Best SPF/Sender ID Quote Ever


Picked up a copy of DM News today, and there was a front page story on the Sender ID/SPF fiasco, and what mailers will have to do to comply with the various standards now out there.

Meng Wong, author of SPF, provided a quote that just wraps up the situation perfectly:

“If your 5-year-old wants McDonald’s and your 4-year-old wants Taco Bell, and they’re right next to each other, sometimes it’s easiest to just drive through both of them.”

What could you possibly add to that?

The Rules of Technology Development Projects


Subheading: Hardware
Rule Zero
The hardware platform upon which your new code is going to be deployed must be in place, running, and trusted well in advance of the scheduled application testing.

Rule One
Complying with Rule Zero will an amount of time equal to n, where n is slightly greater than the reasonable amount of time allotted for hardware setup in the project schedule. No matter how close the hardware is to something you’re already running or how simple the setup process is, n is by definition longer than you think will be necessary.

Rule Two
Until you have started testing the new code in an environment that is functionally identical to production, you don’t know how it’s really going to behave.

So What’s With the Rules?
Basically, Rule Zero is the only one that really matters here. If you’re mindful of Rule Zero, you can handle all of the other hardware related rules. Why do I bring this up now? Because I jotted down Rule Zero after seeing somebody else’s project go all pear shaped, and spending time thinking about the reasons for the problems that the project encountered. I noted Rule Zero down in a few places, actually, so that I would always remember it going forward.

Oddly enough, other people’s mistakes don’t really make the impact of one’s own mistakes. While I still believe that our current project had enough margin for error built in to keep us on track, it is abundantly clear now that I ignored Rule Zero. Getting the new hardware took longer than expected, with all sorts of weird glitches. Getting that hardware set up is taking longer than expected, with all sorts of weird glitches. All this despite the fact that we’re basically setting up machines that are virtually identical to a dozen others that have been up and running smoothly for months, if not years.

I’ve done it myself now, so I hope and trust that this will burn Zule Zero into my memory.

Sorry, my mistake: more on MS and IP


One of these days I’m going to be able to get a title that’s entirely abbreviations…

Anyway, it appears that my earlier estimation of how Microsoft would respond to the Sender ID fiasco was a bit off. As a refresher, I said that:

If Microsoft were looking for a purely defensive patent, they could eliminate the issue by assigning the patent to a third party (as has been done with many OSS projects), but I don’t believe that will happen. If MS can’t own the IP then they’re going to gather up their toys, glare at the OSS community, and quote Cartman:

Screw you guys — I’m going home!

It now turns out that MS’ response to the situation is slightly different. I thought that MS was going to take their toys and go home; in fact, the continuing developments seem to indicate that MS is thinking more along the lines of “if you’re not going to license our intellectual property, then we’ll just extend our IP claims to include what you’re already doing.” They’ll take everybody’s toys and go home.

Great. It seems that I was optimistic last week when I thought that we might be just a little further from having a generally accepted email sender validation scheme than we were prior to the now defunct Sender ID/SPF convergence. How young and idealistic I was to belive that widespread ill will was the only negative result of this whole process. Turns out that we’re a lot worse off than we were three months ago.

Explain to me again how the US Patent system supports innovation and works to benefit all of us?

It Used to Suck to be a Web Browser’s Search Function


Yeah, the title is a dupe, but it’s been kind of a long day and I can’t think of anything more clever. I’ve just noticed the best Web browser seach functionality ever, though, so I have to post this, with or without clever bits.

So have you installed the latest release of Firefox? Have you then tried to search for content on a Web page using the new Firefox release? No? Well, that’s really too bad, because your browser’s search tool still sucks. My browser’s search, on the other hand, finally works right.

When you select “find” in the latest release of Firefox, you don’t get a stupid window appearing in the middle of your browser window and covering up whatever section of the page you happen to be interested in. Instead you get a sleek new bar at the bottom of the browser window with four elements in it: an input box, “find next” and “find previous” buttons, and a “highlight” button.

These simple elements allow you to search for a word or string, choose whether or not to highlight all occurrences in the window, and move backwards or forwards through the document to find the occurrence that you’re looking for. It finds (and highlights, if you so choose) matches as you type, and it also tells you immediately if the search term wasn’t found.

Why is this better? Fucking finally, somebody realized that searching the contents of a document shouldn’t take focus away from the document itself. In any case where you’re searching a document, that search is a tool — a way to interact with the information in the document, not an end in itself.

For all the hooplah regarding “integrating search into the desktop” and such buzzword-related, VC-friendly soundbites, this is the first time that I’ve seen plain old boring search made more useful on the desktop. Somebody got pissed off with having to constantly open, move, and close that damn window and created a search tool that fits better with the way people use a Web browser.

For all the focus on search right now…or perhaps because of the focus on search…there’s a bit of a tendancy to focus on Search with a capital S, forgetting that we’re focusing on search because it’s useful. Search is already there in most of the applications that we all use — all day, every day — and it probably isn’t done the best possible way in any of those applications.

It would make me happy if software companies would think hard about whether search is implemented well in the apps that I use constantly, and only then worry about giving me an ultrafast way to search my entire hard drive.

More about IP, less about People’s Asses


Good morning, all.

On Tuesday, I posted a little note on an absurd (and probably useless) patent. This post also contained some of my thoughts regarding the USPTO and a lawyer’s ass, which appears to have been the part that really resonated with most people. In an effort to be taken seriously as a scholar and pundit, I will attempt to complete today’s post on intellectual property issues without mentioning asses at all.

Subscribers to the feed for this blog will have noticed a recent string of links related to Sender ID:

So where have we ended up? As far as I’m concerned it means that we’re right back where we were prior to the SPF/MS merger. Microsoft will use Sender ID for Hotmail and MSN email, AOL will implement SPF, and — because there’s no single 900 pound gorilla of a standard now — Yahoo will probably push to get their Domain Keys scheme adopted more widely. We may even have slipped back a step or two from the pre-convergence position, due to the general ill will that seems to have accumulated during this process.

Why are we here? Because MS feels that it is more important to own the IP used to authenticate the sender of an email message than it is to get a single, consistent approach to authenticating email senders.

I don’t believe that MS would/will ever try to directly make money off of this by charging licensing fees, as I’ve seen some people suggest; indirectly, however…well, having clear, legal control over who could use this technology and what they could do with it would be rather <ahem> valuable to MS.

Take Microsoft’s recent, public push to focus on patents and IP, the publicity that their R&D focus has been getting, and the obvious difficulty of maintaining overwhelming market dominance in the face of both intense competition in every arena and a growing skepticism that MS software is really any better than the alternatives…well, if I were running Microsoft*, I’d have set a target of getting n% of new revenue from IP licensing by the end of 2006, with plans to increase n dramatically before 2010.

Anyway, the point here is that email sender authentication will move forward, but we’re kind of screwed — everyone has to keep up with at least two authentication schemes in order to send email to the two of the biggest inbox providers. It’ll be more complicated, it’ll confuse people more, and it will probably be less effective as a result.

If Microsoft were looking for a purely defensive patent, they could eliminate the issue by assigning the patent to a third party (as has been done with many OSS projects), but I don’t believe that will happen. If MS can’t own the IP then they’re going to gather up their toys, glare at the OSS community, and quote Cartman:

Screw you guys — I’m going home!

* Actually, if I were running Microsoft it would have gone out of business years ago, but that’s not really the point here.

No, seriously, comparing two things is “non-obvious”…


And so the wonderful world of intellectual property law rolls along. A company by the name of Commtouch today announced that it has acquired a patent covering a method of identifying and eliminating spam.

While — as always — you should take a look at the actual source documents yourselves, let’s take a look at a quick snippet from the patent, shall we?

The bulk e-mail is detected by monitoring live e-mail flow streams, typically at a central server location in the Internet system, but also capable of installation at separate subscriber sites. Detection is effected by reading the e-mail message, eliminating the personalization and addressing portions and processing the remaining text to establish a signature identification code. Bulk mailings are detected when there are at least two e-mail messages identified containing the same non-address contents being sent to different e-mail addresses.

Sounds a lot like they’re hashing the body of an email message, doesn’t it? Now it’s possible that Brightmail, at least, may be able to slap this down with some prior art examples anyway, but there’s one other thing that seems odd on a quick scan of the patent: it’s appropriately specific about the techniques involved — so specific, in fact, that this patent may actually be useless. The patent seems to cover comparing the “signatures” of the message body only of two messages to find an exact match, which is a technique that spammers have already defeated by adding randomized content to each outgoing spam message.

I suppose that I can understand why Commtouch bought the patent, though…I imagine that the conversation went something like this:

Lawyer: Hey, boss? We may have a problem — apparently some guy has a patent on comparing two email messages to see whether they’re the same.

Boss: Yeah, right. Pull the other one, why don’t you? It’s got bells on it.

Lawyer: No, seriously. You know how the U.S. Patent Office is. I actually patented my ass the other day, just for fun. It was approved. I’m thinking about patenting respiration next week.

Boss: It’s been a long week and I don’t need to deal with this crap. We just got $3.9 million thrown at us, let’s buy the damn patent. There are too many companies in the anti-spam software space anyway, maybe we can pick up some extra revenue by suing people.

As I said, I hope and trust that prior art could invalidate this patent, but I’m still irritated by craptacular IP claims like this. Yes, the “private inventor” who came up with this gets some credit for realizing early on that existing tools could be used to identify spam. Good for him. Was it non-obvious? Was it a non-intuitive leap to go from checking for keywords in messages to just comparing the whole message (again, using tools that were already well known)? This is left as a question for the reader.

If the private inventor had been marketing his own product all the way along I might feel a little better about this, but as it is this smacks of patent farming. While that’s certainly a direction that interests a lot of people these days, people a lot smarter and better informed than I am have pointed out the potential for long term harm in this “patent them all and let God sort them out” approach to technological advancement.

The only real question that I’m left with is whether “craptacular” was really the right word to apply here…I was also considering “ass-tastic.” Feel free to let me know if you have an opinion on this important matter.