New protocol to replace SMTP?
Canbear
about a replacement for SMTP. Poking around the old discussions, I
haven't been able to find anything much since 2007. The way I see it,
SMTP is a way out-of-date protocol. Why is it so hard for the TCP/IP
gurus to come up with a more complex mail transfer protocol (CMTP) to
defeat bots like Rustock? Some of you might know, Microsoft has
offered $250,000 reward for information leading to the arrest of the
Rustock creators.
To me, all this would be unnecessary if a new protocol with a complex
algorithm was created. If a such a protocol could be made, I think it
might give NNTP a rebirth as a beneficial side-effect.
I suppose servers using BIND and the like, could be modified for a new
standard for SMTP. But isn't that just putting a band-aid on the real
issue which is the protocol itself?
BTW - I don't why Microsoft still wants to nail the Rustock spammers
for so much money, because after the McColo server was shut down,
Rustock has diminished.
Canbear
Rod Speed
> About five years ago or so, I used to read some postings and articles
> about a replacement for SMTP. Poking around the old discussions, I
> haven't been able to find anything much since 2007. The way I see it,
> SMTP is a way out-of-date protocol. Why is it so hard for the TCP/IP
> gurus to come up with a more complex mail transfer protocol (CMTP) to
> defeat bots like Rustock? Some of you might know, Microsoft has
> offered $250,000 reward for information leading to the arrest of the
> Rustock creators.
> To me, all this would be unnecessary if a new protocol with a complex
> algorithm was created. If a such a protocol could be made, I think it
> might give NNTP a rebirth as a beneficial side-effect.
Cant see that last happening, usenet is dying primarily because hardly
anyone has even heard of it.
> I suppose servers using BIND and the like, could be modified for a new
> standard for SMTP. But isn't that just putting a band-aid on the real
> issue which is the protocol itself?
Presumably its a lot easier said than done.
> BTW - I don't why Microsoft still wants to nail the Rustock spammers
> for so much money, because after the McColo server was shut down,
> Rustock has diminished.
Sure, but you dont see rewards reduced over time.
Joe Pfeiffer
Not quite clear why this is afc territory (but then, sometimes it seems
like *everything* is afc territory), but I'm curious: why do you seem
to feel that the mere addition of complexity will beat the spammers?
Stephen Wolstenholme
X400
Steve
--
Neural network software applications, help and support.
Neural Planner Software www.NPSL1.com
Tim Shoppa
> Canbear <nos...@nospam.com> writes:
> > About five years ago or so, I used to read some postings and articles
> > about a replacement for SMTP. Poking around the old discussions, I
> > haven't been able to find anything much since 2007. The way I see it,
> > SMTP is a way out-of-date protocol. Why is it so hard for the TCP/IP
> > gurus to come up with a more complex mail transfer protocol (CMTP) to
> > defeat bots like Rustock?
>
> like *everything* is afc territory), but I'm curious: Â why do you seem
> to feel that the mere addition of complexity will beat the spammers?
I interpreted the post (and proposed CMTP acronym) to be firmly tongue-
in-cheek.
The purposeful confusion induced between SMTP, Rustock botnet, and
Microsoft confirms my interpretation. I mean, Microsoft and botnets
naturally go hand in hand. But it was the inclusion of SMTP into the
mix that put it over the top.
Tim.
jmfbahciv
AOL has been doing something because I've been plagued with "cannot
send message content" errors when I try to ship out my email. it
won't deter spammers but it certainly will deter legitimate use.
/BAH
Charlie Gibbs
<5f8f968e-8682-418b...@hd10g2000vbb.googlegroups.com>,
sho...@trailing-edge.com (Tim Shoppa) writes:
Oh, let's go all the way. Microsoft wants to replace SMTP with their
own proprietary mail protocol. After all, when I wrote my own SMTP
client, I had to add an option so that it would work with Microsoft
Exchange servers, which reject a RCPT TO command if its mail address
is enclosed in the angle brackets that are required by RFC 2821.
--
/~\ cgi...@kltpzyxm.invalid (Charlie Gibbs)
\ / I'm really at ac.dekanfrus if you read it the right way.
X Top-posted messages will probably be ignored. See RFC1855.
/ \ HTML will DEFINITELY be ignored. Join the ASCII ribbon campaign!
Scott Lurndal
>About five years ago or so, I used to read some postings and articles
>about a replacement for SMTP.
>To me, all this would be unnecessary if a new protocol with a complex
>algorithm was created. If a such a protocol could be made, I think it
>might give NNTP a rebirth as a beneficial side-effect.
Why, oh why, would you think a new protocol is necessary?
And why, oh, why make it more complicated? Security by obscurity is no
security at all. The 'S' stands for simple, after all.
>
>I suppose servers using BIND and the like, could be modified for a new
>standard for SMTP. But isn't that just putting a band-aid on the real
>issue which is the protocol itself?
It is pretty clear from this paragraph that you don't really have a
complete understanding of how the various internet protocols interoperate.
The only relationship between BIND and the various MTA's is that DNS provides
the concept of an MX (Mail Exchanger) record which designates the IP address
of the MTA for a given host or domain. They are otherwise completely
orthogonal.
scott
Canbear
wrote:
I don't have a complete understanding, it's true. Networks are not my
thing. I am actually asking because my knowledge IS sketchy on how
SMTP interacts with MTAs, MSAs and blah blah blah. The main concern,
especially with commentators like John C. Dvorak of PCMAG, is that
spamming and spambots are out of control. He even went as far to say
that US Postal service should handle email. It's true. Most people say
that is simplistic and an absolutely bizarre solution. I think it's
weird too.
I thought that maybe the protocol could be changed to interrupt this
heavy flow of bogus email bombing. That's all. I didn't want to go
through all those boring RFCs to see what changes have been suggested
for SMTP. I know that the cabal at AFC are full of the rich knowledge
of such stuff and can fill in some blanks as to why SMTP can't be
changed or replaced to deal with the problem.
Canbear
Torfinn Ingolfsen
> About five years ago or so, I used to read some postings and articles
> about a replacement for SMTP.
> Poking around the old discussions, I
> haven't been able to find anything much since 2007. The way I see it,
> SMTP is a way out-of-date protocol.
Actually, SMTP is updated and secure enough. Perhaps Microsoft needs to
update their implementation of it?
> Why is it so hard for the TCP/IP
> gurus to come up with a more complex mail transfer protocol (CMTP) to
> defeat bots like Rustock? Some of you might know, Microsoft has
> offered $250,000 reward for information leading to the arrest of the
> Rustock creators.
If Microsoft have a problem with malware / botnets or whatever, why
don't Microsoft fix it?
If you have a problem with Microsoft products because of malware /
botnets or whatever, why don't you change to something else?
--
Torfinn Ingolfsen,
Norway
Rod Speed
> Canbear wrote
>> About five years ago or so, I used to read some postings and articles about a replacement for SMTP.
>> Poking around the old discussions, I haven't been able to find anything much since 2007. The way I see it, SMTP is a
>> way out-of-date protocol.
> Actually, SMTP is updated and secure enough. Perhaps Microsoft needs to update their implementation of it?
Its got nothing to do with Microsoft's implementation of it.
>> Why is it so hard for the TCP/IP gurus to come up with a more complex mail transfer protocol (CMTP) to defeat bots
>> like Rustock? Some of you might know, Microsoft has offered $250,000 reward for information leading to the arrest of
>> the Rustock creators.
> If Microsoft have a problem with malware / botnets or whatever, why don't Microsoft fix it?
It isnt something that Microsoft can fix.
> If you have a problem with Microsoft products because of malware / botnets or whatever,
The problem isnt with microsoft products.
> why don't you change to something else?
Because problem isnt with microsoft products.
Ahem A Rivet's Shot
"Rod Speed" <rod.sp...@gmail.com> wrote:
> Torfinn Ingolfsen wrote
> > If Microsoft have a problem with malware / botnets or whatever, why
> > don't Microsoft fix it?
>
> It isnt something that Microsoft can fix.
>
> > If you have a problem with Microsoft products because of malware /
> > botnets or whatever,
>
> The problem isnt with microsoft products.
Apart from the small detail that most (all?) botnets run under
Microsoft operating systems.
--
Steve O'Hara-Smith | Directable Mirror Arrays
C:>WIN | A better way to focus the sun
The computer obeys and wins. | licences available see
You lose and Bill collects. | http://www.sohara.org/
Charlie Gibbs
nos...@nospam.com (Canbear) writes:
> I thought that maybe the protocol could be changed to interrupt this
> heavy flow of bogus email bombing. That's all. I didn't want to go
> through all those boring RFCs to see what changes have been suggested
> for SMTP. I know that the cabal at AFC are full of the rich knowledge
> of such stuff and can fill in some blanks as to why SMTP can't be
> changed or replaced to deal with the problem.
Actually, the situation is better than it used to be. There aren't
nearly as many open relays around as there once were (although,
granted, even one is too many). But all it'd take is to find an
ISP that doesn't pay that much attention to what its clients are
posting, or which could be per$uaded to turn a blind eye. For
that matter, given some of the marketroids I've seen, I wouldn't
be surprised if someone is spouting all sorts of high-sounding
rhetoric about free speech to justify setting up a site that
hosts spambots. No new protocol, however convoluted, can protect
against things like that.
Rod Speed
>>> If Microsoft have a problem with malware / botnets or whatever, why don't Microsoft fix it?
>> It isnt something that Microsoft can fix.
>>> If you have a problem with Microsoft products because of malware / botnets or whatever,
>> The problem isnt with microsoft products.
> Apart from the small detail that most (all?) botnets run under Microsoft operating systems.
Just because there are a hell of a lot more of them than anything else.
Its hardly surprising that that was targetted, only a fool would target anything else.
Rod Speed
> nos...@nospam.com (Canbear) wrote
>> I thought that maybe the protocol could be changed to interrupt this
>> heavy flow of bogus email bombing. That's all. I didn't want to go
>> through all those boring RFCs to see what changes have been suggested
>> for SMTP. I know that the cabal at AFC are full of the rich knowledge
>> of such stuff and can fill in some blanks as to why SMTP can't be
>> changed or replaced to deal with the problem.
> Actually, the situation is better than it used to be. There aren't
> nearly as many open relays around as there once were (although,
> granted, even one is too many). But all it'd take is to find an
> ISP that doesn't pay that much attention to what its clients are
> posting, or which could be per$uaded to turn a blind eye. For
> that matter, given some of the marketroids I've seen, I wouldn't
> be surprised if someone is spouting all sorts of high-sounding
> rhetoric about free speech to justify setting up a site that
> hosts spambots.
> No new protocol, however convoluted, can protect against things like that.
It is possible, most obviously with some form of digital signature that could
allow what comes from a site identified as operating like that to be binned.
Andreas Eder
>> Apart from the small detail that most (all?) botnets run under Microsoft operating systems.
Rod> Just because there are a hell of a lot more of them than anything else.
Rod> Its hardly surprising that that was targetted, only a fool
Rod> would target anything else.
That is just one detail, but not the most important. I'm sure that even
the most popular OS wouldn't be hacked as much if it were a little more
difficult.
'Andreas
--
ceterum censeo redmondinem esse delendam.
Rod Speed
> Rod Speed <rod.sp...@gmail.com> wrote
>>> Apart from the small detail that most (all?) botnets run under Microsoft operating systems.
>> Just because there are a hell of a lot more of them than
>> anything else. Rod> Its hardly surprising that that was
>> targetted, only a fool Rod> would target anything else.
> That is just one detail, but not the most important.
Wrong, its by far the most important.
> I'm sure that even the most popular OS wouldn't
> be hacked as much if it were a little more difficult.
You're wrong. Its whats most commonly used that matters.
Ahem A Rivet's Shot
Not so clear - there may well be more Linux boxes with permanent
connections than Windows by now when you count in the routers, wireless
access points, Android phones and tablets, NAS boxes, media servers, media
players, TVs and other appliances.
Rod Speed
> Rod Speed <rod.sp...@gmail.com> wrote
>> Andreas Eder wrote
>>> Rod Speed <rod.sp...@gmail.com> wrote
>>>>> Apart from the small detail that most (all?)
>>>>> botnets run under Microsoft operating systems.
>>>> Just because there are a hell of a lot more of them than
>>>> anything else. Rod> Its hardly surprising that that was
>>>> targetted, only a fool Rod> would target anything else.
>>> That is just one detail, but not the most important.
>> Wrong, its by far the most important.
>>> I'm sure that even the most popular OS wouldn't
>>> be hacked as much if it were a little more difficult.
>> You're wrong. Its whats most commonly used that matters.
> Not so clear
Fraid so.
> - there may well be more Linux boxes with permanent connections
> than Windows by now when you count in the routers, wireless
> access points, Android phones and tablets, NAS boxes, media
> servers, media players, TVs and other appliances.
Not a chance with those that are net connected.
Bernie Cosell
} On 07/25/2011 04:21 AM, Canbear wrote:
} > About five years ago or so, I used to read some postings and articles
} > about a replacement for SMTP.
} > Poking around the old discussions, I
} > haven't been able to find anything much since 2007. The way I see it,
} > SMTP is a way out-of-date protocol.
}
} Actually, SMTP is updated and secure enough.
Could you elaborate on this? AFAICT, SMTP has hardly changed at all from
its first specification in RFC 821. What 'updates' are you talking about
[and in particular, how they affect security]?
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
ber...@fantasyfarm.com Pearisburg, VA
--> Too many people, too few sheep <--
Anne & Lynn Wheeler
> Could you elaborate on this? AFAICT, SMTP has hardly changed at all from
> its first specification in RFC 821. What 'updates' are you talking about
> [and in particular, how they affect security]?
Postel let me do 6.10 stuff for STD1 (no longer maintained) ... doing a
lot of clean up of the standards ... eliminating lots of stuff where
subsequent RFC obsoleted previous RFC ... but the standards weren't
updated to show an obsoleted RFC had been replaced by subsequent RFC.
However, there were some real glitches in the standards process where
previous standard RFCs (like 821 & 822) had been obsoleted by subsequent
RFC ... but the new RFCs hadn't actually made it through the update
process.
821/822 were obsoleted (but not actually replaced) by 2821/2822.
2821/2822 have been subsequently obsoleted by 5321/5322.
furthermore 2821/2822 have been updated by 5335 & 5336 (as opposed to
updating 5321/5322; 5335&5336 were published slightly before 5321/5322).
rfc nos. are somewhat assigned sequentially as they are published,
however 2821/2822 was reserved well before their publication (being
published nearly a year after than other RFCs in close numerical
sequence). they weren't as well prepared for the replacements ... not
being able to work in 4821/4822 or 5821/5822.
for other "glitches" ... the "See Also" relationship (between RFCs) was
originally introduced for RFCs that reference each other (aka peer
relationship as opposed to hierarchical relationship of reference and
referencedby). That purpose (for "See Also") has since been subsumed for
things like RFCs that are also Best Current Practices ... however, in my
index, I still use it for its original purpose.
http://www.garlic.com/~lynn/rfcietff.htm
5321 section 7 discusses SMTP security ("inherently insecure")
--
virtualization experience starting Jan1968, online at home since Mar1970
Rod Speed
> Ahem A Rivet's Shot <ste...@eircom.net> wrote
>> Rod Speed <rod.sp...@gmail.com> wrote
>>>> That is just one detail, but not the most important.
>>> Wrong, its by far the most important.
>>>> I'm sure that even the most popular OS wouldn't
>>>> be hacked as much if it were a little more difficult.
>>> You're wrong. Its whats most commonly used that matters.
>> Not so clear - there may well be more Linux boxes with permanent
>> connections than Windows by now when you count in the routers,
>> wireless access points, Android phones and tablets, NAS boxes,
>> media servers, media players, TVs and other appliances.
> Last year we broke the barrier of one 32-bit cpu produced
> per capita on the planet. The distribution is far from even;
> you graphics cards may have a hundred of these.
> A better inducator of "real computers" is the MMU production, at
> around 1.4 billion. Windows past W2k, linux, BSD all need mmus
> to run; so this is a reasonable assumption for "real computer" count.
> According to Microsoft, they sell slightly less than 400M OS licenses a year.
But that ignores the large number who dont bother to pay MS for the Win they use.
> They are much less forthcoming about how these divide
> up. Analysts estimate that nearly a third of these are
> upgrades of earliner OSes or preinstalls,
And that number is clearly straight from their arse, we can tell from the smell.
> so the same machine now runs another Microsoft OS.
I doubt its anything like a third.
> So, 300M new windows machines every year seem like a reasonable estimate.
There isnt any real way to decide if its reasonable or not.
> This includes around 80M windows mobile units.
> Apple sells around 60M desktops, and well above 100 iSomethings.
> Symbian has seen a savage beating, but still see well above 100M
> units sold. Android is hot on Apple's heels,
Thats very arguable.
> but are well below 100M in unit sales;
So they arent actually hot on Apple's heels at all.
> 80M seems like a consensus among analysts.
There is no such consensus, particularly on how many are actually still in use.
> Adding in another 30M for all the other stuff like BeOS etc, we end
> with figures of somewhat below 700M, guaranteed below 850M,
> machines with licensed operating systems. Note that there are now more
> smartphone sales than
> servers, desktops and laptop sales combined. And only about half of
> these are actually Microsoft devices.
> But there are still another 600-700 million new, real computers out
> there where we have no accounting of any OS. This is penguin
> territory.
>
> The whole process control industry (which is larger than the IT
> industry) declared the year 2004 "the year of the penguin"; because
> of a industry-wide uptake of Linux. Linux now has a market share in
> process control of near 95%. This is what powers your set top, video
> camera. tv, wifi transponder,
> car computer, etc etc.
>
> And, frankly, the whole desktop market has stagnated because of
> Microsofts stranglehold. "Mircosoft" now ranks among the tired
> quarter of brand names. All the exiting stuff happens with gadgets.
> We are in the process of abandoning the idea of a common hardware/os
> platform, and embrace the net as the unifying factor. And Windows is
> becoming a game and browser host system. And a virus host.
>
> One reason there are so few virii and worms for the other systems is
> that
> even if it is Linux or BSD; it is still not a monoculture. There are
> tens
> of thousands of builds done, so you cannot depend on code smashes to
> hit more than a very small minority of systems. Windows, and apple,
> are monocultures where such parasitic code can ride along.
>
> However, my EEE Linux running x86 cannot easily affect the DDWRT
> access point, running ARM code. But they are both debian derivatives,
> even if they don't share a single instruction of binary code.
>
> -- mrr
Rod Speed
> Ahem A Rivet's Shot <ste...@eircom.net> wrote
>> Rod Speed <rod.sp...@gmail.com> wrote
>>>> That is just one detail, but not the most important.
>>> Wrong, its by far the most important.
>>>> I'm sure that even the most popular OS wouldn't
>>>> be hacked as much if it were a little more difficult.
>>> You're wrong. Its whats most commonly used that matters.
>> Not so clear - there may well be more Linux boxes with permanent
>> connections than Windows by now when you count in the routers,
>> wireless access points, Android phones and tablets, NAS boxes,
>> media servers, media players, TVs and other appliances.
> Last year we broke the barrier of one 32-bit cpu produced
Thats very arguable.
That last isnt guaranteed at all.
> machines with licensed operating systems. Note that there are now more
> smartphone sales than servers, desktops and laptop sales combined.
And its less than clear how many of those stay in use for long.l
The rate at which kids turn over their phones is amazing/obscene.
> And only about half of these are actually Microsoft devices.
> But there are still another 600-700 million new, real computers out
> there where we have no accounting of any OS. This is penguin territory.
Nope, much of its just people not bothering to pay MS for the OS they use.
> The whole process control industry (which is larger than the IT industry)
Depends on how you measure that.
> declared the year 2004 "the year of the penguin"; because
> of a industry-wide uptake of Linux. Linux now has a market
> share in process control of near 95%.
That number is straight from someone's arse too.
> This is what powers your set top, video camera. tv, wifi transponder,
> car computer, etc etc.
Most of the time it isnt. None of mine run linux.
> And, frankly, the whole desktop market has stagnated because
> of Microsofts stranglehold.
Nope, because so many have moved to laptops and smartphones.
And fuck all laptops come with linux, mostly just the netbooks.
> "Mircosoft" now ranks among the tired quarter of brand names.
Oh bullshit.
> All the exiting stuff happens with gadgets.
Fraid not.
> We are in the process of abandoning the idea of a common
> hardware/os platform, and embrace the net as the unifying factor.
Taint anything like that with most of the stuff he listed.
> And Windows is becoming a game and browser host system.
Thats completely silly. Games have mostly moved
to consoles, and they dont run linux much.
> And a virus host.
Even sillier.
> One reason there are so few virii and worms for the other systems
> is that even if it is Linux or BSD; it is still not a monoculture.
Win hasnt been for decades.
> There are tens of thousands of builds done, so you cannot
> depend on code smashes to hit more than a very small
> minority of systems. Windows, and apple, are monocultures
Like hell they are.
> where such parasitic code can ride along.
Fanatasy.
Rod Speed
> Rod Speed <rod.sp...@gmail.com> wrote
>> Morten Reistad wrote
>>> Ahem A Rivet's Shot <ste...@eircom.net> wrote
>>>> Rod Speed <rod.sp...@gmail.com> wrote
>>> Last year we broke the barrier of one 32-bit cpu produced
>>> per capita on the planet. The distribution is far from even;
>>> you graphics cards may have a hundred of these.
>>> A better inducator of "real computers" is the MMU production, at
>>> around 1.4 billion. Windows past W2k, linux, BSD all need mmus
>>> to run; so this is a reasonable assumption for "real computer" count.
>>> According to Microsoft, they sell slightly less than 400M OS licenses a year.
>> But that ignores the large number who dont bother to pay MS for the Win they use.
> In the OECD you have difficulty finding machines without MS software preinstalled.
No you dont with machines assembled by the retailer.
> So you have to look elsewhere for the huge piracy.
Nope. Hordes arent running the OS that was preinstalled even when it was.
> MS has been shaking down on this so hard
There is nothing they can do about it.
> I doubt there are more than 100m of these, probably far less.
Fantasy, particularly with china alone.
> I am talking of new installs per year. There may well be a few
> hundred million computers without licenses, but that is history.
Like hell it is with china and india alone.
>>> They are much less forthcoming about how these
>>> divide up. Analysts estimate that nearly a third of
>>> these are upgrades of earlier OSes or preinstalls,
> Besides, there are limits to how many lap/desktop systems
> are made. Estimates for EU25 are around 85m, for NAFTA
> 75m; these represented around 40% in 2006,
Dont believe that and we are way past 2006 anyway.
> ll allow 50% for a quick estimate.
I wont.
> EU+NAFTA markets are noe below replacement rates for desktops.
Only because so many are moving to laptops, notebooks, netbooks and tablets.
All of which have OSs.
> If we take EU+NAFTA plus a straight doubling we are at 320m;
> which seems about right if we see 270m new desktops. 40m
> pirates + 10m open source users seem like reasonable numbers.
Like hell they do with india and china.
> Microsoft have reported figures around 210m for worldwide "pure" sales earlier;
> new windows installs excluding servers, upgrades and mobile devices.
Pity about india and china alone.
> They cannot take any more market share,
> and the market is only growing in the fringes.
That last is just plain wrong. Hordes more have more than one
desktop/laptop/notebook/tablet per person than ever before.
> So a small growth to 230m, 80m mobiles (reported by ms) and the
> balance in servers, upgrades and extensions seem pretty reasonable.
Lke hell they do with india and china alone.
>> And that number is clearly straight from their arse, we can tell from the smell.
>>> so the same machine now runs another Microsoft OS.
>> I doubt its anything like a third.
> The desktop park is getting old,
Some of it is, some of it aint.
> and replacement rates are _very_ low,
Wrong.
> leading to much higher software upgrade rates than what we are used to.
Thats wrong too. Hardly anyone bothers to do that.
> Apple reports this, citing record upgrade figures for Lion.
Their situation is quite different. You dont see that with non Apple hardware.
>>> So, 300M new windows machines every year seem like a reasonable estimate.
>> There isnt any real way to decide if its reasonable or not.
> Sure there are. Calibrate against total sales.
You have no idea what total sales are, particularly with india and china.
>>> This includes around 80M windows mobile units.
>>> Apple sells around 60M desktops, and well above 100 iSomethings.
>>> Symbian has seen a savage beating, but still see well above 100M
>>> units sold. Android is hot on Apple's heels,
>> Thats very arguable.
> Among smartphones Nokia has seen the world implode;
Thats a gross exaggeration.
> they haven't published exact disaster results; but a drop
> from 220m to 150m seem in line with their revenue drop.
Thats not an implosion or a disaster.
And the revenue drop is much more about lower prices for smartphones.
> But only around 40m of these are really smartphones.
Depends on what you call 'really smartphones'
> Apple is at 120M, microsoft states 80m, same as android. Microsoft
> has taken a large chunk here, but android has grown faster.
Hardly surprising given it was very late to market.
> Android also seem like the choice of the smaller players.
The small players are by definition irrelevant.
> Mobile sales are pretty stable at 850m units per year, they just sell
> more smartphones. Smartphone sales are around 260-280m. There
> are a total on 3.2 billion GSM devices active and registered; making
> 55% of the worlds adult population reachable via SMS. (3gpp figures)
That figure is straight from someone's arse too.
> So, phones should last close to 4 years on a planet-wide average.
Bet fuck all of them do, particularly in the first and second world
in the sense of being actively used and not replaced as the main
phone by something else.
> My guess for 2012 would be 400m smartphones, at this point there
> should be some resistance), and desk/laptops stagnant at 300m;
Dont believe that and you cant just ignore the tablets, a style some prefer.
> and other gadgets galloping above a billion.
Most of which dont even have a proper OS.
>>> but are well below 100M in unit sales;
>> So they arent actually hot on Apple's heels at all.
>>> 80M seems like a consensus among analysts.
>> There is no such consensus, particularly on how many are actually still in use.
> 3gpp publishes monthly figures of worldwide GSM sales and
> how many devices are connected to the world GSM network,
> so there is adequate transparency on the GSM network size.
Irrelevant to that point I was making about any purported consensus amoung 'analysts'
And the GSM network is a notorious problem with lots of sims hardly ever used anyway.
I must have 10 in theory active myself in the sense that you can make calls using them.
>>> Adding in another 30M for all the other stuff like BeOS etc, we end
>>> with figures of somewhat below 700M, guaranteed below 850M,
>> That last isnt guaranteed at all.
> If we count devices sold we end at 320m desk/laptops,
> 280m smartphones and other similar devices.
You dont know that worldwide, particularly with india and china alone.
> That accounts for 600m. Sure, there are servers, network devices etc
> with OS licenses,
And plenty with no license at all.
> but they are unlikely to be anywhere near computer or smartphone sales.
That was just a comment on your 'guaranteed below'
> So, even the 700m figure seems a little high from this perspective.
Pity about china and india.
>>> machines with licensed operating systems. Note that there are now more
>>> smartphone sales than servers, desktops and laptop sales combined.
>> And its less than clear how many of those stay in use for long.
> 3.5 years is what we can gather from 3gpp.
And that number is straight from their arse. No one actually knows.
>> The rate at which kids turn over their phones is amazing/obscene.
> Spoiled kids are only a part of this market.
Taint just spoiled brats. Kids arent.
>>> And only about half of these are actually Microsoft devices.
>>> But there are still another 600-700 million new, real computers out
>>> there where we have no accounting of any OS. This is penguin territory.
>> Nope, much of its just people not bothering to pay MS for the OS they use.
> They aren't desktop devices.
You dont know that.
> Microsoft does not make software for these.
Corse it does.
>>> The whole process control industry (which is larger than the IT industry)
>> Depends on how you measure that.
> The EU15 IT industry, in total, struggles to meet 100B euro in
> yearly turnover, even if you include exotic things like games, etc.
The EU15 IT industry is a fart in the bath in the whole process control industry.
> The oil industry alone has internal IT services for half that
> (oil is above 800B if you count up and downstream).
> Telecoms is at 350B, and has internal IT services for
> around 20% of revenues. The internal IT of these two
> industries alone is bigger than all of the other "classic" IT industry.
Pity about the rest of the world.
> Frankly, IT blew it. Now the replacement is riding into town.
We'll see...
>>> declared the year 2004 "the year of the penguin"; because
>>> of a industry-wide uptake of Linux. Linux now has a market
>>> share in process control of near 95%.
>> That number is straight from someone's arse too.
> Source is several keynote speakers at process control seminars and fairs.
OK, their arses.
> There is a general consensus that Linux has swiped the industry clean.
Oh bullshit. Bet you didnt get too many chinese there.
> Noone bothers with their own OS and toolchain anymore, they
> concentrate their money on customer-visible functions instead.
Pity about the chinese.
>>> This is what powers your set top, video camera. tv, wifi
>>> transponder, car computer, etc etc.
>> Most of the time it isnt. None of mine run linux.
> Sure. There is still a "non-mmu" market out there that dwarfs the
> "mmu" market by 4 to 1. These largely run homegrown stuff. The
> disussion is about the 1.4 billion MMU-capable units that could,
> in thory run windows if the vendors and microsoft all wanted to.
That was just YOUR side track.
> Sure there are another 7 billion 32-bit CPUs sold.
And hordes more arent even 32 bit.
>>> And, frankly, the whole desktop market has stagnated because
>>> of Microsofts stranglehold.
>> Nope, because so many have moved to laptops and smartphones.
>> And fuck all laptops come with linux, mostly just the netbooks.
>>> "Mircosoft" now ranks among the tired quarter of brand names.
>> Oh bullshit.
>>> All the exiting stuff happens with gadgets.
>> Fraid not.
> Come with facts, not stupid assertions.
We havent seen a single fact from you, just assertions.
>>> We are in the process of abandoning the idea of a common
>>> hardware/os platform, and embrace the net as the unifying factor.
>> Taint anything like that with most of the stuff he listed.
>>> And Windows is becoming a game and browser host system.
>> Thats completely silly. Games have mostly moved
>> to consoles, and they dont run linux much.
> All my family, collegues and aquaintances that run windows state
> games, legacy applications and browser compatibility as the reasons.
The technical term for that is 'pathetically inadequate sample'
> I even have a small windows installation to run Euronav.
And that in spades.
>>> And a virus host.
>> Even sillier.
>>> One reason there are so few virii and worms for the other systems
>>> is that even if it is Linux or BSD; it is still not a monoculture.
>> Win hasnt been for decades.
> One binary distro of the whole OS.
Pity there isnt just one OS.
> Then sets of binary patches.
>>> There are tens of thousands of builds done, so you cannot
>>> depend on code smashes to hit more than a very small
>>> minority of systems. Windows, and apple, are monocultures
>> Like hell they are.
>>> where such parasitic code can ride along.
>> Fantasy.
> Then present an alternative for why the virus writers are sticking with Microsoft;
I already did, FAR more of the general public use
it than anything else on their main computing device
that is likely to have anything on it worth stealing.
> reporting around 1600 new entries for 2010,
> compared to around 50 for Linux and Apple.
> There have been around 100 large botnets
> identified. None run anything but windows.
Because thats what the absolute vast bulk of
devices that are of any use to a botnet run.
> The one that tried OSX was quickly stamped out.
> I readily admit Apple has the same monoculture
Much worse actually.
> and the same vulnerability.
Torfinn Ingolfsen
> Torfinn Ingolfsen<ti...@home.no> wrote:
>
> } On 07/25/2011 04:21 AM, Canbear wrote:
> }> About five years ago or so, I used to read some postings and articles
> }> about a replacement for SMTP.
> }> Poking around the old discussions, I
> }> haven't been able to find anything much since 2007. The way I see it,
> }> SMTP is a way out-of-date protocol.
> }
> } Actually, SMTP is updated and secure enough.
>
> Could you elaborate on this? AFAICT, SMTP has hardly changed at all from
> its first specification in RFC 821. What 'updates' are you talking about
> [and in particular, how they affect security]?
I see that Anne / Lynn Wheeler (how do I tell whom the poster really
is?) has posted the RFC numbers.
For a more human-readable overview, please see the wikipedia page on SMTP:
http://en.wikipedia.org/wiki/Smtp
As you can read, message submission (port 587) is now the "main" way to
put something in a smtp queue. This provides authentication (ie no
unathenticated submitters of mail), which is good.
Then there are various RFC's which include encrypted sessions (no one
can listen in on the traffic), anti-spam measures,
access and accountability and more.
HTH
--
Torfinn Ingolfsen,
Norway
Bernie Cosell
} Bernie Cosell <ber...@fantasyfarm.com> writes:
} > Could you elaborate on this? AFAICT, SMTP has hardly changed at all from
} > its first specification in RFC 821. What 'updates' are you talking about
} > [and in particular, how they affect security]?
}
} Postel let me do 6.10 stuff for STD1 (no longer maintained) ... doing a
} lot of clean up of the standards ......
} However, there were some real glitches in the standards process where
} previous standard RFCs (like 821 & 822) had been obsoleted by subsequent
} RFC ... but the new RFCs hadn't actually made it through the update
} process.
My apologies for not being clear: I understand that 821 has been *LONG*
obsoleted, but my question was, specifically, what are those updates that
he thought made SMTP "secure enough". And indeed, the very latest spec
still confirms my feeling about SMTP dating back to 821 and beyond.
SMTP mail is inherently insecure in that it is feasible for even
fairly casual users to negotiate directly with receiving and relaying
SMTP servers and create messages that will trick a naive recipient
into believing that they came from somewhere else. Constructing such
a message so that the "spoofed" behavior cannot be detected by an
expert is somewhat more difficult, but not sufficiently so as to be a
deterrent to someone who is determined and knowledgeable. ...
So I disagree, still, that SMTP is "secure enough".
Jonathan de Boyne Pollard
>>> Microsoft operating systems.
>>>
>>
> That is just one detail, but not the most important. I'm sure that
> even the most popular OS wouldn't be hacked as much if it were a
> little more difficult.
>
injection of measured rational argument, though.)
I could almost buy that argument, were it not for the lesson of
history. It has become more difficult, not just a little more difficult
but a *lot* more difficult, to subvert the most popular PC operating
system over the years and decades. And yet it's *still* the target.
The evidence before us is that the operating system is not targetted
because it's easy. A little thought reveals the fairly obvious
conclusion that people who want to hijack large numbers of other
people's computers target the operating system that is most likely to
get them the largest number of computers. They want large numbers,
having a larger army than the other bloke can deal with being their
primary goal, so they pick the largest set of homogenous machines as the
target. It's that simple. If millions of people were running Helios,
the hijackers would be busy churning out Transputer worms right now.
Jonathan de Boyne Pollard
>
... not that the world bought into the idea in the first place.
> One reason there are so few virii and worms for the other systems is
> that [...]
>
... people who use those systems cannot even spell the word "viruses"? (-:
Peter Flass
I just read a computerworld article that posits that most windoze
security holes are now in third-party software, such as Adobe.