Counterpoint: Software engineers can just make it a configuration option and leave it to the user to decide how it is run. Unlike civil engineers who can't build a bridge with a configuration option for a 'light & unsafe' bridge, software engineers can make everything an option, and that's often the best practice.
Of course, assuming that they are unaware of how their user / client / employer will actually use the software, they should be fine.
"It should be noted that no ethically-trained software engineer would ever consent to write a "DestroyBaghdad" procedure. Basic professional ethics would instead require him to write a "DestroyCity" procedure, to which "Baghdad" could be given as a parameter."
True, no ethical engineer would write "DestroyBaghdad", but how about perfectly reasonable "set custom threshold for test" function that lets the client pick? And then the client chooses an unethical value.
Yep, it's a totally different culture. For example, there's a lot of motivation to protect the family's honor.
The police will mediate between the parties before going further, and often reach justice outside the court, where both sides are satisfied with the result. Often a sincere apology goes a long way in Japan.
Well, there isn't such thing as 100B in cryptocurrency, so definitely not in crypto. (It would be very hard/impossible to acquire that amount right now).
This brings us to an interesting thought. Cryptocurrency transaction values have been steady growing, starting from pizzas to alpaca socks and now it's even possible to settle multi million dollar transactions. In the the future we'll probably see larger, billion dollar plus aquisitions settled in cryptocurrency, why not? For that to happen though, their marketcaps will need to rise significantly from what they are now, at least to multi trillion dollar levels.
Yes, unfortunately you'd be losing email. Port 465 has been deprecated a while back (1997).
I guess that's the problem - there is no practical way to disable plaintext email from the start. You may always need to accept the connection, see if the client will STARTTLS, disconnect if they do not and hope they don't re-try and keep hammering your servers with the same message, the error message "hey, i'm not accepting plaintext" will most likely get ignored.
Port 465 is for mail submission. It's there for authenticated communication between clients and servers. It has never been used for communication from server to server and was never intended to be. Port 587 has the same purpose (mail submission), but has a plain text protocol specific negotiation at the beginning which matches that for server to server mail transfer on port 25.
True, but the underlying question is still interesting: why isn't there a similar TLS-only port for MTA-MTA and we all agree to try to connect there first
Port 465 is unnecessary once STARTTLS was invented. It has exactly the same upside / downside but it wastes an entire TCP port and an entire RTT plus maybe a timeout to signal (non-)availability.
So it makes sense to deprecate this use of port 465 and just tell people to use STARTTLS.
The STARTTLS vulnerability to downgrade attacks is a significant downside that port 465 doesn't have (if using modern TLS protocols at least). My opinion is that perhaps the severity of the STARTTLS downgrade attack wasn't that much considered when port 465 was deprecated.
Downgrade attacks are no easier for STARTTLS than for TLS-on-connect. If you were deploying TLS-on-connect you'd have to do it in one of two ways:
1. Senders should first try TLS-on-connect, and if it's not available, fall back to STARTTLS.
2. Senders should only do TLS-on-connect with no fallback
If you do #1, then a downgrade attack still exists because an attacker can just block port 465 and then interfere with the traffic on port 25 (or put a fake SMTP server on that port if one doesn't exist).
If you do #2, that's no easier than just mandating that STARTTLS on port 25 is required.
The alternative to all of this is to find some out of band method for a receiver to state that TLS should be available (TLSA / MTA-STS), and if it's not then something is being tampered with. That way, a sender can look up that information and then choose to do #2 for that particular receiver. Again, in that scenario it makes no difference if we're talking TLS-on-connect or STARTTLS. Given we can't make the whole World switch to "must always be encrypted" at the same time, this is the only practical way forward.
I wrote "It has exactly the same upside / downside" and yet almost immediately I get a reply in which the author with no self-reflection has imagined there are additional downsides to STARTTLS.
As others have explained an on-path adversary who'd be able to rewrite packets in order to stop STARTTLS can even more trivially block port 465 altogether. In fact cheap appliances can do the latter but can't do the former, so if anything STARTTLS very slightly improves this.
If you are imagining "Well I could have a policy of only using port 465" well, sure, but you could just as easily have a policy of requiring STARTTLS. In both cases an adversary can deny you, and your only options are to re-think your policy or give up and not deliver email.
The only (weak) argument I can find is that since servers that had a port 465 open also had to keep a port 25 open for compatibility, you could perform the same downgrade attack by blocking connections to port 465, which would result in a submission to the port 25. But that's a "if it's broken let's make sure it remains broken" kind of argument.
Yes - it's a weak argument, and one that's probably been debunked by looking the way https lifted off recently. My view is if port 465 was still around today, it would probably get the same level of attention as port 443 has. We could have been at a stage where port 25 could be made intentionally unavailable (same way we move browsers from http to https) and everything forced to 465. Email agent developers would be forced to update their practices as well, no email should be sent over plaintext. At present, there is no good way to tell your clients you're not accepting plaintext. STARTTS is from a world where 99% of emails were plaintext.
You've confused the submission port (which is usually TLS encrypted on 587) with SMTP relay (done via port 25 with optional STARTTLS)
It's OK, lots of people don't know about this. Really the only problem is that you've assumed since you know nothing about this you're an expert, that'd be Dunning-Kruger or a related effect at work.
For submission it really can work to upgrade end user mail agent software. We're a long way from useful encryption capable agents being ubiquitous, but we've made progress and most popular systems today ship with such a client. These systems also use TLS directly for IMAP (to receive email) and can share a lot of logic across the two systems, so that's nice. In maybe a decade we'll be where HTTPS is today. For submission.
What distinguishes a submission port is that it's authenticated. You can only send email via the submission server as Alice if you prove to the submission server that you're Alice.
But SMTPS (obsolete SMTP over TLS on port 465) and the STARTTLS SMTP (on port 25) are for email relay. Authentication makes no sense in this scenario because the relays are neither sender nor recipient, the transmitting relay can't prove that it's Alice, and the receiving relay can't prove that it is Bob, because they're not, they are merely relays.
These are servers, so they upgrade much more slowly (often only on hardware replacement) and the priority is reliability of delivery, not security, if your proposed solution drops 1% of email on the floor that's far too much and nobody would adopt it.
Hence the situation we have today, and hence STARTTLS Everywhere. Your imagined alternate universe makes no sense except because you've misunderstood how email works.
Hi! I run a "copycat" site that perhaps you may be referring to in that post, GuerrillaMail.com (well, actually, I didn't copy it myself, but acquired it from another guy many years back) and also been using Redis to store all incoming mail in memory. RAM is cheap these days and you can find decently priced servers with >= 128GB easy. Haven't moved over to websockets or "chunking" / deduplication yet, but architecture and UI needs an update in that direction to make it more instant. Thanks for some ideas ;-)
Actually, like you, I've also hand-rolled most of it myself, replacing the previous guy's architecture. It's been a lot of fun. No frameworks, no bootstrap, just a few dependencies here and there. Started with PHP, but now prefer to use Go for anything new. Also hand-rolled the SMTP server which turned in to a project on its own, https://github.com/flashmob/go-guerrilla
Casios are great. Which model do you have? Btw, I can't believe that in this age, people need the recharge their watch once a day. It's like we went backwards. How often did you replace your battery?
I did consider the DB-36 and the the GB-5600. But I eventually ended up settling for the GB-5600 because I liked the square design. It does come with bluetooth and other early "smartwatch"-features which I don't use, but the vibrating alarm is very handy.
I have a couple of wearables of various degrees of sophistication. I've stopped using them unless I actually need, for example, GPS tracking in the case of the Garmin. Otherwise it's just something else to charge. I know about how active I am on a given day.
Yes, unfortunately Casio went for Android for their smart ProTreks :( Such a shame, I would have loved a rugged watch from them with some smart features but no silly cloud connectivity.
Polar, Garmin & co are just a bunch of WaaS (watch as a service) providers.
Not to distract from your point but my Withings gets a charge every two or three weeks.
It's handsome, and doesn't do much aside from track steps and heart rate. You can set it up for notifications, though I don't. Hits the sweet spot for me.
It read like a standard run-of-the-mill press release you would expect from a big corporation. Btw, the word-stem 'develop*' appeared 31 times. Reminded me of the old famous chant...
If you wait long enough, say, for 144 confirmations (or 24 hours, whichever is greater) then a double spend may as well be the least of your worries, for bitcoin, or any of the top mined crypto-currencies.
These double-spend attacks are only successful if the receiving party doesn't wait long enough.
Also, could't find any sources from exchanges if they were actually successful? The article didn't mention which exchanges.
Quote:
"Blockchain data indicates that the attacker successfully reversed transactions as far back as 22 blocks, leading developers to advise raising confirmation requirements to 50 blocks."
So as long as exchanges wait 50 blocks before crediting, they should be all right.
Noticed this also, no need to monitor and adjust the speed which is a mundane task (in cruise control traffic conditions). Eyes can be on the road instead.
This is similar to the problem for pilots, who can be distracted by mundane tasks due the complexity of controls in modern aircraft. If these tasks are removed, the pilot can focus on what's more important.
According to NASA "
For the most part, crews handle concurrent task demands efficiently, yet crew preoccupation with one task to the detriment of other tasks is one of the more common forms of error in the cockpit."
Of course, assuming that they are unaware of how their user / client / employer will actually use the software, they should be fine.