Portrait of a broken spam blocker

For HME.PVRblog.com users get their password via email when they register. Occasionally someone will have a spam blocking service that requires people who send email to verify themselves by going to a site and passing a Captcha.

I just got one of those requests from Earthlink, and the damn thing won’t accept my input. I know I put in the right text for the Captcha, “THPN2” doesn’t have any homoglyphs like “1” and “l”. So now some guy isn’t getting his registration because of Earthlink’s broken spam blocker. I’d email him to let him know, but, well, you know…

On the plus side, I added a message to the registration page saying “If you use a spam blocking service that requires people to verify themselves before sending you mail, please add george (at) hotelling (dot) net to your whitelist to make sure you get your account details.” Hopefully this will mean fewer links I have to click.

Can anyone who uses one of these services tell me how much email they miss out on? I got an email a little while ago from Amazon telling me that USPS couldn’t deliver a package because the recipient had moved, and it came from an email address I had never gotten email from. How do people using these services get stuff like that?

[Update: I talked to Earthlink support.

‘Steven T.’ says: Thank you for contacting EarthLink LiveChat, how may I help you today?
me: I’m trying to send email to a user who has spam blocking turned on. I fill out the form and it says that the form failed and the email won’t send
me: https://webmail.pas.earthlink.net/wam/addme?a=xxxxxxxxx@earthlink.com&id=xxxxxxxxxxxx is the link I’m going to.
Steven T.: Please note that it depends upon the user accepting your request.
Steven T.: Please try to send it again and again.
me: The error message I get is “Challenge Failed. Please try your submission again.”
Steven T.: Okay, try to send it in off peak hours.
me: When are those?
Steven T.: I mean early in the morning or late night.
me: OK, I will try to schedule my email around your spam blocker.

Apparently Earthlink customers can only receive pre-approved email during the day. I’m glad I don’t rely on them for my email.]

Kryptonite’s implications

The Kryptonite story is pretty played out right now although more stories about other tubular lock vulnerabilities (via) will surely pop up. There’s a lot to be learned by reflecting just on what happened to Kryptonite.
About two weeks ago videos of someone opening a Kryptonite bike lock using a Bic pen in 30 seconds showed up online. A lot of people were incredulous, which is great, but they were easily able to replicate the experiment and news quickly spread. When the New York Times writes about security flaws, it’s no longer the domain of locksmiths. Kryptonite is doing the Right Thing™ and replacing vulnerable locks.
The computer security world has been wrestling with full disclosure since day one. Full disclosure claims that the best way to report a security flaw is to make the report public and include a way to replicate the flaw.
The argument for full disclosure is that malicious hackers will find out about the code anyway, so they gain very little. Also, people are best able to protect their systems when they can see the full impact of the flaw on their own and vendors have a history of needing to be shamed into fixing problems. The argument against is that by showing the public how to replicate the flow, malicious hackers can now exploit it with ease.
Apparently the Kryptonite flaw has been known since at least 1992 (via) and is only being fixed now. Why so long? Until now Kryptonite hasn’t been shamed publicly for the flaw. Meanwhile people have had their bikes stolen because they treated their lock as secure, until they found out that their bikes weren’t safe and haven’t been safe for at least 12 years.
The video was the equivalent of exploit code in computer security, and accomplished the aims of full disclosure. People found out what bike thieves already knew, were able to protect themselves, and the vendor is finally addressing the issue.
Another important parallel is with DRM and the DMCA (thanks to getlucky for the idea). I know it’s a Slashdot cliché to apply the DMCA to anything and everything, but there’s actually a good parallel here. Let’s pretend that the law treated the Bic pen vulnerability the way it treats decrypting DVDs.
First, the person who discovered the flaw has his home raided by police and goes through two trials in as many years. Next, everyone linking to the video is sued, although the New York Times is spared. Finally once all the lawsuits had gone through their motions, Kryptonite congratulates itself on a job well done. Of course the don’t fix the lock, but since it can silence anyone who talks about how to break the lock they don’t need to.
To see how the DMCA affects computer security, the Kryptonite saga is a great metaphor. A lot has been said about leaky abstractions, and most of it applies in this instance. For instance people using Bic pens to open bike locks generally don’t own the bike; people decrypting DVDs generally own the discs.
Laws like the DMCA, in fact all intellectual property laws, rely on metaphors and don’t address the fundamental differences between physical objects and ideas directly. These laws pretend that ideas are physical objects and subject to physical constraints, but strain so hard in doing so that the absurdity is clear when you try to map a law like the DMCA back onto a physical counterpart like a bike lock.
I like to think that I’m on the tail end of the last generation that treats ideas as abstractions. The internet forces people to deal with ideas as they are instead of tied to physical objects like paper or vinyl. The kids right now, the kids who will take the internet as a given for the rest of their lives, they have the best chance of interacting with ideas without abstraction.

How to compete with Best Buy

It seems home electronics and computer shops are having trouble competing with big box stores like Best Buy and Circuit City. Smaller stores could attract a lot of customers away from big box stores pretty easily: advertise a “no rebates” policy.
Everyone I know hates having to float loans to companies under the guise of rebates, only to have problems collecting. Companies frequently deny legitimate claims, which is basically fraud, but the whole idea behind rebates is to be able to offer a discount that will have a delayed pay out to a limited number of people. They’re banking on the fact that lazy people won’t send them in and that their byzantine customer service protocols will allow them to deflect some legitimate claims.
Given how customer unfriendly rebates are, smaller shops would do well to go the extra mile and eschew them (if they’re even offering them) in favor of instant discounts. People shopping purely on price will most likely wind up buying online, whereas people looking for convenience and immediacy are going to buy from someone that doesn’t make them do homework as punishment for being a customer. Then just add a bit about “Sick of waiting for rebates that never come?” to ads, and watch the uptick in sales.
I can’t be the only one would make a shopping decision based on rebates, can I?

Odd Todd Robbed?

June spotted these Weber grill ads on TV and thought they looked a little familiar. They style mimics Odd Todd, the guy who made Flash cartoons about being unemployed, to a tee. June isn’t the only one to see this, gigglechick.com saw it and emailed Todd to see if he was involved. According to her site, he says he didn’t have anything to do with it, which is a real shame.
oddtodd.gif webers.gif
The alternative way to go about this is what happened with Quiznos. Their ads feature rathergood.com’s Spongmonkeys singing about how much they love Quiznos subs. Slate has all the background info on the Quiznos ads, but what’s important is that they supported the original artist.
I talk a lot about copyright reform and how people should release things under Creative Commons licenses or not employ invasive copyright protections. The Odd Todd case highlights the other side of the copyright bargain, something all creators are in danger of if copyright were eradicated. Something for the people who want to abolish all intellectual property (a minority of copyright reformists) should consider: that corporations can misappropriate copyrights just as well as file sharers. (For reference, the NC license would allow the public more rights with a work while still requiring payment if the work was used in an ad)
There is one bit of validation in these ads, however. Both Odd Todd and the Spongmonkeys are creations by and for the web culture, and there must be a culture here. Otherwise, how could advertisers steal apply or reference it?

The Porn Myth and gender politics

From The Porn Myth by Naomi Wolf:

At a benefit the other night, I saw Andrea Dworkin, the anti-porn activist most famous in the eighties for her conviction that opening the floodgates of pornography would lead men to see real women in sexually debased ways. If we did not limit pornography, she argued—before Internet technology made that prospect a technical impossibility—most men would come to objectify women as they objectified porn stars, and treat them accordingly. In a kind of domino theory, she predicted, rape and other kinds of sexual mayhem would surely follow.

But the effect is not making men into raving beasts. On the contrary: The onslaught of porn is responsible for deadening male libido in relation to real women, and leading men to see fewer and fewer women as “porn-worthy.” Far from having to fend off porn-crazed young men, young women are worrying that as mere flesh and blood, they can scarcely get, let alone hold, their attention.

In the article, Naomi Wolf argues that the ability for men to have porn on tap and society’s acceptance of it has left men with better things to do than sleep with women. The porn stars become men’s sexual outlets and the real women in their lives can’t live up to that standard.

This puts women in an new position (sorry) of having to not only pursue their own sexual interests, but also compete with the hyper-sexualized prurient media. The media that decries the obscenity of Janet Jackson’s nipple while at the same time running that pixelated 3 second video clip over and over and over. The newspapers should have just ran the headline What is so fascinating about my forbidden closet of mystery? It certainly isn’t conveying the message that real women offer things that pr0n can’t anymore than Flatlanders are extolling the virtues of three dimensions.

The interesting consequence of this, is that it flips sexual politics on their head:

When I came of age in the seventies, it was still pretty cool to be able to offer a young man the actual presence of a naked, willing young woman. There were more young men who wanted to be with naked women than there were naked women on the market. If there was nothing actively alarming about you, you could get a pretty enthusiastic response by just showing up. Your boyfriend may have seen Playboy, but hey, you could move, you were warm, you were real.

Our younger sisters had to compete with video porn in the eighties and nineties, when intercourse was not hot enough. Now you have to offer—or flirtatiously suggest—the lesbian scene, the ejaculate-in-the-face scene. Being naked is not enough; you have to be buff, be tan with no tan lines, have the surgically hoisted breasts and the Brazilian bikini wax—just like porn stars.

Suddenly women aren’t the sole gatekeepers to the sexual progression of a relationship. A man might present sex as an option slower than he wants to his woman because he’s afraid of appearing oversexed. Now a woman might also have to compromise sexually because she’s afraid that her man might become bored or have unrealistic expectations.

Obviously these are caricatures of men and womens’ roles in a sexual relationship and as such have a great number of counterexamples, but they are the roles that our culture enforces. There’s no terms in our culture for a man being a slut or frigid. Men are expected to be sexually voracious and women are expected to tell their men to cool down. There are exceptions (Married With Children being the first one to mind) but as a culture this is how we view the genders.

There are also implications beyond normal sexual relationships; consider the case of computer generated child porn. Pornography that depicts a consenting adult that has been manipulated to appear to show a minor is as illegal as if it had been made with a minor. The argument here is that anything that feeds the appetites of pedophiles – whether it harms a child or not – is harmful to society because it will increase their desires. If adults’ porn is decreasing their interest in other adults, would virtual child porn decrease pedophiles interest in children? I wouldn’t want that law changed without a lot of science to back it up, but it’s still something that flows from the article’s premise.

I’ve tried to avoid value judgments up until this point, because I wanted to get some commentary in before injecting my own beliefs. I don’t think porn is bad, but excesses of anything will produce negative results. Speaking of excesses, it’s hard to argue that porn exploits women when you look at where Jenna Jameson lives. I think that this is an interesting example of the invisible hand of the free market in action, but I’m not sure that forcing women to compete with porn stars is good for anyone other than horny teenage boys.