his ass so
he can use his company machine. The only thing that matters is that the
data flows THROUGH THE COMPANY SERVER to the destination.
Oh and by the way, don't think for one second your cowardly snip of the rest
of the problem went unnoticed. You know... that little audit trail problem
I bet you wish would just go away.
Sorry about your luck.
--
Hand crafted on October 16, 2005 at 01:34:59 -0400
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx