Author: Justin

Justin Mason, the author of this weblog.

On the reliability of e-voting machines

Published October 23, 2003

'I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb".'

Wonderful.

Tribe.net

Published October 23, 2003

Networking: Tribe.net has a nifty feature over Friendster; you are encouraged to create 'tribes' for things, ideas, and places. Friendster, by contrast, discourages this.

Anyway, for the laugh, I've created a variety of tribes; Ireland , Dublin, and even a tribe for SpamAssassin. Let's see what happens...

Worst album covers ever

Published October 23, 2003

Funny: C sends along a few classic album covers taken from this site. Here's my favourites:

John
- Bult - Julie's Sixteenth Birthday : Certainly the most disturbing of the bunch...

There's plenty more...

Worst album covers ever

Published October 23, 2003

C sends along a few classic album covers taken from this site. Here's my favourites:

John
- Bult - Julie's Sixteenth Birthday : Certainly the most disturbing of the bunch...

There's plenty more...

God expresses displeasure at Mel Gibson’s Christ film

Published October 23, 2003

Movies: Lightning strikes Jesus on Gibson's Christ film set:

The incident, in which The Rock and The Count of Monte Cristo star Jim Caviezel did not sustain an injury, is the second bolt to hit the set of the movie in Italy. 'I'm about a hundred feet away from them,' producer Steve McEveety said, 'when I glance over and see lightning coming out of Caviezel's ears.'

Tentacle Porn has a long and illustrious history

Published October 23, 2003

Japan: The Guardian: Melbourne row over art 'porn':

'Police in Australia have investigated pornography claims against an art gallery which exhibited a painting drawn from a 19th-century woodcut by the Japanese artist Hokusai.
The painting, The Dream of the Fisherman's Wife, is by an Australian, David Laity, and is valued at £5,400. It is being shown in a Melbourne gallery. Like the 1814 original, it depicts a woman copulating with an octopus.

Katsushika Hokusai was an influential Japanese painter and woodcut designer in the 18th and 19th centuries -- more info and pictures here. (There's a great exhibition of his work on at the Chester Beatty Library in Dublin right now, which is where I caught it.)

He coined the term 'Manga' to describe a collection of sketches. Who knew he also came up with the totally bizarre 'tentacle porn' subgenre of anime?

E-Voting: ACT’s open-source e-voting system

Published October 22, 2003

Voting: I've pointed to this before, but I use taint.org partly as a searchable database of annotated bookmarks, so -- for reference -- here's the Australian Capital Territory's EVACS system, an entire, open-source e-voting system:

EVACS is the computer system that provides for electronic voting and electronic counting for ACT Legislative Assembly elections. It provides for counting according to the Hare-Clark electoral system rules set out in the Electoral Act 1992.
EVACS was written using Linux open source software to ensure appropriate transparency. A copy of the source code is available in a zip file (127 kb). The source code for the casual vacancy module is in a separate file (38 kb). For more information contact Software Improvements.

Still not perfect -- it uses electronic ballot stations, instead of paper ballots -- but it does support paper ballots. And it's open source; note the keyword above -- 'appropriate transparency'. They said it, not me ;)

Tentacle Porn has a long and illustrious history

Published October 22, 2003

The Guardian: Melbourne row over art 'porn':

'Police in Australia have investigated pornography claims against an art gallery which exhibited a painting drawn from a 19th-century woodcut by the Japanese artist Hokusai.

The painting, The Dream of the Fisherman's Wife, is by an Australian, David Laity, and is valued at £5,400. It is being shown in a Melbourne gallery. Like the 1814 original, it depicts a woman copulating with an octopus.

He coined the term 'Manga' to describe a collection of sketches. Who knew he also came up with the totally bizarre 'tentacle porn' subgenre of anime?

SF film tip: ‘The Revolution Will Not Be Televised’

Published October 22, 2003

Movies: Inhabitants of San Francisco! Or people nearby who fancy watching a great documentary! According to the SFGate.com Morning Fix, the Castro theater will be showing the amazing documentary The Revolution Will Not Be Televised between Oct 24-30.

I've blogged this before, but quick recap: it's an incredible movie documenting what happened in the Venezuelan Presidential Palace on April 11th 2002, when President Hugo Chavez was briefly deposed by a coup d'etat. It covers the entire period, and amazingly has pretty-much full access to everything that Chavez, his cabinet, and his loyal soldiers did and said. A sample:

'On the day of the coup, we only began realising what was actually going on when the state TV signal was cut. Up until then, people had been shot and there was a terrible sense of confusion, but still the reality of what was taking place hadn't exactly sunk in. Then later that night, the media started saying that Chavez had fled to Cuba and that he had resigned, when in fact he was in the palace -- and so were we. It became clear then that something very calculated and sinister was unfolding.'

Really, it's well worth watching. Due to its comments on the actions, and spin, of the current US administration, Harry Knowles reckons it'll never get a public release in the US outside a film festival (and I'd agree) -- so you're going to have to watch it in a lefty theater or nothing.

(BTW the website needs some work though -- it uses the horrible 'reinventing the scrollbar' DHTML trick, urgh.)

On ‘Intellectual Property’

Published October 22, 2003

Patents: One thing that gets pretty confusing when one investigates the whole patents/open-source/copyright protection field, is the nature of the term Intellectual Property.

What's called 'IP' consists of three parts: copyright, patents, and trademarks. This extract from Harvard's 'Intellectual Property in Cyberspace' series notes:

In the eighteenth century, lawyers and politicians were more likely to refer to patents and copyrights as 'monopolies' than they were to refer to them as forms of 'property.' ... Thomas Jefferson was the most prominent adherent of this view, but many others shared his attitude to varying degrees. ....
Another, more general manifestation of the same trend has been the growing power of the phrase 'intellectual property.' Before the Second World War, use of the phrase as shorthand for copyrights, patents, trademarks, and related entitlements was rare. Since that time, it has become steadily more common. n105 Today, it is the standard way for lawyers and law teachers to refer to the field.
Why does the popularity of the term matter? The answer ... is that legal discourse has power. Specifically, the use of the term 'property' to describe copyrights, patents, trademarks, etc. conveys the impression that they are fundamentally 'like' interests in land or tangible personal property -- and should be protected with the same generous panoply of remedies. ....
Regrettably, the pleas by Cohen and a few others that judges jettison the concept of 'property' and frankly confront the public policy implications of protecting certain kinds of information fell largely on deaf ears. The 'propertization' of the field continued -- and is now well-nigh complete.

It's common to read commentary by outsiders -- journalists especially -- who conflate all three forms of 'IP', and therefore assuming that all three should be considered as 'equal' to physical property. In other words, they fall into this trap.

In reality, a trademark should have much more protection than a patent; copyright over 'bits' is not the same thing as physical ownership of atoms; the concept of the public domain is a whole lot different between 'things' and 'bits'; there's a difference.

To this end, this disclaimer from the UN World Summit on the Information Society is very significant; they've recognised these issues.

This working group has come to recognize that the term 'intellectual property rights' carries bias and encourages simplistic overgeneralization. Therefore this working group does not carry the name IPR. In particular, this group does not endorse the legal school of thought, which advocates that productions of the mind shall be treated in a similar way as real estate property. This legal doctrine implicitly backs the concept that copyrights should last for ever.

Nice work! (thanks to Russell McOrmond and Seth Johnson for noting it.)

Meld for graphical merging

Published October 22, 2003

Software: Great LWN weekly edition last Friday; not only is there a very nice article about SpamAssassin, debunking the 'open spam filtering rules considered harmful' myth, but there's a great tool tip: Meld, a new graphical merging tool.

Basically, when you have two pieces of text, and want to merge them together into one, you need a merge tool. This is a tricky job; most people just get the tool to stick them all in one file, CVS-style, and try to figure it out visually. It's fraught with problems.

Hence the idea of using a GUI to ease the task. There have been other graphical merge tools before; I know of the proprietary one bundled with ClearCase, and tkdiff. However, both of these just aren't very good -- it's quite simply too hard to figure out exactly what direction which piece of text came from.

Looks like meld is a fantastic effort to fix this; take a look at the screenshots. The key is the approach they've taken of having a drawable area in the middle between the two differing texts; this is used for lines and graphical indications of what came from where. It really seems to work, from what I can see.

Dodgy computer games studies

Published October 21, 2003

Science: A lab rat writes up a report on his participation in two psychology studies on 'Video Game Violence' and 'Violence In the Media.'

Sadly, it seems clear that the video-game violence study will return biased results due to flawed test conditions.

Of the three games played, the most violent -- a first-person shooter -- was modified, either through incompetence or deliberate tweaking, to use frustrating control settings and a high level of difficulty; whereas the least violent -- a sim game -- was set up with all the defaults and automatic help enabled.

In my experience, frustration, in any task, has a direct correlation with anger levels. So a frustrating game, violent or not, will probably give more aggressive responses in a violence measurement -- hence the FPS game above will almost definitely be cited as 'inciting violent emotions'.

Bad scientists! No doctorate!

PS: hmm, I wonder if the paper will document the exact configuration
of the games?

Linux: Happy birthday, KDE! I love it. Most recent discovery: the excellent support for printing in KDE 3.1 using the kprinter GUI.

fantastic New Yorker article

Published October 21, 2003

Politics: The Stovepipe, by Seymour M. Hersh:

The notes said that Jafar was then asked, 'But this doesn't mean all W.M.D.? How can you be certain?' His answer was clear: 'I know all the scientists involved, and they chat. There is no W.M.D.'

fantastic New Yorker article

Published October 21, 2003

The Stovepipe, by Seymour M. Hersh:

The notes said that Jafar was then asked, 'But this doesn't mean all W.M.D.? How can you be certain?' His answer was clear: 'I know all the scientists involved, and they chat. There is no W.M.D.'

Control your life support via the Internet!

Published October 20, 2003

Security: Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania - It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.
'I've hacked into the server. Pay me off or I'll sell the station's data to another country and tell the world how vulnerable you are,' the message warned.
Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers' life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Control your life support via the Internet!

Published October 20, 2003

Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania - It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.

'I've hacked into the server. Pay me off or I'll sell the station's data to another country and tell the world how vulnerable you are,' the message warned.

Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers' life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Compare and Contrast

Published October 20, 2003

Politics: Eli Lilly wants it both ways. First off pro-free-market:

Not many U.S. companies would put 'maintenance of free market' at the top of their worry list, but the pharmaceutical industry has genuine reasons for concern.

But then, anti-free-market!:

Starting immediately, if a Canadian wholesaler tries to order more Lilly product than Lilly's estimate of what is appropriate for Canadian use, 'they will not be able to have it,' Smith said.

‘Don’t eat slugs’

Published October 20, 2003

Funny: The Medical Journal of Australia has issued a warning: Australians, don't eat slugs. 'The warning came after a Sydney student contracted a potentially deadly form of meningitis after eating a slug for a $20 bet.'

Secsed-up

Published October 20, 2003

Humour: Data::Secs2 -- canoncial string for nested data. A format for representing nested data structures in accordance with SEMI E5-94, Semiconductor Equipment Communications Standard 2 (SECS-II), apparently pronounced "'sex two' with gusto and a perverted smile."

The manual page goes on:

In order not to plagarize college students, credit must be given where credit is due. Tony Blair, when he was a college intern at Intel Fab 4, in London invented the SEMI SECS standards. When the Intel Fab 4 management discovered Tony's secsification of their host and equipment, they elected to have security to escort Tony out the door. This was Mr. Blair's introduction to elections which he leverage into being elected prime minister. In this new position he used the skills he learned at the Intel fab to secsify intelligence reports on Iraq's weopons of mass distruction.

'Secsed-up', surely!?

Using a Web of Trust to stop spam

Published October 20, 2003

Spam: Been thinking about a distributed 'web of trust' approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point -- that we do not need PKI, crypto, or any other changes to identify senders in current SMTP -- and it could be done today, I think.

Why we don't need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

Traditionally, whitelisting uses just the From line, which is vulnerable to spoofing. SpamAssassin used this up to version 2.3x. Spammers started spoofing mails where 'From' was the same as 'To', and since most people had themselves in the whitelist, that worked. boo.

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token -- ( from_address, ip_address ) -- as the sender's address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That's close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

So basically, to identify someone strongly enough to provide a spam fix in plain old vanilla current SMTP, gen up a string containing their 'From' address, along with all the /24 masks of the IP addresses found in the 'Received' headers.

Remove your relays' IP addresses, and you have an unspoofable ID for that person's SMTP traffic. Any spammer who wants to spoof that, will have to compromise their mail server (or a server in the same /24). That's not cost-effective for spamming.

Note that whitelisting based on that is effectively what the SpamAssassin auto-whitelist does. But for that to be more useful than the AWL, it has to extend over the internet to those people your friends haven't corresponded with yet; ie. it's got to be distributed.

(If you would like to comment on this scheme, I'd prefer if you could post comments at this QuickTopic forum.)

Using a Web of Trust to stop spam

Published October 20, 2003

Been thinking about a distributed 'web of trust' approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point -- that we do not need PKI, crypto, or any other changes to identify senders in current SMTP -- and it could be done today, I think.

Why we don't need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token -- ( from_address, ip_address ) -- as the sender's address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That's close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

(If you would like to comment on this scheme, I'd prefer if you could post comments at this QuickTopic forum.)

That Forbes Article

Published October 19, 2003

Open Source: Forbes: Linux's Hit Men.

The dispute, which was leaked to an Internet message board, offers a rare peek into the dark side of the free software movement--a view that contrasts with the movement's usual public image of happy software proles linking arms and singing the 'Internationale' while freely sharing the fruits of their code-writing labor.

(Here we go again -- the old 'free software is communism' line, cf. the 'Give Communism A Try!' / Nazi Penguin posters SCO made up earlier this year.)

The article goes on to bemoan how software companies who write proprietary extensions into GPL-licensed software, have to comply with the terms of the license.

It's all a bit of an obvious dig -- but I am looking forward to the follow-up article -- that's the one where the author bemoans how commercial software companies send out their 'enforcers' to extort money from companies who don't bother paying the royalties and runtime license fees their licenses require.

PS: Hmm, 'software prole' -- maybe I'll adopt that in the same way
Suresh has adopted 'lower-middle-class Unix sysadmin':

The other title came from a spammer who asked Ramasubramanian what she'd done that made him report her to her ISP.
'I gave her a standard set of links and information on why spam is bad, and took the time to explain all this to her. She then asked me what I did for a living. When I replied that I was a Unix administrator at an ISP, she blew up and said, 'I thought you were a successful businessman and marketer, but you are only a lower-middle-class Unix sysadmin. Don't you dare talk to me like this!!!''

Oh look, Suresh has a journal, too; I never realised. Cool.

SCO’s no-show invoices

Published October 19, 2003

SCOvLinux: GrokLaw: Groklaw's Open Letter Linked to SCO's Backing Off Invoicing.

'SCO Group Inc is backing-down from threats to invoice organizations running Linux while extending SGI's compliance deadline.
'A company spokesperson said yesterday SCO's plan to invoice organizations, on the basis that Linux illegally contains SCO code, had changed following what he claimed was success of its UnixWare licensing program. . . .
'Members of the open source community warned SCO last month in an open letter they would initiate civil action under anti-fraud and consumer protection statutes.'

My take: 'What? You mean extortion through fraudulent invoicing is illegal? Oops, call the mail room!'

BTW, anyone who hasn't read the GrokLaw Open Letter to SCO yet, really should. It's a great summary of all the many points where SCO is wrong.

MS on Choice

Published October 18, 2003

Music: This is great. Microsoft's general manager for the Windows Digital Media division, Dave Fester, on iTunes for Windows:

If you use Apple's music store along with ITunes, you don't have the ability of using the over 40 different Windows Media-compatible portable music devices. When I'm paying for music, I want to know that I have choices today and in the future.

Oh, the schadenfreude. (I wonder how many MP3-compatible portable music devices there are?)

AdvogatoDay

Published October 18, 2003

Tech: So, I just looked at NTK; it has a brief bit about Bram Cohen 'having solved content distribution, (announcing) he was now tackling other simple problems: reputation systems, version control and perhaps after lunch the NP-complete set.'

Hmm, interesting! Let's take a look at his diary -- and what do I find but a whole load of entries on using trust metrics against spam. Bugger. Looks like I have my weekend reading cut out for me.

Also notable: Advogato has added native RSS support, which makes this pretty pointless; and they've also added an XML-RPC interface. Expect to see taint.org entries getting copied up there soon, as a result. ;)

Uptown, Downtown and Midtown

Published October 17, 2003

Language: AussieInAmerica on {up,down,mid}town:

Something that is common here in Atlantic Canadian and northeast American small cities is to refer to the CBD (or city centre/downtown) as 'uptown', especially if coming to the city from its environs. BUT... once I am 'uptown' , I would then refer to my location as 'downtown'. In other words, 'uptown' is the city centre/ CBD only if you are not there yet. 'Uptown' becomes 'downtown' once you arrive there. AND, since many smaller cities have one main street that leads in and out, if you head out of 'downtown' up that street you are going 'uptown'. Follow? It works for us and I can't recall any confusion.
(Author:) Hmm, I'm glad you folk have got it sorted out! I am reminded of Grover's existential crisis on Sesame Street as he was coming to grips with 'here' and 'there'. Every time he pitter-pattered over to 'there', it turned into 'here'.

Great site. Some pretty good Strine, too -- 'Jeggoda Sinny?' really is a common query!

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

Humour: The null device reports a spam entitled, 'julian haight funds terrorists b alqoswmw l lgng'.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.
haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: 'patriotism is the last refuge of a scoundrel'.

Also present is some lovely pictures of Carlton, with trams, greenery, grey skies, and that distinctive turn-of-the-century Aussie architectural style. A couple of years ago, I lived just around the corner in North Melbourne; looking at those photos, it seems like I could just pop out the front door and walk through it all on the way down to the Vic market. They thoroughly evoke day-to-day just-outside-the-CBD Melbourne.

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

The null device reports a spam entitled, 'julian haight funds terrorists b alqoswmw l lgng'.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.

haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: 'patriotism is the last refuge of a scoundrel'.

iTunes adding indie tunes

Published October 17, 2003

Music: Indie Labels Debut At iTunes Music Store: 'I happened to notice a Thievery Corporation release from Eighteenth Street Lounge Music in the 'Just Added' section...doing some more exploring, I found releases from Matador (Interpol, Pizzicato Five) and Nettwerk (BT) as well.' (thx Karlin !)

Hmm -- that's good news for iTunes, but pretty bad news for EMusic. Those labels are all very well-represented on EM.

Wonder if I can run iTunes under Wine?

Recycling – Australia has it right

Published October 16, 2003

Environment: The Irish Times reports:

The State is facing a waste crisis that is threatening to bury the country, according to the Minister for the Environment, Mr Cullen. He said yesterday every person in this State was now producing 700 kg of household and commercial waste a year.
'That is three times more than they do in the Netherlands. If this continues, the figure will rise to two tonnes per person by 2015,' he said.
Landfills in six out of 10 regions in the country had less than three years capacity left, yet people were producing enough waste to cover every single town in Ireland. 'We have to change. Doing nothing is not an option,' Mr Cullen said.

Well, duh. So what have they done? They've setup a website, raceagainstwaste.com, with a page on recycling replete with techie details of how recycling works, then suggesting such gems as 'if they do not already run one, suggest to your local authority that it considers starting a plastics recycling scheme.'

Brilliant. I'm sure they'll listen. Nice delegation, Mr Cullen!

In the meantime, apparently 92.2% of the 'waste stream' is sent to landfills instead of recycling.

I'm not just knocking here -- the amazing thing about recycling is that it's been done right elsewhere. All this wheel-reinvention is totally superfluous. Here's the details on Victoria, Australia's kerbside recycling system; it's pretty simple.

Each household gets 1 large basin-type plastic tray thing, in which you can put washed, unsealed, recyclable plastic containers. You tie up bundles of recyclable paper into another pile when you leave out the rubbish. And finally, you get a wheelie bin for the rest; stuff that really is rubbish. The bin guys then keep the 3 types of rubbish separate when they pick it up.

Yes, it takes a little bit of time to wash the plastic containers and tie up the paper into bundles. But nobody minds; they're doing the right thing! It's a hell of a lot better than chucking the lot into a single container and hoping that some expensive machine at the far end can sort it all out again.

It's also better than the current Irish and US systems, where we're expected to bring certain kinds of trash to a centralized drop-off point ourselves. First off, this is very impractical unless you've got a car to do it in -- and sufficient motivation to do so; and secondly, the bulkiest rubbish -- packaging, paper and plastic -- is not included, just glass.

The Bin Tax

Published October 15, 2003

Over the past few months, Dublin has seen increasing resistance to newly-introduced rubbish-removal charges, or as they're being called, 'the bin tax'.

The charges are:

levied in addition to the 'local services' charges in income tax,
- which already cover rubbish removal.

The last point is key -- UK residents may be reminded of a similar flat-rate tax introduced by Thatcher in the 80's... and we all know how that ended.

The result is that a large number, 75% of the population in the affected areas, have taken the course of non-payment of the charges.

There's been lots of organised protest throughout Dublin, with constant picketing outside bin depots. Joe Higgins TD (a member of the Dail, the Irish parliament) and County Councillor Clare Daly have spent three weeks in jail so far, due to protesting on this issue.

Now, things are really starting to heat up -- reportedly, the bin workers are starting to support the campaign, refusing to cross protest lines and refusing to drive lorries from depots if protesters are present. In some depots, they have even joined the picketers!

It's not all good though -- yesterday, national news shocking footage (SMIL) of a protester being dragged for several hundred feet by a speeding van.

This one's getting interesting.

Snippets

Published October 15, 2003

Bits: BarbieOS, a cutdown version of Debian from Mattel. Really. 'BarbieOS 1.0 is the result of almost a year's worth of marketing research into what pre-adolescent girls want in a mobile Linux solution aimed at being a desktop replacement.' (via Ben)

Great site -- also has US.BLAST.D Worm Wreaks Havoc on US Post Office, Mail Delivery Halted ('Until a patch can be created by Microsoft and deployed by the MCSEs who maintain the nation's critical infrastructure, President Bush has urged all Americans to lock in a safe or a drawer all of their pens, pencils, stamps, white paper and envelopes so that they cannot be exploited by the virus and used to write out more copies of itself.'

-- and An Open Letter from RIAA President Hillary Rosen to Music Pirates Everywhere ('Currently an RIAA-backed online service known as Pressplay allows users to subscribe for $18.95 a month to a small library of popular works and listen to them via half-quality audio streams if they have broadband connections. Users may download 10 songs a month to burn to CDs if they wish. Pressplay exclusively supports the Windows Media Audio format, and therefore each song benefits from active scripting support, expiration dates, copy protection and proven Microsoft security. With embedded scripts, each song can also enhance the user experience by opening web pages featuring more music they might like to buy. After only 8 months online and a strategic partnership with AOL, Pressplay currently boasts more than 100 subscribers and is growing every day.')

Spam: Bayesian comment filter for Movable Type, nifty. Pity it's still using the Paul Graham method, which is not so hot. (thx Antoin!)

The Funniest Thing I’ve Read

Published October 15, 2003

Humour: Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I've read in months -- thanks Tom!

(Background: 'The Barefoot Doctor' is the 'healer' who writes for The Observer Magazine on 'wellbeing, alternative therapies and medicines and ways to cope with modern life'. Everything can apparently be healed through kidney massage and a few essential oils.)

Q: A case study, Mr Barefoot: my bus has crashed - I've got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the 'Used Tickets' receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.
What herbs and aromatic oils would you recommend?
Doc: you may jest - however, aromatic oils or potions can be extremely effective in speeding the healing process eg - manuka honey,lavender, marigold etc - thanks for bringing it up
Q: oooh good answer. yes i'm going out to buy some manuka honey right away. what do you do with it, is it nice on toast?
lavender, marigolds? is he opening a kitchen department?
Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.
Can recomend any effective massage oils for my friend? Its quite urgent because he's beginning to talk incoherently about bright lights, can't move and fainting.
Thank you, 3000
(... snip several hundred similar hilariously bitchy 'questions'... Barefoot Doctor disappears for a while...)
Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree -- or can't find first gear?

(BTW the real 'barefoot doctors' were a different kettle of fish entirely; 'part-peasant, part-doctor' commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 15, 2003

Spam: I've been meaning to collate a page about why I don't like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, 'So...we punish everyone in the world, and hope that a delay of one or more hours is considered 'acceptable'? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.'

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There's even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the 'edge cases' that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don't retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That's really not a lot of data -- 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, 'greylisting' will work fine in the short term, until it becomes reasonably common -- then the spamtool developers will start adding retry code.

Then we're back to square one -- except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That's not really progress.

The Funniest Thing I’ve Read

Published October 15, 2003

Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I've read in months -- thanks Tom!

Q: A case study, Mr Barefoot: my bus has crashed - I've got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the 'Used Tickets' receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.

What herbs and aromatic oils would you recommend?

Doc: you may jest - however, aromatic oils or potions can be extremely effective in speeding the healing process eg - manuka honey,lavender, marigold etc - thanks for bringing it up

Q: oooh good answer. yes i'm going out to buy some manuka honey right away. what do you do with it, is it nice on toast?

lavender, marigolds? is he opening a kitchen department?

Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.

Can recomend any effective massage oils for my friend? Its quite urgent because he's beginning to talk incoherently about bright lights, can't move and fainting.

Thank you, 3000

(... snip several hundred similar hilariously bitchy 'questions'... Barefoot Doctor disappears for a while...)

Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree -- or can't find first gear?

(BTW the real 'barefoot doctors' were a different kettle of fish entirely; 'part-peasant, part-doctor' commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 14, 2003

I've been meaning to collate a page about why I don't like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There's even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the 'edge cases' that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That's really not a lot of data -- 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, 'greylisting' will work fine in the short term, until it becomes reasonably common -- then the spamtool developers will start adding retry code.

Then we're back to square one -- except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That's not really progress.

KDE patch, and my cat

Published October 14, 2003

Linux: So, I like being able to move windows around using the keyboard very quickly. In particular, one nifty feature of Sawfish was corner.jl, a Sawfish lisp snippet which 'provides functions to move a window into a screen corner.'

Some background: my desktop layout is essentially divided into 4 corners (e.g. 4 xterms in a 'one in each corner' layout), or 2 sides (e.g. mail reader on the left, web browser on the right), depending on the size of the windows.

Using corner.jl, one could just throw the mouse into any part of a window's area, hit a key, and the window would move where you wanted it.

I've since moved to KDE, and missed that functionality. So a while back, I reimplemented it as a patch to kwin. Here it is, and bug 65338 is the KDE bug entry tracking it as a feature request.

Not much traction in persuading the KDE folks to apply it, but hey, that's open source for ya. The patch will always be around anyway ;)

Pets: My cat brings me presents.

Specifically, today he brought me a mouse's liver and left it on the doorstep. At least I think it's a mouse's liver; the scale seems right. No sign of the rest of the mouse, though...

This is with no less than 3 bells on his collar; I don't know how he does it, unless it's simply that the rodents round here are just not used to the concept of predation.

BTW, the mouse's liver wound up flushed down the toilet.

Getting Postfix to use an SSH tunnel for outgoing SMTP

Published October 14, 2003

Given all the fuss over blocking dynamic IPs due to spam, I've long sent outgoing SMTP via my server (which lives on a static IP). I download my mail from that using fetchmail over an SSH tunnel, and have done for a while. It's very reliable, and that way it really doesn't matter where I download from -- quite neat. Also means I don't have to futz with SMTP AUTH, IMAP/SSL, Certifying Authorities, or any of the other hand-configured complex PKI machinery required to use SSL for authentication.

However, I've been using plain old SMTP for outgoing traffic, by just poking a hole in the access db for the IP I'm on. A bit messy and generally not-nice.

So I decided to make it sensible and deliver using SMTP-in-an-SSH-tunnel. In the same SSH tunnel, in fact ;) With Postfix, it turned out very easy -- here's how to do it:

Add this option to the SSH commandline in the SSH tunneling script (I'm presuming you have one ;):

-L 8025:127.0.0.1:25

That'll port-forward port 25 on the remote system to port 8025 on localhost, so that if a connection is made to port 8025 on localhost, it'll talk to port 25 on the remote host. Std SSH tunneling there.

Now for Postfix -- add this to /etc/postfix/main.cf:

default_transport = smtp:localhost:8025

This means that Postfix will always use SMTP to localhost on port 8025 for any non-local deliveries.

Run service postfix reload (cough, Red Hat-ism) and that's it! A whole lot easier than I was expecting... Postfix rocks.

SPF again

Published October 13, 2003

Spam: Craig is publishing SPF records. Worth noting that I've been publishing SPF records for jmason.org for a month or two, even though the protocol hasn't even stabilised yet -- working on the 'if you build it, they will come' approach ;)

Anubis looks great; I've been meaning to hack up something like that. Nifty!

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

Science: EU broadside at GM firms' 'lies' (Ananova):

'They tried to lie to people, they tried to force it upon people ... it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.
'So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn't they start with such products, so they could prove to the world that this was exactly what they were interested in doing?
'It will solve starvation among shareholders, but not the developing world unfortunately.

That's the EU Environment Commissioner, Margot Wallstrom, launching a broadside against 'US biotech companies', accusing them of 'forcing' unsuitable GM technology onto Europe.

Ouch.

It's interesting to note that much of their biotech companies' tactics seem to work well in the US, but overseas, the tactics play out predominantly as blatant strong-arming, astroturfing support, and being 'economical with the truth', as the phrase goes.

Some rethinking of their strategy might be helpful -- although really, IMO, some thought as to how to make their products relevant to consumers, instead of money-spinning for their shareholders, might work best of all. Making some moves towards the much-vaunted 'solving starvation in the developing world' might just be the best way to that.

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

EU broadside at GM firms' 'lies' (Ananova):

'They tried to lie to people, they tried to force it upon people ... it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.

'So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn't they start with such products, so they could prove to the world that this was exactly what they were interested in doing?

'It will solve starvation among shareholders, but not the developing world unfortunately.

That's the EU Environment Commissioner, Margot Wallstrom, launching a broadside against 'US biotech companies', accusing them of 'forcing' unsuitable GM technology onto Europe.

Ouch.

Firing Automatic Weapons Upwards Considered Harmful

Published October 13, 2003

Humour: BBC: Serbia wedding guests 'down plane'.

Guests at a wedding in central Serbia have apparently shot down a small aircraft by mistake.
They were celebrating in the traditional way - firing off shot after shot into the air above the wedding party. Unfortunately, there was a two-seater aircraft flying overhead. One eye-witness told reporters the plane was shot in the left wing.

oops!

Spam: Spammers try fooling filters with digital signatures (ZDNet). oh look, they quote myself and Theo ;)

BitTorrent and Google’s IP

Published October 13, 2003

Tech: Sam Ruby on Foo Camp. Foo camp sounds cool; a little bit circle-jerky, but still interesting. But that's not what I wanted to write about -- the thing I wanted to mention was BitTorrent; it just struck me recently -- one key thing about BT that makes it great is that it's designed by the UNIX philosophy -- make one tool that does one thing very well, and make it pluggable, so it can be used by other things easily.

It doesn't have a GUI to search for torrents -- the user does that in their web browser, mail, by swapping notes on napkins, whatever. It just does P2P file transfer very very well -- and that's file transfer of some file or another, hence legality issues around P2P are side-stepped. BT is cool.

Patents: Cluetrain on patents:

Well, Google is (jm: going after patents). And the VCs are paying for it. Hell, some of them insist on it. That's what I gathered last night, while schmoozing at the opening evening at PC Forum. First, Larry Page, Google's founder and CEO, told me he hates patents and would rather not deal with them as an issue at all. Then Google board member and lead VC John Doerr surprised a small gaggle of patent skeptics (including Page, Dave Winer and myself) that he loved patents. Patents are one of the things that make America great, he said, and went on to insist that they encourage innovation, cure cancer, raise the dead, and bring peace in our time. (Or something like that. Whatever, he likes patents a lot). So don't expect Google to abandon their hunt for patent lawyers anytime soon.
Listening to John, I began to think one problem is that just caring about patents puts your mind inside the system, where it gets stuck to intellectual flypaper. Or worse, political flypaper.

Linux graffiti

Published October 10, 2003

Funny: some Linux graffiti from Norway -- a bit more accomplished than IBM's efforts, but still -- Linux?! (link via the ArcterJournal)

SMTP Sender Authentication

Published October 10, 2003

Spam: SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

Schemes similar to this -- calling back to a sending server to verify that a mail was really sent via that host -- have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:

J C Lawrence's 'forward chained digital signatures' on Received headers
William at elan.net's 'complex callback verification requirying full message tracking server functionality with dns extensions'
Russ Nelson's Q249
Our own 'porkhash'

I still like this style of system, I think, but in terms of deployability and simplicity, I'm supporting Sender-Permitted From for now -- which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.

Another bonus of SPF is that it's simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It's not always easy in the anti-spam field to find a solution like that ;)

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

SMTP Sender Authentication

Published October 10, 2003

SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

J C Lawrence's 'forward chained digital signatures' on Received headers
William at elan.net's 'complex callback verification requirying full message tracking server functionality with dns extensions'
Russ Nelson's Q249
Our own 'porkhash'

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

Jewish Superheroes

Published October 10, 2003

Odd: The Jewish Hero Corps, featuring Magen David, Menorah Man, Dreidel Maidel, Yarmulkah Youth, Hypergirl/Matza Woman, and several others. However, The Golem -- as seen in The Amazing Adventures of Kavalier & Clay -- is strangely absent.

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Iraq: Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.
As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.
Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. ... It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.
Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.
The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.
It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No 'US commanders' are named, so it's all off-the-record.

Humour: on a lighter note, BBC Radio 4's Loose Ends, recorded in the Spiegeltent in Dublin last weekend, featuring 'writers Anne Enright and John Arden, Desmond Guinness of the Irish Georgian Society, comedian Dara O'Briain, Chieftain Paddy Moloney and Loose Ends regular Emma Freud.'

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.

As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.

Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. ... It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.

Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.

The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.

It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No 'US commanders' are named, so it's all off-the-record.

Happiness measured

Published October 9, 2003

Science: Fantastic article in New Scientist volume 180 (4 Oct 2003), covering how science is beginning to identify the keys to a happy life, and perform studies measuring people's happiness.

That's a subscribers-only link unfortunately, but I'll excerpt a few choice snippets:

First off, money:

Can money buy happiness? The short answer is, yes - but it doesn't buy you very much. And once you can afford to feed, clothe and house yourself, each extra dollar makes less and less difference. ... In the past half-century, average income has skyrocketed in industrialised countries, yet happiness levels have remained static (see Graph). It seems absolute income doesn't make much difference once you have enough to meet your basic needs. Instead, the key seems to be whether you have more than your friends, neighbours and colleagues.

Looks:

First the bad news: good-looking people really are happier. When Diener got people to rate their own looks, both with and without make-up, there was a 'small but positive effect of physical attractiveness on subjective well-being'.

But don't compare your looks with what the media puts out:

In a new study, Laurie Mintz and her colleagues from the University of Missouri-Columbia found that women who saw advertisements featuring lithe and flawless young models for just one to three minutes rated their own bodies more negatively and showed an increase in depression. Mintz was alarmed how quickly the women's self-esteem was undermined. And she believes people are becoming more dissatisfied as new technology allows the media to create ever more unrealistic images.
Mintz recommends less drastic steps to contentment: avoid unrealistic media images; understand that such pictures are airbrushed and 'Photoshopped' to perfection; appreciate your body for what it does rather than how it looks.

Friends:

It is hard to imagine a more pitiful existence than life on the streets of Calcutta or in one of its slums, or making a living there as a prostitute. Yet despite the poverty and squalor they face, such people are much happier than you might imagine. 'We think social relationships are partly responsible,' says Diener.

And a global comparison:

The latest global analysis of how levels of satisfaction and happiness vary from country to country shows that the most 'satisfied' people tend to live in Latin America, Western Europe and North America. Eastern Europeans are the least satisfied.
... There is plenty more about national happiness levels that has researchers scratching their heads. One of the most significant observations is that in industrialised nations, average happiness has remained virtually static since the second world war, despite a considerable rise in average income (see Graphic). The exception is Denmark, where people have become more satisfied with life over the past 30 years - no one is quite sure why.

and the effects of consumerism:

A growing number of researchers are putting the static trend down to consumerism. Survey after survey has shown that the desire for material goods, which has increased hand in hand with average income, is a 'happiness suppressant'.
One study, by Tim Kasser at Knox College in Galesburg, Illinois, found that young adults who focus on money, image and fame tend to be more depressed, have less enthusiasm for life and suffer more physical symptoms such as headaches and sore throats than others (The High Price of Materialism, MIT Press, 2002). Kasser believes that people tend to embrace material values when they are feeling insecure (retail therapy, anyone?). 'Advertisements have become more sophisticated,' says Kasser. 'They try to tie their message to people's psychological needs. But it is a false link. It is toxic.'

Lots of good bits. Pity it's subscribers-only!

EMusic is dead

Published October 9, 2003

Music: All good things must come to an end. EMusic has been bought out by some bunch called 'Dimensional Associates', and will no longer offer its excellent download service; instead you're limited to a measly 40 MP3s per month. (For context -- last time I downloaded some listening material was on Monday, and I picked up about 80 MP3s in a single sitting.)

They've shut down their message boards; third-party discussion groups are filled with wailing and gnashing of teeth; and worst of all, I can't even download the remaining stuff on 'My Stash' (the downloads-to-do list) because they're overrun with rats deserting the sinking ship. (no reflection on the rats -- I'm one myself.) Either that, or they've just turned them off; which is annoying as I had lots of music lined up to download when I got a chance.

This is very bad news -- Apple's iTunes is full of crappy music, Mac-only, and DRM-crippled; Rhapsody is Windows-only and DRM-crippled; there's really no other legal MP3-download option.

I guess I'll just have to go back to buying 1 or 2 CDs every few months when I'm buying stuff from Amazon (which I do nowadays anyway, in addition to EMusic) and just listening to the radio in general instead.

Thanks anyway, EMusic, for introducing me, helping me get into, or helping me rebuild my collection of such great music as:

Ladytron
Lemon Jelly
Belle and Sebastian
TRS-80
Yo La Tengo
Pepe Deluxe
Layo And Bushwacka
Asian Dub Foundation
The Pixies
Stereolab
Johnny Cash
Future Sound of London
Freq Nasty
Matmos
Cornershop
Thievery Corporation
Cocteau Twins

It was great while it lasted.

Ah well, I guess I'll save a tenner a month, which I can put towards the GameFly subscription...

Spammer ‘Cloaking Devices’

Published October 9, 2003

Spam: Cloaking Device Made for Spammers (Wired).

'Try to find the real IP,' he said. 'This host is in rackshack.net, the most antispam ISP.' A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.

It's using DNS trickery and a set of reverse proxies. This is standard practice among a small number of the upper echelon of spammers these days.

Of course, many of the techniques used to do this -- such as the subversion of Wintel PCs on cable modem networks -- are highly illegal, so the spammer/crackers are heading deep into jail-time territory.

I'm really posting this because of this entry at Boing Boing, in which Cory notes: 'I'm pretty skeptical about the untraceability of these systems -- I suspect that rather, they are resistant to some tools, not resistant to others, and not hard to write new tools to uncover.'

They're untraceable from where we're standing -- these are compromised machines. The only way to trace from that machine onwards, is for the abuse staff of those machines' ISPs to help out, or to get hold of the machine itself. This is not so easy -- which is why the spammers do it.

(I would have posted this as a comment on BB!, but they've stopped accepting comments, as noted previously. grr)

Anyway. As time goes on, the development of Wintel spamware-installing worms, and hands-on cracking of Unix servers to install trojans (PDF), is becoming more and more common. There's definitely an increasing crossover between spammers, virus-writers and crackers, as the Wired News article notes.

This is very much illegal activity under existing computer crime laws, and much more serious than whatever the anti-spam legislation out there considers spamming to be. Maybe the big spammers are going increasingly 'all-out', given that the lawmakers are finally giving the anti-spam laws some teeth...

Whoops

Published October 9, 2003

Funny: So, I guess this is the Korean equivalent of Dublin's Mao restaurant? Hitler Bar. (thx Eoin)

USPTO ‘chime in’ with tips for EU’s patent laws

Published October 8, 2003

Patents: While I was reading LWN's excellent writeup on the results of the EuroParl patent vote, I came across this very worrying snippet:

Readers in the United States may be interested to know that the U.S. government has chimed in with opposition to article 6a, which states that patents can not be used to block interoperability.

Sure enough, it links to an FFII page noting

'the US' believes that conversion between patented file formats should generally not be allowed without a license, and therefore demands deletion of Art 6a.'

'the US' is in quotes because FFII reckon that evidence suggests that this is the US Mission's IPR representatives forwarding the text direct from the US Patent Office, since the USPTO is an agency of the Dept of Commerce.

.... 'It is part of a US Government 'Action Plan' to 'promote international harmonisation of substantive patent law' in order to 'strengthen the rights of American intellectual property holders by making it easier to obtain international protection for their inventions'. This plan has been promoted aggressively by top officials of the US Patent Office in international fora such as WIPO, WSIS and OECD as well as through bilateral negotiations.'

BTW, that is exactly the wording used in the USPTO's 21st Century Strategic Plan paper. FFII go on to comment on their letter, including this note:

'The US' is propagating conventional wisdom such as 'the more patents the more property, the more property the more innovation', which is in sharp contrast to consensus of all serious scholars of software economics, as expressed in numerous studies conducted in the USA and in reports by the US Academy of Sciences.
Moreover, 'the US' has been ignoring the voice of its own software industry, which is, as shown by last year's FTC hearings, characterised by 'continued animosity against software patents' and whose major players, including such companies as Adobe, Oracle and Autodesk, all opposed software patentability at the USPTO hearing of 1994. The same USPTO which is ghostwriting this paper in the name of 'the US' today proceded to legalise program claims shortly after the 1994 hearing, thereby completely ignoring the voice of the US software industry.

One comment on the LWN story notes: 'as the United States is seeking to rewrite European law to their
agenda, what steps can European Citizens take to help turn the USPTO agenda around into something approaching the spirit of the US Constitution and those who wrote it?'

A good question.

Mekong Naga fireballs

Published October 8, 2003

Odd: Naga fireballs: Timing still a mystery for scientists (Bangkok Post):

Methane and phosphine, a mix of phosphorus and hydrogen, were found in waterways near the Mekong. These gaseous substances were believed to cause the fiery balls, researchers said, though they were not sure exactly how or why they occur. Plant and animal remains release methane as they break down which probably combines with chemical fertiliser, containing phosphorus nutrient, used on farms in the area, to cause the fireballs. The soil in the riverbed is rich with the element.
However, the occurrence of crimson balls also required energy and microbes, which researchers cannot explain.
Mr Saksit called inexplicable aspects of the display a miraculous event while Mr Pinit predicted the study would cause him more headaches. He still did not know why the fireballs tended to emerge only on the full moon night of the 11th lunar month every year.

Laos to 'cash in' on Naga fireballs (The Nation):

Authorities from Vientiane Municipality's Pak Ngum district and the Lao National Authority have prepared sites along the banks of the Mekong River and its tributary, the Nam Ngum, for tourists to view the fireballs rising from the currents tomorrow night, an official said yesterday.
Pak Ngum, where the Nam Ngum river meets the Mekong, is located some 50 kilometres south of the Laotian capital and opposite Nong Khai's Phon Pisai district. Although it has no hotels, residents are willing to provide home stays for tourists, said an official at the Pak Ngum district office.

Spam: CNET removes anti-spam software 'made by spammers' (The Reg). oops!

iTrike — the World’s First Solar-Powered Internet Rickshaw

Published October 8, 2003

Green: iTrike: the World's First* Solar-Powered Internet Rickshaw, from wireless.psand.net. Psand.net have done a great job in the past mucking about with wireless at green events in the UK from what I can see -- I think I've even blogged about 'em -- but they've outdone themselves this time. Cool!

PS: mmm, proper cider... yum.

Diebold voting machines, DMCA, Michael Moore

Published October 7, 2003

e-Voting: Wired has an absolutely mind-numbing list of issues with the security of Diebold voting machine procedures, including passwords printed in manuals which the staff can take home, that same password being reused for multiple systems including the on-site machines at polling stations, tamper-resistance measures being omitted, poll supervisors hired without background checks, bicycle locks being used to secure voting machines, one shared key used to 'secure' the memory cards, etc.

'The election process is mainly based on trust,' Ginnold said. 'We trust that poll workers are not going to be tampering with them.'

It's simply insane to replace a known-good voting system (even if it's just First-Past-the-Post instead of Proportional Representation, but that's another issue) with a quick hack like this, IMO.

Please vote anyway, if you're a CA citizen. And not for the fondling meathead, naturally.

DMCA: EFF: Unintended Consequences: Five Years under the DMCA. An incredible list of cases where the DMCA was used unfairly to restrict competition, research, or fair use, some of which I didn't even know about. For example, I didn't realise that the International Information Hiding Workshop Conference will no longer hold conferences on US soil after Professor Ed Felten was threatened over their SDMI paper.

Politics: Michael Moore on how to talk to your conservative brother-in-law. MM may play to the gallery now and again, but sometimes, he's a genius:

Paying workers more money makes you money!
Dear brother-in-law, when you don't pay people enough for them to take care of life's essentials, it ends up costing you and everybody else a lot of money. When you pay your employees more money, what do you think they do with it? Invest it in stocks? Hoard it in offshore accounts? No! They spend it! And what do they spend it on? The stuff you make and sell! If you pay people squat, or lay them off, they can't buy your stuff. They become a drain on the economy; some turn to crime, and when they turn to crime, it's your Mercedes they want, not some junker Oldsmobile in their poor neighbour's driveway.

Science: IgNobel prize winners 2003, including a prize for the nation of Liechtenstein for renting out the entire country for 'corporate conventions, weddings, bar mitzvahs, and other gatherings'.

Idyllwild and Language Trivia

Published October 6, 2003

Life: so myself and C took a one-night-only trip up to Idyllwild this weekend, hiking up to that rock formation and camping overnight. Great fun.

The rock is called 'Suicide Rock'. It's good to see morbid naming is international, but I should note that the prize for best placenames has to go to Victoria, Australia's Mount Buggery, though.

(I drove past Mt. Buggery last year, and, disappointingly, it seems they've renamed it on the official maps. But the other 'I can't believe we're still crossing this bloody mountain range and haven't made it to Melbourne yet' placenames still exist.)

Language: Riverbend blog notes interesting trivia in passing: Winnie the Pooh, in Arabic, is 'Winnie Dabdoob'.

Open Source: GROKLAW on the WSIS fiasco earlier this summer. Briefly, the WSIS -- the World Summit on the Information Society -- came out with a position pro-open-source, and quite a few large companies seemed to say 'eek!' and promptly lobbied as hard as they could to give that line a vasectomy.

Interestingly, they did the same to the spam-related positions, cutting 'a number of proposals, including prosecution of spammers' down to a watery 'take appropriate action on spam at national and international levels'. Snore. Fantastic work, guys.

Weblogs: When did Boing Boing stop taking comments? (looks) seems to be around about this entry of Sep 10. As far as I can see, this is the last comments page.

Shame -- I'm with Jeremy on this one.

Dublin: is this entry, by London's 3W the real winner of the competition to design the new U2 studio in Dublin's Sir John Rogerson's Quay?

when big contracts go bad

Published October 3, 2003

Software: A big-contract software dev horror story from the University of Cambridge. KPMG and Oracle come out of it with a lot of egg on their face. (found on Simon Cozens' blog).

Lee Maguire notes an interesting artifact on the W3C site: 'BenoÃ®t BÃ©zaire'. This is encoded UTF-8 -- which was then turned into HTML entities! Oops...

Booting Linux

Published October 3, 2003

Linux: so it seems one of the GNOME guys wants to rewrite the rc.d boot script system in Python. Eek!

Games: Someone has broken into Valve Software's network and stolen the source code for Half-Life 2 -- shacknews:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

Insanely bad news for Valve. :(

Florida State Government Spammed Me!

Published October 2, 2003

Spam: Well, this is just incredible. I've just been spammed by a .gov domain -- myfloridahousemail.gov.

The irony of my first .gov spam coming from Florida is inescapable.

The message came from an IP address registered to State of Florida/Dept. of Management Services, bldg 4050 esplanade way suite 115d, Tallahassee, FL 32399-0950 US. That address looks genuine. It really does look like it came from the Florida House of Representatives.

And it was sent to a spamtrap which is on a few spammer address lists, but has never been a genuine user address. And, obviously, I don't live in Florida ;)

Read the spam here.

Another bad USPTO software patent

Published October 2, 2003

Patents: MS patents 'phone-home' failure reporting.

There's a catch, in that it's not just plain old 'phone home', as seen in probably a hundred products since 1960 -- they've added a 'match the reported error messages against a db of known issues on the server side' step. So that's vaguely inventive -- well, no, it's totally obvious, but at least nobody I can think of off the top of my head has done that before. (Well, I lie, it sounds a bit like KDE's crash reporting tool which does a similar search before reporting a bug.)

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren't 'examined', they are 'processed'. The examination process is driven by production 'goals'; to be rated in the key rating category of 'Production Goal Achievement' as 'fully successful' you must have at least 95%; less than that you are marginal; less then 90% you are 'unsatisfactory', meaning your entire rating is 'unsatisfactory' meaning a '90 day letter' to get it 'fully successful' else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it's stunningly easy to rip off GPRS customers. Another well-designed system I don't think.

Another bad USPTO software patent

Published October 2, 2003

MS patents 'phone-home' failure reporting.

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren't 'examined', they are 'processed'. The examination process is driven by production 'goals'; to be rated in the key rating category of 'Production Goal Achievement' as 'fully successful' you must have at least 95%; less than that you are marginal; less then 90% you are 'unsatisfactory', meaning your entire rating is 'unsatisfactory' meaning a '90 day letter' to get it 'fully successful' else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it's stunningly easy to rip off GPRS customers. Another well-designed system I don't think.

Shark Sandwich

Published October 2, 2003

Comedy: some Spinal Tap snippets:

a review of a live performance, noting the demise of the band's own Web-based music downloading service, Tapster -- David St. Hubbins is quoted saying 'they shut down Tapster out of force of habit.'
Derek Smalls notes regarding Tapster, 'It has to start with saying, 'look we're worried about being ripped off', so we started TAPSTER ourselves...so we're ripping ourselves off. If a problem comes up, we'll sue ourselves and we'll pocket the difference.' (guess this was before the aforementioned shutdown.)
The A-Z of Spinal Tap: 'For U2's Popmart tour, the show's designer Willie Williams and the band decided the group should emerge from a giant lemon.' ... 'The Edge comes down from the stairs, and to start his guitar he has to kick a switch on his foot-pedal. Well, he ended up on his hands and knees, feeling around for the pedal. Later he said to me, 'There I was at the debut, the premiere opening night, and this voice came into my head: I'm Derek Smalls.''
So, as mentioned in the movie, Nigel and David grew up in Squatney, East London. But did you know that Derek Smalls grew up in Nilford -- 'a 'very small, very wretched, very dire little place' on the River Null, near Wolverhampton. Also known as Nilford-on-Null.'

Daytime Fireballs

Published October 1, 2003

Astronomy: APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.

I saw a similar daytime fireball streak through the sky when I was in Fraser Island in Australia last year; a little bit smaller than this one, mind you ;) Unfortunately, I didn't get a picture in time. Very cool though!

Daytime Fireballs

Published October 1, 2003

APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.

Spammers Now Relaying via SMTP AUTH

Published October 1, 2003

Spam: A nasty new development -- spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)

This ROKSO file indicates one spammer's modus operandi:

These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs - such as with 'admin/admin' - following a certain pattern and hoping to find a combination that lets him in.
An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.
MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.

Incredible. There's no way at the SMTP/IP level to tell that this relay was compromised; blacklisting will definitely cause collateral damage in response; so content analysis is pretty much necessary, as far as I can see.

And in another worrying development: it turns out that the latest Outlook worm, W32.Swen, doesn't bother trying to randomly generate usernames etc. or send via SMTP directly. Instead, it asks the user for their username, password and SMTP server!

Spammers Now Relaying via SMTP AUTH

Published October 1, 2003

A nasty new development -- spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)

This ROKSO file indicates one spammer's modus operandi:

These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs - such as with 'admin/admin' - following a certain pattern and hoping to find a combination that lets him in.

An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.

MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.

Sterling on bad tech

Published September 30, 2003

Bruce Sterling: 10 Technologies That Deserve to Die. I can't disagree with any of these, really -- except for manned spaceflight -- I'm not giving up on that one dammit! ;)

Very informative details of what happened with the NY power failure, from an insider at one of the nuke plants supplying power.

Hooray -- my new Gamecube's arrived!

Quicksilver

Published September 30, 2003

Neal Stephenson's new book upends geek chic -- Paul Boutin, Slate. Three thousand pages?! Yeesh.

find-hidden-word-text – read hidden text in Word docs

Published September 29, 2003

find-hidden-word-text - a command-line UNIX tool to ease the task of discovering hidden text in MS Word documents.

More specifically, it is an implementation of Method 2 from Simon Byers' paper, Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents.

In other words, it'll display just the hidden text (if any exists) in Word docs. Go forth and discover accidental leaks!

Art-Market, ArtPrice, Servergroup, Groupe Serveur etc. spamhaus

Published September 29, 2003

So a few months ago, I setup a cookie-producing mailto honeypot page at foojlist.php.

Well, I just got the first bite -- and it's a live one. It's our old friends at artprice.com. They're a French spamhaus, operating from Saint-Romain-au-Mont-d'Or, France, and reports claim that it's all the work of one guy -- Thierry Ehrmann.

There's lots of reports in USENET, and here's their SBL listing, noting 'extremely intense french spam source.'

This posting to NANAE notes that Colt France are not responding to complaints about them, either -- but notes that 'in France collecting e-mail addresses with the intention to send commercial mails without permission of the holders can be punished by law (article 226-18 of the Code Pe'nal - up to 5 years of prison or 300.000 euro)'. Interesting!

Full details of the spam, and the access_log entries from their web-scraper's accesses, are attached.

Here's the spam:

Received: from mail1.artmarket.com (mail1.artmarket.com [194.242.43.183])
by dogma.slashnull.org (8.11.6/8.11.6) wixh ESMTP id h8SLJZV12710
for < ( email addr deleted ) @fooj.jmason.org>; Sun, 28 Sep 2003 22:19:35 +0100
Date: Sun, 28 Sep 2003 22:19:35 +0100
Message-Id: (spam-protected)
From: A  R  T (spam-protected)
To: < ( email addr deleted ) @fooj.jmason.org>
Subject: [adv] 1700 - 2003  Story of the Art Market
MIME-Version: 1.0
Content-Type: text/html;    charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<HTML><HEAD>
<TITLE>Artists search engine by Artprice TM - copyright Artprice.com</TITLE>
<META http-equiv=''Content-Type'' content=''text/html; charset=iso-8859-1''>
<META name=''UNSUB'' content=''<!--26398522_1-->''>
<META name=''ROBOTS'' content=''NOINDEX''>
</HEAD>
<BODY bgcolor=''#FFFFFF'' text=''#000000''>
<TABLE cellspacing=''0'' cellpadding=''0'' align=''center'' border=''0''>
<TR> 
<TD><IMG src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><A" href="''http://www.artistbiography.com/''><IMG" src="'http://web.artprice.com/img/bio.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><A" href="''http://web.artprice.com''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><A" href="''http://web.artprice.com''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>A</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/HelpBlack.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/AMI/AMInsight.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/nb.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>T</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/E.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>P</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/A.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>I</B></TD>
<TD><IMG src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/3818.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>C</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/L.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>E</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>C</B></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>O</B></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>M</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><A" href="''http://www.artprice.net''><IMG" src="'http://web.artprice.com/img/map.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/L.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD" align=''center''><A href="''http://www.art-online.com''> </A></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><A" href="''http://www.americanartists.com/''><IMG" src="'http://web.artprice.com/img/bio.gif'" border=''0''></A></TD>
<TD align=''center'' bgcolor=''#000000''><B><FONT color=''#FF0000''>A</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/arch02.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B><FONT color=''#FF0000''>R</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD" align=''center''><B><FONT color=''#FF0000''>T</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/3834.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B><FONT color=''#000000''>M</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>A</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD" align=''center''><B>K</B></TD>
<TD><IMG src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><A" href="''http://www.artprice.de''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD" align=''center''><B>E</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>T</B></TD>
<TD><A href="''http://web.artprice.com/corporate/EN/Visite/pages/jb02.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
</TR>
<TR> 
<TD><IMG src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B>C</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><A" href="''http://www.13thcenturyart.com/''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/E.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B>O</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD" align=''center''><B>M</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
</TR>
</TABLE>
<BR><BR><BR>
<TABLE" border=''0'' bgcolor=''#FFFFFF'' align=''center''><TR>
<FORM method=get action=''http://web.artprice.com/en/artistsearch.aspx''><TD>
<A href="''http://web.artprice.com''>
<IMG" src="'http://web.artprice.com/Img/B/artprice_140.gif'" align=''absmiddle'' border=''0'' alt=''artprice''></A> 
<INPUT type=text name=searcharti size=39>
<INPUT type=submit value=''OK'' style=''CURSOR: hand''>
<INPUT type=hidden name=l value=en>
</TD>
</FORM>
</TR></TABLE>
<CENTER>
<FONT size=''1'' face=''Arial''>
THE WORLD LEADER IN ART MARKET INFORMATION - WELT-LEADER IN KUNSTMARKT-INFOS
<BR>LEADER MONDIAL DE L'INFORMATION SUR LE MARCHE 
DE L'ART</FONT>
</CENTER>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<TABLE cellspacing=''3'' background=''http://web.artprice.com/Img/B/pixBl.gif''>
<TR> 
<TD> <FONT face=''Arial'' size=''1''>
<b>To remove</b> your email: (spam-protected)
please click below:<br><a 
href="'http://list.artaddiction.com/?m=(email_address_hidden)%40fooj.jmason.org'>
(spam-protected)
</a><br>
In" case the above link does not work you can go to<br>
http://list.artaddiction.com/<br>
or reply to this message as it is.<br>
Please allow us 72 H for your e-mail to be removed.<br>Thank you for your co-operation. </FONT></TD>
<TD><FONT face=''Arial'' size=''1''>
<b>Pour désinscrire</b> votre email : (spam-protected)
cliquez ci-dessous :<br><a 
(spam-protected)
Si le lien ci-dessus ne fonctionne pas, vous pouvez aller sur :<br>
http://list.artaddiction.com/
<br>ou répondez svp à ce message sans en modifier le contenu.<br>
Votre désinscription sera effective dans les 72 H.<br>Merci de votre coopération. </FONT></TD>
</TR><TR><TD colspan=''2''><FONT size=''1'' face=''Arial''>En conformité avec la loi 
78-17 du 6/1/78 (CNIL), vous pouvez demander à ne plus figurer sur notre 
fichier de routage.<BR>
<IMG src="'http://web.artprice.com/img/LogoArtp_90.jpg'" border=''0'' align=''absmiddle''>IX 
:28<BR>
</FONT><FONT face=''Arial, Helvetica, sans-serif'' size=''1''>Artprice.com - Domaine 
de la Source BP 69 - F-69270 St Romain au Mont D'or - RCS : 411 309 198</FONT></TD>
</TR></TABLE></BODY></HTML>

And, after decoding the address it was sent to, here's the access_log entries the address was scraped with:

194.242.43.13 - - [26/Sep/2003:21:09:34 +0100] ''GET /foojlist.php HTTP/1.0'' 200 4066 ''-'' ''Art-Online.com 0.9(Beta)''

That's one line from their scraping run, during which they scraped every single page on spamassassin.taint.org, including tar and zip archives, CGI scripts, everything -- making 534 requests between 21:07:31 and 21:16:49.

The Google File System

Published September 28, 2003

Boing Boing links to a paper on the design of the Google Filesystem, Google's in-house redundant-array-of-inexpensive-PCs cluster filesystem.

It's very, very nice -- and full of interesting tidbits about Google's architecture.

'the system must efficiently implement well-defined semantics for
- multiple clients that concurrently append to the same file. Our files are often used as producer- consumer queues or for many-way merging. Hundreds of producers, running one per machine, will concurrently append to a file. Atomicity with minimal synchronization overhead is essential. The file may be read later, or a consumer may be reading through the file simultaneously.'
'The workloads also have many large, sequential writes that append data to files. Typical operation sizes are similar to those for reads. Once written, files are seldom modified again. Small writes at arbitrary positions in a file are supported but do not have to be effcient.'

A perfect example of traditional UNIX system design!

You Might Be An Anti-Spam Kook If…

Published September 27, 2003

You Might Be An Anti-Spam Kook If... -- very funny list from Vernon Schryver, concerning the many Final Ultimate Solutions to the Spam Problem (FUSSP) (link via Raph).

Raph says he, too, has a FUSSP, but says 'I realize that using a trust metric to defeat spam, while probably effective, won't be easy.' Nevertheless, I'd be interested in hearing it, for one. Go on Raph, write it up! ;)

Funny: Whisky boss 'amazed' by spy interest: 'The boss of a tiny Scottish distillery says he is amazed to learn that US spies have been monitoring his whisky plant for weapons of mass destruction.'

Ishkur’s Guide

Published September 27, 2003

Ishkur's Guide to Electronic Music v2.0, via MeFi.

Not bad at all! It actually has 2 Congo Natty tracks listed -- even if it gets the name wrong for one of them ;) I'll nitpick, though; the categories around drum and bass, ragga jungle, jungle, and breakbeat are a bit randomly-connected together; they didn't really tie together that way at all IMO. And he randomly decided that hardcore should be renamed 'breakcore', created a new category for all that gabba shite, then called it hardcore. But hey... if you're going to try to make some kind of sense out of it, you have to break some eggs, and never mind -- there's lots of nice samples!

BTW I can't believe he lists Rob Hubbard's theme music to Zoids in the Techno/VGM category. Has someone really released that?

And in passing, I should note, the description for 'Not Trance' under 'Trance' is spot on. As are many of the other recent trance/house-related categories. And, alright, some of the recent d'n'b categories too...

Happy 20th birthday, GNU!

Published September 26, 2003

20 years ago tomorrow, on 27th September 1983, the GNU project was announced:

Free Unix!

Starting this Thanksgiving I am going to write a complete Unix-compatible software system called GNU (for Gnu's Not Unix), and give it away free to everyone who can use it. Contributions of time, money, programs and equipment are greatly needed. ......

So that I can continue to use computers without violating my principles, I have decided to put together a sufficient body of free software so that I will be able to get along without any software that is not free.

Thanks to Ciaran O'Riordan for pointing this out!

I Say Risbubh

Published September 25, 2003

I keep getting this one, with a question about whether spammers can use it to get past filters:

Aoccdrnig to rceent rsceearch at an Birtsih uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.

Firstly, it's a crock. That text is incomprehensible! Plus, it's not entirely truthful in its message -- try this variant, which really does make the 'rset' a 'toatl mses':

Aidnroccg to rceent rrceesah at a Biitsrh usvitrneiy ...

Or maybe it's just me who has to spend about 10 times as long trying to comprehend it. (Or maybe my font's too small. whatever...)

Secondly, every 'trick' that results in spammers embedding large up-front blocks of readable text in their mails, scrambling letters around like that, using l33t-sp3ak, i n s e rt i n gs p ac e s, 92384 adding lsdjfgk random foo words to viagra confuse filters, etc. etc. will do nothing but hurt them.

Bear in mind they make money from spam by making sales -- if they have to increasingly obfuscate their message to get through, their would-be 'customers' will not be able to read the messages, their sales will go down, and spamming will become unprofitable.

Remember: if the costs of spamming goes up (through effective filters, increasing complexity to evade detection, and legislation to prosecute them), and the returns go down, the spamming becomes unprofitable and more spammers will give up.

Good news on software patents

Published September 25, 2003

Great news from the European Parliament -- the good amendments have been passed and it looks a lot better. James Heald of FFII is quoted as saying 'the directive text as amended by the European Parliament clearly excludes software patents. It hangs together incredibly cohesively.'

Congratulations to our MEPs who grasped the highly technical nuances of the issue, and voted the right way, and to the groups who advised them so well. No congrats to me who went on holidays just before this vote. ;)

Now, all that remains is to ensure that the Council of Ministers also do the right thing; unfortunately FFII note that 'in the past, the Council of Ministers has left patent policy decisions to its patent policy working party, which consists of patent law experts who are also sitting on the administrative council of the European Patent Office (EPO). This group has been one of the most determined promoters of unlimited patentability, including program claims, in Europe.' Not encouraging.

Meta: still catching up and getting through the jetlag...

Back

Published September 23, 2003

Back from a great week-and-a-half in Ireland. Lots of fun (and Guinness) was had, Luke and Lean were successfully married, Ireland is officially the most beautiful country in the world, weather was amazing, got to meet up with virtually everyone, and I'm now back at the computer catching up.

Of course, some git has joe-jobbed both myself and a mailing list I'm on, so there's thousands of bounce messages as a result and the server is slow as a wet week. Argh. But at least the SoBig onslaught has died down a bit.

Interestingly, I reported some spam to SpamCop a week or two before the joe-job. I wonder if the two really are connected -- ie. report spam, and the spammers will decode the listwashing tokens from their mails, figure out your email address, and add you to their 'enemies list'?

This is the first time I've reported spam to SpamCop in a long time, and the first joe-job I've been victim of. It seems like more than a coincidence, IMO.

On hols

Published September 11, 2003

I'm in Ireland for my friends' wedding for the next week and a half, so blogging will be infrequent. ;)

Ireland or Iraq?

Published September 9, 2003

In this article by Salam Pax, about how he got into weblogging, he says:

While the world was moving on to high-speed internet, we were being told it was overrated.

Heh, sounds like an Eircom quote ;)

Leni Riefenstahl, suing 12-year-olds and FFB

Published September 9, 2003

Leni Riefenstahl dead at 101 (CNN). Riefenstahl's Triumph of the Will, the 1934 Nazi propaganda film, is rightly famous -- it's technically excellent -- but became a millstone around her neck for the rest of her life. To my mind, this lesson illustrates that an artist (or scientist) can never divorce the work one does from that work's implications to society.

Music: 12-year-old sued for downloading music. ' 'I got really scared. My stomach is all turning,' Brianna said last night at the city Housing Authority apartment where she lives with her mom and her 9-year-old brother.' Way to go, RIAA.

Spam: Paul Graham: a spam filter that fights back. Basically auto-spidering URLs found in spam messages as a form of anti-spam DDoS.

Microtution spam warning

Published September 9, 2003

Just received a mail from a bunch called 'microtution', looking to write a collaborative political weblog. More details here.

But hold on there -- this was an out-and-out spam, sent via an open proxy, using a spam tool, with faked headers, to a spamtrap address they scraped from one of my sites. Anyone considering helping out on this collaborative weblog might like to consider who they're helping.

The mail was sent from 213.176.81.230, direct to my MX, from 'Fredericka' <promiseman@promiseman.com>, Subject 'need help with political blog'.

Penguinitis

Published September 9, 2003

Good interview with Samba's Tridge. He explains where the penguin mascot came from -- I never knew the linux penguin was in fact a fairy penguin! All those trips bringing visitors to Phillip Island while I was in Melbourne were not wasted then. ;)

Some time later Linus was looking for a mascot for Linux, and apparently the incident at the National Aquarium helped influence him towards choosing a penguin. If you go there now you will see a little plaque commemorating the fateful day when Linus caught 'penguinitis' from one of the fairy penguins in the enclosure (the 6ft one, of course).

ha ha ha ha

Published September 8, 2003

ThisIsLondon: 'David Blaine thought he was ready for anything. The US illusionist suspended in a glass box over London had prepared himself for 44 days of starvation, loneliness and boredom.

But there was one thing he had not planned for - Londoners.

... the prize for invention went to golfers who teed up with clubs on Tower Bridge and tried hitting the box with golf balls.'

Back again

Published September 8, 2003

So I'm back -- I was up in Sunnyvale last week, on a work trip. Met up with Dan Kohn for the first time, which was great, and also had an impromptu SpamAssassin summit with Craig and Dan Quinlan -- and got to meet the newest arrival in the Hughes family, the very cute Evan Alice.

I was hoping to meet up with a few more people, but didn't quite organise it in the limited time there. Maybe next visit!

ObLAvBayAreaComment: Amazing how much better the drivers are up there, too. ;)

Still averaging about 68 SoBig.F virus mails, at about 100Kb each, for a total of about 7Mb per hour. That means my 'reject' mailbox is at 412 megs since Friday afternoon. Beats Charlie Strosser's figures ;)

It's all getting quietly bitbucketed, but the side-effects are still nasty. Take a look at this, for example; someone at adjv503ry3ec.ab.hsia.telus.net (142.59.69.220) has been spewing SoBig.F's at the FoRK list, using my address, non-stop for weeks. Argh.

Patents: Richard Allen MP tackles the thorny software patents issue. It's great being able to follow his thinking on these lines -- more politicians should consider starting a weblog along these lines. True transparency.

Much better than Arlene McCarthy's railing against 'The Misinformation Campaign ... by the Free Software Alliance', whoever they are... I particularly like this statement from her PR:

If we were to follow the demands of these lobbyists then we would be handing over inventions to US multinationals and getting no return on our R&D investments in the field of computer implemented inventions. This will sound the death knell for our brightest and best European inventors, whilst the US and Japan will demand licence fees from European companies for the use of their patents. Without patent protection there will be no financial incentive for our most creative industries to develop genuine inventions.

... but -- given that (a) software patents cannot currently be enforced in Europe, and (b) that 77% of the (currently-unenforceable) EPO software patents are registered already to non-EU companies, the only way for the US and Japan to 'demand licence fees from European companies for the use of their patents' would be if McCarthy's proposed directive was passed, allowing those patents to be enforced in the EU. Oops -- own goal!

VR: so I don't lose this, Jaron Lanier's 11 reasons why Virtual Reality has not yet become commonplace.

History: Came across the original SpamAssassin pre-release 'try it out' mail:

after quite of while of thinking about it, I've finally rewritten the spam filter I've been using for a while, and released it as free software.

It's called SpamAssassin, and it's a mail filter to identify spam using text analysis. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify spam, which it then tags for later filtering using the user's own mail user-agent application.

Urban Design and Vogon Poetry

Published August 30, 2003

via Boing Boing, Stating the bleeding obvious: if you drive instead of walk, you get fat. Well, duh!

But the alternative is, if you walk or cycle instead of drive, you'll get killed. 'American pedestrians are roughly three times more likely to be killed by a passing car than are German pedestrians - and more than six times more likely than Dutch pedestrians. For bicyclists, Americans are twice as likely to be killed as Germans and more than three times as likely as Dutch cyclists.'

However, Irvine has some of the best cycling infrastructure (and weather) I've ever seen -- except nobody uses it, apart from the weekender recreational cyclists.

Can't figure out why -- I guess it's just a cultural thing; everyone drives, and people cycling or walking near some cars seems to give the drivers heart attacks. (Seriously. The other night, a driver honked and slowed to a crawl after spotting myself and Catherine walking along -- on the sidewalk, 10 feet from the roadway. And not making any sudden movements, either.)

As Kasia said, s/Connecticut//:

You can do all sorts of weird things in Connecticut suburbs, from walking your cat on a leash to painting tiger stripes on your car -- but strap a camera to your back and take out the two wheeler for a spin and you're the weirdest thing since the Keebler elves.

The EU Software Patent protest makes Indymedia. interesting intersection!

But I think they could have looked into the translation issues a bit more; 'software patents kill efficient software development' isn't exactly urgent enough ;) Also -- is the idea of the software patents song and mime a sort of 'stop patents through Vogon poetry' thing?

Baghdad Burning scraped RSS, via Sitescooper RSS feeds.

Decent C String APIs

Published August 30, 2003

meanwhile, back in C-land...

strlcpy() - a replacement for strcpy() and strncpy(), with some very nice performance figures.

I usually use snprintf() to do this, but even that has differint semantics between platforms which needs workarounds. Plus the perf numbers regarding strlcpy() are nice. Plus it's BSD-licensed. (Found via Linux Weekly News.)

In passing, it's worth noting that strncpy() imposes a pretty hefty performance hit (4x - 10x in tests there), due to a wierd specified behaviour; it NULs out unused parts of the buffer! ouch.

See also MS' strsafe APIs. However, the code for that is available only on Windows, which makes it pretty much useless for most C code I'd be writing, and they note 'performance hits'.

Vendor liability in US spam law proposal

Published August 30, 2003

Good presentation by Anne Mitchell, ex-Habeas CEO, now of ISIPP -- 'False Positives: the Baby in the Bathwater' and 'Putting the Responsibility for Spam where it Belongs: The Case for Vendor Liability' (PDF, 317KiB). Note this bit:

In June of 2003, ISIPP's Anne Mitchell worked closely with Senator John McCain's office to help develop and draft legislation which would hold vendors liable for advertising in spam.
This legislative draft was introduced as an amendment to the Burns-Wyden CAN-SPAM Act, and adopted by committee as part of the bill. Vendor liability is now part of the Burns-Wyden bill.
The proposed legislation makes liable any vendor who advertises in spam which violates the general provisions of the law.
Exceptions are made if the vendor truly did not know, and could not have been reasonably expected to know, that their information would go out in spam.

That could be interesting.

Time Traveller Spammer caught

Published August 29, 2003

Wired: Turn Back the Spam of Time. An article about the time-travel spammer, now fingered as Robert 'Robby' Todino:

The anonymous e-mail offered $5,000 to any vendor capable of promptly delivering a collection of far-fetched gadgets for conducting time travel. Among the mysterious devices sought by the message's author were an 'Acme 5X24 series time transducing capacitor with built-in temporal displacement' and an 'AMD Dimensional Warp Generator module containing the GRC79 induction motor.'

He's genuinely interested, it seems -- but has a few psychological difficulties. (Thanks to Gary Stock for spotting it.)

Brehon Law, Pepys’ rival, and some really bad food

Published August 29, 2003

2 history lessons today: Dervala writes about the Brehon Laws of ancient Ireland. Dervala's weblog has become a great source of smart reading material, and is firmly on my daily list.

History: The Electronic Telegraph: Code-breaker reveals a diarist to rival Pepys (via forteana). Not quite as saucy as old Sam, though; he was a Puritan. Shame.

Food: The World's Worst Food, courtesy of Joe McNally via NTK. A bit short of the traditional brain/tongue/tripe dishes however. (Relevant: low grade meat products, urgh.)

SCOvEveryone: Economist interview with Darl McBride of SCO. Interestingly, it notes 'in 1998, Mr McBride himself won what he calls a 'seven-figure settlement' by suing his employer at the time, IKON Office Solutions (who, he says, had breached contract by urging him to move to an office outside Utah).' Nice! However, the SCO management page doesn't mention that, for some reason... (Link)

Date: Fri, 29 Aug 2003 09:45:13 +0100
From: "Martin Adamson" (spam-protected)
To: (spam-protected)
Subject: Code-breaker reveals a diarist to rival Pepys

The Electronic Telegraph: Code-breaker reveals a diarist to rival Pepys

(Filed: 29/08/2003)

A Puritan's journal written in cryptic shorthand to foil the King's men paints a vivid picture of 1600s London, reports Will Bennett

A remarkable million-word account of life in late 17th century England which is as vivid as Samuel Pepys's diary has been transcribed by experts after lying largely forgotten for more than three centuries.

A specialist code-breaker was brought in to crack the shorthand that Roger Morrice, a Puritan minister turned political journalist, used in part of the diary to stop the King's agents reading it.

While Pepys's often hedonistic diary was long regarded as the most detailed record of life in Restoration England, Morrice's more strait-laced Entring Book gathered dust in a little-known British library.

The Entring Book was acquired by Dr Williams's Library in London, which specialises in the history of English Nonconformist churches, in the early 18th century and it remained there until a few years ago.

Then a team of academics based at Cambridge University launched a project to transcribe the diary, which covers the years 1677 to 1691 and presents an entirely different view of late 17th century England from that of Pepys.

Now the transcription has been completed and six volumes of Morrice's well-informed account of a turbulent period during which England was ruled by three different monarchs will be published in 2005.

About 40,000 words of the diary were in code and the team, led by the Cambridge academic Dr Mark Goldie, brought in an expert in 17th century shorthand to reveal for the first time what Morrice had written.

"At that time you could be arrested for sending newsletters and information around the country and so he did not want Charles II's and James II's agents to see what he had written," said Dr Goldie.

The shorthand expert, Dr Frances Henderson, from Oxford, not only cracked the code but discovered the names of some of Morrice's contacts, whose names he had written in cipher to protect their identities.

Then, as now, journalists had government sources, and Dr Henderson found that Morrice got much of his information from a man called Collins, an official at the Privy Council who was prepared to leak information to him.

As a convinced Puritan, Morrice was extremely critical of what he saw as the moral laxity of Restoration England. He described Tunbridge Wells, then a fashionable spa patronised by royalty, as "the most debauched town in the kingdom".

With evident approval, he reported the reaction of Ben Haddi Mor, the Moroccan ambassador to London, when some Englishmen urged the diplomat to "receive a whore into his bed".

"He said to our great rebuke and shame, 'My religion forbids whores, does not yours?'," wrote Morrice. "He said 'that when I come home I shall then be counted a liar in my own country for my master will not believe me that so many ladies came open-faced with bare breasts to see me'."

In the winter of 1683-84 the Thames froze so hard that coaches travelled across the ice, an ox was roasted and bullbaiting and other sports were held on the river's surface.

"The concourse and all manner of debauchery upon the Thames continued upon Lord's day and Monday the 3rd and 4th of this instant," wrote Morrice disapprovingly.

Morrice used one of his sources to get information about the birth of James Stuart, the Catholic heir to James II and later the Old Pretender.

"The child was a large full child in the head and the upper parts but not suitably proportioned in the lower parts," wrote Morris scathingly, appalled by the prospect of another Catholic monarch.

However, just a few months later Prince William of Orange's troops marched into London and installed the Protestant Dutchman as William III.

Morrice wrote that women "shook his soldiers by the hand as they came by and cried, 'Welcome, welcome, God bless you, you came to redeem our religion, laws, liberties and lives' ".

Voight-Kampff and Plugins

Published August 29, 2003

an SF free-sheet has applied the one test that really matters to the current SF mayoral candidates:

Is a particular candidate human or an insidious replicant, possessed of physical strength and computational abilities far exceeding our own, but lacking empathy and possibly even bent on our destruction as a species?

It's the Voight-Kampff Test. No, not the band, this one. The results are hilarious:

TW: You're in a desert walking along in the sand when all of the sudden you look down, and you see a tortoise, Tom, it's crawling toward you. You reach down, you flip the tortoise over on its back, Tom. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't, not without your help. But you're not helping. Why is that, Tom?

Tom Ammiano: That's interesting. I don't know. I'm a republican?

(thanks Ben!)

Patents: The W3C has set up a new list to evaluate ways to work around the Eolas patent on plugins, which, after all, are part of the HTML specification.

Good. I never liked plugins anyway, always playing loud music, halting the browser while they start up, or crashing the lot with their buggy spyware code. Good riddance! Now we can get back to the sensible 'helper application in a separate window' paradigm ;)

Download Caps: Pay To Receive Viruses

Published August 28, 2003

Many non-US-based broadband systems impose a download cap -- a limit on how much data a customer can download in one month. In some of the Irish ISPs' cases, it's 3Gb of data per month, with hefty per-Mb charges after that.

Well, here's something. I filter my mail for viruses and spam on my server, and divert the viruses off to a side folder. I just checked, and that folder contains 1 gigabyte of virus data, received since SoBig.F started up last week.

Given that most users don't have a colocated server to divert their viruses on, and therefore would have had to download that 1 gigabyte of virus mail before their virus scanner got to take a look -- that's a hefty third of the download cap gone, due to a virus.

I wonder if Eircom, Telstra down under, and the other capping ISPs, will be giving their customers refunds as a result?

(BTW, by contrast, I only received 10 megs of spam.)

McCarthy report withdrawn

Published August 28, 2003

Apparently, the McCarthy report -- which would have legalised software patents in Europe -- has been withdrawn from debate for this EuroParl session.

'It's been sent back to the committee stage to be fixed because there was too much contraversy or too many amendments requested. It will go to plenary again after JURI do some more work on it. Possibly september 22nd, probably early October.'

And you thought it couldn’t get crazier

Published August 27, 2003

This is absolute insanity. Let's say you're buying a car, and you're checking out what will work out best, between an SUV and a fuel-efficient hybrid, money-wise. Let's check the options:

SUV: $86,000 in tax breaks
hybrid: $2,000 tax break

Unbelievable.

But don't worry -- there'll be plenty of gas to run the SUVs, since the US is checking the possibility of pumping oil from Iraq to Israel. (That's assuming the entire Arab world doesn't turn into a seething pit of 'told you so' hatred as a result, but hey....)

As Yoz says, 'How To Blow Up The Middle East In One Easy Step':

yozlet: They saved the game before they did this, right? Right?

Bilskirnir: Two US senators responsible for MPAA regulation may be up for lucrative $US1.15 million jobs as lobbyists with the same organisation:

'It's obscene for Tauzin and Breaux to be in the running for the MPAA, the fattest media lobbying job in Washington, while advocating in Congress on behalf of companies that control the MPAA,' said Robert McChesney, Professor of Communications at the University of Illinois at Urbana-Champaign. 'It tends to confirm what the vast majority of Americans have suspected - relaxed media ownership rules are an X-rated exercise in power and influence.'

As Nathan points out, an analogue of non-compete agreements, for would-be politicians-turned-lobbyists, would be a good way to deal with this one.

Tech: in more calming news: Dell Patents 'Reboot and See If That Fixes It' Technical Support Process (BBSpot via Craig).

Red Bull

Published August 27, 2003

Red Bull was made in Thailand -- I never realise it went from Thailand to Europe instead of vice-versa. (link via the great 2bangkok.)

Also, via Ben -- an amazing account of what recovering your vision feels like after 43 years of blindness...

Wow

Published August 25, 2003

BBC to create the BBC Creative Archive. This is insanely cool. Danny O'Brien has written a fantastic overview, so read that for more details. But check out this quote:

I believe that we are about to move into a second phase of the digital revolution, a phase which will be more about public than private value; about free, not pay services; about inclusivity, not exclusion.

In particular, it will be about how public money can be combined with new digital technologies to transform everyone's lives.

That's BBC Director General Greg Dyke totally 'getting it'. So cool.

Italy now opt-in-only, SoBig.F phones home

Published August 22, 2003

Heads up for all the businesses out there sending mail to European customers -- the EU E-Privacy Directive is now coming into force. Italy is the latest country to implement it; so businesses mailing Italian customers or prospects may wish to make sure that they abide by these rules:

Companies may send direct marketing email only to customers and subscribers who have given their prior consent to receiving such, either by subscribing explicitly or by providing their details during a prior transaction, such as a purchase.
Forged headers and other means of disguising or concealing the sender's identity is illegal.
All messages must bear opt-out details as well.
Apparently, in the Italian rendition, senders may also 'collect' addresses but must immediately give the user a clear opportunity to opt-out at that point -- but as far as I know this isn't in the core EU directive.

Similar laws will be coming in all over Europe, so USian senders should really pay attention: opt-in -- it's not just a good idea, it's the law (in Europe at least ;).

Malware: It sounds like SoBig.F is about to call home for new code (scroll down to 'Downloading Functionality'). This is not good. :( Block port 8998/udp.

SoBig.F, the assorted bounce messages from forged SoBig.F mails, the assorted replies from autoresponders and list admin software from forged SoBig.F mails, and (of all things) user complaints about the forged mails (argh! surely they know they're forgeries by now!) are really driving me up the wall. As I check my mail, there's at least 400 of these messages this morning alone.

IP: Lessig lays into USPTO director: 'If Lois Boland said this, then she should be asked to resign.' ... 'That someone who doesn't understand them is at a high level of this government just shows how extreme IP policy in America has become.'

Slammer crashed nuke power plant safety systems for 5 hours

Published August 21, 2003

Slammer worm crashed nuclear power plant safety systems for 5 hours (SecurityFocus).

Humour: BBspot: SpamAssassin Unveils New HomeAssassin Product for Unwelcome Visitors.

Aside: I wonder if the team behind NPR's Day to Day program realise how close that name is to the classic Chris Morris/Armando Ianucci UK fake news programme, The Day Today. Hopefully there'll be less sports reports from Alan Partridge on the NPR version...

More SCO: the Vegas show in full

Published August 21, 2003

a must-read: Bruce Perens posts and then demolishes the Las Vegas slideshow comprehensively, demonstrating that one of the code snippets SCO showed did in fact date from 1973, not 1979; and the other snippet was a clean-room reimplementation based on the published specification for the Berkeley Packet Filter, and the SCO code most likely came from the BSD-licensed implementation.

That raises two points: 1. the SCO 'pattern-recognition team' need to go back to Google school; 2. why didn't the SCO implementation of the BPF code maintain the legal copyright attribution text it was supposed to include, so they would have noticed this when out 'recognising' 'patterns'?

I'm looking forward to this getting to court eventually...