Home » Archives for October 2003 » Page 2

Month: October 2003

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

Humour: The null device reports a spam entitled, ‘julian haight funds terrorists b alqoswmw l lgng’.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.
haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: ‘patriotism is the last refuge of a scoundrel’.

Also present is some lovely pictures of Carlton, with trams, greenery, grey skies, and that distinctive turn-of-the-century Aussie architectural style. A couple of years ago, I lived just around the corner in North Melbourne; looking at those photos, it seems like I could just pop out the front door and walk through it all on the way down to the Vic market. They thoroughly evoke day-to-day just-outside-the-CBD Melbourne.

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

The null device reports a spam entitled, ‘julian haight funds terrorists b alqoswmw l lgng’.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.

haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: ‘patriotism is the last refuge of a scoundrel’.

iTunes adding indie tunes

Published October 17, 2003

Music: Indie Labels Debut At iTunes Music Store: ‘I happened to notice a Thievery Corporation release from Eighteenth Street Lounge Music in the ‘Just Added’ section…doing some more exploring, I found releases from Matador (Interpol, Pizzicato Five) and Nettwerk (BT) as well.’ (thx Karlin !)

Hmm — that’s good news for iTunes, but pretty bad news for EMusic. Those labels are all very well-represented on EM.

Wonder if I can run iTunes under Wine?

Recycling – Australia has it right

Published October 16, 2003

Environment: The Irish Times reports:

The State is facing a waste crisis that is threatening to bury the country, according to the Minister for the Environment, Mr Cullen. He said yesterday every person in this State was now producing 700 kg of household and commercial waste a year.
‘That is three times more than they do in the Netherlands. If this continues, the figure will rise to two tonnes per person by 2015,’ he said.
Landfills in six out of 10 regions in the country had less than three years capacity left, yet people were producing enough waste to cover every single town in Ireland. ‘We have to change. Doing nothing is not an option,’ Mr Cullen said.

Well, duh. So what have they done? They’ve setup a website, raceagainstwaste.com, with a page on recycling replete with techie details of how recycling works, then suggesting such gems as ‘if they do not already run one, suggest to your local authority that it considers starting a plastics recycling scheme.’

Brilliant. I’m sure they’ll listen. Nice delegation, Mr Cullen!

In the meantime, apparently 92.2% of the ‘waste stream’ is sent to landfills instead of recycling.

I’m not just knocking here — the amazing thing about recycling is that it’s been done right elsewhere. All this wheel-reinvention is totally superfluous. Here’s the details on Victoria, Australia’s kerbside recycling system; it’s pretty simple.

Each household gets 1 large basin-type plastic tray thing, in which you can put washed, unsealed, recyclable plastic containers. You tie up bundles of recyclable paper into another pile when you leave out the rubbish. And finally, you get a wheelie bin for the rest; stuff that really is rubbish. The bin guys then keep the 3 types of rubbish separate when they pick it up.

Yes, it takes a little bit of time to wash the plastic containers and tie up the paper into bundles. But nobody minds; they’re doing the right thing! It’s a hell of a lot better than chucking the lot into a single container and hoping that some expensive machine at the far end can sort it all out again.

It’s also better than the current Irish and US systems, where we’re expected to bring certain kinds of trash to a centralized drop-off point ourselves. First off, this is very impractical unless you’ve got a car to do it in — and sufficient motivation to do so; and secondly, the bulkiest rubbish — packaging, paper and plastic — is not included, just glass.

The Bin Tax

Published October 15, 2003

Over the past few months, Dublin has seen increasing resistance to newly-introduced rubbish-removal charges, or as they’re being called, ‘the bin tax’.

The charges are:

levied in addition to the ‘local services’ charges in income tax,
- which already cover rubbish removal.

The last point is key — UK residents may be reminded of a similar flat-rate tax introduced by Thatcher in the 80’s… and we all know how that ended.

The result is that a large number, 75% of the population in the affected areas, have taken the course of non-payment of the charges.

There’s been lots of organised protest throughout Dublin, with constant picketing outside bin depots. Joe Higgins TD (a member of the Dail, the Irish parliament) and County Councillor Clare Daly have spent three weeks in jail so far, due to protesting on this issue.

Now, things are really starting to heat up — reportedly, the bin workers are starting to support the campaign, refusing to cross protest lines and refusing to drive lorries from depots if protesters are present. In some depots, they have even joined the picketers!

It’s not all good though — yesterday, national news shocking footage (SMIL) of a protester being dragged for several hundred feet by a speeding van.

This one’s getting interesting.

Snippets

Published October 15, 2003

Bits: BarbieOS, a cutdown version of Debian from Mattel. Really. ‘BarbieOS 1.0 is the result of almost a year’s worth of marketing research into what pre-adolescent girls want in a mobile Linux solution aimed at being a desktop replacement.’ (via Ben)

Great site — also has US.BLAST.D Worm Wreaks Havoc on US Post Office, Mail Delivery Halted (‘Until a patch can be created by Microsoft and deployed by the MCSEs who maintain the nation’s critical infrastructure, President Bush has urged all Americans to lock in a safe or a drawer all of their pens, pencils, stamps, white paper and envelopes so that they cannot be exploited by the virus and used to write out more copies of itself.’

— and An Open Letter from RIAA President Hillary Rosen to Music Pirates Everywhere (‘Currently an RIAA-backed online service known as Pressplay allows users to subscribe for $18.95 a month to a small library of popular works and listen to them via half-quality audio streams if they have broadband connections. Users may download 10 songs a month to burn to CDs if they wish. Pressplay exclusively supports the Windows Media Audio format, and therefore each song benefits from active scripting support, expiration dates, copy protection and proven Microsoft security. With embedded scripts, each song can also enhance the user experience by opening web pages featuring more music they might like to buy. After only 8 months online and a strategic partnership with AOL, Pressplay currently boasts more than 100 subscribers and is growing every day.’)

Spam: Bayesian comment filter for Movable Type, nifty. Pity it’s still using the Paul Graham method, which is not so hot. (thx Antoin!)

The Funniest Thing I’ve Read

Published October 15, 2003

Humour: Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I’ve read in months — thanks Tom!

(Background: ‘The Barefoot Doctor’ is the ‘healer’ who writes for The Observer Magazine on ‘wellbeing, alternative therapies and medicines and ways to cope with modern life’. Everything can apparently be healed through kidney massage and a few essential oils.)

Q: A case study, Mr Barefoot: my bus has crashed – I’ve got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the ‘Used Tickets’ receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.
What herbs and aromatic oils would you recommend?
Doc: you may jest – however, aromatic oils or potions can be extremely effective in speeding the healing process eg – manuka honey,lavender, marigold etc – thanks for bringing it up
Q: oooh good answer. yes i’m going out to buy some manuka honey right away. what do you do with it, is it nice on toast?
lavender, marigolds? is he opening a kitchen department?
Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.
Can recomend any effective massage oils for my friend? Its quite urgent because he’s beginning to talk incoherently about bright lights, can’t move and fainting.
Thank you, 3000
(… snip several hundred similar hilariously bitchy ‘questions’… Barefoot Doctor disappears for a while…)
Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree — or can’t find first gear?

(BTW the real ‘barefoot doctors’ were a different kettle of fish entirely; ‘part-peasant, part-doctor’ commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 15, 2003

Spam: I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.

The Funniest Thing I’ve Read

Published October 15, 2003

Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I’ve read in months — thanks Tom!

Q: A case study, Mr Barefoot: my bus has crashed – I’ve got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the ‘Used Tickets’ receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.

What herbs and aromatic oils would you recommend?

Doc: you may jest – however, aromatic oils or potions can be extremely effective in speeding the healing process eg – manuka honey,lavender, marigold etc – thanks for bringing it up

Q: oooh good answer. yes i’m going out to buy some manuka honey right away. what do you do with it, is it nice on toast?

lavender, marigolds? is he opening a kitchen department?

Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.

Can recomend any effective massage oils for my friend? Its quite urgent because he’s beginning to talk incoherently about bright lights, can’t move and fainting.

Thank you, 3000

(… snip several hundred similar hilariously bitchy ‘questions’… Barefoot Doctor disappears for a while…)

Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree — or can’t find first gear?

(BTW the real ‘barefoot doctors’ were a different kettle of fish entirely; ‘part-peasant, part-doctor’ commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 14, 2003

I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

KDE patch, and my cat

Published October 14, 2003

Linux: So, I like being able to move windows around using the keyboard very quickly. In particular, one nifty feature of Sawfish was corner.jl, a Sawfish lisp snippet which ‘provides functions to move a window into a screen corner.’

Some background: my desktop layout is essentially divided into 4 corners (e.g. 4 xterms in a ‘one in each corner’ layout), or 2 sides (e.g. mail reader on the left, web browser on the right), depending on the size of the windows.

Using corner.jl, one could just throw the mouse into any part of a window’s area, hit a key, and the window would move where you wanted it.

I’ve since moved to KDE, and missed that functionality. So a while back, I reimplemented it as a patch to kwin. Here it is, and bug 65338 is the KDE bug entry tracking it as a feature request.

Not much traction in persuading the KDE folks to apply it, but hey, that’s open source for ya. The patch will always be around anyway ;)

Pets: My cat brings me presents.

Specifically, today he brought me a mouse’s liver and left it on the doorstep. At least I think it’s a mouse’s liver; the scale seems right. No sign of the rest of the mouse, though…

This is with no less than 3 bells on his collar; I don’t know how he does it, unless it’s simply that the rodents round here are just not used to the concept of predation.

BTW, the mouse’s liver wound up flushed down the toilet.

Getting Postfix to use an SSH tunnel for outgoing SMTP

Published October 14, 2003

Given all the fuss over blocking dynamic IPs due to spam, I’ve long sent outgoing SMTP via my server (which lives on a static IP). I download my mail from that using fetchmail over an SSH tunnel, and have done for a while. It’s very reliable, and that way it really doesn’t matter where I download from — quite neat. Also means I don’t have to futz with SMTP AUTH, IMAP/SSL, Certifying Authorities, or any of the other hand-configured complex PKI machinery required to use SSL for authentication.

However, I’ve been using plain old SMTP for outgoing traffic, by just poking a hole in the access db for the IP I’m on. A bit messy and generally not-nice.

So I decided to make it sensible and deliver using SMTP-in-an-SSH-tunnel. In the same SSH tunnel, in fact ;) With Postfix, it turned out very easy — here’s how to do it:

Add this option to the SSH commandline in the SSH tunneling script (I’m presuming you have one ;):

-L 8025:127.0.0.1:25

That’ll port-forward port 25 on the remote system to port 8025 on localhost, so that if a connection is made to port 8025 on localhost, it’ll talk to port 25 on the remote host. Std SSH tunneling there.

Now for Postfix — add this to /etc/postfix/main.cf:

default_transport = smtp:localhost:8025

This means that Postfix will always use SMTP to localhost on port 8025 for any non-local deliveries.

Run service postfix reload (cough, Red Hat-ism) and that’s it! A whole lot easier than I was expecting… Postfix rocks.

SPF again

Published October 13, 2003

Spam: Craig is publishing SPF records. Worth noting that I’ve been publishing SPF records for jmason.org for a month or two, even though the protocol hasn’t even stabilised yet — working on the ‘if you build it, they will come’ approach ;)

Anubis looks great; I’ve been meaning to hack up something like that. Nifty!

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

Science: EU broadside at GM firms’ ‘lies’ (Ananova):

‘They tried to lie to people, they tried to force it upon people … it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.
‘So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn’t they start with such products, so they could prove to the world that this was exactly what they were interested in doing?
‘It will solve starvation among shareholders, but not the developing world unfortunately.

That’s the EU Environment Commissioner, Margot Wallstrom, launching a broadside against ‘US biotech companies’, accusing them of ‘forcing’ unsuitable GM technology onto Europe.

Ouch.

It’s interesting to note that much of their biotech companies’ tactics seem to work well in the US, but overseas, the tactics play out predominantly as blatant strong-arming, astroturfing support, and being ‘economical with the truth’, as the phrase goes.

Some rethinking of their strategy might be helpful — although really, IMO, some thought as to how to make their products relevant to consumers, instead of money-spinning for their shareholders, might work best of all. Making some moves towards the much-vaunted ‘solving starvation in the developing world’ might just be the best way to that.

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

EU broadside at GM firms’ ‘lies’ (Ananova):

‘They tried to lie to people, they tried to force it upon people … it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.

‘So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn’t they start with such products, so they could prove to the world that this was exactly what they were interested in doing?

‘It will solve starvation among shareholders, but not the developing world unfortunately.

That’s the EU Environment Commissioner, Margot Wallstrom, launching a broadside against ‘US biotech companies’, accusing them of ‘forcing’ unsuitable GM technology onto Europe.

Ouch.

Firing Automatic Weapons Upwards Considered Harmful

Published October 13, 2003

Humour: BBC: Serbia wedding guests ‘down plane’.

Guests at a wedding in central Serbia have apparently shot down a small aircraft by mistake.
They were celebrating in the traditional way – firing off shot after shot into the air above the wedding party. Unfortunately, there was a two-seater aircraft flying overhead. One eye-witness told reporters the plane was shot in the left wing.

oops!

Spam: Spammers try fooling filters with digital signatures (ZDNet). oh look, they quote myself and Theo ;)

BitTorrent and Google’s IP

Published October 13, 2003

Tech: Sam Ruby on Foo Camp. Foo camp sounds cool; a little bit circle-jerky, but still interesting. But that’s not what I wanted to write about — the thing I wanted to mention was BitTorrent; it just struck me recently — one key thing about BT that makes it great is that it’s designed by the UNIX philosophy — make one tool that does one thing very well, and make it pluggable, so it can be used by other things easily.

It doesn’t have a GUI to search for torrents — the user does that in their web browser, mail, by swapping notes on napkins, whatever. It just does P2P file transfer very very well — and that’s file transfer of some file or another, hence legality issues around P2P are side-stepped. BT is cool.

Patents: Cluetrain on patents:

Well, Google is (jm: going after patents). And the VCs are paying for it. Hell, some of them insist on it. That’s what I gathered last night, while schmoozing at the opening evening at PC Forum. First, Larry Page, Google’s founder and CEO, told me he hates patents and would rather not deal with them as an issue at all. Then Google board member and lead VC John Doerr surprised a small gaggle of patent skeptics (including Page, Dave Winer and myself) that he loved patents. Patents are one of the things that make America great, he said, and went on to insist that they encourage innovation, cure cancer, raise the dead, and bring peace in our time. (Or something like that. Whatever, he likes patents a lot). So don’t expect Google to abandon their hunt for patent lawyers anytime soon.
Listening to John, I began to think one problem is that just caring about patents puts your mind inside the system, where it gets stuck to intellectual flypaper. Or worse, political flypaper.

Linux graffiti

Published October 10, 2003

Funny: some Linux graffiti from Norway — a bit more accomplished than IBM’s efforts, but still — Linux?! (link via the ArcterJournal)

SMTP Sender Authentication

Published October 10, 2003

Spam: SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

Schemes similar to this — calling back to a sending server to verify that a mail was really sent via that host — have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:

J C Lawrence’s ‘forward chained digital signatures’ on Received headers
William at elan.net’s ‘complex callback verification requirying full message tracking server functionality with dns extensions’
Russ Nelson’s Q249
Our own ‘porkhash’

I still like this style of system, I think, but in terms of deployability and simplicity, I’m supporting Sender-Permitted From for now — which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.

Another bonus of SPF is that it’s simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It’s not always easy in the anti-spam field to find a solution like that ;)

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

SMTP Sender Authentication

Published October 10, 2003

SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

J C Lawrence’s ‘forward chained digital signatures’ on Received headers
William at elan.net’s ‘complex callback verification requirying full message tracking server functionality with dns extensions’
Russ Nelson’s Q249
Our own ‘porkhash’

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

Jewish Superheroes

Published October 10, 2003

Odd: The Jewish Hero Corps, featuring Magen David, Menorah Man, Dreidel Maidel, Yarmulkah Youth, Hypergirl/Matza Woman, and several others. However, The Golem — as seen in The Amazing Adventures of Kavalier & Clay — is strangely absent.

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Iraq: Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.
As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.
Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. … It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.
Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.
The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.
It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No ‘US commanders’ are named, so it’s all off-the-record.

Humour: on a lighter note, BBC Radio 4’s Loose Ends, recorded in the Spiegeltent in Dublin last weekend, featuring ‘writers Anne Enright and John Arden, Desmond Guinness of the Irish Georgian Society, comedian Dara O’Briain, Chieftain Paddy Moloney and Loose Ends regular Emma Freud.’

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.

As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.

Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. … It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.

Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.

The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.

It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No ‘US commanders’ are named, so it’s all off-the-record.

Happiness measured

Published October 9, 2003

Science: Fantastic article in New Scientist volume 180 (4 Oct 2003), covering how science is beginning to identify the keys to a happy life, and perform studies measuring people’s happiness.

That’s a subscribers-only link unfortunately, but I’ll excerpt a few choice snippets:

First off, money:

Can money buy happiness? The short answer is, yes – but it doesn’t buy you very much. And once you can afford to feed, clothe and house yourself, each extra dollar makes less and less difference. … In the past half-century, average income has skyrocketed in industrialised countries, yet happiness levels have remained static (see Graph). It seems absolute income doesn’t make much difference once you have enough to meet your basic needs. Instead, the key seems to be whether you have more than your friends, neighbours and colleagues.

Looks:

First the bad news: good-looking people really are happier. When Diener got people to rate their own looks, both with and without make-up, there was a ‘small but positive effect of physical attractiveness on subjective well-being’.

But don’t compare your looks with what the media puts out:

In a new study, Laurie Mintz and her colleagues from the University of Missouri-Columbia found that women who saw advertisements featuring lithe and flawless young models for just one to three minutes rated their own bodies more negatively and showed an increase in depression. Mintz was alarmed how quickly the women’s self-esteem was undermined. And she believes people are becoming more dissatisfied as new technology allows the media to create ever more unrealistic images.
Mintz recommends less drastic steps to contentment: avoid unrealistic media images; understand that such pictures are airbrushed and ‘Photoshopped’ to perfection; appreciate your body for what it does rather than how it looks.

Friends:

It is hard to imagine a more pitiful existence than life on the streets of Calcutta or in one of its slums, or making a living there as a prostitute. Yet despite the poverty and squalor they face, such people are much happier than you might imagine. ‘We think social relationships are partly responsible,’ says Diener.

And a global comparison:

The latest global analysis of how levels of satisfaction and happiness vary from country to country shows that the most ‘satisfied’ people tend to live in Latin America, Western Europe and North America. Eastern Europeans are the least satisfied.
… There is plenty more about national happiness levels that has researchers scratching their heads. One of the most significant observations is that in industrialised nations, average happiness has remained virtually static since the second world war, despite a considerable rise in average income (see Graphic). The exception is Denmark, where people have become more satisfied with life over the past 30 years – no one is quite sure why.

and the effects of consumerism:

A growing number of researchers are putting the static trend down to consumerism. Survey after survey has shown that the desire for material goods, which has increased hand in hand with average income, is a ‘happiness suppressant’.
One study, by Tim Kasser at Knox College in Galesburg, Illinois, found that young adults who focus on money, image and fame tend to be more depressed, have less enthusiasm for life and suffer more physical symptoms such as headaches and sore throats than others (The High Price of Materialism, MIT Press, 2002). Kasser believes that people tend to embrace material values when they are feeling insecure (retail therapy, anyone?). ‘Advertisements have become more sophisticated,’ says Kasser. ‘They try to tie their message to people’s psychological needs. But it is a false link. It is toxic.’

Lots of good bits. Pity it’s subscribers-only!

EMusic is dead

Published October 9, 2003

Music: All good things must come to an end. EMusic has been bought out by some bunch called ‘Dimensional Associates’, and will no longer offer its excellent download service; instead you’re limited to a measly 40 MP3s per month. (For context — last time I downloaded some listening material was on Monday, and I picked up about 80 MP3s in a single sitting.)

They’ve shut down their message boards; third-party discussion groups are filled with wailing and gnashing of teeth; and worst of all, I can’t even download the remaining stuff on ‘My Stash’ (the downloads-to-do list) because they’re overrun with rats deserting the sinking ship. (no reflection on the rats — I’m one myself.) Either that, or they’ve just turned them off; which is annoying as I had lots of music lined up to download when I got a chance.

This is very bad news — Apple’s iTunes is full of crappy music, Mac-only, and DRM-crippled; Rhapsody is Windows-only and DRM-crippled; there’s really no other legal MP3-download option.

I guess I’ll just have to go back to buying 1 or 2 CDs every few months when I’m buying stuff from Amazon (which I do nowadays anyway, in addition to EMusic) and just listening to the radio in general instead.

Thanks anyway, EMusic, for introducing me, helping me get into, or helping me rebuild my collection of such great music as:

Ladytron
Lemon Jelly
Belle and Sebastian
TRS-80
Yo La Tengo
Pepe Deluxe
Layo And Bushwacka
Asian Dub Foundation
The Pixies
Stereolab
Johnny Cash
Future Sound of London
Freq Nasty
Matmos
Cornershop
Thievery Corporation
Cocteau Twins

It was great while it lasted.

Ah well, I guess I’ll save a tenner a month, which I can put towards the GameFly subscription…

Spammer ‘Cloaking Devices’

Published October 9, 2003

Spam: Cloaking Device Made for Spammers (Wired).

‘Try to find the real IP,’ he said. ‘This host is in rackshack.net, the most antispam ISP.’ A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.

It’s using DNS trickery and a set of reverse proxies. This is standard practice among a small number of the upper echelon of spammers these days.

Of course, many of the techniques used to do this — such as the subversion of Wintel PCs on cable modem networks — are highly illegal, so the spammer/crackers are heading deep into jail-time territory.

I’m really posting this because of this entry at Boing Boing, in which Cory notes: ‘I’m pretty skeptical about the untraceability of these systems — I suspect that rather, they are resistant to some tools, not resistant to others, and not hard to write new tools to uncover.’

They’re untraceable from where we’re standing — these are compromised machines. The only way to trace from that machine onwards, is for the abuse staff of those machines’ ISPs to help out, or to get hold of the machine itself. This is not so easy — which is why the spammers do it.

(I would have posted this as a comment on BB!, but they’ve stopped accepting comments, as noted previously. grr)

Anyway. As time goes on, the development of Wintel spamware-installing worms, and hands-on cracking of Unix servers to install trojans (PDF), is becoming more and more common. There’s definitely an increasing crossover between spammers, virus-writers and crackers, as the Wired News article notes.

This is very much illegal activity under existing computer crime laws, and much more serious than whatever the anti-spam legislation out there considers spamming to be. Maybe the big spammers are going increasingly ‘all-out’, given that the lawmakers are finally giving the anti-spam laws some teeth…

Whoops

Published October 9, 2003

Funny: So, I guess this is the Korean equivalent of Dublin’s Mao restaurant? Hitler Bar. (thx Eoin)

USPTO ‘chime in’ with tips for EU’s patent laws

Published October 8, 2003

Patents: While I was reading LWN’s excellent writeup on the results of the EuroParl patent vote, I came across this very worrying snippet:

Readers in the United States may be interested to know that the U.S. government has chimed in with opposition to article 6a, which states that patents can not be used to block interoperability.

Sure enough, it links to an FFII page noting

‘the US’ believes that conversion between patented file formats should generally not be allowed without a license, and therefore demands deletion of Art 6a.’

‘the US’ is in quotes because FFII reckon that evidence suggests that this is the US Mission’s IPR representatives forwarding the text direct from the US Patent Office, since the USPTO is an agency of the Dept of Commerce.

…. ‘It is part of a US Government ‘Action Plan’ to ‘promote international harmonisation of substantive patent law’ in order to ‘strengthen the rights of American intellectual property holders by making it easier to obtain international protection for their inventions’. This plan has been promoted aggressively by top officials of the US Patent Office in international fora such as WIPO, WSIS and OECD as well as through bilateral negotiations.’

BTW, that is exactly the wording used in the USPTO’s 21st Century Strategic Plan paper. FFII go on to comment on their letter, including this note:

‘The US’ is propagating conventional wisdom such as ‘the more patents the more property, the more property the more innovation’, which is in sharp contrast to consensus of all serious scholars of software economics, as expressed in numerous studies conducted in the USA and in reports by the US Academy of Sciences.
Moreover, ‘the US’ has been ignoring the voice of its own software industry, which is, as shown by last year’s FTC hearings, characterised by ‘continued animosity against software patents’ and whose major players, including such companies as Adobe, Oracle and Autodesk, all opposed software patentability at the USPTO hearing of 1994. The same USPTO which is ghostwriting this paper in the name of ‘the US’ today proceded to legalise program claims shortly after the 1994 hearing, thereby completely ignoring the voice of the US software industry.

One comment on the LWN story notes: ‘as the United States is seeking to rewrite European law to their
agenda, what steps can European Citizens take to help turn the USPTO agenda around into something approaching the spirit of the US Constitution and those who wrote it?’

A good question.

Mekong Naga fireballs

Published October 8, 2003

Odd: Naga fireballs: Timing still a mystery for scientists (Bangkok Post):

Methane and phosphine, a mix of phosphorus and hydrogen, were found in waterways near the Mekong. These gaseous substances were believed to cause the fiery balls, researchers said, though they were not sure exactly how or why they occur. Plant and animal remains release methane as they break down which probably combines with chemical fertiliser, containing phosphorus nutrient, used on farms in the area, to cause the fireballs. The soil in the riverbed is rich with the element.
However, the occurrence of crimson balls also required energy and microbes, which researchers cannot explain.
Mr Saksit called inexplicable aspects of the display a miraculous event while Mr Pinit predicted the study would cause him more headaches. He still did not know why the fireballs tended to emerge only on the full moon night of the 11th lunar month every year.

Laos to ‘cash in’ on Naga fireballs (The Nation):

Authorities from Vientiane Municipality’s Pak Ngum district and the Lao National Authority have prepared sites along the banks of the Mekong River and its tributary, the Nam Ngum, for tourists to view the fireballs rising from the currents tomorrow night, an official said yesterday.
Pak Ngum, where the Nam Ngum river meets the Mekong, is located some 50 kilometres south of the Laotian capital and opposite Nong Khai’s Phon Pisai district. Although it has no hotels, residents are willing to provide home stays for tourists, said an official at the Pak Ngum district office.

Spam: CNET removes anti-spam software ‘made by spammers’ (The Reg). oops!

iTrike — the World’s First Solar-Powered Internet Rickshaw

Published October 8, 2003

Green: iTrike: the World’s First* Solar-Powered Internet Rickshaw, from wireless.psand.net. Psand.net have done a great job in the past mucking about with wireless at green events in the UK from what I can see — I think I’ve even blogged about ’em — but they’ve outdone themselves this time. Cool!

PS: mmm, proper cider… yum.

Diebold voting machines, DMCA, Michael Moore

Published October 7, 2003

e-Voting: Wired has an absolutely mind-numbing list of issues with the security of Diebold voting machine procedures, including passwords printed in manuals which the staff can take home, that same password being reused for multiple systems including the on-site machines at polling stations, tamper-resistance measures being omitted, poll supervisors hired without background checks, bicycle locks being used to secure voting machines, one shared key used to ‘secure’ the memory cards, etc.

‘The election process is mainly based on trust,’ Ginnold said. ‘We trust that poll workers are not going to be tampering with them.’

It’s simply insane to replace a known-good voting system (even if it’s just First-Past-the-Post instead of Proportional Representation, but that’s another issue) with a quick hack like this, IMO.

Please vote anyway, if you’re a CA citizen. And not for the fondling meathead, naturally.

DMCA: EFF: Unintended Consequences: Five Years under the DMCA. An incredible list of cases where the DMCA was used unfairly to restrict competition, research, or fair use, some of which I didn’t even know about. For example, I didn’t realise that the International Information Hiding Workshop Conference will no longer hold conferences on US soil after Professor Ed Felten was threatened over their SDMI paper.

Politics: Michael Moore on how to talk to your conservative brother-in-law. MM may play to the gallery now and again, but sometimes, he’s a genius:

Paying workers more money makes you money!
Dear brother-in-law, when you don’t pay people enough for them to take care of life’s essentials, it ends up costing you and everybody else a lot of money. When you pay your employees more money, what do you think they do with it? Invest it in stocks? Hoard it in offshore accounts? No! They spend it! And what do they spend it on? The stuff you make and sell! If you pay people squat, or lay them off, they can’t buy your stuff. They become a drain on the economy; some turn to crime, and when they turn to crime, it’s your Mercedes they want, not some junker Oldsmobile in their poor neighbour’s driveway.

Science: IgNobel prize winners 2003, including a prize for the nation of Liechtenstein for renting out the entire country for ‘corporate conventions, weddings, bar mitzvahs, and other gatherings’.

Idyllwild and Language Trivia

Published October 6, 2003

Life: so myself and C took a one-night-only trip up to Idyllwild this weekend, hiking up to that rock formation and camping overnight. Great fun.

The rock is called ‘Suicide Rock’. It’s good to see morbid naming is international, but I should note that the prize for best placenames has to go to Victoria, Australia’s Mount Buggery, though.

(I drove past Mt. Buggery last year, and, disappointingly, it seems they’ve renamed it on the official maps. But the other ‘I can’t believe we’re still crossing this bloody mountain range and haven’t made it to Melbourne yet’ placenames still exist.)

Language: Riverbend blog notes interesting trivia in passing: Winnie the Pooh, in Arabic, is ‘Winnie Dabdoob’.

Open Source: GROKLAW on the WSIS fiasco earlier this summer. Briefly, the WSIS — the World Summit on the Information Society — came out with a position pro-open-source, and quite a few large companies seemed to say ‘eek!’ and promptly lobbied as hard as they could to give that line a vasectomy.

Interestingly, they did the same to the spam-related positions, cutting ‘a number of proposals, including prosecution of spammers’ down to a watery ‘take appropriate action on spam at national and international levels’. Snore. Fantastic work, guys.

Weblogs: When did Boing Boing stop taking comments? (looks) seems to be around about this entry of Sep 10. As far as I can see, this is the last comments page.

Shame — I’m with Jeremy on this one.

Dublin: is this entry, by London’s 3W the real winner of the competition to design the new U2 studio in Dublin’s Sir John Rogerson’s Quay?

when big contracts go bad

Published October 3, 2003

Software: A big-contract software dev horror story from the University of Cambridge. KPMG and Oracle come out of it with a lot of egg on their face. (found on Simon Cozens’ blog).

Lee Maguire notes an interesting artifact on the W3C site: ‘BenoÃ®t BÃ©zaire’. This is encoded UTF-8 — which was then turned into HTML entities! Oops…

Booting Linux

Published October 3, 2003

Linux: so it seems one of the GNOME guys wants to rewrite the rc.d boot script system in Python. Eek!

Games: Someone has broken into Valve Software’s network and stolen the source code for Half-Life 2 — shacknews:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook’s preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn’t been seen anywhere else, and isn’t detected by normal virus scanning tools).

Insanely bad news for Valve. :(

Florida State Government Spammed Me!

Published October 2, 2003

Spam: Well, this is just incredible. I’ve just been spammed by a .gov domain — myfloridahousemail.gov.

The irony of my first .gov spam coming from Florida is inescapable.

The message came from an IP address registered to State of Florida/Dept. of Management Services, bldg 4050 esplanade way suite 115d, Tallahassee, FL 32399-0950 US. That address looks genuine. It really does look like it came from the Florida House of Representatives.

And it was sent to a spamtrap which is on a few spammer address lists, but has never been a genuine user address. And, obviously, I don’t live in Florida ;)

Read the spam here.

Another bad USPTO software patent

Published October 2, 2003

Patents: MS patents ‘phone-home’ failure reporting.

There’s a catch, in that it’s not just plain old ‘phone home’, as seen in probably a hundred products since 1960 — they’ve added a ‘match the reported error messages against a db of known issues on the server side’ step. So that’s vaguely inventive — well, no, it’s totally obvious, but at least nobody I can think of off the top of my head has done that before. (Well, I lie, it sounds a bit like KDE‘s crash reporting tool which does a similar search before reporting a bug.)

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren’t ‘examined’, they are ‘processed’. The examination process is driven by production ‘goals’; to be rated in the key rating category of ‘Production Goal Achievement’ as ‘fully successful’ you must have at least 95%; less than that you are marginal; less then 90% you are ‘unsatisfactory’, meaning your entire rating is ‘unsatisfactory’ meaning a ’90 day letter’ to get it ‘fully successful’ else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it’s stunningly easy to rip off GPRS customers. Another well-designed system I don’t think.

Another bad USPTO software patent

Published October 2, 2003

MS patents ‘phone-home’ failure reporting.

There’s a catch, in that it’s not just plain old ‘phone home’, as seen in probably a hundred products since 1960 — they’ve added a ‘match the reported error messages against a db of known issues on the server side’ step. So that’s vaguely inventive — well, no, it’s totally obvious, but at least nobody I can think of off the top of my head has done that before. (Well, I lie, it sounds a bit like KDE’s crash reporting tool which does a similar search before reporting a bug.)

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren’t ‘examined’, they are ‘processed’. The examination process is driven by production ‘goals’; to be rated in the key rating category of ‘Production Goal Achievement’ as ‘fully successful’ you must have at least 95%; less than that you are marginal; less then 90% you are ‘unsatisfactory’, meaning your entire rating is ‘unsatisfactory’ meaning a ’90 day letter’ to get it ‘fully successful’ else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it’s stunningly easy to rip off GPRS customers. Another well-designed system I don’t think.

Shark Sandwich

Published October 2, 2003

Comedy: some Spinal Tap snippets:

a review of a live performance, noting the demise of the band’s own Web-based music downloading service, Tapster — David St. Hubbins is quoted saying ‘they shut down Tapster out of force of habit.’
Derek Smalls notes regarding Tapster, ‘It has to start with saying, ‘look we’re worried about being ripped off’, so we started TAPSTER ourselves…so we’re ripping ourselves off. If a problem comes up, we’ll sue ourselves and we’ll pocket the difference.’ (guess this was before the aforementioned shutdown.)
The A-Z of Spinal Tap: ‘For U2’s Popmart tour, the show’s designer Willie Williams and the band decided the group should emerge from a giant lemon.’ … ‘The Edge comes down from the stairs, and to start his guitar he has to kick a switch on his foot-pedal. Well, he ended up on his hands and knees, feeling around for the pedal. Later he said to me, ‘There I was at the debut, the premiere opening night, and this voice came into my head: I’m Derek Smalls.”
So, as mentioned in the movie, Nigel and David grew up in Squatney, East London. But did you know that Derek Smalls grew up in Nilford — ‘a ‘very small, very wretched, very dire little place’ on the River Null, near Wolverhampton. Also known as Nilford-on-Null.’

Daytime Fireballs

Published October 1, 2003

Astronomy: APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.

I saw a similar daytime fireball streak through the sky when I was in Fraser Island in Australia last year; a little bit smaller than this one, mind you ;) Unfortunately, I didn’t get a picture in time. Very cool though!

Daytime Fireballs

Published October 1, 2003

APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.