TinyDisk is a program from saving and retrieving files from TinyURL and TinyURL-like services such as Nanourl. It overlays a write-once-read-many anonymous, persistent and globally shared filesystem. Once something is uploaded, only the database admin can delete it. Everyone can read it. No one can know who created it. Think of it as a magical CD-R that gets burned and placed on a network.

Yeah, I know it’s not very useful in practical sense but as a concept, it’s a great example of out-of-the-box-thinking.

The New York company on Thursday unveiled what it calls PIE, or persistent identification element, a technology that’s uploaded to a browser and restores deleted cookies. In addition, PIE, which can’t be easily removed, can also act as a cookie backup, since it contains the same information.

and

Mookie Tanembaum, founder and chief executive of United Virtualities, says … "The user is not proficient enough in technology to know if the cookie is good or bad, or how it works."

WTF?

Less than four minutes from start of the test, an intruder breaks into Windows XP SP1.

Wow. Kids, start using a firewall right now if you aren’t already.

Read both the articles and you will learn a lot. Even if you thought you knew everything.

The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any ASF project which wants to implement Sender ID. We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms.

This was inevitable and will probably make other organisations with similar issues raise their voice. I suppose ASF will now become a leading voice in why Sender ID should not be implemented in larger, long-term interest of people who believe in Open-Source. When I had first read of SPF and Microsoft’s additions to it, I was impressed. The very commentary that provided me the intro also pointed out how this would conflict with certain established licenses and ideologies. It hadn’t occured to me then though that big organisations and influential voices would simply say no. Now that they have, it seems the logical thing too. I wonder how things will stand a few months down the line with Microsoft’s implementation of Sender ID coming into effect and many other organisations also following suit while many others that use ASF products don’t, not that they are technologically incompatible or anything.

Let’s see who fires the next round, at whom and how.

UPDATE: September 3 (2:06pm)
Expectedly, Microsoft’s “Harry Katz, program manager for Microsoft Exchange, has made three points about how it (Sender ID’s license) will be interpreted in a message to a standards group of the Internet Engineering Task Force named MTA Authorization Records in DNS, or MARID, which is working on Sender ID” reports eWeek.

Has Microsoft blinked on its licensing requirements for Sender ID, making it more acceptable to the open-source community? Some open-source leaders and companies think that it has, while others vehemently disagree.

Sendmail, Inc. has released a milter for its MTA that incorporates implementation of Sender ID authentication specification for testing and that too under their own Sendmail Open Source License. Further, Dave Anderson, Sendmail’s CEO has made it clear that he has no intention to sign Microsoft’s license. eWeek quotes him, “This isn’t just for testing. I plan on going into production with no signed agreement.”

Interesting.

In his column titled I Come to Bury Sender ID, Not to Praise It, eWeek’s columnist Larry Seltzer makes numerous points on how “Microsoft’s uncompromising licensing attitudes show a blindness worthy of King Lear.” I reluctantly have to agree with him when he states his opinion on the outcome of this mess.

The rest of the SID standards process will now be a waste of time thanks to Microsoft, and the other participants will afterwards pick up the pieces and get the job done with another spec.

When one looks at the issue in light of the recent report by CipherTrust, a messaging security firm in Atlanta (Full story @ TechNewsWorld), one gets a sinking feeling that perhaps this will indeed turn out to be merely a new fad technology that delivers little. They analysed two million messages received between May and August and came to the conclusion that “spam messages were three times more likely to pass an SPF check than legitimate mail.” Ouch.

CipherTrust Research Engineer Dmitri Alperovitch told TechNewsWorld, “There was a perception out there that SPF was designed to stop spam, and it wasn’t. It was designed to authenticate the sender of a message, and that’s exactly what it’s doing. Spammers aren’t circumventing this, but adopting it and adopting it at a greater rate than legitimate senders.” That is indeed the case actually. The whole Sender ID technology has come to mean “anti-spam” while in reality is nothing more than “anti-spoof”.

I’m keeping my eyes and ears open for more on this while the issue heats up more as expected.

Update: September 5 (8:15pm)
Closely following ASF, Martin Michlmayr, Debian Project Leader, has written to MARID IETF Working Group rejecting Sender ID as well.

We believe the current license and resulting encumbrances are incompatible with the DFSG, unlike other Internet standards that Debian is able to support.

(It) works by shining a near-infrared light on a palm placed about four centimeters above a scanner. The vein patterns illuminated under the skin appear as dark patterns, and it is this information that becomes the basis for security applications.

Sometimes I wonder about the symbiotic nature of real science and science fiction — which drives the other, how and to what degree. The classic example to illustrate my point is Michael Crichton’s Jurassic Park. A fiction based on fact yet the science was extended by Chrichton so beautifully that the boundaries of what is possible, and will be possible and what is not possible and probably never be are pretty much dulled out. In about a decade or so after its publication many cool gadgets have become widespread in use. It’s fun and a welcome break to muse about such, away from the hectic life of managing clients and their projects.