Why can't DNS servers perform spam or mal-ware blocking/filtering?

[Jack]

Making defect free software is *impossible*.

This is a silly thing to say, because [a] it's defeatist, and the
demonstration of a single defect-free software product will prove you wrong.

Even the simplest of shell scripts can break on another machine, or
in a different environment on the same machine.

Well, of course if you try to run Intel code on a Motorola processor, it
isn't going to work. That's not a defect.

Other software can muck it up, or the data the software works with
can throw a wrench in the works.

That *would be* a defect, and software that refuses to digest its own
data is b0rken.

And that doesn't even begin to address the fact that the machines
this alleged "perfect" software runs on are imperfect themselves, and
because of that, imperfect software *must* be written. Coders have no
choice.

Modern processors are esentially software abstractions anyway. So this
is begging the question.

There's never be another piece of software released ever again. What
you're proposing is utterly impossible.

<Beep> Repetition. Please make your argument; you are just baldly
asserting that software has to have defects in it, because ... because
it has to. I don't agree.

The best coders in the world make mistakes, or aren't aware of all
the hardware quirks of every platform, or can't account for API
variations across different OS versions, or can't perfectly work
around the limitations of their tools, or can't guarantee that
another software won't step all over their own, or can't account for
every bit of possible data a software might encounter, or...... the
list goes on and on.

Lemme guess... you're not a coder, right?

Google me up. You aren't a very good guesser. You just couldn't be more
wrong! In fact your wrongness is so completely wrong, that I'm in fits.

I've actually been coding since I was 13. I'm now 49. Yes, do the sums:
that means I was writing code in 1969, at school. That's more than
twelve years before the introduction of the IBM PC. The code was written
directly in machine-code (not assembly), for an IBM Schools Computer, a
machine based (I think) on the Intel 8008 microcontroller, basically a
4-bit processor. It had to be typed in as hexadecimal, because the
machine had no permanent storage, no operating system, and certainly no
kind of code translator. Floppy disks hadn't been invented. Phillips had
invented cassette-recorders only a couple of years previously, and
no-one at that time had had the notion of recording bits on cassette-tape.

The hex code was hand-translated from the binary in which it had to be
written. The program I wrote back then calculated tables of sidereal vs.
solar time (I was interested in astronomy as a kid). And it contained
mistakes.

I've been writing software on and off during most of the intervening 36
years, either for my own entertainment or as a trade. So you might want
to guess again? If you guess wrong the second time, you would have to be
incredibly stupid.

Yes, everyone makes misteaks. But there are quite simple ways of
protecting a software product against the mistakes the coders make.
Really good QA is just a backstop; working with a "buddy" coder, who
performs critical review *before* you write a routine, is one way of
avoiding silly mistakes. A lot of mistakes are perpetrated at the design
stage; assigning the right amount of effort to design (and design
review) can prevent a lot of mistakes. The coder should be testing his
own code units (subroutines or whatever) as he writes them, and he
should be testing them systematically - i.e. checking for boundary
cases, bad data, and exotic situations such as timing problems. The
original coder is in a position to devise tests that the QA dude
wouldn't have thought of.

Management has to be committed to software quality, and has to be
prepared to pay the salaries of really good people. And they have to be
prepared to keep paying, until the software is of merchantable quality.
Announcing the ship-date before the code has been written should cause a
software house's stock to crash through the floor (instead, it causes it
to rise - weird).

Yeah, "buddy programming" means that you have to pay two programmers,
when otherwise you might have got away with just paying one; but like I
said, making high-quality software products can't be done on the cheap.
Anyway, if the original code is of good quality, then the QA burden is
lower, and so is the support and maintenance burden.

The idea of "perfection" is perhaps a bit extreme; but I think it would
make a lot of difference if software manufacturers were simply expected
by their market to not ship products containing known defects (after
making best efforts to determine whether the planned shipment contained
any).

The widespread belief that making bug-free software is impossible is
responsible for an awful lot of misery. At the very least, a
professional programmer should aspire to making defect-free code. A
coder that thinks freedom from defects is impossible is a coder I
wouldn't hire.

Lemee guess... you're not a coder, right?

 

[Jack]

If you can find some place where I've changed the meaning of your
statements by snipping, by all means show me. Otherwise you're just
whining.

I just said your snipping practices were rude. I write sentences, but
you can't be bothered to quote anything other than lines.

Lust like I said.

This is getting absolutely ludicrous.

"Judicrous", perhaps You evidently need a smell-czechker.

Such as...?

Windows XP. Nuff said.

It's not my job to coddle your ego. You can't blame me because you're
grabbing at straws and coming up empty. Or rather coming up with
points in *my* favor. You need to think your arguments through a
little better, that's all.

My "ego" says he's OK, and he thinks you are full of it. The fact that
you haven't presented a case at all doens't mean that I need to present
my case better.

I'm addressing them as you bring them up.

Not so I noticed. Perhaps I missed the crucial post.

Again, it's my contention that "blacklisting" a user because their
machine was compromised unbeknown to them, and used for something
like a phishing scam, is analogous to arresting an automobile owner
because someone stole their car and hit a pedestrian. The persons
that own both tools are victims, not criminals.

Are you referring to "blacklisting" in the sense of adding someone's
IP-address to a list, or in the sense of rejecting their mail on the
grounds that it appears on some list?

In I use a list that blocks any email from mailservers in in space
assigned to China-Telecom. The list doesn't assert that China-Telecom is
a criminal; it just declares the IP-space that ISP is responsible for.

My use of that list is my business. I don't feel the need to correspond
with anyone in IP-space that's owned by China-Telecom, and my life is
made easier by rejecting all mail that is emitted from that space.

Neither publishing an accurate list of China-Telecom IP-space, nor using
that list as the basis for blocking mail, amounts to treating a victim
as a criminal. That's just the way my mailserver is set up.

Now, do you wish to continue to try and refute this,

What is there to refute?

or do you want tho continue to whine about not being able to. Quite
frankly I'm becoming bored with the latter.

So are you going to **** off, like you promised two days ago?

If you want to discuss something rather than play these little kiddy
games let me know. Until then...

I read alt.spam, and I think you were probably drawn into this thread by
the OP's crosspost; my guess is that your normal activity is oin one of
those other two groups. I have no desire to correspond with you further,
because I think you are both puffed-up and stupid. So sine diem...

<rest snipped unread>

Ha-ha. Better to killfile me, if you don't want to read my remarks!

 

[Guest]

If you used plain old paper mail to send your enquiry to Acme Inc
in New York and a week later you got a reply to your enquiry,
signed by Acme, on Acme headed notepaper, but with a Baltimore
postmark, would you be right to conclude this letter must be a
forgery?

Come to that, would you even notice that the postmark didn't
correspond to the place that you expected to come from?

Don't bother trying to point out simple logic to this guy. He has got
to be enjoying our frustration while we make this case. I can't
imagine he's so stupid he actually believes what he writes.

(I copied this to alt.privacy.spyware and alt.comp.anti-virus because
I don't think he reads alt.spam).

 

[Jeffrey F. Bloss]

Making defect free software is *impossible*.

This is a silly thing to say, because [a] it's defeatist,

Admitting you're not capable of the impossible isn't defeatist, it's
realistic. And it allows you to move on to things that you *can*
accomplish. If you strive for the perfect piece of software you'll give up
writing all the "very good" ones you might have produced.

and the
demonstration of a single defect-free software product will prove you
wrong.

The millisecond that piece of software comes along, I'll be the first to
admit I was wrong.

Well, of course if you try to run Intel code on a Motorola processor, it
isn't going to work. That's not a defect.

I can write bash scripts that would break on other machines that run bash.
Especially a different version of the shell.

The same code might behave differently on XP and XPSP2, or Win98 and
Win98SE, or the same version of WinWhatever running on Intel or Cyrix, or
under a Phoenix or AMI BIOS.... or beside version X of "KillerApp" and
version Y. Or for that matter, running in environments that are essentially
identical but with different data.

It has nothing at all to do with Intel/Motorola, and everything to do with
the fact that no two machines, operating systems, or user-mucked-up
environments are identical. You can't write a piece of software that's
"psychic". No way to account for everything, because some of these things
haven't even happened yet.

That *would be* a defect, and software that refuses to digest its own
data is b0rken.

One of the most basic and widely accepted premises taught very early on in a
formally educated programmers schooling is the fact that it's completely
impossible to predetermine every possible bit of data that your software
might encounter.

And that doesn't even begin to address the fact that the machines
this alleged "perfect" software runs on are imperfect themselves, and
because of that, imperfect software *must* be written. Coders have no
choice.

Modern processors are esentially software abstractions anyway. So this
is begging the question.
[...]

<Beep> Repetition. Please make your argument; you are just baldly
asserting that software has to have defects in it, because ... because
it has to. I don't agree.

I think you're missing the point entirely.

As an example, consider the fact that memory inside a physically constrained
system can't be accessed flatly. IOW, at the bottom of all the operating
system's trickery is a machine that uses registers to map out "chunks" of
memory for use. This is true in *any* computer, and it can never be
otherwise because of the very nature of the term "digital". You are dealing
with zeros and ones. Accordingly, everything is done in a multiple of two.
8, 16. 32. 64... all even.

Any facade of accessing unlimited or "flat" memory is a kludge. A work
around, a trick... and by its very nature imperfect. You can't stuff a 3
into a box designed for a 2, and expect to survive long without taking
steps to "deal" with this imperfection.

Thus is the essence of a deterministic machine. Garbage in, garbage out,
with "garbage" being data that's not lock step with rules of the digital
world. Like any data that might come from the analog universe. Which would
be *all* of it.

Google me up. You aren't a very good guesser. You just couldn't be more
wrong! In fact your wrongness is so completely wrong, that I'm in fits.

OK... I fed "Jack" into google.

Results 1 - 100 of about 157,000,000 for Jack [definition]. (0.26 seconds)

Care to narrow it down a bit?

I've actually been coding since I was 13. I'm now 49. Yes, do the sums:

With that sort of experience you should already know all this stuff..???

that means I was writing code in 1969, at school. That's more than
twelve years before the introduction of the IBM PC. The code was written
directly in machine-code (not assembly), for an IBM Schools Computer, a
machine based (I think) on the Intel 8008 microcontroller, basically a
4-bit processor. It had to be typed in as hexadecimal, because the

<shrug>

I programmed my first computer with toggle switches. Then punch cards.
What's your point?

Yeah, "buddy programming" means that you have to pay two programmers,
when otherwise you might have got away with just paying one; but like I

Why not three? Or five? Or fifty?

Oh wait, we already do that. And yet buggy code exists.

I find it unfathomable a seasoned coder would have any aspirations of
writing flawless code. Quite to opposite in fact. The more seasoned you
become, the more you realize just what a buggy place the digital world is.

--
Hand crafted on October 16, 2005 at 16:09:49 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx

 

[Tim Smith]

Being to lazy to Google at the moment can you cite any real life examples of
how C/R has caused such a problem. I don't pretend to call you a fibber,
I'm just the sort that likes to see tangible evidence.

We had a domain at work for a project that never happened. The domain
had one web page, that redirected to our main site, and was never used
for email, so everything received there was spam, or bounces from spams
that forged our domain.

At its peak, there were around 20000 messages a day, mostly bounces. I
saw quite a few challenges from C/R systems among those.

I didn't keep any numbers on what percentage these were, and we set the
MX record to point to 127.0.0.1 after a while so the people bouncing
stuff to us could go bounce to themselves instead (and we didn't renew
the domain, so its gone now), so I can't get you any absolute numbers.

 

[Tim Smith]

Don't get me wrong, I fully admit there's a problem I hadn't considered, I'm
honestly just trying to get a handle on exactly how bad that problem is in
the real world. Bounces and C/R are similar of course, and it could be
argued that for practical purposes *all* auto-responders should be put
down, but for purely academic reasons I'd like to differentiate between the
two for now.

It's not too bad *now*, because not many people use C/R. In a way, it
is like spam itself--when only a few people were spamming, then it was
just a small annoyance that could easily be dealt with by filters, or
just hitting delete. When a zillion people are spamming, it is a major
drain on the infrastructure of the mail system itself.

As I said in an earlier post, C/R *could* be made to work well, even if
a large number of people used it, *if* we first get widespread adoption
of SPF.

For those not familiar with SPF, it basically works like this. A record
is added to the DNS servers for a domain. This record tells what mail
servers are allowed to send mail for the domain. It can be very
specific, or it can use wildcards, and is pretty flexible.

When you (or rather, your mail system) receives a mail and is going to
send an automatic response (bounce or C/R challenge, for example), you
simply check the DNS server for the domain for an SPF record. The SPF
record tells you what mail servers legitimate mail from that domain
comes from. If the mail you received did NOT come from one of those
servers, then you can consider the address to be forged, and drop the
message, and NOT send the automatic response.

 

[Jeffrey F. Bloss]

I just said your snipping practices were rude. I write sentences, but
you can't be bothered to quote anything other than lines.

So you were ignoring netiquette just so you could whine then... OK.

"Judicrous", perhaps You evidently need a smell-czechker.

Ludicrous Lu"di*crous, a. L. ludicrus, or ludicer, from ludus
play, sport, fr. ludere to play.
1. Adapted to excite laughter, without scorn or contempt;
sportive. --Broome.
1913 Webster
2. Ridiculously absurd.

I have one. Perhaps you do not?

Windows XP. Nuff said.

That's quite the popular, but uninformed opinion. A cursory glance at SANS
would reveal the fact that other operating systems are equally buggy, if
not more so.

My "ego" says he's OK, and he thinks you are full of it. The fact that
you haven't presented a case at all doens't mean that I need to present
my case better.

Whatever.

Clicking your ruby slippers and chanting "did not" over and over only works
in the movies. I made a point, you failed to refute it with anything but
this sort of puerility, and a glaring lack of inability to give a simple
one syllable answer to a question that demands it.

The "discussion" has degraded into a battle of wits. The horse is dead and I
tire of kicking it. Feel free to have the last word...

--
Hand crafted on October 16, 2005 at 17:22:09 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx

 

[Ant]

Jeffrey F. Bloss wrote: [snip]

The best coders in the world make mistakes, or aren't aware of all
the hardware quirks of every platform, or can't account for API
variations across different OS versions, or can't perfectly work
around the limitations of their tools, or can't guarantee that
another software won't step all over their own, or can't account for
every bit of possible data a software might encounter, or...... the
list goes on and on.

[snip]

The widespread belief that making bug-free software is impossible is
responsible for an awful lot of misery. At the very least, a
professional programmer should aspire to making defect-free code. A
coder that thinks freedom from defects is impossible is a coder I
wouldn't hire.

He makes a good point about API variations. We have to trust that the
precompiled libraries of routines and interface code which are provided
with languages and operating systems are reliable in all situations.
There is only so much testing you can reasonably be expected to do. We
may not encounter the as yet undiscovered behavioural quirk in some
system library during the course of testing. It may manifest itself
only in certain configurations of the OS, or when other threads not
under our control are using it.

When Java was first released, I wrote an application to test
communication between applets in a HTML document. I developed it on a
Solaris box, later tried it on Windows, and much later on a Mac. The
behaviour was different on all three platforms when it should have
been the same, even though the threading models differ on these
systems. Java is supposed to be cross-platform, and I dare say with
later releases the compatibility may have improved.

I agree with your aspirational statement. I get very concerned when
people report problems with my own code. Often they turn out to be
because of poorly specified requirements, never mind design.

 

[Jack]

One of the most basic and widely accepted premises taught very early
on in a formally educated programmers schooling is the fact that it's
completely impossible to predetermine every possible bit of data that
your software might encounter.

Hah! That's obvious. You don't need to be trained to understand that. I
personally take a fairly dim view of formal computer training, having
been employed in delivering these services, but never having been
trained myself.

And that doesn't even begin to address the fact that the machines
this alleged "perfect" software runs on are imperfect
themselves, and because of that, imperfect software *must* be
written. Coders have no choice.

Modern processors are esentially software abstractions anyway. So
this is begging the question.
[...]

<Beep> Repetition. Please make your argument; you are just baldly
asserting that software has to have defects in it, because ...
because it has to. I don't agree.

I think you're missing the point entirely.

<snipped bullshit about flat memory>

It would be remarkable if the synthesis of "flat memory" by an OS were
defective. I would seem that any software run in defectively-synthesised
memory must fail, sooner or later.

Care to narrow it down a bit?

Try "jackpot". Or Do a whois, and see what my real name is; then google
that. Or just please yourself; I don't feel the need to prove anything
to you. Who the **** are you, anyway?

<shrug>

I programmed my first computer with toggle switches. Then punch
cards. What's your point?

I think yuou are aged about 18, and I think you are fibbing. An I was
responding to your amusing suggestion that you think I am not a coder; I
was not trying to make any point.

Your credibility would be enhanced if you were able to notice when a
question that you have put is being answered.

Why not three? Or five? Or fifty?

Obviously you are ignorant. Committee programming isn't very efficient.
Committee decision-making is pretty crap. Coders generally don't like
meetings.

Oh wait, we already do that. And yet buggy code exists.

So where's your OS? I say you are full of shit. I think you believe that
it is impossible to write bug-free code, because you can't imagine doing
such a thing yourself.

Please post the download URL.

Snipping is a really good thing to do; but rude snipping is - well -
rude; and snipping questions like "show me your hand" is just against
the rules of poker. I called, you, remember? So please show your hand.

I find it unfathomable a seasoned coder would have any aspirations of
writing flawless code. Quite to opposite in fact. The more seasoned
you become, the more you realize just what a buggy place the digital
world is.

Without bothering to quote you, it appears that you are a Micro$oftie.
So it's not even slightly surprising to me that you take this
professionally-suicidal posture.

[Actually, you haven't claimed to be a programmer; you haven't said
anything about your credentials at all, in fact. You've tried to rubbish
me, and you've just ignored my response to your crap. Lemme guess: you
aren't a coder? Answer, please.]

I don't claim to have ever written a flawless program that was
non-trivial. But I think the attitude that it is at least possible is
one that any programmer should cling to. To approach one's trade as a
task that cannot be done is rather stultifying; perhaps you might
consider becoming a gas-installer. I'm told that plumbers and
gas-installers earn more than programmers.

 

[Jack]

When Java was first released, I wrote an application to test
communication between applets in a HTML document. I developed it on a
Solaris box, later tried it on Windows, and much later on a Mac. The
behaviour was different on all three platforms when it should have
been the same, even though the threading models differ on these
systems. Java is supposed to be cross-platform, and I dare say with
later releases the compatibility may have improved.

Java is just a programming language. It's *supposed* to be
cross-platform; but anyone that has tried to deliver real cross-platform
solutions based on Java knows that you have to test on every platform
you want the product qualified on; and that if you don't test, then it
will break in exactly the scenario you didn't test for.

Actually, that's not specific to Java. That's just a special case of
Murphy's Law, andf it applies to any creative work.

I agree with your aspirational statement. I get very concerned when
people report problems with my own code. Often they turn out to be
because of poorly specified requirements, never mind design.

Yes. Helping the client to express their requirements clearly is really
difficult, even if the client is technically eloquent. And if the
requirements are badly thought out, the project is doomed. Software
development is a risky game. Just check out the history of the UK Home
Offices's IT failures (I'm not aware of a single Successful IT rpojrect
undertaken by the UK Home Office, but Blossom might have a case-study).

 

[Roger Wilco]

...[...] This is true in *any* computer, and it can never be
otherwise because of the very nature of the term "digital". You are dealing
with zeros and ones. Accordingly, everything is done in a multiple of two.
8, 16. 32. 64... all even.

Digital refers to digits (those appendages on your hands) and indicates
base ten usage for non-mutant humans. You are thinking of "binary" or
base two computations. Digital also refers to "non-analog" computation
but doesn't really indicate only the binary form of non-analog
computation.

 

[Jack]

...[...] This is true in *any* computer, and it can never be
otherwise because of the very nature of the term "digital". You are
dealing with zeros and ones. Accordingly, everything is done in a
multiple of two. 8, 16. 32. 64... all even.

Digital refers to digits (those appendages on your hands) and
indicates base ten usage for non-mutant humans. You are thinking of
"binary" or base two computations. Digital also refers to
"non-analog" computation but doesn't really indicate only the binary
form of non-analog computation.

So you know of some non-binary digital computer? My guess is you don't.
Even if you do, it will not be a production device. There is no such
thing as a ten-fingured computer (just as well; I can only really use
four fingures in typing).

Perhaps you and Blossom deserve one another, Mr. Wilco. Are you
acquainted from some other part of usenet? As far as I can see, you are
both visitors in alt.spam.

 

[Leythos]

...[...] This is true in *any* computer, and it can never be
otherwise because of the very nature of the term "digital". You are dealing
with zeros and ones. Accordingly, everything is done in a multiple of two.
8, 16. 32. 64... all even.

Digital refers to digits (those appendages on your hands) and indicates
base ten usage for non-mutant humans. You are thinking of "binary" or
base two computations. Digital also refers to "non-analog" computation
but doesn't really indicate only the binary form of non-analog
computation.

Digital has not been an indicator of Base-10 for years, decades, except
for those still living out of the past.

 

[Jeffrey F. Bloss]

Hah! That's obvious. You don't need to be trained to understand that. I
personally take a fairly dim view of formal computer training, having
been employed in delivering these services, but never having been
trained myself.

That much was unmistakable.

Many of the untrained masses feel they way you do. Much like many poor folk
console themselves with "I don't need money to be happy" rhetoric. It's
only natural to try and belittle what you can not have. Completely
understandable.

It would be remarkable if the synthesis of "flat memory" by an OS were
defective.

Memory management is a bane of most all coders. If not *flatly* all.

You claim experience, but everything you say contradicts that claim.

I would seem that any software run in defectively-synthesised
memory must fail, sooner or later.

Finally, a glimmer of sentience.

Try "jackpot".

Results 1 - 10 of 269,000 for jackpot [definition]. (0.22 seconds)

Not much help.

Or Do a whois, and see what my real name is; then google
that.

[jeff@wrench ~]# whois jackpot.uk.net
[Querying whois.centralnic.net]
[whois.centralnic.net]
Domain Name: jackpot.uk.net

Registrant: Jackpot

Administrative Contact:
John Cleaver (H81233) jackc@[COURTESY MUNGE]
[...]

<googles>

Results 1 - 100 of about 604 for "John Cleaver". (0.20 seconds)

Still nothing. The usual genealogy stuff, a "model buildings" link, some
stuff about a guy on some college rowing team (we know that can't be you),
some novelist I've never heard of... but nothing telling the world what a
master coder you are.

Let's try '"John Cleaver" programming'

Results 1 - 82 of about 261 for "John Cleaver" programming. (0.71 seconds)

Nothing. Nothing but "athletic program", "responsible for academic
programming", yadda, yadda, yadda...

How about '"John Cleaver" software'?

Nada.

Sorry. Ain't happening. You're either a liar, or your reputation isn't what
you thought it was. The fact that you seem to want to play games instead of
just providing some sort of direct evidence indicates the former. Prove me
wrong and I'll gladly apologize.

Or just please yourself; I don't feel the need to prove anything
to you.

You're the one claiming to have the experience. Without proof it's nothing
but an empty claim. Suite yourself. It's really not that important to me.

Who the **** are you, anyway?

None of your business.

Obviously you are ignorant. Committee programming isn't very efficient.
Committee decision-making is pretty crap. Coders generally don't like
meetings.

So where's your OS? I say you are full of shit.

What the *hell* are you prattling on about?

I think you believe that
it is impossible to write bug-free code, because you can't imagine doing
such a thing yourself.

I can't. I know better. I know you can't either, nor can anyone else.

Please post the download URL.

Ummm... for what?

Snipping is

Are you still whining about not having everything you type full quoted?

Without bothering to quote you, it appears that you are a Micro$oftie.

If you'd had the presence of mind to glance at headers you'd know why your
misguided assumption amuses me.

So it's not even slightly surprising to me that you take this
professionally-suicidal posture.

[Actually, you haven't claimed to be a programmer; you haven't said

You're right, I haven't. You did.

I don't claim to have ever written a flawless program that was
non-trivial.

Why not? What prevented such a master programmer from practicing what he
preaches?

--
Hand crafted on October 16, 2005 at 20:24:50 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx

 

[Jack]

He makes a good point about API variations. We have to trust that the
precompiled libraries of routines and interface code which are
provided with languages and operating systems are reliable in all
situations.

Niet!

You either test, or you declare the software to be unqualified on
platform X. Easie Peasie. Surrender is not an option.

There is only so much testing you can reasonably be expected to do.

Of course. But you just don't ship code for platform X, if you haven't
checked that it works on that platform. Why else would I be running an
Oracle database server? Certainly not for fun. Oracle sucks.

We may not encounter the as yet undiscovered behavioural quirk in
some system library during the course of testing. It may manifest
itself only in certain configurations of the OS, or when other
threads not under our control are using it.

Point taken. Java isn't what it is sold as.

You have to test on every platform; and if you are selling the code to
$BIGCORP, then you also have to test in whatever environment they want
to run it in. Java is not magic. It's just another programming language.
Threads in particular are dangerous; MP hardware seems to throw up
special difficulties with threading.

 

[Jack]

How about '"John Cleaver" software'?

Nada.

My name is usually Jack. My father, the taxman and the bank-manager call
me "John". Nobody else does. I'm sorry you wasted your time. Perhaps you
need to practise a little more with search-engines. Perhaps it is news
to you that "Jack" is a common nickname for people named "John". Perhaps
you failed to note my (very short) sig, and the connection between my
name and my domain-name. Or maybe you just aren't terribly good at
internet research. Who cares.

Sorry. Ain't happening. You're either a liar, or your reputation
isn't what you thought it was.

I'd love it if you came straight out and accused me of lying, because
you'd get it shoved straight back down your throat by people who know
different. But I don't give a toss about your opinion of my
reputatation. Who the **** are you, anyway? Do you have any reputation
at all?

The fact that you seem to want to play games instead of just
providing some sort of direct evidence indicates the former. Prove me
wrong and I'll gladly apologize.

Apologies are cheap. Who are you? Why should I care what you think about
me? I don't need to prove diddly to you. You are not a prospective
client, or anything like that; you are just a loudmouth, puffing away in
a Usenet newsgroup.

You're the one claiming to have the experience.

Nope. You called me ("Lemme guess", you said), and I replied. I'm not in
the habit of puffing in public, unless I am challenged. It's time for
you to back down. You were wrong. Own up. You are a noisy braggart.
Isn't that the truth?

Without proof it's nothing but an empty claim. Suite yourself. It's
really not that important to me.

Is that "suite" as in "lawsuite"? You sound like one of the whingers in
NANAE.

Ummm... for what?

For the OS that you claimed to have written. This newsgroup is archived
by DejaGoo. Do you need a link, to prove that you made that claim? Or
will you just own up?

[Actually, you haven't claimed to be a programmer; you haven't said

You're right, I haven't. You did.

Hard to know what you are claiming that I said; if I snipped your
sentences the way you snip mine, I could easily prove that you were both
black and white at the same time.

You made statements that implied you knew what you were talking about
wrt. software development, without coming out straight and saying you
actually knew a whole programming language. You are full of shit.

Why not? What prevented such a master programmer from practicing what
he preaches?

Employment.

So have you actually ever written a program? I'm not that keen on
listening to lectures about software development from bullshitters.
Life's too short.

So why should I care what you think about software development, or the
impossibility of writing bug-free software? Can you code? Your history
of dropping card-decks just says that you know that the really old kit
involved cards and punches and ticker-tape. Big deal. You are a bluffer,
and I would like to see your cards please.

 

[Jeffrey F. Bloss]

It's not too bad *now*, because not many people use C/R. In a way, it

See now that's what I thought, but someone suggested there were examples to
the contrary... that C/R was a real life problem.

No matter, it's just an academic exercise.

is like spam itself--when only a few people were spamming, then it was
just a small annoyance that could easily be dealt with by filters, or
just hitting delete. When a zillion people are spamming, it is a major
drain on the infrastructure of the mail system itself.

I agree. Responding to SPAM is essentially duplicating SPAM 1 to 1. I
wouldn't personally use C/R in any significant way, although I've dabbled
with it on a few store bought accounts that offered it. The tool *does*
have a use, it's just not on personal accounts IMO.

As I said in an earlier post, C/R *could* be made to work well, even if
a large number of people used it, *if* we first get widespread adoption
of SPF.

I think SPF, like anything else, has it's advantages and disadvantages. It
certainly makes it problematic for someone at ABC.com to forge email from
(e-mail address removed), but it also puts some limitations on valid senders. They're
locked into a specific From header in most cases (from what I understand),
and issues of nym hopping aside, that's something I disagree with on
principal. If I want to drop my middle initial for example, or shorten to
"Jeff", I think I should be allowed to do so. Of course these things can be
dealt with by other methods.

The other problem I see with SPF is the possibility that it can be exploited
by someone "on the inside". Someone who owns or gets control of an account
at XYZ.com could effectively "hijack" another XYZ user's email by
registering the same address (or a similar one, ala phishing sites that
obfuscate URL's to make it appear as though they're YourBank.com). The
pre-authentication effect could be used for evil, IOW.

The idea of using C/R and SPF together judiciously is a good one though in
my opinion. It's these, and other "balanced" solutions that need to be
considered over broad, sweeping, slash and burn tactics. My original
premise exactly.

--
Hand crafted on October 17, 2005 at 10:58:32 -0400

Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx

 

[Jack]

See now that's what I thought, but someone suggested there were
examples to the contrary... that C/R was a real life problem.

No matter, it's just an academic exercise.

No, it's not, it's a real-life problem. I'm sick of misdirected C/R spam
challenges, and I often LART them as unsolicited bulk. That means the
sender of these challenges gets listed in places like Spamcop, which
means in turn that C/R is a problem for the person who is using it (they
can't send email).

I think SPF, like anything else, has it's advantages and
disadvantages. It certainly makes it problematic for someone at
ABC.com to forge email from (e-mail address removed), but it also puts some
limitations on valid senders. They're locked into a specific From
header in most cases (from what I understand), and issues of nym
hopping aside, that's something I disagree with on principal. If I
want to drop my middle initial for example, or shorten to "Jeff", I
think I should be allowed to do so. Of course these things can be
dealt with by other methods.

Do you have your diddly wistle in your domain name? That would be silly,
if you were planning on dropping it (and since we don't know what it
stands for, it's pretty useless anyway - it's a bit like putting "III"
at the end of your name).

The other problem I see with SPF is the possibility that it can be
exploited by someone "on the inside". Someone who owns or gets
control of an account at XYZ.com could effectively "hijack" another
XYZ user's email by registering the same address (or a similar one,
ala phishing sites that obfuscate URL's to make it appear as though
they're YourBank.com). The pre-authentication effect could be used
for evil, IOW.

SPF just says that "for this domain, the following IP addresses emit
authorised email". It says nothing at all about individual email
addresses at that domain.

The idea of using C/R and SPF together judiciously is a good one
though in my opinion.

Your opinion might be interesting; if you actually knew what SPF was.

It's these, and other "balanced" solutions that need to be considered
over broad, sweeping, slash and burn tactics. My original premise
exactly.

Slash, burn, brag, sweep, balance, premise. It helps a bit if you know
what you are talking about, "exactly".

BTW: I remain very interested in the URL of the download site for the OS
you claim to have written. Your silence on this matter is deafening.

 

[Mike Easter]

The idea of using C/R and SPF together judiciously is a good one

C/R is so full of problems that I can't imagine it being used very
judiciously for anything. The first step would have to be to eliminate
spam before you challenge anything, because there shouldn't be any
challenges of spam because of the bogus From problem.

Another step would have to be to eliminate all of the things like
mailing lists and other automated mailers, because they can't answer
challenges. Another step would have to be to eliminate all of the real
people from whom you want to receive goodmail, because challenges are
offensive to your knowns who should be whitelisted/.

So, after we have eliminated spam, mailing lists and other bulk wanted
mail, and our 'friends' -- exactly who/what do you think should be
getting challenged?

Perhaps unknown wanted mail, but I don't think the challenge is the best
way to deal with unknown wanted mail -- it should actually be handled by
'inspection' - which wouldn't be too hard after we've eliminated the
spam and the mailing lists and the other whitelisted mail.

 

[Ant]

Java is just a programming language. It's *supposed* to be
cross-platform; but anyone that has tried to deliver real cross-platform
solutions based on Java knows that you have to test on every platform
you want the product qualified on; and that if you don't test, then it
will break in exactly the scenario you didn't test for.

Agreed. Mine was purely experimental.

Actually, that's not specific to Java. That's just a special case of
Murphy's Law, andf it applies to any creative work.

Noting the use of "creative". IMO software engineering is more an art
than it is a science.

Yes. Helping the client to express their requirements clearly is really
difficult, even if the client is technically eloquent. And if the
requirements are badly thought out, the project is doomed.

My work has been mostly small one-man efforts, or a contribution to
medium sized projects. Fortunately, requirements oversights have been
minor, and could be fixed without scuppering the project. I try to
build software in such a way that functionality can be easily extended
if required.

Software
development is a risky game. Just check out the history of the UK Home
Offices's IT failures (I'm not aware of a single Successful IT rpojrect
undertaken by the UK Home Office, but Blossom might have a case-study).

I'm well aware of government IT failures, but I've no experience with
such large projects. I've never worked for EDS or Logica!