Debian Project Rejects Sender-ID 196
NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well."
The truth of a proposition has nothing to do with its credibility. And vice versa.
Perhaps (Score:4, Interesting)
Re:Perhaps (Score:4, Interesting)
Re:Perhaps (Score:2, Funny)
I guess I will just have to look it up in Wikipedia...they are authoritative aren't they?
Re:Perhaps (Score:2)
Re:Perhaps (Score:2)
Re:Perhaps (Score:5, Insightful)
Re:Perhaps (Score:4, Interesting)
They got quite a break when they bought DOS and got into the PC OS market, and some time after that, they did get into the habit of `embrace and extend', but there are areas where even today they're putting out fine products.
For example, their optical mice are top notch and well priced to boot. And they don't `lock you into any standard' either -- certainly, they work fine with Xfree86 :)
Back to software, Windows (in it's various permutations) may not be perfect, but it's relatively easy for the end user to use, and highly featured. Same goes for Office.
And they have put out some good software titles lately, especially in the game area. Halo was excellent (though they did acquire the company that released Halo, so ...), Crimson Skies, the later Mechwarrior games were good (but lacking the `atmosphere' of MW2), etc.
I like to bash Microsoft as much as the next guy, perhaps even more, but not all criticism directed at them is warranted.
Re:Perhaps (Score:2)
(which, is kinda exactly what is happening anyways..)
Re:Perhaps (Score:4, Insightful)
The article mentions that Microsoft's Sender ID is an extension of the SPF standard. Further, "SPF/Sender-ID requires changes to DNS and MTAs in order to work. The changes to DNS involve the addition of new records which identify machines authorized to send mail for a specific domain".
I'm inferring that the internet's root DNS's have to be modified. Allowing Microsoft's "standard" on the root servers is hardly nonpartial if the open community is disagreeing so much.
No basic DNS changes (Score:5, Informative)
Of course, if you have a DNS provider who won't let you make such changes, you probably need a different DNS provider!
Restrictive Patents (Score:5, Insightful)
Re:Restrictive Patents (Score:5, Insightful)
The truth is, proprietary 'standards' are all over the place. They are especially effective when directly-marketed to consumers, cutting out all the middle-men who might say "whoah there, that isn't a good deal" and replacing them with glossy print ads full of half-truths.
And, let's face it, Windows itself is the greatest direct-marketing tool ever created. I'm not looking forward to the direction this is going.
Re:Agreed (Score:2)
I cant beleive that people still use Sendmail after all these years. Man, what a horrificly crappy piece of software.
Re:Restrictive Patents (Score:5, Insightful)
Kjella
Re:Restrictive Patents (Score:3, Insightful)
Re:Restrictive Patents (Score:2)
Maybe it's to prevent someone else from registering a patent for something that's broad enough/similar enough/outright identical to this and causing problems?
I've not RTFAed, but after the Eolas thing, I imagine that MS has become rather sensitive to that sort of thing happening, and so will probably now take out patents on everything it can to prevent it from happening again. Besides, merely owning a patent doesn't mean that you have to go afte
Re:Restrictive Patents (Score:2, Insightful)
The problem is, unless it's so licensed, and despite best intentions... a patent holder can later choose to kick your ass for using his patented method, even if he let oyu use it for free for years.
Re:Restrictive Patents (Score:2)
On a different note, with the amount(or lack thereof) of work going into finding prior art for patents, especially software patents, right now, I certainly hope they'll at the very least remove the capacity for retroactive patent infringement.
Re:Restrictive Patents (Score:2, Informative)
For more info see the IETF sender-id mailinglist at http://www.imc.org/ietf-mxcomp/mail-archive/threa
Re:Restrictive Patents (Score:4, Insightful)
All broad sweeping statements are prone to failure, including this one.
Re:Restrictive Patents (Score:2)
Or SSL requre patents.
Or any number of other things.
Re:Restrictive Patents (Score:2, Insightful)
A corporation does not hope.
It does not have a soul.
If a corporation were made flesh and has a body, he'd be locked away as a psychopath!
Have said that, well, it is probably an calculated gamble, and why not? Just because a few losers lost doesn't mean they will all bend over and die.
Licensing = zero recurring cost price + unlimited profits.
Wonder why USA is producing nothing much nowadays? They've discovered da bomb and is trying to slug the rest of the world w
Re:Restrictive Patents (Score:2)
and after you're known to pull such stunts it's harder of course.
(being the only good alternative on the market is a good way too)
Critical mass needed. (Score:5, Interesting)
Sendmail has a plugin available which allows for Sender ID compliance. Which other GPL software will be modified by third parties? This is the joy of GPL software, of course, to maintain it separately from the core. This is also the Achilles' Heel. If Microsoft wanted to do so it could produce the necessary changes for all of these dissenting software packages itself -- and distribute them itself -- and achieve dominance through this method.
The official group declaration would mean little if the availability of the encumbered proposal is enormous and well known.
Most importantly, why wasn't this type of public condemnation available for the various W3C proposals that had patents attached? We cannot pick and choose the fights we engage in - our opposition to patents and intellectual property in standards must be uniform and universal. Once a single standard is accepted despite being weighed down by IP concerns the floodgates will open.
not possible for section 7 of the gpl (Score:5, Informative)
Re:not possible for section 7 of the gpl (Score:2, Insightful)
Re:not possible for section 7 of the gpl (Score:5, Insightful)
Your anger is misdirected.
Microsoft intentionally sabotaged the proposed standard to prohibit full deployment by inserting exclusionary patent terms. Microsoft is attempting to hijack this standard (and hijack an international standards body) to attack the GPL and similar software.
Don't beleive me? Read Micrsoft's own FAQ, [microsoft.com] question 15.
Many mail servers are under the GPL licence or similar licences. Those mail servers would be prohibited from adopting the standard. Any mail server which could and did adopt the standard (and thus Microsoft's poison pill) would then begin rejecting any mail from GPL (or similar) mail servers. The excluded mail servers, being unable to serve mail, would be exterminated.
Embrace, Extend, Exterminate. You should be angry at Microsoft for attempting to sabotage the standard, for attempting to block full deployment of the standard, for attempting to insert a poison pill into the standard.
-
Microsoft helped us (Score:2)
Yahoo's DomainKeys is only a marginally better solution.
A GPG-based system -- now *there's* the way to go.
Re:not possible for section 7 of the gpl (Score:3, Insightful)
No - FAQs say specifically that all GPL software can include royalty-free implementation of Sender-ID for mail-related purposes. They only need to include patent attribution to Microsoft.
And would someone who took a GPL'd implementation of SenderID and modified and redistributed it have to include attribution as well? What about people who just distributed it without modifications?
The GPL does not allow any additional restrictions to be added, so an attribution requirement is incompatible with the GPL
Re:not possible for section 7 of the gpl (Score:2)
I did some more reading last night - it seems that the main objection is that if the licensee created non-email software using Sender-ID technology, then they would need to re-license Microsoft patents commercially.
That's less free than it is with the GPL which allows software to be modified any way possible and remains free of most restrictions.
Then they (A
Re:not possible for section 7 of the gpl (Score:2)
Actually there are I think three or more direct incompatibilities with the GPL. Attribution clause, usage restrictions, and in my oppinion the most signifigant and direct conflict is that the only way to receive a license is to directly contact Microsoft file a written request for an individual license, as detailed in section 6.3 as seen here. [microsoft.com]
You cannot distribute GPL code without providing any required patent rights. You cannot distribute GPL Sender ID code at
Re:not possible for section 7 of the gpl (Score:2)
Since Alsee covered the rest of it, I'll only comment on this part of your post:
I know that an attribution requirement is incompatible with the GPL - but it's not Microsoft that created the GPL
No, Microsoft created their license, and did it more than a decade after the GPL was published, and several years after usage of the GPL became widespread. Personally, I think Microsoft worded their license the way they did *specifically* to make it incompatible with Free Software, which they'd like to either sh
Re:not possible for section 7 of the gpl (Score:3, Informative)
No it does not. It explicitly states the OPPOSITE.
FAQ 15
Question: Is Microsoft's Royalty Free Sender ID Patenty License compatible with the GPL?
Answer: Unlike some other open source licenses, the GPL includes a provision that appears to prohibit the distribution of code that is subject to [THIS PATENT LICENSE].
If you are thinking of the last sentence in Q15 where they say you can distribute a Sender ID implementation with
Re:not possible for section 7 of the gpl (Score:2)
I don't think that's what the FAQs say, but since we already stated our positions I won't repeat myself
>If you take a GPL project and add a Sender ID code to it you cannot distribute it under any licence at all.
You can't if you're not the author - as a user when you get something under the GPL you must keep it that way (GPL).
If the author releases his code under both GPL and non-GPL, then
Re:not possible for section 7 of the gpl (Score:2)
This entire argument appears to concede my point. If Microsoft was *not* prohibiting GPL distribution of Sender ID then there would be absolutely no need for a dual license. If there is some need for such "dual licensing" then it is not in fact dual licenced, it is single licenced and the supposedly GPL version is non-distributable.
-
Re:this is bullshit (Score:2)
Anonymous idiot.
because the answer to Q15 says no such thing.
Q15 explicitly states GPL Sender ID distributions are prohibited. To avoid redundancy, I go into more detail in this post. [slashdot.org]
In fact, it points to Q7 which says Microsoft believes it is possible for GPLed MTAs to support Sender-ID.
Q7 does not include the GPL. Q7 specifically says to check with a lawyer for non-listed cases (such as the GPL).
-
Re: Critical mass needed. (Score:2)
I'm
Re: Critical mass needed. (Score:3, Informative)
Re:Critical mass needed. (Score:2)
> condemnation available for the various W3C
> proposals that had patents attached?
There was considerable discussion and controversy, with the result that W3C dropped their RAND proposal in favor of open standards.
Re:Critical mass needed. (Score:4, Insightful)
I came across this message on Exim-users where one of the core developers flatly rejects the license [exim.org], and it also indicates the Sendmail folks feel the same. Courier has also rejected it in a similar manner.
Sender ID needs rapid adoption, and it won't get off the ground with rejection from all the major FOSS MTA's.
I believe MS knows it, but they appear to fail to understand that licensing means at least as much for FOSS developers as it does for them. They said that they would update their FAQ with a promise that they will never charge for Sender ID, but miss the point that that isn't enough for developers.
I think this is extremely interesting, because it is the first time MS and the FOSS community comes together over something like this, where everyone knows that we have to get a standard up working. We're seeing a clash of worldviews, but if MS steps down now, they will have learned a valuable lesson.
Re:In fact, Sendmail has embraced SenderID (Score:2)
Re:In fact, Sendmail has embraced SenderID (Score:2)
However, Dave Anderson, Sendmail's CEO, says:
Uhm, fine, but I think that's an attitude that will
How risky is this? (Score:5, Interesting)
Re:How risky is this? (Score:2)
Re:How risky is this? (Score:2)
The web won't be affected. Only email can be affected, and only if everyone agrees to play the Sender ID game.
Re:How risky is this? (Score:2)
Now _that_ is just unfair. I have sent, by proxy, countless emails to Microsoft. Indeed, addresses such as billg@microsoft.com are among my favorites when I need to enter "my" email address in yet another stupid webform.
Statements but little analysis (Score:5, Interesting)
What makes Sender-ID so bad, in comparison to other technologies that both do support (say ASP and SMB). Is it because they reverse-engineered those and MS is trying to release this into the "open"? Are they waiting for a reverse-engineered version?
I know some about coding but little about law. What in particular about this license is causing so much trouble? Could MS change a few lines and it would be accepted?
Re:Statements but little analysis (Score:2)
Re:Statements but little analysis (Score:2)
Re:Statements but little analysis (Score:4, Informative)
MS has licensed the Caller ID patent(s?) under what, on the surface, appears to be a very fair and open royalty free license. You don't have to pay any fees to MS to get a license to include Caller ID in your software. You can distribute the software to anyone you want, and your users are also free to redistribute this software. You can even distribute the source. For more information, read this article [internetnews.com]. However there is one issue that makes it incompatible with open source software - the patent license is non-transferable and non-sublicenseable.
What that means is that each developer who creates or modifies Caller ID code must sign and mail their own license from MS. The OSI definition of Open Source Software, and FSF definition of Free Software both state that the user must be free to modify and redistribute the software. This puts FLOSS licenses at odds with the Caller-ID license. If your software license meet the terms of the Caller-ID license then the software isn't FLOSS, and if you use a FLOSS license, then you are not meeting the terms of the Caller-ID license. The best lawyers on the subject agree [eweek.com] that it is impossible to make these two agree. They also do a good job of explaining why redistribute of modified works is critical to FLOSS software, and why we should refuse to use a license that would be compatible.
So thats where things stand. It would be possible to write a non-FLOSS plugin for FLOSS software, but it is impossible to write a FLOSS implementation. Debian has a long history of not accepting non-free software into their main branch. But even among those that are more tolerant of combining proprietary software with FLOSS, there are many who disagree with proprietary standards and are thus opposed to the Caller ID license.
Re:Statements but little analysis (Score:2)
Nope. MS has actively patented things for more than a decade.
A friend of mine at Microsoft worked on the implementation of long filenames on FAT16, and was awarded a patent for it (with a couple other people). He was proud of it, mainly because it involved several brilliant tricks to get the long filenames s
Re:Statements but little analysis (Score:3, Interesting)
Sure, it would be trivial.
This conflict is *not* a mistake or accident. The normal and widely used terms for standards submissions are perfectly fine. Microsoft's army of lawyers put signifigant effort into carefully crafting a non-standard licence to create the problem. Microsoft's own FAQ (question 15) admits they were aware of the conflict when they first submitted their non-standard licence. Microsoft's terms are an intentional effort to exclude GP
Solution : Go for SPF, the unencumbered version (Score:2, Informative)
Re:Solution : Go for SPF, the unencumbered version (Score:2)
Concern for all (Score:4, Interesting)
This should be a concern for all, no matter how you feel about MS, or even if this was another company, like IBM, HP, etc. The standards which hold the Internet together cannot "belong" to one company.
Re:Concern for all (Score:2)
It's important that *nix-based platforms and OSS community continue to stick with
Re:Concern for all (Score:2)
1) Patents cannot be applied to existing internet standards, because of prior art
2) *We* are the ones who choose whether or not to accept a patent encumbored standard. Now go with Apache and Debian, and shout "We won't accept this!" for all to hear.
Re:Concern for all (Score:2)
Re:Concern for all (Score:2)
Oh, and you must be living under a rock if you have never heard of an attempt to prove the existance of some $DEITY. AnswersInGenesis.org is one example that attempts to prove the existance of the christian god using science, and you will find mill
Re:Concern for all (Score:2)
Re:Concern for all (Score:2)
The new MS Word "standard" (Score:5, Insightful)
Everybody here is no doubt familiar with the "unofficial standard" that is Microsoft Word: meaning, they have been sent Word documents or asked to send documents in Word format as if everybody used Word. Microsoft has ensured that the clueless masses default to Word's format as an Internet standard (or as an example of "best practices" -- to use the latest buzzword).
You can find examples of this in business, education, and government.
It's possible that we're going to see e-mail "evolve" in the same way. Ninety percent of e-mail flying around the Internet will use the new Sender ID standard; those not using it will seem odd and likely be forced to use it more often than not in their various business dealings.
Re:The new MS Word "standard" (Score:2, Interesting)
Sender ID - hell, how about reverse dns? (Score:5, Interesting)
A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."
Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.
We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.
Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.
Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.
Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.
cluge
Re:Sender ID - hell, how about reverse dns? (Score:5, Informative)
Not very likely, for this would break large part of the e-mail infrastructure. There are many virtual hosters whose reverse DNS does not match the domain they are hosting. Or in my case with static IP home DNS that does resolves to something, but my domain name. And I suppose we can say bye, bye to many backup MX servers as well.
What AOL sensibly require [aol.com] is :
Re:Sender ID - hell, how about reverse dns? (Score:3, Informative)
I don't think he means that the delivery DNS match the envelope sender, only that the delivering IP have valid and matching forward and reverse DNS records. This would not affect virtual hosts, MXs, send-only or receive-only relays, or SMTP HELO.
Re:Sender ID - hell, how about reverse dns? (Score:2)
Put briefly, when your MTA connects to my mail server, my mail server knows the IP that's connected to it. I then do a PTR lookup on that IP to get a name for the mailserver; if this is a name that's in a blacklist, I reject the mail. I then do a forward lookup on the name I've acquired, to obtain all A, AAAA, or A6 records (as appropriate). If none of
Sun, RedHat, IBM's response? (Score:5, Interesting)
Re:Sun, RedHat, IBM's response? (Score:3, Informative)
I have to admit, I'm in two minds about this. On the one hand it's lo
IETF should get its head out of its ass (Score:5, Insightful)
We are also concerned that no company should be permitted intellectual property rights (IPR) over core Internet infrastructure.
Seems obvious to me. Why isn't it obvious to the IETF?
Debian again: We believe the IETF needs to revamp its IPR policies to ensure that the core Internet infrastructure remain unencumbered.Right on.
A company like Microsoft has no respect for the rights of others, no respect for ethics, no respect for the ideals of the people who built the Internet infrastructure for our benefit. I agree with Debian that no company should be permitted IP rights over core Internet infrastructure. But especially not a predatory company like Microsoft.
And for those of you wondering what it is... (Score:5, Informative)
It would be so much nicer if people writing/editing these stories would link to stuff that isn't blindingly obvious to everyone.
p
Your sig (Score:2)
You mean,
All "Redundant" meta-modded "Un" 'til mods prove know what means.
It's still legible, and has less words! Less repetitive redundancy!
good on them (Score:3, Insightful)
Just one question, has there been any work on a open standard yet?
Re:good on them (Score:2)
Yes, it is substantially built on an open proposal, SPF [pobox.com]. Sticking my finger to the wind, I am guessing that's what the IETF is going to go with anyway.
Sender-ID implementation and patent infringement (Score:4, Funny)
Re:Sender-ID implementation and patent infringemen (Score:2)
No, it would expose you to triple damages.
-
A moment's pity for Microsoft, please (Score:5, Insightful)
The attempt to inject patents into anti-SPAM tools is well-founded for a company that wants to find new business models, but it's incredibly offensive to the Internet community. Not just "nerds" and "fanatics" exposing some radical political viewpoint, but the hundreds of thousands of hard-working people who actually built the servers that run the web.
Technology gets ever cheaper and this inevitably destroys old markets. For the world's largest software company to _still_ earn the bulk of its money from operating systems and office suites is quite amazing. These are commodity products and only sell through brute-force tactics that are eventually self-defeating.
Microsoft should step back from trying to control essential domains such as email, and focus on what they are really good at: providing the unwashed masses with easy-to-use, pretty front-ends. It's a market with huge potential but its success depends on a reliable and expanding back-end infrastructure, exactly the domain that Microsoft is incapable of delivering.
A message to Microsoft: please understand that open source is the key to your long term survival. Embrace it, or die. Open source is the cornucopia of software technology: it will create a hundred million new software consumers, and most of these will be potential new clients.
Just produce software they actually want, not software they are forced into buying by your devious political games.
When the Internet first became popular, Bill Gates announced that the Microsoft Network would be better. He was wrong, and after a couple of years, forced Microsoft to embrace the net rather than fight it.
The same is true of open source. It's only a conflict because Microsoft is refusing to face the inevitability of the situation.
A moment's pity, therefore. They may be rich. That does not make them either smart, or right.
Re:A moment's pity for Microsoft, please (Score:3, Funny)
I'm sure Bill and Steve paused in their reading of slashdot to make a note of your message.
Re:A moment's pity for Microsoft, please (Score:2)
Summary: SPAM is canned meat; spam is unsolicited bulk email.
Cue the Vikings.
Laughable (Re:A moment's pity for Microsoft, ple) (Score:3, Insightful)
I can't help but to laugh at this example of uninformed zealotry. Even if I weren't dubious about MS meriting any pity, this is rather like a 8 year old child patting itself on the back for outrunning a geriatric in a wheelchair.
OSS fits somewhere into MS's problems, but is hardly the dominant factor. Aside from OSS, their primary problems right now stem from the the worldwide wave of anti-monopoly lawsui
Mozilla? (Score:3, Insightful)
We heard here yesterday that Mozilla has a far bigger market share than Debian does - and Mozilla actually does read mail and reject spam. So their refusal to participate in a Microsoft takeover of the world wide email system would have some real meaning.
It's good that Apache came out against it...what about 'sendmail'?
There also needs to be some promotion of a good alternative that's not IP-encumbered and which would hopefully have technical merits too...it's easy to refuse to support a proposed standard - but it's better to have a good reason to recommend a solid alternative.
Re:Mozilla? (Score:2)
I don't get it... (Score:2)
Someone want to clear that up?
That article Microsoft has is just SPF with a different name on it as far as I can tell.
(Or did they invent SPF in the first place...)
Re:I don't get it... (Score:3, Informative)
Re:I don't get it... (Score:2)
Missing from the rejection notices... (Score:4, Interesting)
You can implement handling the setup of the DNS TXT records without touching anything Microsoft claims ownership of. You can implement the checking of the HELO/EHLO and MAIL FROM via SPF with no patent concerns. Will Apache, Debian, et al dismiss this, simply because the most popular implementations of SPF also support checking the header FROM field, which is supposedly Microsoft's idea?
Re:Missing from the rejection notices... (Score:2)
Re:Missing from the rejection notices... (Score:2)
MS's stance goes clear to the top on this (Score:5, Informative)
(emphasis added)
Toll-Booth on the Internet quote (Score:2, Interesting)
Trying to sneak a pantented standard in, then later charging for it after wide-spread adoption seems more likely, if you do remember that quote.
Re:Toll-Booth on the Internet quote (Score:2)
Trojan Horse (Score:2)
All it would take is for Mic
Re:Thank you: need Firefox extension for this (Score:3)
Re:Thank you: need Firefox extension for this (Score:2)
Re:Thank you: need Firefox extension for this (Score:2)
Fell for that one completely.
Now for the real question - is it possible to write something like this? Perhaps as a squid extension?
Re:Thank you: need Firefox extension for this (Score:2)
And no, it's not a joke. What's the exact problem you're having?
Article title is 'Soviet Russia' logic (Score:4, Interesting)
The only way that Debian could accept Sender-ID is to reject the GPL. At that point, having denied its own soul, it would cease to be 'Debian' by any meaningful definition - it would be ex-Debian.
Re:Making software or distributing it (Score:2)
The way Debian works, only "free" software is recognized as a standard part of the distribution. They used to have a separate section called "nonfree" or something like that, into which they would dump everything that didn't meet their spec for "free."
Debian zealots ha
Re:Will it work? (Score:3, Informative)
Re:Would you like some fries with that elitism? (Score:2)
You know what - days like this just make me a little bit more proud to be running debian on my system. I have tried them all (well - the most popular ones and the ones that were supposed to fit me and weren't so popular), and oh boy - debian always comes back the winner.
So we might be a small elitist group with our funky little packaging systems (don't SuSe and RH/FC come out with an APT compatible system - still based on RPM but the