I've got 2 Gmail invites up for grabs for the first 2 to email me offlist. Somitho@gmail.com Josh Brady
WOW! Overwhelming response. Haven't sent them all out yet, but all accounted for. Brett On Wed, 18 Aug 2004 13:51:43 -0700, Brett <bretton@gmail.com> wrote:
I've got a few to give out as well. Email me off-list and if I have any left, I'll send an invite.
Brett
On Wed, 18 Aug 2004 16:43:30 -0400, Joshua Brady <somitho@gmail.com> wrote:
All gone
Gmail seems to be in Beta stage. I got a Gmail account months ago, but I do not use it by now. The reason is it does not solve two bugs I met. The first is, after logining into gmail it will prompt with "Ooops, the system was unable to perform your operation. Please try again in a few seconds" if I click "Compose Mail". Sometime this message comes up after I FINALLY succeed with "Compose MAIL" and click "Send". Another thing I met is, when trying to log in. After typing in username/password, it shows "Gmail is not available by now", and I have to reload one or two times to log in. This is really contrast to what Yahoo! could provide. Joe --- Brett <bretton@gmail.com> wrote:
WOW! Overwhelming response. Haven't sent them all out yet, but all accounted for.
Brett
On Wed, 18 Aug 2004 13:51:43 -0700, Brett <bretton@gmail.com> wrote:
I've got a few to give out as well. Email me off-list and if I have any left, I'll send an invite.
Brett
On Wed, 18 Aug 2004 16:43:30 -0400, Joshua Brady <somitho@gmail.com> wrote:
All gone
__________________________________________________ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Deepak Jain [Thu, Aug 19, 2004 at 01:37:54AM -0400]:
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
-Jonathan "G-mail-less" Nichols
If we are all network operators, exactly what is the benefit of having a 1GB mailbox operated by another network?
What exaclty is the benefit of having a g-point-mail account? It's the same benefit you have when joining Orkut: You are 31337 if you have an account, as not everybody can participate. The most interesting thing is how many people still are giving all their personal data out to big companies for data mining. Sincerly, Nico P.S.: If you are interested in the background of this story, read http://nico.schotteli.us/papers/net/orkut-diary for more information. -- Keep it simple & stupid, use what's available. Please use pgp encryption: 8D0E 27A4 is my id. http://nico.schotteli.us | http://linux.schottelius.org
Nico Schottelius <nico-nanog@schottelius.org> writes:
P.S.: If you are interested in the background of this story, read http://nico.schotteli.us/papers/net/orkut-diary for more information.
My $0.02 social commentary on orkut (and similar social networking sites) is at http://www.fedster.com/ *.orkut.com is in my rejecthosts.dbm. ---Rob
On 8/19/2004 1:37 AM, Deepak Jain wrote:
If we are all network operators, exactly what is the benefit of having a 1GB mailbox operated by another network?
1) sending test mail to your internal network requires access to a remote network/postoffice? 2) when users complain about failures, you can check it out? 3) get your favorite username/handle while it's still available? I've got a handful of extras if anybody else still needs one btw -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
All gone On 8/19/2004 9:42 AM, Eric A. Hall wrote:
On 8/19/2004 1:37 AM, Deepak Jain wrote:
If we are all network operators, exactly what is the benefit of having a 1GB mailbox operated by another network?
1) sending test mail to your internal network requires access to a remote network/postoffice?
2) when users complain about failures, you can check it out?
3) get your favorite username/handle while it's still available?
I've got a handful of extras if anybody else still needs one btw
-- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
I've not seen any of the problems you're speaking of, but then again I'm in a later stage in the beta than you were (I'm assuming)... I have 5 invites that I'm willing to part with, if anyone would like one let me know off list ;) On Thu, 19 Aug 2004 14:28:14 +0800 (CST), Joe Shen <joe_hznm@yahoo.com.sg> wrote:
Gmail seems to be in Beta stage. I got a Gmail account months ago, but I do not use it by now. The reason is it does not solve two bugs I met. The first is, after logining into gmail it will prompt with "Ooops, the system was unable to perform your operation. Please try again in a few seconds" if I click "Compose Mail". Sometime this message comes up after I FINALLY succeed with "Compose MAIL" and click "Send".
Another thing I met is, when trying to log in. After typing in username/password, it shows "Gmail is not available by now", and I have to reload one or two times to log in.
This is really contrast to what Yahoo! could provide.
Joe
On Thu, 19 Aug 2004, Steven S. wrote: > I have 5 invites that I'm willing to part with... Uh, could we _please_ get back to something with operational content, or nothing at all? Anyone have anything concrete on the SHA-0 / MD5 compromise, for instance? Any operational impact there, that we need to worry about in the near term? -Bill
On Thu, 19 Aug 2004, Bill Woodcock wrote:
Anyone have anything concrete on the SHA-0 / MD5 compromise, for instance? Any operational impact there, that we need to worry about in the near term?
http://www.freedom-to-tinker.com/ sounds fubar'd to me Steve
Bill Woodcock <woody@pch.net> writes:
On Thu, 19 Aug 2004, Steven S. wrote: > I have 5 invites that I'm willing to part with...
Uh, could we _please_ get back to something with operational content, or nothing at all?
Anyone have anything concrete on the SHA-0 / MD5 compromise, for instance? Any operational impact there, that we need to worry about in the near term?
Here's the overview I sent to IAB/IESG: As you may or may not have heard, this year's CRYPTO conference has been very interesting: * Joux has found a single collision in SHA-0--an algorithm that nobody uses but that is very similar to SHA-1. However, SHA-0 was changed to fix a flaw (later found by Joux), thus becoming SHA-1 so we can hope that this attack can't be extended to SHA-1. The attack was fairly expensive, requiring about 2^51 operations the brute force attack would take about 2^80). * Biham and Chen can find collisions in a reduced round version of SHA-1 (40 rounds). The full SHA-1 is 80 rounds. It's hard to know whether this can be extended to full SHA-1 or not. NSA (who designed SHA-1) seems to be generally pretty good at tuning their algorithms so that they're just complicated enough to be secure. * Weng, Fang, Lai, and Yu have what appears to be a general method for finding collisions in MD4, MD5, HAVAL-128, and RIPEMD. They haven't published any details. What does this mean for us? I'll be writing up full details hopefully soon, but here's a short overview... WHAT'S BEEN SHOWN? An attacker can generate two messages M and M' such that Hash(M) = Hash(M'). Note that he cannot (currently) generate a message M such that Hash(M) is a given hash value, nor can he generate a message M' such that it hashes the same as a fixed message M. Currently this is possible for MD5 but we have to consider the possibility that it will be eventually possible for SHA-1. USES OF HASH FUNCTIONS We use hash algorithms in a bunch of different contexts. At minimum: 1. Digital signatures (you sign the hash of a message). (a) On messages (e.g. S/MIME). (b) On certificates. (c) In authentication primitives (e.g., SSH) 2. As MAC functions (e.g. HMAC) 3. As authentication functions (e.g. CRAM-MD5) 4. As key generation functions (e.g. SSL or IPsec PRF) THE POTENTIAL ATTACKS The only situation in which the current attacks definitely apply is (1). The general problem is illustrated by the following scenario. Alice and Bob are negotiating a contract. Alice generates two messages: M = "Alice will pay Bob $500/hr" M' = "Alice will pay Bob $50/hr" [0] Where H(M) = H(M'). She gets Bob to sign M (and maybe signs it herself). Then when it comes time to pay Bob, she whips out M' and says "I only owe $50/hr", which Bob has also signed (remember that you sign the hash of the message). So, this attack threatens non-repudiation or any kind of third party verifiability. Another, slightly more esoteric, case is certificates. Remember that a certificate is a signed message from the CA containing the identity of the user. So, Alice generates two certificate requests: R = "Alice.com, Key=X" R' = "Bob.com, Key=Y" Such that H(R) = H(R') (I'm simplifying here). When the CA signs R, it's also signing R', so Alice can present her new "Bob" certificate and pose as Bob. It's not clear that this attack can work in practice because Alice doesn't control the entire cert: the CA specifies the serial number. However, it's getting risky to sign certs with MD5. WHAT'S SAFE? First, anything that's already been signed is definitely safe. If you stop using MD5 today, nothing you signed already puts you at risk. There is probably no risk to two party SSH/SSL-style authentication handshakes. It's believed that HMAC is secure against this attack (according to Hugo Krawczyk, the designer) so the modern MAC functions should all be secure. I worry a bit about CRAM-MD5 and HTTP Digest. They're not as well designed as HMAC and you might potentially be able to compromise them to mount some kind of active cut-and-paste attack, though I don't have one in my pocket. The key generation PRFs should be safe. -Ekr [0] In practice, the messages might not be this similar, but there turn out to be lots of opportunities to make subtle changes in any text message.
On Wed, Aug 18, 2004 at 10:13:29PM -0700, Jonathan Nichols wrote:
Joshua Brady wrote:
I've got 2 Gmail invites up for grabs for the first 2 to email me offlist.
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
Because G-mail scans INCOMING mail without the sender's consent, we will NEVER have a G-mail account and have considered blocking them. We actively discourage our clients from using this service. If you want to let a service scan YOUR mail, it is your perogative, but you cannot give them permission to scan MY mail to you. YMMV.
-Jonathan "G-mail-less" Nichols
-- -=[L]=-
On Aug 19, 2004, at 1:39 PM, Lou Katz wrote:
On Wed, Aug 18, 2004 at 10:13:29PM -0700, Jonathan Nichols wrote:
Joshua Brady wrote:
I've got 2 Gmail invites up for grabs for the first 2 to email me offlist.
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
Because G-mail scans INCOMING mail without the sender's consent, we will NEVER have a G-mail account and have considered blocking them. We actively discourage our clients from using this service. If you want to let a service scan YOUR mail, it is your perogative, but you cannot give them permission to scan MY mail to you.
I believe your last statement is factually incorrect. I absolutely _can_ do anything I please with "your" e-mail you send to me. Not only that, I also believe I _may_ do it. You send me e-mail, the e-mail is now mine. I can post it publicly, put it into a search engine, or deleted it, and you have no say in the matter. Might not be polite, but it certainly it not illegal. Don't like it, don't send me e-mail. (Please. :) Google is simply indexing mail for their users as a service - an unobtrusive, completely benign service just like virus checking or procmail scripts which have been used for years. And it certainly does not require the consent of the sender. How I manage my mailbox is MY business. You have exactly zero say over whether I let Google do it or Mail.app. Perhaps you are worried that Google will read your e-mail? Or maybe let others read it? Well, I hope you never send e-mail to anyone who does not run their own dedicated mail server on their own dedicated hardware and encrypt the SMTP session. 'Cause you are worried about something that has been happening for decades. (Plus I think you have to be more than a little arrogant to think anyone at Google gives a fart about the e-mail you send.) But hey, it's your e-mail, send it or not as you please. I like the idea behind G-mail, I just can't deal with a web-based e-mail client. You don't, then don't use it. Just please don't spout factual fallacies like saying I can't give someone permission to do things to my inbox. -- TTFn, patrick
I believe your last statement is factually incorrect. I absolutely _can_ do anything I please with "your" e-mail you send to me. Not only that, I also believe I _may_ do it. You send me e-mail, the e-mail is now mine. I can post it publicly, put it into a search engine, or deleted it, and you have no say in the matter. Might not be polite, but it certainly it not illegal. Don't like it, don't send me e-mail. (Please. :)
A dozen routers processed the packets for his message to nanog, postfix processed it at merit, it went through the headers and checked it against some files on on their side probably, then it went through some more routers and maybe the FBI's carnivore system along the way, then it hit my postfix which ran it against some more files.. then spam assassin took a whack at it, then procmail took hold of it and scanned the mail.. then it was sent to pine, and then pine read it.. then I finally read it. Merit runs a mailing list, they chose to do some of those things, then i run my mail server, I chose to do some of those thingslooks like you're right.. he has no control over what happens to his mail once he sends it.
Perhaps you are worried that Google will read your e-mail? Or maybe let others read it? Well, I hope you never send e-mail to anyone who does not run their own dedicated mail server on their own dedicated hardware and encrypt the SMTP session. 'Cause you are worried about something that has been happening for decades. (Plus I think you have to be more than a little arrogant to think anyone at Google gives a fart about the e-mail you send.)
This is all of the information google states that advertisers get: 'Advertisers receive a record of the total number of impressions and clicks for each ad' That's it.. nothing more. If the guy is scared of robots/computers reading his mail or any of his information.. The internet is not the place for him. He can choose not to email gmail directly, but he better not ever mail a mailing list.. and hope his friends never bounce a message of his to google.
But hey, it's your e-mail, send it or not as you please. I like the idea behind G-mail, I just can't deal with a web-based e-mail client. You don't, then don't use it.
Same here.. pine has served me well for years, and will continue to. I got a gmail account like many others, just to check it out.. It seems nice, easy.. the interface even works well under Firefox and Mozilla. I would select gmail over yahoo, just because their ads are non-intrusive and there isn't flashing crap all over my screen.
Hey guys, don't put all of this on Patrick, he didn't even say that....relax a bit it was from a Lou at Metron...read http://www.metron.com -- Joshua Brady
Hey guys, don't put all of this on Patrick, he didn't even say that....relax a bit it was from a Lou at Metron...read http://www.metron.com
I was just agreeing with Patrick :)
On Thu, 19 Aug 2004 13:06:24 -0700 (PDT), Erik Parker <eparker@mindsec.com> wrote:
Hey guys, don't put all of this on Patrick, he didn't even say that....relax a bit it was from a Lou at Metron...read http://www.metron.com
I was just agreeing with Patrick :)
It got posted a bit too late sorry -- Joshua Brady
I'm not sure if it's even worth responding to you, but here I go anyway.... All mail servers scan your email when you send to one of their users. Mine scanned your below message several times in a row - first to look for certain headers that I don't want coming through (like that subject prefix that adult-oriented sites are required to use, for example), then again to look words in the body that I don't want to come through (for various things, from links to sites that could harm my users, to signatures of specific viruses, to stuff about mortgages that nobody should be using their work email to take care of), then again to see if the message was addressed to the postmaster (at which point all other rules are stopped and the message goes straight to the postmaster account), then again to check for attachments and add headers for certain kinds, then again to check those headers and block certain kinds of attachments, then again to check for viruses, etc...etc...etc... Given that all of the above is standard mail procedure (maybe not at an ISP, but certainly at a corporation with specific strict usage policies, and even at an ISP many of the above are standard) I hope you can understand how pathetic your argument is. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 19, 2004, at 1:39 PM, Lou Katz wrote:
On Wed, Aug 18, 2004 at 10:13:29PM -0700, Jonathan Nichols wrote:
Joshua Brady wrote:
I've got 2 Gmail invites up for grabs for the first 2 to email me offlist.
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
Because G-mail scans INCOMING mail without the sender's consent, we will NEVER have a G-mail account and have considered blocking them. We actively discourage our clients from using this service. If you want to let a service scan YOUR mail, it is your perogative, but you cannot give them permission to scan MY mail to you.
YMMV.
-Jonathan "G-mail-less" Nichols
-- -=[L]=-
LK> Date: Thu, 19 Aug 2004 10:39:43 -0700 LK> From: Lou Katz LK> Because G-mail scans INCOMING mail without the sender's LK> consent, we will NEVER have a G-mail account and have LK> considered blocking them. We actively discourage our clients LK> from using this service. If you want to let a service scan LK> YOUR mail, it is your perogative, but you cannot give them LK> permission to scan MY mail to you. Uh huh. And the systems that run virus checks and bayesian filtering? Consider how your statements would apply to "you cannot give 'them' permission to scan MY spam/viruses to you." It just doesn't make sense. You'd better start blocking large chunks of the Internet, because Gmail isn't the only one out to get you^W^W^W^Wthat scans inbound messages. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked.
Now, this is on topic. The email scanning that is done by Gmail is the same that is done by spam filtering and virus scanning. Do you actively discourage your clients to not use anti-virus or anti-spam software? All free email services profit from advertising, or they would not exist. Other services, such as Yahoo and Hotmail both serve ads from external domains, which gives them access to referer information and anything else passed in ad requests or Iframes. More information about the user is divulged and is a greater privacy concern. In Gmail, ads are served directly from Google, and no personal information is divulged to the advertiser. So, what are the technical reasons you discourage people from using Gmail? On Thu, 19 Aug 2004 10:39:43 -0700, Lou Katz <lou@metron.com> wrote:
On Wed, Aug 18, 2004 at 10:13:29PM -0700, Jonathan Nichols wrote:
Joshua Brady wrote:
I've got 2 Gmail invites up for grabs for the first 2 to email me offlist.
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
Because G-mail scans INCOMING mail without the sender's consent, we will NEVER have a G-mail account and have considered blocking them. We actively discourage our clients from using this service. If you want to let a service scan YOUR mail, it is your perogative, but you cannot give them permission to scan MY mail to you.
YMMV.
-Jonathan "G-mail-less" Nichols
-- -=[L]=-
----- Original Message ----- From: "Randy Bush" <randy@psg.com> To: "Jonathan Nichols" <jnichols@pbp.net> Cc: <nanog@nanog.org> Sent: Friday, August 20, 2004 9:04 PM Subject: Re: OT - 3 Free Gmail invites
You know, I'm having trouble finding people that *don't* have gmail.com accounts already. :P
i don't, mainly because i have no idea why i would want one. same for all these multiply.com invites.
b-b-but they are "invite only!$#@$#@$", that means it's "exclusive!#@@#", you could finally Belong! </sarcasm> paul
participants (21)
-
Alon Tirosh -
Bill Woodcock -
Brett -
Deepak Jain -
Edward B. Dreger -
Eric A. Hall -
Eric Rescorla -
Erik Parker -
Jeff Wheeler -
Joe Shen -
Jonathan Nichols -
Joshua Brady -
Lou Katz -
Mike Nice -
Nico Schottelius -
Patrick W Gilmore -
Paul G -
Randy Bush -
Robert E. Seastrom -
Stephen J. Wilcox -
Steven S.