On Tuesday, 3 March 2020 at 18:30:44 UTC, H. S. Teoh wrote:
> On Tue, Mar 03, 2020 at 06:14:27PM +0000, matheus via Digitalmars-d wrote:
>> On Tuesday, 3 March 2020 at 17:34:37 UTC, H. S. Teoh wrote:
>> > On Tue, Mar 03, 2020 at 01:19:44PM +0000, matheus via Digitalmars-d wrote: [...]
>> > > It's the same with Microsoft, they're screwing the e-mail.
>> > [...]
>> > > It's just a shame.
>> > [...]
>> > 
>> > Just use Mutt[1]. :-D
>> > 
>> > [1] http://www.mutt.org/
>> 
>> But how the e-mail client will solve the problem in the e-mail server/service? Because the retention happens in the server, the client can't do nothing or can?
> [...]
>
> Ohhh, your server is Outlook?  Well, then, you're screwed. :-P  If you have the choice, use a different mail server instead. :-P

Yes, in fact I have another e-mail and this one is just an old e-mail (since hotmail days) that I keep because I still have some friends attached to it.

> Currently I run my own mailserver, and I configured it to deliver directly to my PC, and Mutt accesses the local mailbox directly. Once I delete something, it's GONE.  For good.  I have full control over what happens to my mail, and I get to decide what I do with it, where it goes, and how it's stored.

2 questions:

1) Don't you have any problems with spam filters from other services?

2) It's a cloud service or your own server in your house? If the later how you manage reliability?

> This modern idiom of the server retaining all messages your behalf is IMNSHO a b0rken model.  It takes control out of users' hands into the mail admin's hands. It's the same thing with trend everywhere else, like web apps taking control of your data out of your hands into the app writer's server, and cloud services taking control of your data *and* your applications out of your hands into *theirs*.  It's convenient, no doubt, and in many scenarios more economical.  But there is a fundamentally b0rken principle here, that you no longer own anything, not your data, not your programs, your provider controls everything. You no longer *own* anything, you're merely a "subscriber" and the service provider controls everything.  Just the way large corporations like it. Rather than empowering the user, they empower themselves.  And at last, the threat of users taking control of their own property is neutralized, and the big corporations can continue to hold you in their thrall.
>
> But hey, this is the hot bandwagon and everyone's jumping on it, so why aren't you following the rest of the herd?  And so, this b0rken design perpetuates itself.

Yes that's true, this model is really broken, but the problem is, having your own e-mail service may be target as spam for other services and need to be 24/7.

Matheus.

On Tuesday, 3 March 2020 at 18:30:44 UTC, H. S. Teoh wrote:
>  But there is a fundamentally b0rken principle here, that you no longer own anything, not your data, not your programs, your provider controls everything. You no longer *own* anything, you're merely a "subscriber"

That's because usually, it's the company/university/third party that provides you these services. From the other side of the fence I am happy that I can set a ridiculous retention period making your "delete" action completely useless. I can even let you press Shift-Delete if that makes you feel good.

I have seen too many times people lie and pretend to be victim of things that never happened. Living in an era where nearly everything has a written e-mail/conversation behind it, it's very simple to counter any misbehaviour of users.

For personal use, you can set up in your basement your e-mail server in minutes, but as long as you use a resource payed and maintained by a third party, I don't find any abuse if that third party manages that resource how suits it best.

The same about people complaining about Facebook selling your data. I survived without a Facebook account and I'm in my 40-ies.

Subscription is an option. You can setup your gig anytime in your nice data room like in old days or you can find something between, e.g. a private cloud. But as long as you pay 10 or 0 bucks on a fully fledged server with 99% uptime, you must give something in return. Your privacy, your ownership or your pinky sometimes :) Freedom and independence are not for free.

On Tuesday, 3 March 2020 at 20:20:25 UTC, matheus wrote:
> 2 questions:

Not H. S. Teoh, but I also run a mailserver.

> 1) Don't you have any problems with spam filters from other services?

Google was okay as long as I ticked enough boxes here:
https://support.google.com/mail/answer/81126?hl=en

Microsoft (and a few other services) put more weight on IP reputation.  At first I'd sometimes get a rejection email back when I sent an email to an address managed by them, but the rejection email had a link to some site where I could jump through some CAPTCHA hoops to allow my email to get sent.  Servers seem to trust me now but I can't remember how long it took.

Don't bother running a mailserver on an IP with a trashed reputation (e.g., IPs from AWS EC2 or one of the cheap cloud providers).  Some providers (like Google Cloud) block email ports, anyway.

> Yes that's true, this model is really broken, but the problem is, having your own e-mail service may be target as spam for other services and need to be 24/7.

Spam isn't as much of a problem as I expected.  I've had about two outright spam emails in nearly five years on my main server.  Most spam I get is from people who get my business card and "helpfully" sign me up to their newsletters, or people emailing me because of my blog and asking me to link to unrelated websites they have.  Stuff that I'd get with a bigger service, anyway, and is easy to deal with.  I guess it's just not economical to spam some nerd's private mailserver with ads.

Reliability is a more important problem.  Email's pretty robust thanks to mail queues and retries, so a mailserver doesn't need to be up 24/7, but the fact is if it goes down it stays down until you fix it.  It's rare but can happen at a bad time.  I pay an uptime service to alert me if my mailserver goes down (same as everything else I run).

On Tue, Mar 03, 2020 at 08:20:25PM +0000, matheus via Digitalmars-d wrote:
> On Tuesday, 3 March 2020 at 18:30:44 UTC, H. S. Teoh wrote:
[...]
> > Currently I run my own mailserver, and I configured it to deliver directly to my PC, and Mutt accesses the local mailbox directly. Once I delete something, it's GONE.  For good.  I have full control over what happens to my mail, and I get to decide what I do with it, where it goes, and how it's stored.
> 
> 2 questions:
> 
> 1) Don't you have any problems with spam filters from other services?

Occasionally, but if you setup your MX records properly, it should work fine.  Unless you're dealing with unreasonable services that blacklist everything except gmail.com, hotmail.com, and yahoo.com, then you're screwed. But then, if you have to deal with unreasonable services of that sort, then you're *already* screwed in other ways.


> 2) It's a cloud service or your own server in your house? If the later how you manage reliability?

I have a 24/7 VPS that serves as an intermediate MX that forwards mail to my home PC server.  The latter I usually leave running, but on the occasion it goes down, the VPS server retains the mails and delivers them when I come back up. No problem with reliability there.


> > This modern idiom of the server retaining all messages your behalf is IMNSHO a b0rken model.
[...]
> Yes that's true, this model is really broken, but the problem is, having your own e-mail service may be target as spam for other services and need to be 24/7.
[...]

Usually all it takes is to setup proper SPF records on your domain, and most services should work.

As for being 24/7, since I already use the VPS for other purposes (to host websites, etc.), email is just another service tacked on top of that.  The nice thing about this is having full control over what software runs on my {website, email, etc.}.  Cost-wise it's not too bad, considering how many things I can run on it.


T

-- 
English has the lovely word "defenestrate", meaning "to execute by throwing someone out a window", or more recently "to remove Windows from a computer and replace it with something useful". :-) -- John Cowan

On Tue, Mar 03, 2020 at 09:04:49PM +0000, Rumbu via Digitalmars-d wrote:
> On Tuesday, 3 March 2020 at 18:30:44 UTC, H. S. Teoh wrote:
> > But there is a fundamentally b0rken principle here, that you no longer own anything, not your data, not your programs, your provider controls everything. You no longer *own* anything, you're merely a "subscriber"
> 
> That's because usually, it's the company/university/third party that provides you these services. From the other side of the fence I am happy that I can set a ridiculous retention period making your "delete" action completely useless. I can even let you press Shift-Delete if that makes you feel good.

And that's why I run my own services myself. :-P


> I have seen too many times people lie and pretend to be victim of things that never happened. Living in an era where nearly everything has a written e-mail/conversation behind it, it's very simple to counter any misbehaviour of users.

Most people are totally clueless and lack common sense when it comes to posting things online.  They don't understand that old saying, that once it's online, you will never, ever, be able to delete it.  *Somebody*, *somewhere*, likely already has a copy of it archived somewhere, and -- even though realistically speaking it's rare -- one day might come back to bite you when you least expect it.  If you're not comfortable with information XYZ being essentially public and read by people you don't know, don't post it online in the first place!!


> For personal use, you can set up in your basement your e-mail server in minutes, but as long as you use a resource payed and maintained by a third party, I don't find any abuse if that third party manages that resource how suits it best.

I don't call it abuse.  I call it the provider empowering itself vs. empowering the user.  If you signed up for the service and signed the contract, then it's your own responsibility for the consequences. I choose not to sign up for the service if it does not empower me.


> The same about people complaining about Facebook selling your data. I survived without a Facebook account and I'm in my 40-ies.

Me too. :-P  I almost signed up for Facebook once, well actually, twice; the first time I read the privacy policy and went, Nope.  The second time I thought, what's the harm if I never post private information and just use fake personal details to open an account? -- but then they require a real phone number.  I was not about to go get a throwaway phone number just to be able to get a lousy Facebook account, so I said, Nope.  And never looked back.

The kind of stuff people post on FB is seriously scary.  Personal details, detailed itineraries of upcoming vacation trips (hello, Mr. Robber, would you like to rob my house this weekend?), with absolutely no sense whatsoever that this is all out there for people -- *anyone* -- to read.  And of course, Big Brother FB collecting information about you in the background and doing who-knows-what with that information.

I mean, I'm not crazy paranoid, there's some info about myself that I honestly couldn't care less if everyone knows about it.  But I'd rather be the one deciding what that info is, rather than posting *everything* online for who knows what kind of online weirdo to read (and act on).


> Subscription is an option. You can setup your gig anytime in your nice data room like in old days or you can find something between, e.g. a private cloud. But as long as you pay 10 or 0 bucks on a fully fledged server with 99% uptime, you must give something in return. Your privacy, your ownership or your pinky sometimes :) Freedom and independence are not for free.
[...]

I don't mind paying for a service where the provider lets me control my data and my services.  I don't bother paying for services where they dictate what I can use, how I should use it, and when I can access it.

It's like using an open source OS vs. a closed source one.  I choose to use an OS that lets me configure how it works, and make changes if/when I want to (even if generally I stay with the defaults), rather than an OS where the hood is welded shut, and I have no control over how it works, and even where a remote entity decides when and how to upgrade it.  No thanks, I prefer to update when *I* choose to, and *know* what the heck I'm getting into before installing some dubious "patch" that could suddenly break the way I currently work (*cough*Windows 10*ahem*forced upgrade*cough*).

Some services offer a high degree of customization, and I'm OK with that.  But if I can't configure it to work the way I want, if there are artificial barriers introduced for external, unrelated reasons where there's no *technical* reason why something shouldn't be allowed, then seriously it's just not worth my time and money. I'll take my business elsewhere, thank you very much.


T

-- 
Дерево держится корнями, а человек - друзьями.

On Tue, Mar 03, 2020 at 09:29:11PM +0000, sarn via Digitalmars-d wrote: [...]
> Spam isn't as much of a problem as I expected.  I've had about two outright spam emails in nearly five years on my main server.

You're lucky.  I have a couple of public-facing email addresses, mainly from open source contributions, and over the years those addresses have ended up on countless spamlists.  Now I regularly get hundreds of spams a day.  Fortunately, I hardly actually see any of them, because I have 4 layers of spam filters: SpamAssassin + Bogofilter on my mailserver, and another SpamAssassin + Bogofilter on my local mailserver.

They are actually not completely redundant, because the SA + BF on the mailserver is trained on spams that are received directly, whereas the local filters are trained on the remnant of spam that makes it past the first two layers, so they catch what the first two layers failed to catch.  Spams with a high enough cumulative score get blackholed; spams with iffy scores are saved in a spambox that I clean out every couple o' months or so.  Over the years, there have been very few false positives, so I've been reducing the minimum score. Now I hardly see any spam out of what must be hundreds impinging my mailserver every day. When they do show up, it tends to be very few and easy to just delete and forget.


> Most spam I get is from people who get my business card and "helpfully" sign me up to their newsletters, or people emailing me because of my blog and asking me to link to unrelated websites they have.  Stuff that I'd get with a bigger service, anyway, and is easy to deal with.  I guess it's just not economical to spam some nerd's private mailserver with ads.

Most of the spam I get is actually not ads (which I hardly get much of, 'cos I generally don't give out real email addresses for stuff unless it's actually something I care about), but scams (mainly the Nigerian 419 variety), phishing attempts, and malware attachments.

One thing I've learned over the years is that spammers don't actually care about their target audience (what a concept! :-P); their goal is to hit as many email addresses as possible to increase the response rate up to the profitable level. For this purpose, they purchase spamlists on the black market, and acquire a botnet or two to spam every email on those lists indiscriminately. Basically, a wide scattershot in the hope that something would stick.  Sad to say, given the reported email scam incident counts on various sources, something *does* stick.  When they have millions of addresses on their lists, all it takes is for 0.01% to respond and they've already made their profit margin.

And most people don't realize that the absolute worst thing to do is to reply to spams in any way, even if it's to yell abuse at them, or to click on so-called "unsubscribe" buttons: many unsubscribe buttons are fake; all they do is to flag your email address as "valid" and post it to 50 other spamlists. Replying has the same effect. As with internet trolls, the best response is not to play.


> Reliability is a more important problem.  Email's pretty robust thanks to mail queues and retries, so a mailserver doesn't need to be up 24/7, but the fact is if it goes down it stays down until you fix it. It's rare but can happen at a bad time.  I pay an uptime service to alert me if my mailserver goes down (same as everything else I run).

The only time my mailserver goes down is either the VPS died, or I screwed up a mailserver upgrade. The latter is pretty obvious, and can be fixed right away.  The former involves an email to tech support, and generally things come back up within a reasonable amount of time.


T

-- 
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare.  Now, thanks to the Internet, we know this is not true. -- Robert Wilensk

On Tuesday, 3 March 2020 at 04:19:58 UTC, jxel wrote:
> On Tuesday, 3 March 2020 at 00:59:44 UTC, Basile B. wrote:
>> So of course this is just a stupid playlist at youtube, i.e a Google company.
>> But what you get every day by overpaid enginneers is that.
>>
>> They cant even manage an association list.
>> Imagine how many they are paid ? They have **no fucking clue about about what they do**.
>> You see this is not even an interesting bug.
>
> Google is a big company, I wouldn't doubt that was implemented by an intern. Everyone else probably has something more important to work on.

Partly relevant, this video is interesting.

https://www.youtube.com/watch?v=ZSRHeXYDLko

I have noted that even though software crashes less now than it used to, it often works incorrectly. I use 'big name' software at work, and often it just does what it's not supposed to do.  For example, a crappy UI for a shared drive would delete the wrong file, then seem to restore the wrong file, but then the right file would appear when you navigate.

I don't think Google ever bragged about its frontend devs. Also major companies are major outsourcers :)

On Tuesday, 3 March 2020 at 04:19:58 UTC, jxel wrote:
> On Tuesday, 3 March 2020 at 00:59:44 UTC, Basile B. wrote:
>> So of course this is just a stupid playlist at youtube, i.e a Google company.
>> But what you get every day by overpaid enginneers is that.
>>
>> They cant even manage an association list.
>> Imagine how many they are paid ? They have **no fucking clue about about what they do**.
>> You see this is not even an interesting bug.
>
> Google is a big company, I wouldn't doubt that was implemented by an intern. Everyone else probably has something more important to work on.

Having worked at Google for 3 years, I can tell you that this does actually happen.  I hosted two interns one summer, and sometimes we did leave isolated tasks that they could take on and fix independently.  However, the code is reviewed by the people hosting them and the review process is supposed to be very exhaustive.  That means that the full-time developers are not off the hook either, it's their responsibility to review code even the code written by interns.

On Wed, Mar 04, 2020 at 09:17:07AM +0000, Borax Man via Digitalmars-d wrote: [...]
> I have noted that even though software crashes less now than it used to, it often works incorrectly. I use 'big name' software at work, and often it just does what it's not supposed to do.  For example, a crappy UI for a shared drive would delete the wrong file, then seem to restore the wrong file, but then the right file would appear when you navigate.

I betcha the bug is in a legacy module that nobody understands or dares to fix anymore, and instead of fixing the actual problem, the GUI code implements a hack to detect (unreliably) the problem and paper over it, either with an anemic attempt to correct the problem after the fact, or with an outright lie (display the right output in spite of the actual data being wrong). It's just business as usual in an "enterprise" project.

After having worked for ~2 decades in the industry, this doesn't surprise me anymore; I've seen it all. It's the result of the typical unhealthy software development office environment: high turnover, unrealistic deadlines, unclear requirements, lack of communication, absence of documentation, and a rampant attitude of every-man-for-himself, its-not-my-problem blame avoidance caused by toxic office politics. The scale of the problem is proportional to the number of people on the project, and is especially bad in large corporate environments. This is why I have a high level of distrust in any software produced by a large company. The larger it is, the worse the problems will be. Sometimes there are exceptions, but generally speaking this is the case. I've stopped expecting anything good to come out of big companies, and now I no longer need to be constantly disappointed. :-P


T

-- 
Heads I win, tails you lose.