Russ Nelson

How should NASA's World Wind handle the introduction of a shapefile layer? Well, I can think of two reasonable ways to do this.

1. somewhere there exists a .zip file containing the three component files of the shapefile. A third party has written an XML which describes how they want that shapefile drawn (e.g. with and without labels). Their XML file specifies the URL of the shapefile.
2. somebody wants to publish a shapefile directly usable by WW. They create the .zip with the three shapefile files, and add to it the .xml needed by WW.

   I can think of only one benefit to #2: you don't have to deal with telling your webserver that a .xml file is an XML file rather than some kind of mutant HTML. A big advantage of #1 is that anybody can describe anybody else's file for use in WW, *and* they don't have to host that shapefile.

   We could support both formats, of course. If you tell WW to use a shapefile, WW could look at the filetype / extension. If it's XML, then the XML specifies the shapefile with a URL. If it's .zip, then the .zip contains the XML file.

   Now, the second question is how to handle versions. Is there any reason to keep permanently a shapefile given that WW doesn't permanently keep any imagery data? Basically, WW is an online data viewer and only caches imagery data. Why should it save a shapefile? Thus, whenever you turn on a shapefile, WW should re-fetch the shapefile (checking the HEAD just as a web browser does). If somebody *really* wants to display local data, they can specify file:// as the URL.

Various people claim that we are in Iraq to protect "our oil".

What you mean "our oil", Kimosabe? Yes, many people make the charge that our military presence is in Iraq to protect "our oil"? If that's true, then we ought to be in some way exploiting our franchise. For example, other countries might only be able to buy a limited amount of "our oil". Or we might get "our oil" prior to other countries. Or other countries might have to pay a higher price for "our oil".

I think it's possible to make the case that our military is protecting "our oil". To do so, you would have to present evidence that we are treating it like "our oil". If you can't do that, then you have to make the claim that we are expending treasure and lives to protect other people's access to oil. We might be doing so -- but if we are, you can't argue that we're being selfish.

Read and ponder this cartoon:

Dogbert is thinking like an economist here. You notice that he keeps squashing Dilbert's fantasies of how the world should work with an explanation of how the world does work. He's doing this by looking for the unseen. He's doing this by continually probing Dilbert's proposed solutions by asking him to state the problem that he's trying to solve.

Far too often in my consulting practice, people will come to me asking me to help with a solution. Sometimes I recognize that their solution would solve the wrong problem.

Replies to mailing lists

For example, people will ask me "How do I get ezmlm to insert a Reply-To: pointing back to the mailing list?" The discomfort that they're trying to address is that people tend to Reply to an email to continue the conversation. This doesn't work for a mailing list because the To: address is that address that continues the conversation. Hitting Reply simply sends email to the one person who authored that email. Hitting Reply-All is not a solution because it sends an extra copy to the author of the email. Unless someone trims the address list, eventually every author's name gets included in addition to the list itself.

The real problem here is that email clients need a third Reply command: Reply-List. This command will send email only to the address in the To: header.

Disclaimers

People will also ask "How do I get the MTA (Mail Transfer Agent) to append a disclaimer to every email?" That's not just a wrong solution, it's a wrong problem. It's a wrong solution because the disclaimer should be appended by the MUA (Mail User Agent or email program) or if that's simply impossible, by the MSA (Mail Submission Agent or your ISP's email server). For more details, see Carl Hutzler's email best-practices document.

But more than that, putting disclaimers on unsigned email is like washing toilet paper. Everyone who has gotten email from "service@paypal.com", raise your hands. No, no, everybody put your hands down. Everyone who has NOT gotten such email raise your hands. Ahhh, just as I thought: nobody has their hand up. Paypal keeps getting phished because they refuse to sign their email using DomainKeys. Same thing for everyone else. If you think your email could be used in a court of law, think again. No competently-informed judge will accept email as a reliable document. A disclaimer is meaningless.

Background

Currently, it's trivially easy to forge an email. Doesn't take any skill whatsoever: you just write what you want, and the recipient's email program will believe you. That was fine when the Internet was a backyard toy, but it's hit the big time, and forgery is rampant.

Most of us are merely tired of it, but Yahoo got tired and angry, got off their butts and did something about it. They wrote the DomainKeys standard, and published it for everyone to use. They've implemented it, as have Google Mail and EarthLink. DomainKeys isn't being considered by the IETF as standard; DKIM is.

The Controversy

The problem, as I see it, and I'm biased, is that DKIM isn't any better than DomainKeys. Or, if you feel differently and think that DKIM is technically better than DomainKeys, I'll point out that an scrawny implemented bird in the hand is infinitely better than any number of flocks of big fat juicy unimplemented undeployed pre-standard birds in bushes. Whatever flaws in DK which are repaired in DKIM aren't worth the market confusion that DKIM is causing.

The only reason DKIM exists is because some people saw DomainKeys, and (for some unholy reason) said "That's a great idea, but we have to be seen as leading the marketplace with our own standard, so we'll create IIM which is only slightly different and not any better than DK, and immediately offer a compromise standard called DKIM". Of course, you've never seen an IIM signature because nobody has actually deployed IIM.

So, yeah, I'm one of the people who is willing to say "Ignore the IETF; ignore DKIM; implement DomainKeys without delay, because it's the only usable, existing, implemented, and deployed email signing standard; there is no other game in town, and all other games are less likely to be ask successful."

My Conclusion

DKIM is teh suck. If you're waiting for it, you're wasting your time. Implement DomainKeys TODAY. Join sendmail and qmail (the #1 and #2 MTAs on the Internet), Google Mail, and Yahoo in signing your email.

DKIM is doing to DK what Sender ID did to SPF. Insist that the IETF standardize on the standard instead of pulling an ISO and chasing paper standards.

Various people in various fora have accused Goodmail Systems of attempting to extort payments out of senders, saying "That's a nice little email you've got there. You wouldn't want it to get hurt, would you?" That's not how it works; not at all.

Traditionally, a protection racket is a subset of extortion. The nominal protector is actually the one who would create the harm in absence of a payment. The exortionist threatens to harm the property owner or his property in exchange for a payment. Of course, this only works if there is no other threat to the property; e.g. another extortionist. Typically, though, the extortionist has eliminated any other extortionists, otherwise the payment would quickly go to zero.

So, first, Goodmail doesn't have a monopoly. Sure, they have first-mover status, but there's no reason why they couldn't be out-competed in the marketplace of email certification. Second of all, Goodmail doesn't own the resources used to create and maintain the mailbox. So if they were the extortionist, then the mailbox provider would be complicit in the extortion. In this view, the sender is the victim, and the provider and Goodmail are acting in concert as the extortionist.

The problem with this view is that folks like AOL and Yahoo have never needed Goodmail to extract payments. They have always had the ability to take a sender aside and say "That's a nice little email you've got there. You wouldn't want it to get hurt, would you?" Yet they have never done this. It's not likely that they would do it now, now that they have a third party (Goodmail Systems) to share any payments with.

Surely everyone has heard about the Muslim rage at the cartoons published in Denmark. You may notice that some newspaper reports call them "Danish cartoons". Surely they were not authored by all Danish people, however. Nor are they appreciated or enjoyed by all Danish people. I fully expect that a majority of Danes find them objectionable.

A Friend in my Quaker Meeting was in the Peace Corps, stationed in Tunisia in the 70's. They went back to Tunisia in the 90's for a sabbatical. He has a greater than average understanding of Muslim culture. He points out that there is today no freedom-loving Muslim culture. In all Muslim countries, there is no free press. The press cannot publish anything without the approval of the government. Not only do they have no experience of a free press, most of them don't even want a free press. A tenet of Islam is that the government and the religion is one and the same. The secular law and the religious law coincide.

Thus, when Muslims see "Danish cartoons", they really see them as products of the Danish government, not as cartoons produced by Danish individuals. All Danes share the collective guilt of the Danish government, thus the attacks on Danish embassies, and the fear that individual Danes will be attacked.

Of course, this posting begs the question of "what does a Muslim believe?" I'm sure that there are some Muslims who simultaneously are revolted by the cartoons AND by their co-religionist's reaction to them. Perhaps they are serious scholars of Islam who observe every requirement imposed by the Koran. And yet, while they may have a good idea of what is actually in the Koran, and what Mohamed actually instructed, they cannot be said to be the definition of Islam; not when so many other Muslims disagree with them.

Quakers used to keep good track of what their co-religionists were doing, and if they strayed from the definition of "A Quaker", they were read out of meeting. They could still worship in the manner of Friends, but they weren't recognized by the meeting as a Quaker. That was not a great solution to the problem of large numbers of people disagreeing. It lead instead to schisms. But at least it kept any small minority of Quakers from becoming the definition of "Quaker". Currently, Muslims get defined by the practices of the most outrageous of them. When those definitions are confronted by other Muslims with silence and inaction, one thinks that the definitions are correct.

Goodmail Systems has been getting lots of press lately. They're offering CertifiedEmail, which is simultaneously a reputation, authentication, and payment system. They investigate potential customers, and refuse to serve spammers. They sign a customer's public key with their public key, and allow the customer to send signed emails. The mailbox provider verifies the signature and gets paid a little bit for their trouble.

Seems that people are wondering how this will reduce spam. It looks like a solution to false positives in mailbox providers' filters, not a solution to spam.

Ah! But what if you kept the false positive rate the same? That would mean that you could tighten down your filters in proportion to the good mail (systems) that bypasses your filters. Lower your bayesian or Spam Assassin thresholds because you know that a greater percentage of that email stream will be spam.

You could do the same thing using DomainKeys. That's where the most likely competitor to Goodmail will come from. Commerce usually increases when there is competition for two reasons: first, because customers think "Gee, there must be something to that system if two separate entities are trying to solve that problem the same way." Second, customers are more likely to spend money in a competitive free market, because while they aren't likely to be able to evaluate the proper fee to charge for signed email, a competitor will be.

People don't need to be valuation experts to buy something in a competitive market; the competitors do the valuation.