Category Archives: Tech

DNS Blacklists Suck

Note: This entry has been restored from old archives.

In a passive effort to “fight spam” I made some changes to my filtering. First I configured postfix to use a few reputable blacklists, four in total; second I started using several of the RulesDuJour SA rules.

This has worked fairly well, I’m not getting much spam hitting my main mailboxes now. But I’m now down to two blacklists, why? Because dnsbl.sorbs.net and bl.spamcop.net have had to be removed because they block important legitimate email. Mail from some family members who use Hotmail has been blocked by SORBS and mail from some online services that use Yahoo servers have been blocked. Causing Yahoo and Hotmail servers to be blocked is not good; I understand the argument that “if they allow spam to be sent they should be blocked” but I cannot agree with it in practice. It is just too inconvenient – and if you make things inconvenient people wont use them. While you may hope that it makes using Hotmail a pain in the arse and thus not used the truth is it’ll make use of your blacklist the PITA and it’ll be dropped well before people stop using one of the world’s most popular email services. (Just try explaining to a tech-illiterate Hotmail user that they should stop using Hotmail because your mail server blocks their email; watch their eyes glaze over when you attempt to argue that they’re supporting spam by using Hotmail and should stop. I can’t believe I used to actually think like that, Hotmail works for them and it works for their family and for all their friends and as far as they’re concerned you can just get back into your little geek hole and die.)

I can see the value in commercially maintained blacklists in this arena, a company that need to sell a blacklist is going to make sure that there is a balance between the effectiveness of their lists and the potential inconvenience caused. Ordered, well thought out and, ultimately, profit-margin driven goals can sometimes beat fanaticism. Unfortunately I can’t use their blacklists for free on my little server and life is expansive enough without paying for a list of numbers. It’d be nice for a company to make lists free for small users for “the good of the Internet”; but the big profits lie in the millions of small users who’ll pay a little and not the thousands of big users who’ll pay a lot.

What makes it sadder is that of the 143 emails blocked in the last 40 hours only one has been from a Yahoo server and it was legitimate. I’m forced to lose all the good entries in the SpamCop blacklist because of a minority of bad ones that make their services unusable.

No complaints about RulesDuJour by they way, I’m happy with that so far (almost all the spam that gets through the blacklists is caught and no false-positives so far, and the difference with a SpamAssassin rule as opposed to an MTA blacklist is that even if you do have an FP you still have the email in quarantine!). I’m still using SORBS and SpamCop but they’re in SpamAssassin now, they’ve lost their ‘very good spam indicator’ privileges.

The two remaining blacklists are DSBL and SpamHaus… we’ll see how long they last.

Benchgraffiti

Note: This entry has been restored from old archives.

Oh how I hate benchmarking! You run a few benchmarks, get some results, and then people start thinking you’re making conclusions! No! They’re just a bunch of numbers in a spreadsheet! I think I’m going to have to write some sort of Excel/VBScript type macro-thingo that displays an EULA to the reader and makes them confirm that they’ll treat all benchmarking figures as the product of a collection of vague assumptions with appropriate error values. Wouldn’t help of course. Anyway, benchmarking is over – long live porting Python self-compiling binary parser modules to Win32.

I have a picture stuck to my computer of a war-axe smashing through a wooden bench – I hope this doesn’t intimidate anyone (well any more so that already achieved by growling at my computer like an enraged bear).

Normally when consuming my lunch I read blogs and news, but it seems to be a bad week for both. Blog people (friends, not randoms) aren’t writing much and the news is getting ever more tiresome – people tried to kill us, yay – we killed people in the middle east, yay – some more western soldiers have died in the middle east, yay – Israel killed people, yay – people killed Israelis, yay – Muslims are killing Muslims, yay. Kill, kill, kill, KILL, KILL. And that is the news. Aside from that we have politicians being fuckwads, as usual (and mostly related to killing people anyway); the environment getting fucked over, as usual; and boring famous people doing boring things, as usual.

Look at the way things are, “we” means UK/USA/Western-Powers(laughingly inclusive of little old Australia). Muslim groups want to kill Israelis because Israelis are killing Muslims. Israelis want to kill Muslims because Muslims are killing Israelis. We want to kill Muslims because Muslims are killing us. Muslims want to kill us because we are killing Muslims. (I’ll leave out all the other groups in the world who are killing each other since the media doesn’t care about them. Africa? Who cares, don’t they just have, like, desert and lions and stuff.)

I don’t think I’m being over dramatic with “want to kill” – wherever things started out be it the rightful removal of an evil dictator, revenge for a terrible terrorist act, border protection, plain old religious or racial hatred, reclaiming stolen land or some conspiracy over control of the world’s oil supply in the end it is all about killing. You drop bombs on people if you want them dead. Sure, you can claim that you just want one of them dead and the deaths of 20 children are an unfortunate side-effect but ultimately your wanting of that one target dead resulted in you wanting the 20 children dead as part of the deal. If you actually didn’t want the children dead then you wouldn’t drop the bloody bomb.

Yes, there are counter-arguments. “We didn’t want them dead; it is unfortunate but they were in the way.” That simply doesn’t work for me. “It was a mistake, I swear!” Oh, that’s okay then – I feel sooo sorry for you, the burden on your soul must be so heavy. I wish there was a hell, because then I could say: Hah, you poor bastards are all going to hell, enjoy!

The supposedly terrorist groups are a step above all of this, at least those evil, fucked-up, shitheads are willing to say “we bomb you because we want you dead”. The rest of the world needs to come clean. Shout it out and be proud.

You are not us! You must die!

And when the last man is left standing he can look around himself; a peaceful scorched earth – free from all dissent and strife. He can sigh, smile and be happy for at last the story of death and hatred, the story of humanity, is over.

Yes, benchmarking puts me in a bad mood.

Sod off and die already.

Sidetracked

Note: This entry has been restored from old archives.

SVG, CSS and Web Browsers

I’ve been sidetracked on an update I started two weeks ago but still haven’t finished. It involves some photos and along the way updating my CSS/etc knowledge and learning SVG. The capability if web browsers has really come a long way since I last seriously explored “web design”! That was years ago, about four maybe, Firefox and IE7 beta sometime soon and see how it is, I’ve heard some good reports on it as well as some less flattering, and you can never tell by what you read since people are so damn religious about these things.

On IE7 the most interesting item has been a Firefox
dude interview
, where he makes the point that IE7 is just a catch-up and that by the time it is out it’ll probably be behind already. The real test is going to be in ongoing effort to improve standards coverage, will they make the effort? They surely have the ability to do a great job of it (we can only hope that it is without magic IE extensions to the standards), but such things are likely to be subject to ‘business case’ justification, so who knows?

Anyway, my main point of interest in all of this is that SVG is great to play with, I can make images in vim! It’s a dream come true 😉

I would say that we have the makings of a Flash killer here, if only MS would get IE supporting the right standards. Opera has done a very good job with version 9! And Opera doesn’t have the ad-bar anymore, which is great. I hope they’re making enough revenue elsewhere to keep going at it (embedded platforms?). The SVG support has some layering/focus bugs when it comes to DOM manipulation with embedded script, rendering is excellent though. Firefox has good rendering (I think Opera’s SVG rendering looks just a little better) and I haven’t hit any bugs in scripting SVGs in it yet. SVG has all the potential to be just as annoying as Flash!

What have we been up to?

In brief, two weeks ago we went on a nice 3 hour walk down the Grand Union Canal then back up through the countryside, took some photos and made some notes. I’ll have a funky photo widget posted for that soon. It’s a little impractical and unwieldy, but I’m no web designer! More an exercise in exploring what can be done than anything else.

Also went on a five hour walk up the river Chess to Chorleywood Common (map: where we had our afternoon tea) then back into Rickmansworth along the train-line, have some photos for that one too.

Not a lot else, been busy. Also been wasting some free time with Oblivion, when I tried playing it when I bought it (in month 4 of my 6 month tour of duty in the UK) I lost interest after about six hours. This time I seem to have gotten into it a bit more. Can’t say that that is a good thing, given my hate for time-wasting. There are more useful things I could be doing in my free time.

Kat is still job-hunting, she should probably try for less permanent looking positions as the Working Holiday thing is a definite blocker. Contract based positions are more likely, but we can’t work out head or tail of the details regarding tax/NI/etc if contracting in IT while on a WH visa. Meanwhile she’s got some contract work with her former employer back in Sydney at a pretty good rate, so she wont get too rusty :-p

Putty Is Malicious

Note: This entry has been restored from old archives.

Malicious adj.

Having the nature of or resulting from malice; deliberately harmful; spiteful: malicious gossip.

The American Heritage© Dictionary of the English Language, Fourth Edition

Hrm, no OED handy at the moment, the yankee one will have to be good enough. Malicious is a synonym for malignant – a word somewhat related to my domain name[1].

I tried to download my favourite Windows
SSH client today
from it’s usual URL and was stopped in my HTTP tracks by an ever vigilant watcher! A watcher well taught in the lore of URL-filter; learnt from a source that shall remain unnamed[2].

I thought to myself: What kind of idiocy is this?! In what way is this humble SSH client, this paragon of security, malicious. To who does it mean harm, where hides the spite? [3]

I shook my head and raised my finger to the watcher on the wire. Then laughed, for it has little power over me, I obtained my hit of delicious TCP/IP encipherment from another
source
.

On a more serious note. Blocking putty is utterly retarded, not only is putty in no way “malicious” but the act of blocking it in this way forces one to seek out another location to download it from. For a popular tool such as Putty you’re likely to find an official mirror first-go; but what if you don’t? And what if you’re not in the habit of checking signatures (most people I assume)? Does this increase the chance that you’ll download a version of a tool from an unofficial source that has some special extra – a feature that really is malicious? There seem to be quite a few sites devoted to issues related to URL-filters and other “censorware”.

[1] Sometimes I do wonder if it is time to throw out Malignity.net as a leftover of a past age. If that ever happens I’ll likely switch to yvan.seth.id.au, which currently redirects to malignity.net anyway.

[2] But be assured, it is not a wise and venerable, thousand year old monk who lives on top of a mountain; nor a timeless and grey bearded wizard who wanders the earth doing good.

[3] Is it possible that the tool is malicious because it is a security tool? Since the very act of encrypting traffic could be illegal
in some places
? It should at least be a different categorisation.

Google Hates Me

Note: This entry has been restored from old archives.

Well, at the very least Google has decided that I am not dissimilar to a small and rather stupid perl script:

Google hates me

What makes it really annoying is there there seems to be some sort of unhateme option where you type in the random characters from an obscured image but the image of the characters times out! I can’t be unhated, whaaa! It only happens for my personalised Google home, the normal Google search works fine.

No contact info provided, just a sad little note apologising to me if I happen to care (i.e. if I really am not a script) and hoping to see me again.

It works okay if I bounce through a proxy in another location. Maybe the site I’m at has a Google bashing infestation and has been blacklisted… now that would be amusing.

Web Album

Note: This entry has been restored from old archives.

I’m giving serious thought to moving over to an online service to keep photos. For several reasons I don’t like the idea though. They’re my photos, I’m a bit iffy about trusting them to some corporation to store and display. Control of the look-and-feel of the sites that provide this service is limited. The look-and-feel of the existing sites is just plain awful.

What might change my mind is Picasa Web Albums. I foolishly trust Google with a lot of my data so why not some photos? And while it is unlikely that the look-and-feel will be highly customisable there is a good chance that the default will not suck.

My main problem with my existing photo publishing approach is that the barrier between taking photos and getting them to the web is too great (thus I never get around to uploading). I suck them off the camera, use one piece of software to browse-rotate-cull them and then another for touch-ups, then I upload them to Gallery and go through adding the captions (slow via web interface). Google has have Picasa for Linux (in Labs) and I assume that interaction between Picasa and Picasa Web Albums will be seamless, in typical Google style. When it all works I’ll give it a spin, and maybe my next album upload will be to Google.

The drawbacks are: It isn’t ready yet (beta for invited Picasa users), the Linux Picasa doesn’t support it yet (no idea when), there is only 250 MB of storage space (or am I willing to pay US$25 per year for 6GB of storage, depends on how good it is).

I wonder when we’ll have the Google range of home appliances? With a nifty web interface that lets you add ‘make coffee’ events to your calendar and have your Google Coffee machine obediently spit out a brew, and Google being perfectionists I just bet it’ll know what a Double Ristretto is. Like the white stuff in the coffee? Don’t worry, Google Coffee will interface with Google Fridge to ensure that it is kept in stock from your favourite online supermarket.

I await Google Baby, being able to upload your child to a Google server might make the concept of breeding more palatable. I’m sure a lot of parents wouldn’t mind their brats being reduced to little more than a feed on their Google home page.

Google Calendar

Note: This entry has been restored from old archives.

I’ve just discovered Google Calendar… maybe this will be the answer to all my calendaring dreams. Globally accessible, interoperable and seems to allow things like sharing events and inviting third parties to events. It is very new, but my “first 5 minutes” using it have been promising.

It would be good if Google put together a partner desktop app to go with it for local mirroring/synchronising of calendar data. Maybe one for the Mozilla calendar app?

Asynchronosity

Note: This entry has been restored from old archives.

I find this story about an asynchronous ARM processor very interesting. It immediately reminded me of two things.

The first thing was one of my Elec Eng lectures back in 3rd year for a course taken by one of my favourite professors. Asynchronous circuits were covered as something of academic interest, a method of building digital circuits that has many interesting properties but is ultimately just a curiosity. The problem being that there are too many complexities to make it a practical way to design ICs, designing a large asynchronous circuit is simply too difficult for any team of engineers, even very good engineers. These are the facts as I was taught them, as recently as 2002.

No doubt the content of the course lagged a little behind reality, since there must have already been people working on exactly this task and already building significantly functional asynchronous ICs. And now they’ve implemented an entire asynchronous ARM9 core!

I find this news remarkably exciting. It shows how rapidly technology continues to change and advance, that we’re continually breaking barriers that were so recently considered to be pretty solid. All thanks to the advance of technology driving its self.

And that brings me to the second thing. The theory that there is a phenomenal turning point in history ahead of us. A point that we can’t predict and beyond which we cannot imagine what will happen, I’d say we can’t be certain it will ever happen – we might not last long enough. It may even happen within the span of our very own lifetimes, that would be something worth seeing.

This is the point where our technology can autonomously design the next generation of technology, triggering a world changing chain reaction that the homo sapiens sapiens species as we know it cannot survive. Either in some way or another it’s the end of the line, or (more optimistically) we’re caught up in the process of driven evolution and become something we cannot imagine.

It really is a very exciting concept. It is just another crazy futurist theory of course, one I happen to find particularly attractive.

Big Iron

Note: This entry has been restored from old archives.

Well, I really mean bigER iron – bigger than a VPS at any rate. I’ve had enough of this whole VPS thing, performance is too unreliable (who knows how many VPSs they have on a system?).

So I’m likely to go for getting a dedicated server, since the thing is my primary communications hub (and also for a couple of other people) I think it is time to upgrade for the sake of reliability. I haven’t decided where yet, there’s good old EV1 of course who are fairly solid (though they do have an iffy reputation for getting IP ranges spam blacklisted and they don’t do Debian) but there are many other choices. It’ll either be in the US or UK since prices in these locations are still much better than back home.

It costs a lot more than a VPS of course, so ideally I’d like to share the cost around and form one of these “server collectives”. I have no idea if anyone is likely to be interested in this, but if you are send me an email and if I get any responses we’ll work out what we need and how much it is likely to cost.

The deal would be simple: If the server costs $x then each of ‘n’ users pays $x/n. For your $x/n you get a single shell, root access if you feel you need it (I think I trust almost everyone I know to admin a Linux system without major mishap!) and an equal say in the running of the machine. I’m happy to look after all server administration, my typical setup provides POP3 and IMAP with Courier, Postfix for SMTP, Apache for HTTP, webmail with SquirrelMail and I use ClamAV and SpamAssassin. Debian is the OS, I wont budge on that. And some packages are sourced from backports.org for the sake of keeping up to date (for items like ClamAV and SpamAssassin where being up to date is important).

As for the machine, that would be decided by the people involved. As an example, the cheapest EV1 option is US$99 per month (however EV1 only offer RHEL, so they’re actually an unlikely choice) and this is a 1.3GHz Celeron with 512MB or RAM and 60GB HDD. I’d think that having an IP per user would be sensible plus one for the system (for HTTPS use, system IP is for SquirrelMail), IPs are usually cheap (7 for “free” with EV1 for example). I think the basic HW specs with the EV1 example are fine for a fair number of normal users (assuming you don’t have an insanely popular website).

Now we’d (Kat and I would be 2 users of course) be willing to pay a reasonable amount (if nobody is interested then we’re likely to end up getting a dedicated server anyway), so having a small group of people with up to US$40 a month to spend would get us a decent setup – and the more people the cheaper the price is! Using the EV1 example then two extra people would get us the server for US$25 each.

Some dedicated server setups:

Me buying a server from eBay or something and just paying co-lo is also an option (some good options in the UK for around 50 GBP).

It may also be an option to have a cheaper class of user, for just email, FTP and webspace say – but it’d be easier if everyone was equal. An equal share user can have as many web domains and email addresses as they like of course and can provide simple hosting for others (for example I host a domain for my Mum and handle her website and email) but the only login access she has is for email. So long as the setup of a user does not adversely affect others on the system I’m sure everyone would be happy, so really the only restrictions are that only paying users get a shell and root access.

So send me an email if you’re interested!

Gynecological Sweetbread

Note: This entry has been restored from old archives.

Sorry, I have to share this… I’m generating random domain names for a benchmark/test scenario and the first one my script spat out was:

gynecological-sweetbread.com.au

Heh!

(My /usr/share/dict/linux.words file seems to be a Yank.)