If anybody wants to make something in Ada but do not know what

If anybody wants to make something in Ada but do not know what

[Preben Randhol]

Then perhaps a Bayesian Spam filter could be a nice challenge. Or if
somebody are heading a university student project/diploma work it could
a suitable project? 

Spam is becoming a great problem. Last check I got 30 spam messages in 3
days that was caught by my filter (spamassassin) and about 10 that
wasn't. There was also about 3 false negatives (mailed labelled as SPAM
but which was really HAM). So I think it is time for me to change spam
filtering method. Besides spamassassin is a perl script program and it
is a hug resource hog on my computer and it is slow. There are two
Bayesian Spam filter implementations in C (ugg :-( ) which has the
advantage of being fast. Problem is that with C's track record on buffer
overflow I don't trust them to be secure. This is why an Ada
implementation would be nice I think. Besides spam filters is something
people need so it could promote Ada95.

Wish I could make it myself, but I simply don't have the time at the
moment.

Here are
some resources:

   http://www.paulgraham.com/spam.html
   http://www2.picante.com/~gtaylor/spam/
   http://research.microsoft.com/~horvitz/junkfilter.htm
   http://www.paulgraham.com/better.html
   http://lwn.net/Articles/9460/

Two implementations in C (ugg!) and Perl (ugg!!)

   http://www.nongnu.org/ifile/
   http://bogofilter.sourceforge.net/

One in python:

   http://spambayes.sourceforge.net/

Preben

Re: If anybody wants to make something in Ada but do not know what

[Warren W. Gay VE3WWG]

Preben Randhol wrote:
> Then perhaps a Bayesian Spam filter could be a nice challenge. Or if
> somebody are heading a university student project/diploma work it could
> a suitable project? 
> 
> Spam is becoming a great problem. Last check I got 30 spam messages in 3
> days that was caught by my filter (spamassassin) and about 10 that
> wasn't. There was also about 3 false negatives (mailed labelled as SPAM
> but which was really HAM). So I think it is time for me to change spam
> filtering method. Besides spamassassin is a perl script program and it
> is a hug resource hog on my computer and it is slow. There are two
> Bayesian Spam filter implementations in C (ugg :-( ) which has the
> advantage of being fast. Problem is that with C's track record on buffer
> overflow I don't trust them to be secure. This is why an Ada
> implementation would be nice I think. Besides spam filters is something
> people need so it could promote Ada95.
> 
> Wish I could make it myself, but I simply don't have the time at the
> moment.
...
> Preben

I personally believe that as long as email is free (and we like it
that way), SPAM will continue to be a big problem. To keep email
free, I think that the only way this will work is we'll end up
using two forms of email on the Internet:

   1) Traditional email, which permits unsolicited mail (port 25);
      which will continually battle with spam filters and such.
   2) A newer "solicited only" email system (port 26?)

Perhaps the 2nd kind, can piggy back off of the first, by either
using a similar but extended protocol, and probably
using a new TCP/IP port # to avoid the log jam that occurs
on port 25 as spammers spam away.

The new email protocol would make use of PKI exchanges (PGP?),
so that only those people that you have shared certificates
with, can successfully deposit email in your mailbox (this
would be great for kids, so that only their friends can
send them mail etc.). If someone gives away the cert (if the
protocol allows it), then you revoke it, and issue a new one
if necessary.

Where the protocol research comes in (I think), is the method of
sharing and administering certs in a way that is easy for
grandmothers to work with.

However, this project probably needs to start with an IETF
committee, but certainly some Ada prototypes can be useful
as "proof of concept" projects.

Like you Preben, I'd do this myself if I had the time, but
I have to face my own limitations and mortality ;-)

Even getting the IETF interested in a formal proposal requires
too much of my time to launch. Maybe someone else is willing
to think it through and run with it. They can even claim it
as their own idea ;-)

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: If anybody wants to make something in Ada but do not know what

[rd]

"Warren W. Gay VE3WWG" wrote:
> 
> Preben Randhol wrote:

[clip]

> > Besides spam filters is something
> > people need so it could promote Ada95.
> >
> > Wish I could make it myself, but I simply don't have the time at the
> > moment.
> ...
> > Preben
> 
> I personally believe that as long as email is free (and we like it
> that way), SPAM will continue to be a big problem. To keep email
> free, I think that the only way this will work is we'll end up
> using two forms of email on the Internet:
> 
>    1) Traditional email, which permits unsolicited mail (port 25);
>       which will continually battle with spam filters and such.
>    2) A newer "solicited only" email system (port 26?)
> 
> Perhaps the 2nd kind, can piggy back off of the first, by either
> using a similar but extended protocol, and probably
> using a new TCP/IP port # to avoid the log jam that occurs
> on port 25 as spammers spam away.
> 
> The new email protocol would make use of PKI exchanges (PGP?),
> so that only those people that you have shared certificates
> with, can successfully deposit email in your mailbox (this
> would be great for kids, so that only their friends can
> send them mail etc.). If someone gives away the cert (if the
> protocol allows it), then you revoke it, and issue a new one
> if necessary.
> 
> Where the protocol research comes in (I think), is the method of
> sharing and administering certs in a way that is easy for
> grandmothers to work with.
> 
For the second protocol, <a href="http://www.jabber.org">Jabber</a>
might be just the thing.  The best part about Jabber is the real time
messaging capability, and if I was designing the second protocol, I would
include this functionality.

I don't believe there are any Jabber clients/servers written in Ada, and
I'm not sure how well Jabber uses crypto, but I do know that I still
miss a useful ICQ, and AIM doesn't fill the void (can't do computer to
computer messages in AIM.  They must go through the central server).

SPAM-less email (was If anybody wants to make something in Ada but do not know what)

[Warren W. Gay VE3WWG]

rd wrote:
> "Warren W. Gay VE3WWG" wrote:
>>Preben Randhol wrote:
> [clip]
>>>Besides spam filters is something
>>>people need so it could promote Ada95.
>>>
>>>Wish I could make it myself, but I simply don't have the time at the
>>>moment.
>>...
>>>Preben
>>
>>I personally believe that as long as email is free (and we like it
>>that way), SPAM will continue to be a big problem. To keep email
>>free, I think that the only way this will work is we'll end up
>>using two forms of email on the Internet:
>>
>>   1) Traditional email, which permits unsolicited mail (port 25);
>>      which will continually battle with spam filters and such.
>>   2) A newer "solicited only" email system (port 26?)
>>
>>Perhaps the 2nd kind, can piggy back off of the first, by either
>>using a similar but extended protocol, and probably
>>using a new TCP/IP port # to avoid the log jam that occurs
>>on port 25 as spammers spam away.
>>
>>The new email protocol would make use of PKI exchanges (PGP?),
>>so that only those people that you have shared certificates
>>with, can successfully deposit email in your mailbox (this
>>would be great for kids, so that only their friends can
>>send them mail etc.). If someone gives away the cert (if the
>>protocol allows it), then you revoke it, and issue a new one
>>if necessary.
>>
>>Where the protocol research comes in (I think), is the method of
>>sharing and administering certs in a way that is easy for
>>grandmothers to work with.
>>
> 
> For the second protocol, <a href="http://www.jabber.org">Jabber</a>
> might be just the thing.  The best part about Jabber is the real time
> messaging capability, and if I was designing the second protocol, I would
> include this functionality.

If I skimmed the site correctly, it doesn't address the "solicited
email only" problem. It seems to be more concerned with XML and IM.

What I really want, is a "solicited email only" channel, so that I
can give my electronic business card (read "cert.") to associates,
and not get pestered with offensive SPAM that I have to delete
every morning.  I also want to protect my kids from this kind of
crap.

The only way to eliminate SPAM completely, is to give the
"key" to those you will accept mail from, and reject everything
else.  BTW, ACT does this informally by insisting that you include
"GNAT" in the subject line. That "GNAT" acts as the "key". What
I'd like to see then, is a more sophisticated form of this, where the
key isn't so easily sharable with the world (and perhaps unique
to the sender so that it cannot be shared).

> I don't believe there are any Jabber clients/servers written in Ada, and
> I'm not sure how well Jabber uses crypto, but I do know that I still
> miss a useful ICQ, and AIM doesn't fill the void (can't do computer to
> computer messages in AIM.  They must go through the central server).

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Larry Kilgallen]

In article <3E9D8625.4090308@cogeco.ca>, "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:

> What I really want, is a "solicited email only" channel, so that I
> can give my electronic business card (read "cert.") to associates,
> and not get pestered with offensive SPAM that I have to delete
> every morning.  I also want to protect my kids from this kind of
> crap.

Unfortunately, some of us must accept correspondence (and therefore
under your plan, give a certificate to) people who cannot be trusted
to protect their own private key.

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Warren W. Gay VE3WWG]

Larry Kilgallen wrote:
> In article <3E9D8625.4090308@cogeco.ca>, "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:
> 
>>What I really want, is a "solicited email only" channel, so that I
>>can give my electronic business card (read "cert.") to associates,
>>and not get pestered with offensive SPAM that I have to delete
>>every morning.  I also want to protect my kids from this kind of
>>crap.
> 
> Unfortunately, some of us must accept correspondence (and therefore
> under your plan, give a certificate to) people who cannot be trusted
> to protect their own private key.

Yes of course. But that is why you need a key that is only usable
by a specific sender.

It is also useful to have another class of key (cert) that can be
shared. However, in this 2nd case, if one person abuses it, then
you have to revoke it for the entire group.

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: If anybody wants to make something in Ada but do not know what

[Jano]

Preben Randhol dice...
> Two implementations in C (ugg!) and Perl (ugg!!)
> 
>    http://www.nongnu.org/ifile/
>    http://bogofilter.sourceforge.net/
> 
> One in python:
> 
>    http://spambayes.sourceforge.net/

Another one (perl too):

http://popfile.sourceforge.net/

That's the one I use and it works great.

-- 
-------------------------
Jano
402450.at.cepsz.unizar.es
-------------------------

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Samuel Tardieu]

>>>>> "Warren" == Warren W Gay VE3WWG <ve3wwg@cogeco.ca> writes:

Warren> Yes of course. But that is why you need a key that is only
Warren> usable by a specific sender.

A lot of solutions exist, none of them is perfect yet. For example, I
protect myself with SpamAssassin (http://www.spamassassin.org) and WLE
(http://www.rfc1149.net/wle). The only spams I have received in months
were not-so-suspect mails coming through mailing-lists I subscribe to.
And only a few people had to do an extra manipulation to send me email.

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

Preben Randhol wrote:
> Then perhaps a Bayesian Spam filter could be a nice challenge. Or if
> somebody are heading a university student project/diploma work it could
> a suitable project? 

I've thought about doing a variation of this,
but I just don't have the time.

I really believe that if enough people did this,
spam would cease to be profitable and die out.

Unfortunately, there will never be enough people
doing it, for the same reasons as why most of us
are going to be informed once a year for the rest
of our lives that there's going to be a five-cent
tax on every e-mail (maybe that would be a good
thing--it's cheaper than a stamp and it would stop
spam).

A bayesian filter would keep its user from seeing
the spam.  There are already numerous decent
implementations of the idea, so one in Ada would
not go very far, _unless_ it offered a significant
new feature.

In my opinion, this new feature would be for
the statistical database to be kept ON THE SERVER.
Once your database got built up enough to reject
spams, you not only would not see it, you would
save the bandwidth of pulling it down to your computer.

Bayesian filters must scan the whole message,
thus current implementations require you to download
the whole message.

If an e-mail client or plugin was capable of
sending "Message ID #$%^#$%^# was spam" and
the server could update the database accordingly,
that would be really cool.

If someone has the time to tackle a project like
this, I'd be happy to share some of the details
I've already thought of.  Unfortunately, it would
require the cooperation of the ISP to run it.

Re: SPAM-less email (was If anybody wants to make something in Ada

[tmoran]

I'd sign up for an ISP where anyone who wanted to send me an e-mail would
have to pay $.02, refundable on my say-so.  That would make spam largely
uneconomic.  But that's an industrial organization, not a programming
languages, problem.

Re: If anybody wants to make something in Ada but do not know what

[Pascal Obry]

rd <nospam@spam.no> writes:

> I don't believe there are any Jabber clients/servers written in Ada, and

There is one Jaffar:

http://picolibre.enst-bretagne.fr/projects/jaffar/

Pascal.

-- 

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--|         http://perso.wanadoo.fr/pascal.obry
--| "The best way to travel is by means of imagination"
--|
--| gpg --keyserver wwwkeys.pgp.net --recv-key C1082595

Re: SPAM-less email (was If anybody wants to make something in Ada

[Larry Kilgallen]

In article <3E9D9642.2030303@cogeco.ca>, "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:
> Larry Kilgallen wrote:
>> In article <3E9D8625.4090308@cogeco.ca>, "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:
>> 
>>>What I really want, is a "solicited email only" channel, so that I
>>>can give my electronic business card (read "cert.") to associates,
>>>and not get pestered with offensive SPAM that I have to delete
>>>every morning.  I also want to protect my kids from this kind of
>>>crap.
>> 
>> Unfortunately, some of us must accept correspondence (and therefore
>> under your plan, give a certificate to) people who cannot be trusted
>> to protect their own private key.
> 
> Yes of course. But that is why you need a key that is only usable
> by a specific sender.

But the only way to determine that a specific sender is using it is
via their private key.  And if they do not protect that, someone can
steal it along with the certificate you issued.

This will all get automated by the bad guys, aided by their dupes in
Redmond.   Therefore such an attack against spam is much less useful
than some other method, even a program to automatically write letters
to one's legislators.

Re: If anybody wants to make something in Ada but do not know what

[Samuel Tardieu]

>>>>> "Pascal" == Pascal Obry <p.obry@wanadoo.fr> writes:

>> I don't believe there are any Jabber clients/servers written in
>> Ada, and

Pascal> There is one Jaffar: http://picolibre.enst-bretagne.fr/projects/jaffar/

It was developped by students I supervised. If anyone wants to take
the developpement from the current sources, create an account on
picolibre and I'll add you as a developper.

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam

Re: If anybody wants to make something in Ada but do not know what

[Randy Brukardt]

Preben Randhol wrote in message ...
>Then perhaps a Bayesian Spam filter could be a nice challenge. Or if
>somebody are heading a university student project/diploma work it could
>a suitable project?


What kind of spam filter are you talking about? A filter for a server is
different in a number of ways than a filter for a mail client. And a
filter for an ISP or large company is different than a filter for a tiny
organization.

That said, an anti-spam filter written in Ada already exists: it's
called Trash Finder, and it works with the IMS mail server on Windows. I
haven't publized it here precisely because no one here can use it. :-)
It is of course 100% in Ada, and it filters for literally dozens of
criteria -- after fully decoding and unfolding the message (a
significant percentage of spam is encoded). Among other things, it
filters on character sets, attachment types, violations of RFCs in the
mail format (spammers have a hard time following RFCs), specific HTML
features (forms, scripts, graphics, text outside of the markup, etc.),
From, To, Subjects, Text (without the HTML markup, which often can be
used to hide things), HTML markup, and (most recently) domains in URLs
given either in HTML markup or text.

It filters about 98% of the incoming spam on my system.

You'll note that there isn't a Bayesian filter. That has always been on
the 'wish list', but there are variety of reasons I no longer expect it
to be very effective. I study a lot of spam each week in an effort to
find more ways to automatically discard spam without discarding good
mail, so I think I'm reasonably qualified to talk on this subject.

First of all, Bayesian filters are most effective the closer to the
client that they are. On the server, they have to filter everyones mail,
and that necessarily means that they have to let more stuff through. For
example, 'casino' would be very unlikely to appear in my mail, but an
ISP could hardly block mail containing that word. So it doesn't make a
lot of sense to put such a filter on the server.

Secondly, most of the effectiveness of Bayesian filters have come from
the fact that they include the HTML markup in the text stored. Spammers
have figured that out, and are now sending a lot more plain text
messages. I've seen a number of spammers that as a matter of course send
an HTML version and a text version of the same message a couple of days
apart.

Thirdly, spammers have started sending random strings of junk (usually
placed so it won't display) as part of messages. Depending on the
filter, that can make a lot of messages look "OK" to a Bayesian filter,
because they often treat unknown words as unlikely to be spam. Even if
they don't do that, they tend to clog up the database with lots of junk
'words'.

Fourthly, I've been getting quite a few very short messages advertising
porn and other stuff. These are just too short (usually only 5-8 words
and a unique URL) to be caught by any filter.

Lastly, a Bayesian filter can never be accurate enough to entrust with
discarding of messages, at least for me. I'll only trust a pinpoint
filter for that, such as discarding names that include a particular URL.
Even so, I'm discarding 70% of the incoming spam here.

My preference is to filter on the URLs (and in some cases, phone numbers
and snail mail addresses) that the spammers use for contacts. They can
hardly not provide a contact, and it often is something that would never
appear in a real mail. (Do you want mail that links to
"beefupyourp---s.com"? - hyphens inserted as this is a family newsgroup.
:-) It's possible to automate handling of links as well.

Anyway, I'm no longer planning to write a Bayesian filter. I'm still
thinking about an unknown word filter, but I expect that to be
high-maintenance (and thus not for everyone).

             Randy.

Re: If anybody wants to make something in Ada but do not know what

[Randy Brukardt]

Wesley Groleau wrote in message ...
>If an e-mail client or plugin was capable of
>sending "Message ID #$%^#$%^# was spam" and
>the server could update the database accordingly,
>that would be really cool.


I just use a special mailbox on the server for this. That's a lot easier
than hoping to get every e-mail client to do something.

           Randy.

Re: SPAM-less email (was If anybody wants to make something in Ada

[Georg Bauhaus]

tmoran@acm.org wrote:
:  But that[spam]'s an industrial organization, not a programming
: languages, problem.

Yes. Precisely. Unfortunately, the banks seem slow in picking
up the idea of organizing small amount payments.
Spam should be passed on to our representatives, in the
form of requests for better legislation.

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[rd]

"Warren W. Gay VE3WWG" wrote:
> 
> rd wrote:
> > "Warren W. Gay VE3WWG" wrote:
> >>Preben Randhol wrote:
> > [clip]
> >>>Besides spam filters is something
> >>>people need so it could promote Ada95.
> >>>
> >>>Wish I could make it myself, but I simply don't have the time at the
> >>>moment.
> >>...
> >>>Preben
> >>
> >>I personally believe that as long as email is free (and we like it
> >>that way), SPAM will continue to be a big problem. To keep email
> >>free, I think that the only way this will work is we'll end up
> >>using two forms of email on the Internet:
> >>
> >>   1) Traditional email, which permits unsolicited mail (port 25);
> >>      which will continually battle with spam filters and such.
> >>   2) A newer "solicited only" email system (port 26?)
> >>
> >>Perhaps the 2nd kind, can piggy back off of the first, by either
> >>using a similar but extended protocol, and probably
> >>using a new TCP/IP port # to avoid the log jam that occurs
> >>on port 25 as spammers spam away.
> >>
> >>The new email protocol would make use of PKI exchanges (PGP?),
> >>so that only those people that you have shared certificates
> >>with, can successfully deposit email in your mailbox (this
> >>would be great for kids, so that only their friends can
> >>send them mail etc.). If someone gives away the cert (if the
> >>protocol allows it), then you revoke it, and issue a new one
> >>if necessary.
> >>
> >>Where the protocol research comes in (I think), is the method of
> >>sharing and administering certs in a way that is easy for
> >>grandmothers to work with.
> >>
> >
> > For the second protocol, <a href="http://www.jabber.org">Jabber</a>
> > might be just the thing.  The best part about Jabber is the real time
> > messaging capability, and if I was designing the second protocol, I would
> > include this functionality.
> 
> If I skimmed the site correctly, it doesn't address the "solicited
> email only" problem. It seems to be more concerned with XML and IM.
> 
> What I really want, is a "solicited email only" channel, so that I
> can give my electronic business card (read "cert.") to associates,
> and not get pestered with offensive SPAM that I have to delete
> every morning.  I also want to protect my kids from this kind of
> crap.

My big sticking point was the real-time messaging.  I haven't had an
operational ICQ in years (I'm not going to upgrade) and it would solve
several little problems for me.  Bonus points if it was encrypted by
default.
 
> The only way to eliminate SPAM completely, is to give the
> "key" to those you will accept mail from, and reject everything
> else.  BTW, ACT does this informally by insisting that you include
> "GNAT" in the subject line. That "GNAT" acts as the "key". What
> I'd like to see then, is a more sophisticated form of this, where the
> key isn't so easily sharable with the world (and perhaps unique
> to the sender so that it cannot be shared).

Designing a protocol for this probably wouldn't be overly difficult.
It'd really just be email guarded by a public/private key scheme, with
filtering based on who has your public (semi-public) key.

Since we're redesigning email, we might as well go ahead and integrate
encryption all the way through it. Selling ISPs on this would be a
cakewalk: spam is blocked by default, so spammers will eventually stop
spamming; it would envolve about the same server power as email does
now, but be far more powerful; if the text messaging features were
included, it would solve the interoffice security problems some
companies have (people would use instant messagers like AIM to send
stuff that should be kept secure); POP3 could be dumped for something
that uses more than a flimsy password; and many other little problems
with email could be resolved.

The encryption schemes to solve all these problems exist now, it's just
a matter of people sitting down and pounding out the actual protocol.
I can't think of a reason it wouldn't be immediately adopted.  To my
mind, the biggest problem communication schemes face is not being
mainstream.  It's already not a difficult matter to encrypt emails
with PGP, but I still don't get encrypted emails, and I don't send them
myself (often).

And to stay sort of inline with the original poster, doing this in Ada
first would be a good way to promote the language.

Sorry for rambling, I tend to do that when I start to get excited about
a topic.

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[Samuel Tardieu]

> To my
> mind, the biggest problem communication schemes face is not being
> mainstream.  It's already not a difficult matter to encrypt emails
> with PGP, but I still don't get encrypted emails, and I don't send them
> myself (often).

The problem with OpenPGP is that you do not know whether people do
prefer encrypted emails or not. I do favor them, but I know people
who want to use OpenPGP only when they need to, because it adds
some complexity into their email system.

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

> First of all, Bayesian filters are most effective the closer to the
> client that they are. On the server, they have to filter everyones mail,
> and that necessarily means that they have to let more stuff through. For

Not necessarily.  The one I proposed does the filtering on the server
based on feedback from the addressee.  In other word, each user would
have his/her dedicated statistical DB.

> Secondly, most of the effectiveness of Bayesian filters have come from
> the fact that they include the HTML markup in the text stored. Spammers
> have figured that out, and are now sending a lot more plain text

> Thirdly, spammers have started sending random strings of junk (usually
> placed so it won't display) as part of messages. Depending on the
> filter, that can make a lot of messages look "OK" to a Bayesian filter,
> because they often treat unknown words as unlikely to be spam. Even if
> they don't do that, they tend to clog up the database with lots of junk
> 'words'.

The way some implementations work, these tricks won't work.
For example, Paul Graham's algorithm only looks at the strongest
indicators at both ends.  If a spammer puts in a lot of random
words, they won't be consistent and will not have much weight.
If the spammer puts in the same words all the time, and these words
are common in non-spam, they will not be srong indicators and
won't be used.  If they are not common in non-spam, they will
catch the spam.

> Lastly, a Bayesian filter can never be accurate enough to entrust with
> discarding of messages, at least for me. I'll only trust a pinpoint
> filter for that, such as discarding names that include a particular URL.
> Even so, I'm discarding 70% of the incoming spam here.

My _limited_ tests with a Bayesian filter had no false negatives or false 
positives.  And the 'net being what it is, an occasional message gets
lost somehow anyway.  Besides, no filter is required to discard anything.

I would just like the presumed spam messages stored on the server
until I say trash them (or until I ignore them for some length
of time).  Ideally, have the filter put the subject lines in an
e-mail to me, containing a CGI form with two choices:
  - trash all of them
  - send a individual choice message
The individual choice message would let me select specific messages
to be kept.

> My preference is to filter on the URLs (and in some cases, phone numbers
> and snail mail addresses) that the spammers use for contacts.

But a Bayesian filter can do stats on that as well.

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

Randy Brukardt wrote:
> That said, an anti-spam filter written in Ada already exists: it's
> called Trash Finder, and it works with the IMS mail server on Windows. I
> haven't publized it here precisely because no one here can use it. :-)

perhaps no one "here" but I have a friend with few computer skills
who teaches at a college in Canada, uses IMS, and gets tons of spam.
(I saw her in box when she stopped at our house on travel to check
her mail.  Not a pretty sight.)

Is Trash Finder difficult to set up?  (I'm not sure the
admins at TWU would be willing to tolerate anything difficult)

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[rd]

Samuel Tardieu wrote:
> 
> > To my
> > mind, the biggest problem communication schemes face is not being
> > mainstream.  It's already not a difficult matter to encrypt emails
> > with PGP, but I still don't get encrypted emails, and I don't send them
> > myself (often).
> 
> The problem with OpenPGP is that you do not know whether people do
> prefer encrypted emails or not. I do favor them, but I know people
> who want to use OpenPGP only when they need to, because it adds
> some complexity into their email system.

Which is why I'm so hyped up over a new email system that uses strong
public key encryption by default.  The complexity added is already fairly
low.  If it were built into the protocol, then the complexity would be
almost nothing.  My parents are new computer users, and I'm sure they
could use an email program with the encryption, even if they don't
understand the mathematical nuances behind the encryption.  They already
have to enter a username and passphrase to check their email anyway.

The inroad to getting this thing designed and implemented is how it
stops spam.  That alone is enough to get a new encrypted email system
in widespread use, and if it happens to make encrypted email the norm,
then so much the better.

Re: If anybody wants to make something in Ada but do not know what

[AG]

"Wesley Groleau" <wesgroleau@despammed.com> wrote in message
news:VZ2dndUZ8_77eACjXTWcpA@gbronline.com...
>
> > First of all, Bayesian filters are most effective the closer to the
> > client that they are. On the server, they have to filter everyones mail,
> > and that necessarily means that they have to let more stuff through. For
>
> Not necessarily.  The one I proposed does the filtering on the server
> based on feedback from the addressee.  In other word, each user would
> have his/her dedicated statistical DB.

Hold on a second. Not to mention that you are putting
a potentially huge strain on the ISP provider (a dedicated
DB per user) you are also putting the info in that database
in a bit of a wrong place. In effect, you are telling your
ISP what you are or are not intersted in. The temptation
may be strong to on-sell that info to someone ...

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Warren W. Gay VE3WWG]

Samuel Tardieu wrote:
>>>>>>"Warren" == Warren W Gay VE3WWG <ve3wwg@cogeco.ca> writes:
> 
> Warren> Yes of course. But that is why you need a key that is only
> Warren> usable by a specific sender.
> 
> A lot of solutions exist, none of them is perfect yet. For example, I
> protect myself with SpamAssassin (http://www.spamassassin.org) and WLE
> (http://www.rfc1149.net/wle). The only spams I have received in months
> were not-so-suspect mails coming through mailing-lists I subscribe to.
> And only a few people had to do an extra manipulation to send me email.
> 
>   Sam

A key based system can be made to work nearly 100%. If people give
away secrets (just like giving away system passwords), then you
can't do much about that. However, it can be easily corrected, if
you then change the cert.

Any "filter" based solution is going to be a continually losing
battle. It is not a "solution".

Sure you can filter today against:

    viagara
    v.i.a.g.a.r.a
    v/i/*a/g/a-ra

But then next month you'll be adding:

    V-aye a graw

and so on. Then your filters become so strong, that someone sends me
an email about "Meet you in Niagara", and your filter will eliminate
that message on me.

This is not a final solution!

PGP and other encryption technology can make it nearly impossible
for people to forge an authentication. How many spammers will
spend time on a supercomputer cracking a successful cert to
spam little ol' me? They might for a Microsoft email address,
but then MS can afford to deal with the spam ;-)

But increased levels of encryption can make it even more difficult,
when necessary (at least until the desktop quantum computer
arrives). ;-)  Maybe it can be a "parameter" of the process.

We need to think about the _larger_ picture here. Too many people
are stuck in the "let's filter" thinking, which is only a half
measure. I'd like to challenge everyone to look to at a solicited
email only solution. This is the _only_ way to eliminate unwanted
mail (proof witheld ;-)

This is doable. PGP has been providing safe email communication
for quite some time. We just need to apply the same technology
to restrict email to "solicited only email". Use encrypted
attachments (for example) to authenticate the sender and
receiver relationship.

I do agree that filtering is probably the only solution to
_unsolicited_ mail. But if everyone starts to use "solicited
only email" to avoid spam, and only very occaisionally checking
the unsolicited email box, maybe the spammers will give up?

Maybe that is thinking just a little optimistic ;-)

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

>>Not necessarily.  The one I proposed does the filtering on the server
>>based on feedback from the addressee.  In other word, each user would
>>have his/her dedicated statistical DB.
> 
> Hold on a second. Not to mention that you are putting
> a potentially huge strain on the ISP provider (a dedicated

Disk space or bandwidth--which is the greater strain?

> DB per user) you are also putting the info in that database
> in a bit of a wrong place. In effect, you are telling your
> ISP what you are or are not intersted in. The temptation
> may be strong to on-sell that info to someone ...

Ouch!  Good point!

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[Warren W. Gay VE3WWG]

rd wrote:
> "Warren W. Gay VE3WWG" wrote:
>>rd wrote:
>>>"Warren W. Gay VE3WWG" wrote:
>>>>Preben Randhol wrote:
>>>
>>>[clip]
>>>
>>>>>Besides spam filters is something
>>>>>people need so it could promote Ada95.
>>>>>
>>>>>Wish I could make it myself, but I simply don't have the time at the
>>>>>moment.
>>>>
>>>>...
>>>>
>>>>>Preben
>>>>
>>>>I personally believe that as long as email is free (and we like it
>>>>that way), SPAM will continue to be a big problem. To keep email
>>>>free, I think that the only way this will work is we'll end up
>>>>using two forms of email on the Internet:
>>>>
>>>>  1) Traditional email, which permits unsolicited mail (port 25);
>>>>     which will continually battle with spam filters and such.
>>>>  2) A newer "solicited only" email system (port 26?)
>>>>
>>>>Perhaps the 2nd kind, can piggy back off of the first, by either
>>>>using a similar but extended protocol, and probably
>>>>using a new TCP/IP port # to avoid the log jam that occurs
>>>>on port 25 as spammers spam away.
>>>>
>>>>The new email protocol would make use of PKI exchanges (PGP?),
>>>>so that only those people that you have shared certificates
>>>>with, can successfully deposit email in your mailbox (this
>>>>would be great for kids, so that only their friends can
>>>>send them mail etc.). If someone gives away the cert (if the
>>>>protocol allows it), then you revoke it, and issue a new one
>>>>if necessary.
>>>>
>>>>Where the protocol research comes in (I think), is the method of
>>>>sharing and administering certs in a way that is easy for
>>>>grandmothers to work with.
...
>>The only way to eliminate SPAM completely, is to give the
>>"key" to those you will accept mail from, and reject everything
>>else.  BTW, ACT does this informally by insisting that you include
>>"GNAT" in the subject line. That "GNAT" acts as the "key". What
>>I'd like to see then, is a more sophisticated form of this, where the
>>key isn't so easily sharable with the world (and perhaps unique
>>to the sender so that it cannot be shared).
> 
> Designing a protocol for this probably wouldn't be overly difficult.
> It'd really just be email guarded by a public/private key scheme, with
> filtering based on who has your public (semi-public) key.
> 
> Since we're redesigning email, we might as well go ahead and integrate
> encryption all the way through it. Selling ISPs on this would be a
> cakewalk: spam is blocked by default, so spammers will eventually stop
> spamming; it would envolve about the same server power as email does
> now, but be far more powerful; if the text messaging features were
> included, it would solve the interoffice security problems some
> companies have (people would use instant messagers like AIM to send
> stuff that should be kept secure); POP3 could be dumped for something
> that uses more than a flimsy password; and many other little problems
> with email could be resolved.

Now you're talkin'. It is reassuring to see that some people
understand the bigger picture here. Yes, I agree there would be
an opportunity to address many other issues, like the ones you
have cited.

> The encryption schemes to solve all these problems exist now, it's just
> a matter of people sitting down and pounding out the actual protocol.

Yes! Thank you.

> I can't think of a reason it wouldn't be immediately adopted.  To my
> mind, the biggest problem communication schemes face is not being
> mainstream.  

Yep - logistics.

> It's already not a difficult matter to encrypt emails
> with PGP, but I still don't get encrypted emails, and I don't send them
> myself (often).

Well, if some were to start offering a port 26 service (smtp2?), then
perhaps with time we'll see dual-mode delivery, until such time
everyone supports the new protocol.

> And to stay sort of inline with the original poster, doing this in Ada
> first would be a good way to promote the language.

YES! That is why I took the opportunity to lay out some of my
rambling thoughts. I don't have the energy or the time to do this,
but I would be glad for someone else to do this.

> Sorry for rambling, I tend to do that when I start to get excited about
> a topic.

I am encouraged that there are some out there that are willing to
think beyond "filtering". We need a solution folks. If there
were a golden opportunity for Internet fame (which could help Ada),
then I see this as one.

Just think: folks that insisted on having C versions, would have to
port your Ada code to C/C++!  The reference version would of course
be the Ada version!

Any fish biting yet?

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[Warren W. Gay VE3WWG]

Samuel Tardieu wrote:
>>To my
>>mind, the biggest problem communication schemes face is not being
>>mainstream.  It's already not a difficult matter to encrypt emails
>>with PGP, but I still don't get encrypted emails, and I don't send them
>>myself (often).
> 
> The problem with OpenPGP is that you do not know whether people do
> prefer encrypted emails or not. I do favor them, but I know people
> who want to use OpenPGP only when they need to, because it adds
> some complexity into their email system.
> 
>   Sam

Part of the solution is of course looking for ways to simplify.
However, I have never found sendmail to be simple, and yet it
is still widely used. But there is room to design something
better!

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Robert A Duff]

"Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:

> We need to think about the _larger_ picture here. Too many people
> are stuck in the "let's filter" thinking, which is only a half
> measure. I'd like to challenge everyone to look to at a solicited
> email only solution. This is the _only_ way to eliminate unwanted
> mail (proof witheld ;-)

But I *want* unsolicited email in some cases, like when somebody sends,
"Hey, you've never heard of me, but I heard your company (SofCheck,
Inc.) make static analysis tools, which I might want to buy.  Please
tell me more."  I don't want to pester such a person with extra hassles
involving encryption, or transactions of $0.02 and refunds thereof.

- Bob

Re: SPAM-less email (was If anybody wants to make something in Ada butdo not know what)

[Robert A Duff]

rd <nospam@spam.no> writes:

>...and many other little problems
> with email could be resolved.

How about this annoying little problem: If the text of your e-mail (not
the headers) contains a line starting with "From", the software inserts
">".

- Bob

Re: If anybody wants to make something in Ada but do not know what

[AG]

"Wesley Groleau" <wesgroleau@despammed.com> wrote in message
news:tWWdneoWEM40RgOjXTWcqg@gbronline.com...
> > Hold on a second. Not to mention that you are putting
> > a potentially huge strain on the ISP provider (a dedicated
>
> Disk space or bandwidth--which is the greater strain?
>
> > DB per user)

I don't think the question above is related:

ISP has already spent both disk space and
bandwidth to download some spam on their
servers. Presumably you didn't pay for that
except via your normal subscription fees.

Now, assuming you pay for download
(per Mb or whatever) the ISP should be
more than happy to send all that junk to
you and recover the costs. Even if not,
the costs are already incurred and will
be passed on to you (as a customer)
one way or another.

But now you want that ISP to allocate
some more disk space (and bandwidth,
and associated software and maintenance)
to make sure they can't. Yeah, right :)

Re: If anybody wants to make something in Ada but do not know what

[Randy Brukardt]

Wesley Groleau wrote in message ...
>Randy Brukardt wrote:
>> That said, an anti-spam filter written in Ada already exists: it's
>> called Trash Finder, and it works with the IMS mail server on
Windows. I
>> haven't publized it here precisely because no one here can use it.
:-)
>
>perhaps no one "here" but I have a friend with few computer skills
>who teaches at a college in Canada, uses IMS, and gets tons of spam.
>(I saw her in box when she stopped at our house on travel to check
>her mail.  Not a pretty sight.)
>
>Is Trash Finder difficult to set up?  (I'm not sure the
>admins at TWU would be willing to tolerate anything difficult)


No, just add it to the list of plugins and bounce the services. To be
most effective, it needs some filter patterns entered (the domains of
persistent spammers), but there is a nice GUI (written in Claw, of
course) for doing that. And it will get a lot of junk out-of-the-box.

Of course, Trash Finder has been publicized many times on the IMS-Users
mailing list. Your friend's admin ought to already be on it, because its
the only way to find out about the latest problems and there fixes.

               Randy.

Re: SPAM-less email (was If anybody wants to make something in Ada but

[AG]

"Robert A Duff" <bobduff@shell01.TheWorld.com> wrote in message
news:wcche8wpz6x.fsf@shell01.TheWorld.com...

> > We need to think about the _larger_ picture here. Too many people
> > are stuck in the "let's filter" thinking, which is only a half
> > measure. I'd like to challenge everyone to look to at a solicited
> > email only solution. This is the _only_ way to eliminate unwanted
> > mail (proof witheld ;-)
>
> But I *want* unsolicited email in some cases

Well, if you do that's fine.

> , like when somebody sends,
> "Hey, you've never heard of me, but I heard your company (SofCheck,
> Inc.) make static analysis tools, which I might want to buy.  Please
> tell me more."

If you expect that sort of mail in a free-for-all mailbox
you would probably have some people sifting through
all the junk coming into it - even after any reasonable
filters killed half of it (and paying the costs of course).

> I don't want to pester such a person with extra hassles
> involving encryption, or transactions of $0.02 and refunds thereof.

However, suppose I want to have a mailbox which
is freely visible and accessible. I might actually buy
something that's advertised on that unsolicited mail.

But: let's say any mail to that mailbox is automatically
charged that $0.02 after 48 hours unless I cancel
that in the meantime. (Any e-mail that can't be traced
or charged is automatically rejected). Now, that would
allow two things: Any person/company/organization
that has a legitimate reason to use it need not worry -
no charge happens. Any would-be seller is free to try
it (at $0.02 it's not a big deal if you really hope for
a sale and it may even be refunded if the sale works).

However, in the case of mass-mailer spam that would
quickly become prohibitive: If you can't be charged
you don't get to post. If you can, then, say, a million
posts to such addresses would mean $20,000
investment up front with little chance of recovery ...

Re: If anybody wants to make something in Ada but do not know what

[Randy Brukardt]

Wesley Groleau wrote in message ...
>> First of all, Bayesian filters are most effective the closer to the
>> client that they are. On the server, they have to filter everyones
mail,
>> and that necessarily means that they have to let more stuff through.
For
>
>Not necessarily.  The one I proposed does the filtering on the server
>based on feedback from the addressee.  In other word, each user would
>have his/her dedicated statistical DB.


I don't think that would work. The word list for the AdaIC search engine
is 270,000 words, and it takes up 6 MB. The database of counts for a
Bayesian filter would take at least two counters (presumably 32-bit,
although 24-bit would probably be enough) for each word. That's at least
2MB. The word list could be shared, but certainly the DB could not. (And
I'd expect the word list to be much larger than that, given the random
words and the puree approach of the Graham filter).

For a very small server like mine, that might not be a big deal. But
some of the people running Trash Finder have servers handling 50,000
messages per day with more than 1,000 users. The overhead of scanning
and scoring all of those messages would be very high, especially as the
DBs would be too large to stay in the machine's cache.

>> Thirdly, spammers have started sending random strings of junk
(usually
>> placed so it won't display) as part of messages. Depending on the
>> filter, that can make a lot of messages look "OK" to a Bayesian
filter,
>> because they often treat unknown words as unlikely to be spam. Even
if
>> they don't do that, they tend to clog up the database with lots of
junk
>> 'words'.
>
>The way some implementations work, these tricks won't work.
>For example, Paul Graham's algorithm only looks at the strongest
>indicators at both ends.  If a spammer puts in a lot of random
>words, they won't be consistent and will not have much weight.
>If the spammer puts in the same words all the time, and these words
>are common in non-spam, they will not be srong indicators and
>won't be used.  If they are not common in non-spam, they will
>catch the spam.


That might prevent passing spam, but it does nothing to avoid the
overhead. The problem is in order to find out the strongest indicator,
you have to score every 'word' in the message. When a lot of trash words
are in the message, you have to allocate new words and new counters for
them; and when there are a lot of such messages, the size of the DB
grows rapidly. (We saw this happen in the search engine when we
accidentially indexed some Unix .lib files.) That adds overhead; a lot
of overhead for a filter like mine which gets invoked on each message
individually. (Writing out the word list each time is expensive.)

>> Lastly, a Bayesian filter can never be accurate enough to entrust
with
>> discarding of messages, at least for me. I'll only trust a pinpoint
>> filter for that, such as discarding names that include a particular
URL.
>> Even so, I'm discarding 70% of the incoming spam here.
>
>My _limited_ tests with a Bayesian filter had no false negatives or
false
>positives.  And the 'net being what it is, an occasional message gets
>lost somehow anyway.  Besides, no filter is required to discard
anything.
>
>I would just like the presumed spam messages stored on the server
>until I say trash them (or until I ignore them for some length
>of time).

I used to do that, but I discovered that I was spending more than an
hour each Monday and a half hour every other day going through them and
getting rid of them. That's silly. I don't mind occassionally
quarentining a good message, but deleting it is a no-no.

For servers that get 50,000 messages a day, manual deletion of the 20%
spam is impractical.

>> My preference is to filter on the URLs (and in some cases, phone
numbers
>> and snail mail addresses) that the spammers use for contacts.
>
>But a Bayesian filter can do stats on that as well.


Only with a lot more overhead and less precision.

And overhead matters if your processing 50,000 messages a day (or even
500 on a machine that's also running a search engine, web server, and
soon, a software update server).

The Graham filter is especially bad with overhead, because it just uses
everything about the message as it comes. A lot of spam is encoded in
various ways, and that will increase the number of versions of the same
word a lot. And if the spammer hits on a new encoding, the spam will go
through.

Another overhead issue with Bayesian filters is that you have to scan
the message twice, once to classify it, and a second time to store the
counters appropriately. (And you have to have a way to handle false
positives and false negatives.) You can trade off memory vs. cpu time in
various ways, but it would be preferable to do neither.

Anyway, its best that multiple approaches be used to filter spam. If
everybody did it the same way, the spammers would find it easier to get
their trash though!!

                  Randy.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Randy Brukardt]

Warren W. Gay VE3WWG wrote in message <3E9EDB7B.2090901@cogeco.ca>...
>I do agree that filtering is probably the only solution to
>_unsolicited_ mail. But if everyone starts to use "solicited
>only email" to avoid spam, and only very occaisionally checking
>the unsolicited email box, maybe the spammers will give up?


A lot of us NEED to get unsolicited mail. If we don't take random
queries from the public, how would we ever get a new customer?
Similarly, the Ada-Comment mailing list is open to any Ada programmer to
comment. We don't want to restrict it to the 'inner circle'.

I do agree that filtering itself is not a solution, only a 'fix'. But
for most of us that don't get to invent new mail protocols, it's the
only practical fix. I get 200+ spam a day here; without filtering, I'd
never get anything done.

Note that an encryption based mail is not a lot different than a
whitelist. The only advantage is that encryption would prevent spammers
from sending you mail by spoofing someone on the whitelist. But that's
going to be tough for a spammer to guess the contents of an individual's
whitelist, even for someone as public as myself, and a pain to do it for
every one of the millions of addresses that they spam.

              Randy.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[AG]

"Randy Brukardt" <randy@rrsoftware.com> wrote in message
news:v9uel6jr5ubhff@corp.supernews.com...
> A lot of us NEED to get unsolicited mail. If we don't take random
> queries from the public, how would we ever get a new customer?

There is a flip side to that though. From the point of view
of a potential customer: Suppose I mail a real query to
your mailbox swamped by spam. How do I know it
will make it past the filters? Even if it did, what are
the chances that whoever scans the mail notices
that particular one? etc etc

On the other hand - if you, as a company I deal
or would like to deal with, had a $0.02-refunded
mailbox I would probably risk that much money
to make sure I reach you.

[That's not just a theoretical thing - right now I'm
trying to reach a certain company with a simple
sales-related question. I'm a registered user and
quote order number and dates and it still doesn't
get through. I'm sure I've spent more than 2 cents
by now on trying it and, as a company, you can
bet the non-existence of a more direct mail-box
is going to cost you some business]

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Larry Kilgallen]

In article <ZjHna.4702$mZ4.85444@news.xtra.co.nz>, "AG" <ang@xtra.co.nz> writes:
> "Randy Brukardt" <randy@rrsoftware.com> wrote in message
> news:v9uel6jr5ubhff@corp.supernews.com...
>> A lot of us NEED to get unsolicited mail. If we don't take random
>> queries from the public, how would we ever get a new customer?
> 
> There is a flip side to that though. From the point of view
> of a potential customer: Suppose I mail a real query to
> your mailbox swamped by spam. How do I know it
> will make it past the filters?

If Randy is using DNS-blocklist rejection and you are unfortunate
enough to share an IP address with a spammer, you will get a notice
back that your mail did not get through.  You can then decide whether
to try an alternate contact mechanism.

If Randy is using DNS-blocklist teergrubbing, and you are unfortunate
enough to share an IP address with a spammer, you will get a notice
from your own ISP after whatever length of time they choose to give up.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[AG]

"Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message
news:jWK3W3dD2y0A@eisner.encompasserve.org...
> In article <ZjHna.4702$mZ4.85444@news.xtra.co.nz>, "AG" <ang@xtra.co.nz>
writes:
> > "Randy Brukardt" <randy@rrsoftware.com> wrote in message
> > news:v9uel6jr5ubhff@corp.supernews.com...
> >> A lot of us NEED to get unsolicited mail. If we don't take random
> >> queries from the public, how would we ever get a new customer?
> >
> > There is a flip side to that though. From the point of view
> > of a potential customer: Suppose I mail a real query to
> > your mailbox swamped by spam. How do I know it
> > will make it past the filters?
>

>  You can then decide whether to try an alternate contact mechanism.

Like what? An international phone call (listening
to "your call is important to us" at your expense),
snail mail or personal visit?

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Larry Kilgallen]

In article <DXHna.4795$mZ4.86664@news.xtra.co.nz>, "AG" <ang@xtra.co.nz> writes:
> "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message
> news:jWK3W3dD2y0A@eisner.encompasserve.org...
>> In article <ZjHna.4702$mZ4.85444@news.xtra.co.nz>, "AG" <ang@xtra.co.nz>
> writes:
>> > "Randy Brukardt" <randy@rrsoftware.com> wrote in message
>> > news:v9uel6jr5ubhff@corp.supernews.com...
>> >> A lot of us NEED to get unsolicited mail. If we don't take random
>> >> queries from the public, how would we ever get a new customer?
>> >
>> > There is a flip side to that though. From the point of view
>> > of a potential customer: Suppose I mail a real query to
>> > your mailbox swamped by spam. How do I know it
>> > will make it past the filters?
>>
> 
>>  You can then decide whether to try an alternate contact mechanism.
> 
> Like what? An international phone call (listening
> to "your call is important to us" at your expense),
> snail mail or personal visit?

Certainly.  If you choose to associate with spammers (in the DNSbl
comment I made just before my line above), you are already fighting
this battle every day.  (By "choose to associate", I include staying
with an ISP who will not dump the spammers.)

Re: SPAM-less email (was If anybody wants to make something in Adabut

[AG]

"Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message
news:U$J6hEh5KA1v@eisner.encompasserve.org...

> Certainly.  If you choose to associate with spammers (in the DNSbl
> comment I made just before my line above), you are already fighting
> this battle every day.  (By "choose to associate", I include staying
> with an ISP who will not dump the spammers.)

Sorry, I guess we've drifted quite a bit off-topic here.
Let's try to get a little closer to the subject line [before
the (was ...) part]. For example: your DNS comments
were a bit above my head - I know what you are talking
about but it would be a little hard to translate that into the
everyday e-mail usage.

How exactly did I choose to associate with spammers?
Am I supposed to check the policies of each and every
ISP provider I happen to use at the moment? And enforce
their no-spam policy?

[If you really think my current ISP provider is involved
in aiding and abetting spamming activities - send me
a signed affidavit stating so and I'll forward it to the
relevant authorities :-) ]

In case you have not noticed, my original point was exactly
that it would be nice to have the situation changed so that
everyone can post to an open address if they are willing to
bet a dime or so on it. For any real bona-fide postings that
should not be a problem. But that small charge should
strongly discourage any automatic mass-mailer things.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[tmoran]

We currently have a large experiment on one way to lessen spammers.
It's the telephone system.  People who want to accept everything have
800 numbers.  People who call non-800 numbers pay something for the
call.  It doesn't stop all spam, but there are surely fewer telemarketing
calls than spam e-mails (though the former are each a bigger pain).

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Jacob Sparre Andersen]

[ I think we ought to discuss this elsewhere, but where? ]

Randy Brukardt wrote:
> Warren W. Gay VE3WWG wrote in message <3E9EDB7B.2090901@cogeco.ca>...

> A lot of us NEED to get unsolicited mail.

Agreed.

 > If we don't take random
> queries from the public, how would we ever get a new customer?
> Similarly, the Ada-Comment mailing list is open to any Ada programmer to
> comment. We don't want to restrict it to the 'inner circle'.

Excactly.

But wouldn't you agree that legitimate senders shouldn't worry about 
signing messages sent to your company or to the Ada-Comment mailing list?

In some countries it is illegal to send unsolicited commercial e-mail 
(or to make unsolicited commercial phone calls).  So if you set up your 
mail server to reject unsigned messages with a polite comment requesting 
that people sign their letters with a valid identifiable signature (and 
maybe also a reference to the rules about unsolicited commercial 
e-mail), you would be able to catch the senders of unsolicited 
commercials and thus most likely be able to scare them from sending 
anything to you in the first place.

Can anyone point to some obvious holes in this argument?

>  without filtering, I'd never get anything done.

Same here.

Jacob
-- 
"Banning open source would have immediate, broad, and
  strongly negative impacts on the ability of many sensitive
  and security-focused DOD groups to protect themselves
  against cyberattacks"                        -- Mitre Corp.

Re: SPAM-less email (was If anybody wants to make something in Ada but

[Preben Randhol]

Robert A Duff wrote:
> But I *want* unsolicited email in some cases, like when somebody sends,
> "Hey, you've never heard of me, but I heard your company (SofCheck,
> Inc.) make static analysis tools, which I might want to buy.  Please
> tell me more."  I don't want to pester such a person with extra hassles
> involving encryption, or transactions of $0.02 and refunds thereof.

Doesn't sound like Spam to me. Here is Spam (that I got this morning):

 [ENGR.MATETE OBI]   20 [GnomeMeeting-list] HELLO!!!
 [bullettree27863]    9 hi
 [Photoshop@beefy]   22 Limited Time Only - Photoshop 7 - For A Low Low P
 [Photoshop@beefy]   22 Limited Time Only - Photoshop 7 - For A Low Low P
 [broadcast@black]  303 Fax, Voice, and Printing Tools for Software Devel
 [su             ]    2 ���������������� ��������� e-mail �������� � ����
 [kathleen       ]    2 ���������������� ��������� e-mail �������� � ����
 [mpinfo         ]   37 A internet cafe manager software was designed for
 [broadcast@black]  303 Fax, Voice, and Printing Tools for Software Devel
 [Sietse Elsinga ]   64 Fwd: Increase sexual energy - Reduce body fat!   
 [Clara          ]   28 analpleasure7.jpg    (ID:FCPCXZW)
 [smat8_adfjasdjf]   16 RHome Loans!... Debt Consolidation... Refinance..
 [TV Descrambler ]   17 Watch Premium Tv for Free!

Not interesting at all I think.

Preben

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Larry Kilgallen]

In article <g3Kna.5120$mZ4.89596@news.xtra.co.nz>, "AG" <ang@xtra.co.nz> writes:
> "Larry Kilgallen" <Kilgallen@SpamCop.net> wrote in message
> news:U$J6hEh5KA1v@eisner.encompasserve.org...
> 
>> Certainly.  If you choose to associate with spammers (in the DNSbl
>> comment I made just before my line above), you are already fighting
>> this battle every day.  (By "choose to associate", I include staying
>> with an ISP who will not dump the spammers.)
> 
> Sorry, I guess we've drifted quite a bit off-topic here.
> Let's try to get a little closer to the subject line [before
> the (was ...) part]. For example: your DNS comments
> were a bit above my head - I know what you are talking
> about but it would be a little hard to translate that into the
> everyday e-mail usage.

A DNSbl lists IP addresses from which spam emanates.  Many ISPs
reject all messages from the IP addresses on one or more such lists.
That can reduce their message handling expenses up to 50% and give
their customers a cleaner email environment.  Opinions of customers
vary, and customers should ensure they choose a receiving ISP whose
attitude about this matches their own.

> How exactly did I choose to associate with spammers?

By patronizing an ISP that will pool your email with that of spammers,
giving you the same sending IP address as the spam.   Typically the
email server sending address, different from "your" IP address (if any).

> Am I supposed to check the policies of each and every
> ISP provider I happen to use at the moment? And enforce
> their no-spam policy?

You should choose your ISPs wisely, consulting DNSbls and newsgroups
to check their reputation.

> In case you have not noticed, my original point was exactly
> that it would be nice to have the situation changed so that
> everyone can post to an open address if they are willing to
> bet a dime or so on it.

It would be nice, but that technology was lost when the world chose
the SMTP "business" model rather than the X.400 business model.  This
is Gresham's law as applied to network protocols, made clear in this
case not by a bit-level analysis but rather by the interaction of the
ivory tower protocol with the real world.

I don't mean to burden the group with an off-topic discussion, but
efforts to produce the next killer application in Ada need domain
knowledge in addition to software engineering techniques.  The domain
of spamfighting includes a lot of information about social interactions
rather than just cryptography.  If someone is really prepared to be a
unifying force to get all vendors to agree on a new protocol, that is
a monumental effort and I wish you luck.  Just make sure you cover all
platforms used for email, including Macintosh 68K and VAX.

-- 
==============================================================================
The Boulder Pledge: "Under no circumstances will I ever purchase anything
     offered to me as the result of an unsolicited email message. Nor will
     I forward chain letters, petitions, mass mailings, or virus warnings
     to large numbers of others. This is my contribution to the survival
     of the online community."
==============================================================================

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Larry Kilgallen]

In article <OuLna.500188$3D1.271350@sccrnsc01>, tmoran@acm.org writes:
> We currently have a large experiment on one way to lessen spammers.
> It's the telephone system.  People who want to accept everything have
> 800 numbers.  People who call non-800 numbers pay something for the
> call.  It doesn't stop all spam, but there are surely fewer telemarketing
> calls than spam e-mails (though the former are each a bigger pain).

We also have a way to detect the originator of calls (caller-ID).
Originators have a large-scale method of getting around it (in
the US) through purchasing T3 level trunks using analog protocols.
We even have an entry-level method of getting around it, by getting
an ISDN line in the US.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Larry Kilgallen]

In article <3E9FAA18.1040909@crs4.it>, Jacob Sparre Andersen <sparre@crs4.it> writes:

> In some countries it is illegal to send unsolicited commercial e-mail 

But most of those countries accept email from other countries, where
such laws do not exist.

> (or to make unsolicited commercial phone calls).  So if you set up your 
> mail server to reject unsigned messages with a polite comment requesting 
> that people sign their letters with a valid identifiable signature (and 
> maybe also a reference to the rules about unsolicited commercial 
> e-mail), you would be able to catch the senders of unsolicited 
> commercials and thus most likely be able to scare them from sending 
> anything to you in the first place.

You would also annoy legitimate correspondents who do not run your chosen
signature software on their favorite email system (perhaps because it is
unavailable for that platform).

If you were incompetent, you would use that software on an address
which you had subscribed to a mailing list.  I have software to
discard such challenges from clueless mailing list recipients,
some of whom send them even when my post was to a newsgroup.
If this practice were not concentrated in a few identifiable formats,
it would be worse than the "out of office" notices in response to posts.

[way off-topic] A new spammer is born?

[Wesley Groleau]

I just received 20 KB of HTML spam, complete with
with lots of colors and content-free graphics.
I was amazed at where it came from, though: Zone Labs.

Re: If anybody wants to make something in Ada but do not know what

[Tarjei T. Jensen]

Randy Brukardt wrote:
> That might prevent passing spam, but it does nothing to avoid the
> overhead. The problem is in order to find out the strongest indicator,
> you have to score every 'word' in the message. When a lot of trash words
> are in the message, you have to allocate new words and new counters for
> them; and when there are a lot of such messages, the size of the DB
> grows rapidly. (We saw this happen in the search engine when we
> accidentially indexed some Unix .lib files.) That adds overhead; a lot
> of overhead for a filter like mine which gets invoked on each message
> individually. (Writing out the word list each time is expensive.)

Why not do it another way: Check all URL in the message. If they point to a
know porn/spam server, mark it as suspect. Then do some processing on what
is left of the text.

One could also obtain some sort of unique signature from the mail. Then
compare that to other messages received. If a lot of messages have the same
signature, then they are likely to be spam. Known mailing lists will of
course be excluded. The only problem is to generate a signature that is not
trivial to evade. Preferably there should be a number of signatures
algorithms to choose from, so that it becomes difficult to optimize the mail
for all of them since the spammer can't know which algorithm is used any
given day or hour. The algorithm would of course be chosen arbitrarily at
each site.

greetings,

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Tarjei T. Jensen]

Larry Kilgallen wrote:
> I don't mean to burden the group with an off-topic discussion, but
> efforts to produce the next killer application in Ada need domain
> knowledge in addition to software engineering techniques.  The domain
> of spamfighting includes a lot of information about social interactions
> rather than just cryptography.  If someone is really prepared to be a
> unifying force to get all vendors to agree on a new protocol, that is
> a monumental effort and I wish you luck.  Just make sure you cover all
> platforms used for email, including Macintosh 68K and VAX.

Yes and no. It is perfectly reasonable to limit the solution to one or more
environments. "more" need not mean "all".

Anybody wanting to write a killer Ada application should read Alan Cooper's
"The Inmates Are Running The Asylum". You don't have to agree with
everything, just understand what he is saying.

greetings,

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Georg Bauhaus]

Jacob Sparre Andersen <sparre@crs4.it> wrote:
: 
: In some countries it is illegal to send unsolicited commercial e-mail 
: (or to make unsolicited commercial phone calls).  So if you set up your 
: mail server to reject unsigned messages with a polite comment requesting 
: that people sign their letters with a valid identifiable signature (and 
: maybe also a reference to the rules about unsolicited commercial 
: e-mail), you would be able to catch the senders of unsolicited 
: commercials and thus most likely be able to scare them from sending 
: anything to you in the first place.

That sounds just like the old way of catching senders when
they didn't have a fake email address, with flaming to follow.
One or more central signature verifying authorities are
certainly problematic in that someone will have to guarantee
absence of abuse of the data base. We don't manage absence
of abuse of spam mail, so there...
If you want the possibility of anonymous email, not just for
aquiring customers, but also in the form of a cry for
help of a person who had better not identify himself or herself
to the surveilling governmental sniffers in, say, Costa Peligrosa,
then a signiture is as fatal as an address that can be tracked down.
Mail abuse is a social, organisational problem, and cannot be solved
ignoring its social characteristic.
In a world where money is part of decision making, money is one
powerful means to control things, absent better solutions like
knowledgeable polititians and knowledgeable judges. (Or a better
world in general :-)
So if email trafic has to be paid for, counting every mail,
spammers will think twice, because they must make a decision
like everyone else who advertizes the traditional way. The
decision criteria will be both about money and possible punishment.
Social pressure is needed.

The technical difficulty then is to find a way to make sure
every email is handled only if an electric stamp is present.


-- Georg

Re: SPAM-less email (was If anybody wants to make something in Adabut

[AG]

"Georg Bauhaus" <sb463ba@d2-hrz.uni-duisburg.de> wrote in message
news:b7safn$aat$1@a1-hrz.uni-duisburg.de...

> The technical difficulty then is to find a way to make sure
> every email is handled only if an electric stamp is present.

How about that:

If you post from a regular ISP account - the ISP
sure knows how to charge you - they send you
a bill every month or so. If you are posting from
something like I-Net cafe - just drop a nickel
into the slot machine before you can do that.

Now, if my ISP offers (as an option which
anyone may or may not subscribe to) a mailbox
which *only* accepts mails from such destinations
and silently discards everything else - I would be
willing to get one like that. Wouldn't you?

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Georg Bauhaus]

AG <ang@xtra.co.nz> wrote:
: If you post from a regular ISP account - the ISP
: sure knows how to charge you - they send you
: a bill every month or so.

If only some of them hadn't started to give away free
(and unchecked) accounts.

: Now, if my ISP offers (as an option which
: anyone may or may not subscribe to) a mailbox
: which *only* accepts mails from such destinations
: and silently discards everything else - I would be
: willing to get one like that. Wouldn't you?

I'd rather be able to decide myself which eMail I want to read.
So I'd prefer a solution that isn't silently throwing mail away.

The problem of determining which email has been legitimately
sent and which is fraud remains, because of fraudulent providers.
I think it is much more a problem of establishing the moral
rules, and their effects, that will hinder spammers. Is it true
that unsolicited faxes are less frequent than unsolicited emails?
If so, why? ;-)

-- Georg

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Wesley Groleau]

Georg Bauhaus wrote:
> rules, and their effects, that will hinder spammers. Is it true
> that unsolicited faxes are less frequent than unsolicited emails?
> If so, why? ;-)

Because in the U.S., federal law allows us to
charge the sender of an unsolicited fax $500.

Some courts have been sympathetic to the notion
that the same law applies to e-mails.  But not
all--and collecting is quite difficult.

By the way, the guy that was the inspiration
for the "Junk Fax Law" was Spamford Wallace.

Re: SPAM-less email (was If anybody wants to make something in Adabut

[Randy Brukardt]

Larry Kilgallen wrote in message ...
>In article <ZjHna.4702$mZ4.85444@news.xtra.co.nz>, "AG"
<ang@xtra.co.nz> writes:
>> "Randy Brukardt" <randy@rrsoftware.com> wrote in message
>> news:v9uel6jr5ubhff@corp.supernews.com...
>>> A lot of us NEED to get unsolicited mail. If we don't take random
>>> queries from the public, how would we ever get a new customer?
>>
>> There is a flip side to that though. From the point of view
>> of a potential customer: Suppose I mail a real query to
>> your mailbox swamped by spam. How do I know it
>> will make it past the filters?
>
>If Randy is using DNS-blocklist rejection and you are unfortunate
>enough to share an IP address with a spammer, you will get a notice
>back that your mail did not get through.  You can then decide whether
>to try an alternate contact mechanism.
>
>If Randy is using DNS-blocklist teergrubbing, and you are unfortunate
>enough to share an IP address with a spammer, you will get a notice
>from your own ISP after whatever length of time they choose to give up.

Actually, Randy only quarentines mail that comes from IPs on blocklists.
I've had way too many co-workers and customers get on those blocklists
somehow. The only things I block are mails containing clearly spam
phrases, sources, or links. And I have a whitelist that prevents that
for known correspondents. So mail can be delayed, but real mail isn't
discarded.

         Randy.

RE: If anybody wants to make something in Ada but do not know what

[Robert C. Leif]

Unfortunately, the utility of a spam filter depends to a very large extent
on the domain knowledge of its creators. Thus, it is a poor choice for an
Ada software engineering project. For instance, in pattern recognition there
is a well known balance between false positives and false negatives. As one
goes up, the other goes down. One approach that has worked for other
projects is to order the messages in terms of probability that they are Spam
with high probability spam being at the bottom of the list.

If anyone is serious about making a commercial product, look into Xforms
development and the use of Xforms with Ada. The present Ada screen
generators could be reused for this purpose. Since Microsoft appears to NOT
be following the W3C XForms standard, this offers a chance to compete.
Bob Leif

-----Original Message-----
From: Tarjei T. Jensen [mailto:tarjei@online.no] 
Sent: Friday, April 18, 2003 11:29 PM
To: comp.lang.ada@ada.eu.org

Randy Brukardt wrote:
> That might prevent passing spam, but it does nothing to avoid the
> overhead. The problem is in order to find out the strongest indicator,
> you have to score every 'word' in the message. When a lot of trash words
> are in the message, you have to allocate new words and new counters for
> them; and when there are a lot of such messages, the size of the DB
> grows rapidly. (We saw this happen in the search engine when we
> accidentially indexed some Unix .lib files.) That adds overhead; a lot
> of overhead for a filter like mine which gets invoked on each message
> individually. (Writing out the word list each time is expensive.)

Why not do it another way: Check all URL in the message. If they point to a
know porn/spam server, mark it as suspect. Then do some processing on what
is left of the text.

One could also obtain some sort of unique signature from the mail. Then
compare that to other messages received. If a lot of messages have the same
signature, then they are likely to be spam. Known mailing lists will of
course be excluded. The only problem is to generate a signature that is not
trivial to evade. Preferably there should be a number of signatures
algorithms to choose from, so that it becomes difficult to optimize the mail
for all of them since the spammer can't know which algorithm is used any
given day or hour. The algorithm would of course be chosen arbitrarily at
each site.

greetings,

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

> Ada software engineering project. For instance, in pattern recognition there
> is a well known balance between false positives and false negatives. As one
> goes up, the other goes down. One approach that has worked for other

No doubt that with many algorithms, a parameter
change that decreases false negatives will
increase false positives and vice versa.

This is not necessarily true of a change in
_algorithm_  It is quite conceivable that
one algorithm might reduce _both_ compared to
another algorithm.

It is also true that with some algorithms,
one can determine the reason for a false positive
and add an explicit test for that reason, thereby
reducing false positives with no change in
false negatives.

Re: If anybody wants to make something in Ada but do not know what

[Frode Tenneboe]

Warren W. Gay VE3WWG <ve3wwg@cogeco.ca> wrote:
>
> free, I think that the only way this will work is we'll end up
> using two forms of email on the Internet:

>    1) Traditional email, which permits unsolicited mail (port 25);
>       which will continually battle with spam filters and such.
>    2) A newer "solicited only" email system (port 26?)

The second form (or close) is being explored in some form right now:
http://www.networkadvertising.org/espc/042303lumos.asp

 -Frode

-- 
^ Frode Tenneb�               | email: Frode.Tennebo@eto.ericsson.se ^
| Ericsson AS., N-1788 Halden | Phone: +47 67 25 09 39               |
| with Standard.Disclaimer; use Standard.Disclaimer;                 |

Re: If anybody wants to make something in Ada but do not know what

[Warren W. Gay VE3WWG]

Frode Tenneboe wrote:
> Warren W. Gay VE3WWG <ve3wwg@cogeco.ca> wrote:
> 
>>free, I think that the only way this will work is we'll end up
>>using two forms of email on the Internet:
> 
>>   1) Traditional email, which permits unsolicited mail (port 25);
>>      which will continually battle with spam filters and such.
>>   2) A newer "solicited only" email system (port 26?)
> 
> The second form (or close) is being explored in some form right now:
> http://www.networkadvertising.org/espc/042303lumos.asp
> 
>  -Frode

It is good to see that people are working on "solutions", rather
than more "filter techniques".  The only thing about this
solution I question is that verifying the sender only
addresses part of the problem. The problem will still continue,
as hackers use hijacked email accounts to spam others with
porn and other offensive email (presumably, these will still
authenticate as senders).

For my kids, _I_ want solicited only email. So will many
other parents. Probably many grandmothers etc., will
want the same.

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg

Re: If anybody wants to make something in Ada but do not know what

[Preben Randhol]

Warren W. Gay VE3WWG wrote:
> For my kids, _I_ want solicited only email. So will many
> other parents. Probably many grandmothers etc., will
> want the same.

Not only email, but also web-site control I guess? That is of course
another problem.

-- 
Preben Randhol                    http://www.pvv.org/~randhol/

Re: If anybody wants to make something in Ada but do not know what

[Wesley Groleau]

  Spam-proof e-mail ?  I was rather suspicious of
such a claim when made on a website named
"networkadvertising"  Then I read further:

    The Email Service Provider Coalition (ESPC) was
    formed in November 2002 by the Network Advertising
    Initiative (NAI) to fight spam while protecting the
    delivery of legitimate email. The ESPC is comprised
    of over 30 members including aQuantive, Blue Dolphin,
    Digital Impact, DoubleClick, Experian, and iMakeNews.
    The ESPC members have recognized the need for strong
    spam solutions that ensure the delivery of legitimate
    email. ....

DoubleClick and Experian are on my filter list for the amount
of spam I used to get from them!  Let the fox guard the henhouse!

Re: If anybody wants to make something in Ada but do not know what

[Preben Randhol]

Wesley Groleau wrote:
> DoubleClick and Experian are on my filter list for the amount
> of spam I used to get from them!  Let the fox guard the henhouse!

Yes, Doubleclick is also in my web filter (privoxy -
http://www.privoxy.org/).

I guess they want to get rid of Joe the Spammer, but as long as you pay
good money you can spam people through this "new" system.

-- 
Preben Randhol                    http://www.pvv.org/~randhol/

Re: If anybody wants to make something in Ada but do not know what

[Georg Bauhaus]

Warren W. Gay VE3WWG <ve3wwg@cogeco.ca> wrote:
: as hackers use hijacked email accounts ...

Uhm, crackers, please, if you don't mind. I wish there were
a hacker at one of our customers' site. We've had to explain how
to set up an MTA on their Un*x system... Surely that wouldn't
have been necessary in the presence of a hacker, and it suggests
some questions about how well the site is protected from crackers.


-- Georg

Re: If anybody wants to make something in Ada but do not know what

[Frank]

A while a go I searched for a free tool to draw SVG graphics with, without
being able to find any - I would need to pay for this specific option.
Unless I have missed a very simple solution :-) a SVG editor/tool could be
an idea too.

Frank

Free SVG tools

[Nick Roberts]

"Frank" <franjoe@frisurf.no> wrote in message
news:3eafc514@news.wineasy.se...

> A while a go I searched for a free tool to draw SVG graphics with,
> without being able to find any - I would need to pay for this specific
> option. Unless I have missed a very simple solution :-) a SVG editor/
> tool could be an idea too.

I am not aware of any free SVG editing tools as such, but:

* I believe there are a number of free graphic drawing programs available
which (purport to) export in SVG format. How good any of them are I cannot
avouch.

* Since SVG is just an XML profile, it is quite possible to edit it in a
text editor. I have created simple but effective (I hope ;-) drawings this
way, and it is possible to control and optimise the drawings more than
mechanical methods can normally achieve.

* If you're handy at programming (e.g. in Ada ;-) it's quite possible to
'roll your own' specialised generator. Sometimes this can work way better
then any general CAD, drawing, or art program, but it can take a bit of
patience.

* Theoretically it should be possible to use XSLT tools to generate SVG. Not
sure how practical an idea this is in reality. (Saxon is cool.)

Just some suggestions.

[Cross-posted! Redirect if replying!]

--
Nick Roberts
Jabber: debater@charente.de [ICQ: 159718630]

Re: Free SVG tools

[Steve Bowen]

Hi

Did you take a look at:
http://www.w3.org/Amaya/
> Amaya started as an HTML + CSS style sheets editor. Since that time it was extended to support XML and an increasing number of XML applications such as the XHTML family, MathML, and SVG. It allows all those vocabularies to be edited simultaneously in compound documents.



-- 
steve
http://www.skeeter-s.com/svg
SVG examples for Mozilla unplugged.
N 48� 18' 30.0" E 16� 28' 30.0"

Re: Free SVG tools

[Martin Holmes]

On 5/1/2003 9:54 PM, the Minister of Certain Things released a statement
to the following effect:
> Hi
> 
> Did you take a look at:
> http://www.w3.org/Amaya/
> 
>> Amaya started as an HTML + CSS style sheets editor. Since that time it 
>> was extended to support XML and an increasing number of XML 
>> applications such as the XHTML family, MathML, and SVG. It allows all 
>> those vocabularies to be edited simultaneously in compound documents.

I really wish Amaya could handle JavaScript. Bit much to ask, perhaps, 
but these days I almost never make static documents of any kind; most 
reconfigure themselves in response to user actions through script, so 
Amaya isn't all that useful.

Cheers,
Martin

Re: Free SVG tools

[Steve Bowen]

Martin Holmes wrote:
> On 5/1/2003 9:54 PM, the Minister of Certain Things released a statement
> to the following effect:
> 
>> Hi
>>
>> Did you take a look at:
>> http://www.w3.org/Amaya/
>>
>>> Amaya started as an HTML + CSS style sheets editor. Since that time 
>>> it was extended to support XML and an increasing number of XML 
>>> applications such as the XHTML family, MathML, and SVG. It allows all 
>>> those vocabularies to be edited simultaneously in compound documents.
> 
> 
> I really wish Amaya could handle JavaScript. Bit much to ask, perhaps, 
> but these days I almost never make static documents of any kind; most 
> reconfigure themselves in response to user actions through script, so 
> Amaya isn't all that useful.
> 
> Cheers,
> Martin
> 
Hi Martin

Perhaps so, however the starter of the thread was asking for a free SVG 
editor and Amaya popped into my head because of the WYSIWYW(last 'W' is 
for wish ;-)  )
Don't have it installed myself, last time I installed it was at a number 
4 level and now it is an 8x or so.
Here is a quote as to what they say it can do.

> The current release, Amaya 8.0, supports HTML 4.01, XHTML 1.0, XHTML Basic, XHTML 1.1, HTTP 1.1, MathML 2.0, many CSS 2 features, a SVG support. (transformation, transparency, and SMIL animation on OpenGL platforms)

and if there 'is' a good helping of SMIL then as far as SVG goes how can 
one talk of static?

-- 
steve
http://www.skeeter-s.com/svg
SVG examples for Mozilla unplugged.
N 48� 18' 30.0" E 16� 28' 30.0"