Update on Mail Saga

After a week’s worth of effort I’m coming to conclude that Thunderbird is still the best thing on the Mac, which quite frankly is sad.  The Mac pioneered Multimeda, and yet any serious attempt to use Mail as a multimedia UI is met with an obstinate user interface.  I’m not saying it’s impossible, just difficult to use.

On the other hand, I’ve found a very uncomfortable yet okay approach to dealing with Thunderbird’s breakage: have the compose font set to be “Variable Width”.  I can’t stand the font, but it is what it is, and it doesn’t change in the middle of a paragraph.

A few people have asked me why I even bother with a mail UI, as opposed to Web Mail interfaces.  The answer is two-fold:

  • I want access to at least some of my mail off-line.
  • For work I would have to go through any number whoops essentially to establish a WebMail interface that I like that ran under a web server on my laptop.  It’s not an outrageous idea, but it is a lot of work, and it’s a lot of work I shouldn’t have to do.

And so I will get by with Thunderbird, but I do think, as one of my other friends pointed out, that there’s a potential business opportunity for someone who actually WANTS to send multimedia inline HTML.

It’s also time to make a donation to the Mozilla Foundation.  I paid absolutely nothing for the use of Thunderbird and Firefox, and both are still the best things going, in spite of their warts, and let’s face it: I’m a pretty demanding customer.  Are you?

Mail Programs: Time for a Change?

It used to be the case many years ago that I would try just about any E-mail program that came into the market.  To give you some idea, here are some of the mail programs I have used:

  1. MM (TOPS-20)
  2. BABYL (TOPS-20)
  3. Mail (VMS)
  4. Mail (UCB)
  5. Mailx (UNIX System V)
  6. MUSH
  7. Mutt
  8. Elm
  9. Pine
  10. Babyl (GNU Emacs)
  11. VM (GNU Emacs)
  12. Z-Mail (A Program written by Dan Heller based on MUSH, probably the first pseudo-graphical MIME program)
  13. Andrew (CMU)
  14. dmail (written by Matt Dillon)
  15. Some really zippy MMDF mail program
  16. MM (Columbia University)
  17. Outlook
  18. Outlook Express
  19. Eudora
  20. MH
  21. Mozilla
  22. and for about the last eight years: Thunderbird

Thunderbird has been great to me.  For one thing, it’s had a very extensible architecture that has lasted quite some time, with plugins and everything.  For another, it’s done quite well handling the gigabytes of mail that I process.  The filter systems are reasonably flexible and it supported client-side certificates when I needed them.

Eight years for me is a pretty good run.  I am, however, noticing that my trusty Thunderbird is showing its age and I really have run out of time to help (not that I really helped much anyway).  For one thing:

  • Later versions try to index my entire collection of mailboxes (all 50GB of them) and this never completes.
  • The composition component is no longer sufficient to my needs.  It’s not handling fonts correctly when I wish to send multi-media messaging.

And so I ponder a change.  The question is, “to what?”  Apart from all of my needs above, I have one more need: to be able to migrate from what ever I migrate to.  This probably isn’t a problem, because one can always use IMAP copying in the worst of cases, but that can be slow.

First task, of course will be reducing what I can to ease transition.  Wish me luck and do let me know what mail program you like, these days.

A social network not to be part of

We’ve discussed the unintended evils of social networking sites in the past.  But here is a story about a “Social Networking” site that seems to have intended evils.  The site, which I won’t name, uses video cameras, and people are randomly connected to one another.  You can then chat with the person, click “next” to go to the next person, or report the person for inappropriate content. Doing so blocks an individual for about 10 minutes.  When a friend of mine told me about the site, I thought it was an interesting concept.  But then he told me that what he saw quite often would disgust most any normal person.  And then he told me that he saw young children using the program.

This raises all sorts of questions:

  • Where the heck are parents of such children, and why would they ever let them near this type of “social network”?  Where’s the little report button to report them?
  • As someone who believes in free speech, if the primary use of a technology is to violate the law, in this case child protection laws, perhaps I’ve just found my limit.  If we look at how Napster fared in the courts, because their business model was predicated on breaking the laws, in the end they had no legal defense.  Can this business argue that they have a viable model, absent the lurid behavior being demonstrated?
  • Even if they claim to have such a valid business model, should this site be required to exercise due diligence in protecting children?  A report button that knocks someone off for 10 minutes doesn’t seem like much of a deterrence.  How about the report button sending identifying information to the service so that they can review the video, where it could be used as evidence in a prosecution?

Here’s one reason I won’t go to the site in question, and neither should you: what if law enforcement finds even a hint that you’ve been there?  Could this be turned around such that you could be assumed to have participated in a lewd act in front of a minor?  After all, we’ve seen other instances where the presence of porn was enough for someone to lose his job and face prosecution.

How Important Is Your EMail Address To You?

Really it’s not clear to me if this is a generational thing or what, people tell me that email addresses are no longer that important to them, what with MySpace, FaceBook, and the like.  Others just use SMS, where their cell phone number is the important for people to reach them.  For some, however, their email address is their identity, and their only means of being reached by friends and family.  That’s true for me, at least.  I’ve had the same sets of email addresses for about 12 years– one for work, one main one for play, and a bunch of others for special use.  This is nothing compared to my parents, who have had (roughly) the same phone number for almost forty years.

If your email address is important, here’s a question you should ask: is it important for you to control it from a legal standpoint?  Why would you want to do this?  Let’s look at a few cases:

  1. Your Internet Service Provider (ISP) provides you your email address with your Internet service, be that DSL, Cable, or something else.  What happens if you decide to change ISPs?  Do you lose your email address?  And do you care?  Can someone else get your old email address, and what are they likely to receive?
  2. You have a free email account from a service like Yahoo!, MSN, or Google, and the account gets broken into.  The first thing the bad guy does is change all of the security questions that are meant to cover password recovery.  How, then, are you able to prove to the service provider that the account was yours in the first place?  Can you even get your old account shut down, so that the attacker can’t masquerade as you?
  3. This is the inside-out version of (2): suppose someone claims you are masquerading as the legitimate owner of your account?  Who do you go to in order to prove that you are the legitimate owner of the account?
  4. Your mail service provider goes out of business, and the domain they have been using for you is sold.
  5. There’s one special case I’ll mention, but let’s not try to solve it: you use your work email for all email, and you change jobs or are laid off.  It’s a safe assumption that the primary use of your work email account should be work, and that you are taking a risk by using the account for more than work.

For all but the last case, you have a way of  at least mitigating the problem by have your own domain name, like ofcourseimright.com.  That is- go to a registrar that you trust and choose a domain name that will be yours as long as you pay the bill for the domain.  However, is this just moving the problem?  It could be if someone breaks into a registrar account that is not well secured.  However, because you own the domain and the registrar does not, you are able to take at least some actions, should either your registrar not recognize you, or should your registrar itself go out of business (this has happened).

The hard part is finding someone to host your domain.  This sounds like a royal pain in the butt.  And it is!  So why not just use your cell phone or a social network site?  Cell numbers are at least portable in many countries.  Social networking like Facebook is another matter, and can leave you with many of the same problems that email has, and more, as we have seen.  Similarly, many financial services that play with your money, like PayPal and eBay, rely on you having a stable email address.

My online identity is tied to...

View Results

Loading ... Loading ...

Get mad? Get Even? Or get up and running again?

When a system is broken into, the management often has a choice to make: should they take some time to try to figure out who was behind the break-in, should they bring in the police, or should they just clean up the mess that they find and move on.  This is the choice that the City of Norfolk faced when a time bomb clobbered 784 systems, according to this blog.  Debugging and understanding how a break-in occurred is a bit of a black art unto itself, requiring a substantial amount of expertise that focuses on the innards of Windows, and it requires time for the experts to track back what they think the source of the problem is, and even then the ability to do a trace may not be possible.  For one, it depends on what sort of forensic evidence can be found within logs, whether those logs themselves have been tampered with, and what sort of backups were taken of the systems involved.

Here’s the problem with not trying to trace back: the miscreant who screwed you the first time can do the same thing again, using the precise same attack vector.  At the very least it helps to have relationships with your security vendor to be able to report the problem, but as defenses get more complex, our continuing game of Cat and Mouse demands that so do the attacks.  An initial attack vector might itself lead to the use of secondary means to attack.  For instance, probing attacks work very poorly against a walled off Intranet, and in fact can be a means to alert The Guys In White Hats that the probing system has been broken into.  However, the likelihood of that happening from within the Intranet is smaller.  What’s more, as white collar criminal investigators know, one cannot rule out the possibility that someone on the inside will in fact have gotten things going.

This supports the whole notion of what Cisco calls Borderless Networking. That’s a marketing mouthful for a concept that Steve Bellovin articulated many many years ago, which says that bottleneck firewalls are going to need to give way to more sophisticated forms of defense on devices themselves.

A combination of good backups and logging to secure systems might have helped.  Logs give some notion as to who did what when, assuming that you are logging the right things.  Backups provide you a means to preserve state.  This works in three dimensions: you can, perhaps even incrementally, look back into the history of a system for forensic purposes, you can preserve a crime scene through a very low level backup, and you can get back to a known good state.