Whoa, I think I was on that bus a year ago! As I recall, that area of
Laos is still noted for occasional bandit attacks...
|
Jhai
Foundation Remote Villages Network.
An
update from Lee,
New FAQ's,
Security Issues and
If You Need a Press Visa
<
p>
Contacts:
<
p>
Jesse Thorn 1 415 225 1665,
Earl Mardle 612 9787 4527,
|
Jhai's
Enthusiastic "Ground Level"
support team.
|
From
Lee Thorn in Laos
Dear friends,
We are on
track and we will launch on 13 February. Lee Felsenstein arrived last
night and is whipping us into shape in his gentle, nerdish way. Ed Gaible
arrived with him and is now up a tree on a mountain above the village
of Phon Kham. All of us - about 40 people between the village and our
staff and volunteers - are working hard and our spirits are high.
A
Sad Day For Laos
Some
of you may have heard about a 'terrorist attack' in Laos yesterday. The
reports are true. Eight People on a bus and two people on motorcycles
were killed after a robbery. Two of them were internationals. Their identities
and nationalities have not yet been confirmed. The attackers are thought
to be Lao citizens, probably Hmong, possibly still caught up in the war
that ended 28 years ago here. This will not be confirmed until they are
caught.
This incident
took place more than 30 km North of Vang Vieng or about 100 km North of
our launch site. This is a sad day in Laos.
Security
Arrangements For The Launch
As I write, Vorasone Dengkayaphichith, our great country coordinator,
is meeting with officials in Hin Heup District and Vientiane Province
to make final arrangements for security for all people at our launch and
party on 13 February. Vor and I know many, many children in the village
of Phon Kham and the other villages and Bounthanh has nieces and nephews,
and sisters and brothers and her parents there, too. Those children will
be safe - and, I believe, we will be safe, too.
Our remote
village project is a sophisticated, appropriate high tech endeavor designed
by Lee Felsenstein and his excellent team specifically for the needs as
expressed by the villagers who are getting the system.
And this
project rests in Jhai Foundation, ... which is a reconciliation organization
which, now, has worked for over five years in Laos, and nearly three,
now, on state-of-the-art IT projects. Jhai Foundation is we people in
it and our relationships - and there are hundreds of us doing something
every day - and we are located all over the world.
Reconciliation,
like peace - and like development - is the opposite of war. Reconciliation
is the process of recognizing our connection - something that always was
and always will be, something very, very valuable. Jhai - in Lao - means
the spirit and energy of connection, as well as hearts and minds working
together ... and many other similar things. It is neutral. It is up to
us how we act, how we respect.
War and peace
are matters of choice. Sometimes we choose to close down and kill. For
this - I know and most Lao people know - you pay until you die. The price
is unbelievably huge. Other times we choose to open up and connect. For
this - thanks to Lao people who teach me about this daily by the way the
are and act - I know you get the chance for joy, the chance to recognize
others as just plain people ... and the chance to know and like yourself.
The choice, it seems, is easy. What shall we take?
In an age
of terrorism - which breeds fear like a virus - it is best to connect.
We choose to connect, to move forward, to do what we can do - with you
-
to help some poor folks who are friends of ours connect with one another
and when they want to, with us. The benefit, we hope, is unbelievably
huge.
-
Come to our
launch. We will dazzle you with fun!
Join us,
Lee Thorn
chair, Jhai Foundation
PS Please
do not hesitate to consult our FAQ or to email
Jesse
Thorn, .
If you need to talk with one of us in Laos, that can be arranged.
New
FAQ's
What
Were The Greatest Problems To Create The Technical Solution?
From
Jhai's perspective it has been funding and localization. We have done
this on a very small budget - lower five digits in US dollars - with the
help of many engineers and other technical people. The technical lead
was taken by renown computer designer Lee Felsenstein.
A team of
over 20 people donated their time. This time is worth, we estimate, perhaps
$0.5 million. Localization has not been easy. For example, the team had
to create new Unicode mappings for existing fonts. The relation of English
to Lao is anything but direct.
Which
Impact Will The Internet Access Probably Have On The Villagers?
They believe it will give them the opportunity to have a closer relationship
with their extended families and to get better prices for their products
at market. It is like a road for them.
Is
A Prototype Already Working?
We have tested all components. The Jhai PC works. We are now completing
the 'marriage' of the software and the hardware.
Do
You Think The Jhai PC Will Help Bring Access To Remote Sites In Other
Countries As Well?
The answer is 'yes'. We have had inquiries from 40 countries and we expect
observers from about several major development funding agencies to see
our launch in the village of Phon Kham on 13 February.
We designed
specifically in terms of the expressed needs of people in five villages
that have no electricity, no phones or hope of cell phone connectivity,
and no good roads in the rainy season. I learned years ago from the Independent
Living Movement of People with Disabilities that when people design for
the folks with the most challenges, the tool works for many people equally
or less challenged.
I
suspect this principle works with the Jhai Computer and Communications
System.
How
Important Is The Way Jhai Works?
I suspect that our development efforts - using the reconciliation model
we have developed based on relationships between people on opposite sides
of a devastating war, also will have wide application. Jhai Foundation
and the villagers of Phon Kham have gotten to know each other over five
years. Each of us brings our whole selves and our whole experience to
the table. We all are through with war. It is amazing what happens when
people are willing to stay in the room and communicate - no matter how
hard it is.
Many technology
projects fail because the application becomes focused on the technology
first; that often doesn't work. Jhai's model focuses on people and communication,
the need for the technology grows out of that. We get to the technology
through communication, not the other way round.
Press
Visa Requirements
If you plan on coming to the launch and you are press, please make arrangements
for a press visa and minder immediately. Jhai may be able to help if you
follow these steps:
-
Send the
following Information to
-
Email
Subject Line:
PLEASE RUN PRESS VISA PERMISSION
-
In the
email we need the following information:
-
Full
-
name as it appears on the person's passport
-
Country
of the passport
-
Passport
Number
-
Date
of Arrival in Laos
-
Date
of Departure from Laos
-
Explicit
detailed list of any equipment (taperecorders, cameras, etc.) you are
bringing.
Including BRAND NAME and MODEL #.
-
Complete
Laotian itinerary in detail. For example,
-
-
11 and
12 February - Travel to Phon Hong, Vientiane Province
-
13 and
14 February - Travel to Phon Kham, Vientiane Province 13 Feb.
-
15 February
Depart Vientiane
subject line of the week -- sounds like the spammer's been
listening to Homer's Vocabulary Builder tape:
Subject: < Hi Jm, I am Bella, concupiscent youngster >
Matt journals
a snippet from Apple's eNews newsletter (originally forwarded by Skip
Montanaro on the spambayes list), as follows:
Delivering a One-Two Punch to Spammers
Yes, Mac OS X Mail can help you deliver a staggering blow to spammers.
Simply pull down the Mail menu, choose Junk Mail, and select
Automatic. The next time you receive email, Mail will move suspect
email into a Junk folder.
Now you're ready to deliver a real knockout punch to spammers by
taking advantage of yet another potent spam-fighting weapon:
-
Click on the Junk folder.
-
Type Command-a to select all of the email in the Junk folder.
-
Choose Bounce to Sender from the Message menu.
Mail will return the selected messages to the senders marked User
unknown, making them think your email address invalid, encouraging
them to drop you from their lists, and, thus, eliminating spam at its
source.
Read on for details as to why this does not work (warning: long).
Subject: Bad move, Apple
From: Skip Montanaro (spam-protected)
Date: Thu, 6 Feb 2003 11:45:24 -0600 (17:45 GMT)
To: (spam-protected)
Got this in today's Apple eNews mailing:
-
Delivering a One-Two Punch to Spammers
.........................................
Yes, Mac OS X Mail can help you deliver a staggering blow to
spammers. Simply pull down the Mail menu, choose Junk Mail, and
select Automatic. The next time you receive email, Mail will
move suspect email into a Junk folder.
Now you're ready to deliver a real knockout punch to spammers
by taking advantage of yet another potent spam-fighting weapon:
-
Click on the Junk folder.
-
Type Command-a to select all of the email in the Junk folder.
-
Choose "Bounce to Sender" from the Message menu.
Mail will return the selected messages to the senders marked
"User unknown," making them think your email address invalid,
encouraging them to drop you from their lists, and, thus,
eliminating spam at its source.
http://www.apple.com/macosx/jaguar/mail.html
Justin's comments:
This sounds like an attractive idea at first -- mail 'user unknown'
Delivery Status Notifications back to the spammers, and they'll take your
address off their lists. However, it doesn't work, and may actually send
more noise to non-spammers. Here's why.
-
First of all, most spam these days is sent using one of three
-
originating-address methods. The first is totally randomly generated
From, Reply-To and/or Errors-To addresses, typically at a big ISP like
Yahoo! or Hotmail. So replying to these with a 'user unknown' DSN will
result in nothing more than wasting your own, and that ISP's, bandwidth,
as the address never existed anyway.
-
The second method is for the spammers to use a random address plucked
from the same 'addresses to spam' list your name is on. So your 'user
unknown' DSN will be sent to someone else on the spam-list,
increasing the amount of crap they get in their mailbox. Oops.
-
Third is the joe-job. This is where the spammer has deliberately
picked the address of someone they dislike, so that a barrage of
complaints, legitimate 'user unknown' messages, and -- yes -- forged
'user unknown' messages! -- will be sent to that person. Generally, if
an spam-fighter gets joe-jobbed, you can be sure they're doing
something right ;)
Next -- even if the spammers were to see your 'user unknown' message,
they do not act on it:
-
There is a way for 'user unknown' messages to be communicated back to
-
the spammer (by doing it in the very first SMTP transaction). However,
many folks who have tried this method have noted that it has no effect;
spamware tools take a 'fire and forget' approach.
After all, spammers want to send the mail as fast as possible,
before they're blocked from the relay or proxy they're abusing, and
before the DNSBLs and Razor react. So the method is simply to send as
much mail as possible, without waiting for replies, and with as little
identifying information as possible (to make it hard for them to be
tracked down). In other words, any data coming back from the
receiver is worthless to them, and may in fact get them shut down, so
must be avoided.
-
Another factor is that, if your address is one of those 'Addresses on
CD', you've got hundreds of spammers you'll need to send bounces to (and
hope they honour them). Each one of those spammers has a different copy
of the address list, so removal from one -- if it happens -- won't help
with removal from the others.
-
Yet another aspect is that they do not want to reduce the number of
addresses they send to. Spam economics is such that 2,000,000 addresses
on CD are worth more than 1,000,000 addresses on CD, and who cares if
half of them bounce, 'cos you've paid your money already ;)
So, anyway, that's why sending fake-bounces in response to spam is bad.
One pay-off, however, is that it makes the creation of spam-traps easy:
HOW TO MAKE A SPAM-TRAP
-
Take an old account that gets too much spam, set up an auto-reply saying
-
"this person has moved to (spam-protected) (although
probably using a less machine-readable address format).
-
3 months later, delete the account so it bounces with 'user unknown'.
That should clear out all the well-behaved mailing lists.
-
6 months later, redirect it to yourself and monitor it, to catch the
badly-behaved legitimate bulk mailers who do not handle bounces
correctly (yes, there's a few of these, unfortunately.)
-
1 month after that, set up an alias that runs "spamassassin -r".
Install Razor, DCC and Pyzor. Set up a Razor account. Fix the old
account's addresses so they forward to this alias. Also worth piping it
to the Blitzed.org OPM checker.
Hey presto, there's your spam trap!
GNOME 2.2
includes nifty new font technology, I see; including 'drag into
~/.fonts' font installation, at last, thanks to Keith Packard. I
especially like this:
Jim Gettys and the GNOME Foundation Board worked with Bitstream, Inc. to
arrange the donation of the Vera font family to the Free Software
community.
Here's
what Vera looks like; very nice. Finally, some decent free fonts --
kudos to Bitstream.
And I see subpixel
smoothing is now right in there, in the basic font preferences.
Excellent news!
But where TF is the Metacity documentation? Maybe there's none, in the
tradition set down over generations of GNOME hacks^Wapplications. (Pet
peeve: every command in the default PATH should have a manual page IMO.)
The 'documentation' and 'home page' links I can find all lead to a directory of tarballs.
Great. The best result Google can find, after the aforementioned
tarballs, is
a blog posting complaining about Metacity. Hmm -- scary -- I
really don't like the implication that the only way to do my own
key-binding prefs, is to run a batch of 15 gconftool commands every time I
log in... ah shaggit, I'll use sawfish ;)
(PS: yes, I'm still on GNOME 1. That's what happens when you're stuck on
the wrong end of dial-up.)
Crypto: The
Crypto Gardening Guide and Planting Tips by Peter Gutmann. Excellent
advice on how crypto designers should design protocols so that they can
actually get implemented. Also, as a corollary; good tips on common
crypto gotchas for implementors to watch out for. Some bonus funnies,
too:
Note: PGP adopts each and every bleeding-edge technology that turns up,
so it doesn't figure in the above timeline. Looking at this the other
way, if you want your design adopted quickly, present it as the solution
for an attack on PGP.
A little bit more introduction on some of the items would be worthwhile
though. I don't have a clue what OAEP is for example ;)
Jeremy describes
a way to kill off 'joe-jobs' -- the practice of forging somebody's address
on spam, generally used to get around 'does this user exist' spam-filters,
also used to 'punish' folks the spammer doesn't like. Anyway, JZ's
suggestion is this:
One of the ideas tossed about was to implement a system that would make
it easy for any MTA (Mail Transfer Agent--the programs that deliver
e-mail on the Internet) to verify that a message that claims to be from
somebody@yahoo.com really is from a yahoo.com user.
This is technically doable. And it might be a good idea. Especially, as
I argued, if one of the other big players (AOL or MSN/Hotmail) jumps on
board and uses the same technique. If either one began to do the same, I
expect that a domino effect would follow. Boom. Instant adoption.
But then he doesn't say how to do this in a way that a spammer can't forge.
Dammit. ;)
Anyway, on with the message.
... However, one interesting objection was raised during the debate...
Wouldn't that just cause spammers to prey on domains that are less
equipped to 'swallow a few million bounces per hour without breaking a
sweat'? (To paraphrase a co-worker.)
Yep, it would -- until those domains also instituted similar systems.
Anyway, those domains are victims now anyway; I would say only about
50% of my spam comes from forged Yahoo!, Hotmail or other domains -- the
rest uses domains of small ISPs, and the occasional joe-job.
But back to the system. I would guess what Jeremy's talking about is
pretty similar to the system Pedro Melo describes in the
comments. It consists of 2 components:
A nifty idea. Jeremy, was that what you were thinking?
Taking a look at the referrers, I came across Mark O'Neill's weblog, which
lists taint.org on the blogroll; Mark's the CTO of Vordel. They have a product called
VordelSecure, which seems to be a SOAP firewall proxy, in the same way
the Wonderwall product I wrote for Iona was a proxy for CORBA:
When a firewall examines a SOAP request received over HTTP, it might
conclude that this is valid HTTP traffic and let it pass. Firewalls tend
to be all-or-nothing when it comes to SOAP. A SOAP-level firewall should
be capable of:
-
Identifying if the incoming SOAP request is targeted at a Web
service which is intended to be available
-
Identifying if the content of the SOAP message is valid. This is
analogous to what happens at the Network Layer, where IP packet
contents are examined. However, at the Application Layer it requires
data that the Web service expects.
Cool!
I hear Wonderwall is still around, but rewritten from the ground up.
Sorry about that to whoever had to rewrite it ;)
Karlin says it
snowed yesterday, here in Dublin. I cannot believe I missed it...
FTC to
Hold Three Day Public Spam Workshop. 'The Federal Trade Commission
will host a three-day 'Spam Forum' Wednesday, April 30 through Friday, May
2, to address the proliferation of unsolicited commercial e-mail and to
explore the technical, legal, and financial issues associated with it. The
forum will be held at the Federal Trade Commission, 601 New Jersey Avenue,
N.W., Washington, D.C. It will be open to the public and preregistration
is not required.
A Federal Register notice to be issued shortly says, 'To explore the
impact that spam has on consumers' use of e-mail, e-mail marketing and the
Internet industry, the Commission will convene a public forum. E-mail
marketers, anti-spammers, Internet Service Providers (ISP), ISP abuse
department personnel, spam filter operators, other e-mail technology
professionals, consumers, consumer groups, and law enforcement officials
are especially encouraged to participate.''
In the last few weeks, there's been a growing discussion of
what's being perceived as an 'anti-American' point of view in Europe; see
Thomas
Friedman on the subject. On the other side, The New York Review of
Books carries an interesting essay on this subject: Anti-Europeanism in
America. It contains this revealing summary of a December 2002 study:
Asked to choose one of four statements about American versus European
approaches to diplomacy and war, 30 percent of Democratic voters but only
6 percent of Republican voters chose 'The Europeans seem to prefer
diplomatic solutions over war and that is a positive value Americans could
learn from.' By contrast only 13 percent of Democrats but 35 percent of
Republicans (the largest single group) chose 'The Europeans are too
willing to seek compromise rather than to stand up for freedom even if it
means war, and that is a negative thing.'
The divide was even clearer when respondents were asked to pick between
two statements about 'the way in which the war on Iraq should be
conducted.' Fifty-nine percent of Republicans as opposed to just 33
percent of Democrats chose 'The US must remain in control of all
operations and prevent its European allies from limiting the States' room
to maneuver.' By contrast, 55 percent of Democrats and just 34 percent of
Republicans chose 'It is imperative that the United States allies itself
with European countries, even if it limits its ability to make its own
decisions.'
It seems a hypothesis worth investigating that actually it's Republicans
who are from Mars and Democrats who are from Venus.
and now, on a lighter note, The
Observer reports that the 'cannabis economy' in the UK is worth 11 billion
UKP a year:
A major new study is being used to advise well known household and
high-street companies about the gains and losses they face as cannabis
smoking becomes commonplace. Research has revealed that Britain's
'cannabis economy' is worth 5 billion a year in sales alone. Now it has
been discovered that a further 6bn of consumer expenditure each year is
closely linked to the growing cannabis-users' market.
'Young people between 15 and 30 are very trend-conscious and
aspirational,' said Andy Davidson, who commissioned the study for The
Research Business International, trend analysts who tracked the spending
habits of young people for six months.The study found that cannabis
users spend an average of UKP 20 on products that accompany their drug use
each time they smoke.
Because smoking cannabis heightens appetite, users are providing a UKP
120 million weekly windfall to a string of takeaway food suppliers, such
as Domino and Pizza Hut, and manufacturers of 'munchie' products such as
Mars bars and Haribo jellies.
as everyone knows by now, the space shuttle Columbia has
exploded on re-entry over Texas. It's an extremely sad occasion, and a
terrible thing to happen.
Lots of people look on space exploration, and the astronauts who do it, as
something mundane. No way -- it takes a certain kind of bravery and
heroism to do this. Every astronaut (from what I've read) is clearly
aware of the odds that the vehicles they use have a large likelihood of
suddenly exploding beneath their feet -- and is therefore taking a huge
risk on behalf of humanity, and the expansion of human knowledge.
They should be viewed as heroes, as a result.
I just hope the ISS project, and manned spaceflight in general,
continues...
Some off-beat news links you may not have seen:
CNN: A box of durian, sprinkled with carpet deodorizer, sparked an
aviation alert in Australia on Thursday (via monkeybum):
When they finally found the source of the smell, it was a box of
durian, a large, spiny tropical fruit renowned for its fetid aroma.
While many people in Southeast Asia consider the durian a delicacy, it
is banned from Singapore's subway and some restaurants in the region
because of its overpowering smell.
'This wasn't a safety issue, this was gross issue -- no one wants to
fly in an airplane that smells like that,' (Virgin Blue boss Brett
Godfrey) said. He compared the smell of the gourmet fruit to
'something you'd find in your outdoor dunny' adding that 'it just is
the most pungent, disgusting smell.'
No shit -- durian really stinks. I've tried to cultivate the
taste for it, but failed miserably. Worse, for 3 hours in the passenger
seat from Khao Sok to Surat Thani in Thailand, I was stuck with a
selection of 'em by my feet -- no escape!
The nearest thing to their odor is really pungent, cheesy socks.
'foetid' is the word for it.
SiliconRepublic: Ireland second last in Europe for broadband. But I
think regular readers will know that ;) 'Ireland's already shaky claim to
the title European digital hub was looking even more risible than usual
today, following the latest internet penetration survey, which shows us to
be languishing in second last place out of 16 European countries in terms
of broadband internet penetration. '
The usual story -- with quotes from IO's Dave Long -- and that's not
surprising. I should imagine things will improve a lot this year, now
that the ComReg seems a little more on the job, and eircom have halved
their prices.
But the really interesting thing is this: 'Among the survey's other
findings were that 7.5pc (12 million) of all European households now
subscribed to a broadband internet service. 6.3 million customers signed
up for broadband for the first time in 2002 -- an increase of 55pc
over 2001. ... It further predicted that a further 7.2 million European homes
will acquire broadband for the first time this year, bringing the total to
19.1 million or 11.9pc of total households.'
That's excellent news, and wipes out the FUD put about by some telcos
(guess which ones) that there just isn't demand in the current market.
Clearly there is strong demand throughout the rest of Europe -- and there
really isn't much difference between there and here. In fact, if
anything, I reckon there would be more demand here, based on the
take-up of other high-tech accessories like mobile phones and games
consoles.
'It's
the Latency, Stupid!', a fantastic article explaining why latency is
sometimes more important than simple bandwidth.
This was found via Karl Jeacle's
comments on eircom's DSL, which are very illuminating in themselves --
although probably not too interesting for non-Irish folks ;). But the
relevant part is the explanation of why they enabled interleaving on
eircom's DSL network (summary: to get more reach, as far as I can see).
Interesting
story of how Inktomi replicated knowledge across multiple, separated
geographical offices, while doing it in an efficient, cross-platform,
reliable and accessible way: first of all, they use TWiki, and second, it's set up as a DistributedTWiki.
I found a load of snaps from my Casio
Watch Camera that I hadn't uploaded yet. I'd uploaded them, but
forgot to add them to CVS ;) Here's a nice one -- a ca. 19th century
hygrometer made in the Mason family's opticians shop in Essex Bridge,
Dublin, found in the museum at Collins Barracks:
U.N. Orders
Wonka To Submit To Chocolate Factory Inspections:
UNITED NATIONS -- Responding to pressure from the international community,
the U.N. ordered enigmatic candy maker William 'Willy' Wonka to submit to
chocolate-factory inspections Monday. 'For years, Wonka has hidden the
ominous doings of his research and development facility from the outside
world,' U.N. Secretary General Kofi Annan said. 'Given the reports of
child disappearances, technological advances in glass-elevator transport,
and Wonka-run Oompa-Loompa forced-labor camps, the time has come to put an
end to three decades of secrecy in the Wonka Empire.'
a memorable mistranslation found in a guesthouse at Annapurna Base Camp
:
Help! I'm being underclocked! ;) Perhaps that explained the shortness of
breath and dizziness...
(I did some scanning of the hundreds of photos from last year's trip about
a month ago, but haven't had a chance to fix 'em all up yet. And I'm
not uploading anything until I get to CA and some decent bandwidth.)
A
funny letter from New Scientist regarding the use of monkeys to
collect specimens in the field, which was pioneered by John Corner in
Singapore.
The botanist noticed that local fruit-pickers trained monkeys to collect
fruit, and reasoned that a monkey could similarly be trained to collect
flowers, leaves and nuts for his own work. The result was the collection
of hundreds of otherwise inaccessible specimens -- and this gem:
Travelling with mule and monkey on a narrow path in the uplands, he
spied a new and unrecognised flower on a liana hanging from the path,
down a near-vertical cliff face too steep for him to climb down. So he
instructed the monkey to descend and collect the flower. But the
monkey just looked at him questioningly with its head on one side.
'Go down!' repeated the eminent botanist. At which the monkey gave an
eloquent shrug, took hold of the liana and pulled it up hand over hand
to collect the flower. No human being, said Corner, had ever, before or
since, made him feel so much of a fool.
Boing Boing
notes that the SQL Slammer worm 'caused service outages at tens of
thousands of Bank of America ATMs and wreaked havoc at Continental
Airlines. Apparently, customers at most of the #3 American bank's 13,000
automatic teller machines were unable to process transactions for a period
of time.'
Does anyone else find it very scary to contemplate an ATM network
connected to the internet, with a sufficiently open set of firewalls
that a semi-documented Microsoftish SQL protocol can traverse as far
as the ATM servers? Sure, it probably took a few hops, compromising a
couple of SQL servers along the way, but each of the firewalls in question
must have had that MS-SQL port open for those servers. Yikes.
Someone should teach those guys about network compartmentalization for
security; something like an ATM network, where security is hugely
essential, should never have a direct IP-based connection to the internet,
no matter how many firewalls and gateways are in place.
Spam:
NACS: Spam Detection. Great, Catherine's new email system at UCI uses SpamAssassin. Nothing like
getting bug reports from your SO ;)
On the other side, though, they've written an
excellent set of pages on how to detect and act on the SpamAssassin
markup in various MUAs.
Kim Jong Il Unfolds Into Giant Robot (Onion). Met up with Paddy
Benson last night for a few drinks, and he let me into the secret
that The Onion is, once again, officially funny:
'If we add Kim Jong Il's transformation into a giant robot to his
already defiant isolationist stance and his country's known nuclear
capability, the diplomatic terrain definitely becomes more rocky,'
U.S. envoy James Kelly said. 'Kim has made it clear that, if
sufficiently threatened, he will not hesitate to use nuclear weapons
or his arm-mounted HyperBazooka.'
'We are also forced to consider the possibility that Kim may attempt
to robo-meld with other members of the Axis of Evil, forming a
MegaMecha-Optima-Robosoldier. Kim would make a powerful right arm --
or even a torso -- for such a mechanism.'
Wotcher Paddy!
Matt Blaze has posted a very neat exploit against
'weaknesses in most master-keyed lock systems, such as those used by
offices, schools, and businesses as well as by some residential facilities
(particularly apartment complexes, dormitories, and condominiums). These
weaknesses allow anyone with access to the key to a single lock to create
easily the master key that opens every lock in the entire system.
Creating such a key requires no special skill, leaves behind no evidence,
and does not require engaging in recognizably suspicious behavior. The
only materials required are a metal file and a small number of blank keys,
which are often easy to obtain.'
'The vulnerability was discovered by applying the techniques of
cryptanalysis, ordinarily used to break secret codes, to the analysis
of mechanical lock design.'
Paper here.
Daphne
Oram, one of the pioneers of electronic music, has died. (BBC)
Almost un-noticed by the wider world, one of the pioneers of electronic
music has died. Without Daphne Oram, we may never had known what the
Tardis sounded like. Electronic music - as much a part of today's life
as whistling a tune to yourself - grew up amid milk bottles, gravel,
keys, and yards of magnetic tape and wires. These were the sort of
tools typically scattered around the BBC's Radiophonic Workshop in the
1950s and 60s, when they were used to generate wonderful and ethereal
sounds for the airwaves. The mother of this great legacy was Daphne
Oram. Aged 18, and armed with a passionate interest in sound, music and
electronics, she started work at the BBC in 1943 as a sound engineer.
Another
good trip report, from 'babbage' at perl.org.
-
Again, and interestingly, quite a few folks agreed with one of SA's
core tenets; no single approach (stats, RBLs, rules, distributed
hashes) can filter effectively on its own, as spammers will soon
figure out a way to subvert that technique. However, if you combine
several techniques, they cannot all be subverted at once, so your
effectiveness in the face of active attacks is much better.
-
Also interesting to note how everyone working with learning-based
approaches commented on how hard it was to persuade 'normal people' to
keep a corpus. Let's hope SA's auto-training will work well enough to
avoid that problem.
-
in passing -- babbage
noted the old canard about Hotmail selling their user database to
spammers. That must really piss the Hotmail folks off ;) I think it's
much more likely that, with Moore's Law and the modern internet, a
dictionary attack *will* find your account eventually.
-
Good tip on the legal angle from John Praed of The Internet Law Group:
if a spam misuses the name of a trademarked product like 'Viagra', get
a copy to Pfizer pronto. Trademark holders have a particular desire
to follow up on infringements like this, as an undefended trademark
loses its TM status otherwise.
-
David Berlind, ZDNet executive editor: 'They don't want to be involved
(in developing an SMTPng)'. He might say that, but I bet their folks
working on sending out their bulk-mailed email newsletters might
disagree ;). Legit bulk mail senders have to be involved for
it to work, and they will want to be involved, too.
-
Brightmail have a patent on spam honeypots? Must take a look for this
sometime.
-
the plural of 'corpus' is 'corpora' ;)
Great report, overall.
It's interesting to see that
Infoworld notes that reps from AOL, Yahoo! and MS were all present.
Since the conf, Paul Graham
has a new paper up about 'Better Bayesian Filtering', and lists some
new tokenization techniques he's using:
-
keep dollar signs, exclamation and most punctuation intact (we do
that!)
-
prepend header names to header-mined tokens (us too!)
-
case is preserved (ditto!)
-
keep 'degenerate' tokens; 'Subject:FREE!!!' degenerates to
'Subject:free', to 'FREE!!!', and 'free'. (ditto! well, partly. We
use degeneration of tokens, but we keep the degenerate tokens in a
separate, prefixed namespace from the non-degenerate ones, as he
contemplates in footnote 7. It's worth noting that case-sensitivity
didn't work well compared to the database bloat it produced; each
token needs to be duplicated into the case-insensitive namespace, but
that doubled the database size, and the hit-rate didn't go up nearly
enough to make it worthwhile.)
Most of these were also discovered and verified experimentally by
SpamBayes, too, BTW.
When we were working on SpamAssassin's Bayesian-ish implementation,
we took a scientific approach, and used suggestions from the SpamBayes
folks and from the SpamAssassin community on tokenizer and stats-combining
techniques. We then tested these experimentally on a test corpus,
and posted the results. In almost all cases, our results matched
up with the SpamBayes folks' results, which is very nice, in a scientific
sense.
(PS: update on the Fly UI story -- 'apis' is not French, it's Latin. oops!
Thanks Craig...)
Kaitlin Duck Sherwood writes a trip report. Good tidbits:
-
many big players in the mail-sending side want to see an SMTPng;
a new protocol which is spam-resistant.
-
Jon Praed of the Internet Law Group said that 'better spam filters
make his job easier: the more contortions that a spammer goes through
to make sure that the messages go through, the easier it is to
convince a judge that the spammer knew it was wrong.' Excellent!
Andrew McGlinchey
writes about a Fly UI: 'I
have seen one of the finest instances of user interface design ever, and I
saw it in the men's room at Schipol airport in Amsterdam. In each of the
urinals, there is a little printed blue fly. It looks a lot like a real
fly, but it's definitely iconic - you're not supposed to believe it's a
real fly. It's printed near the drain, and slightly to the left.'
I've heard of this one before, and yes, it is an aiming-improvement UI.
It started in France around the turn of the century, if I recall
correctly. One important fact: it's not a fly -- it's a bee. You see,
it's also a visual pun -- the french for 'bee' is 'apis', geddit?
(I'd have commented on the blog, itself, but it's one of those 'create an
account to comment' places -- too much trouble!)
He's also spot-on about why
tea is big in Ireland: 'The climate is cool, grey and damp. Steady
doses of warm drink with a nice gentle caffeine push really keeps you
going.' Hey, works in the Himalayas too ;)
BoingBoing, back
in December, forwarded this snippet: 'A report issued by UK-based Infrastructure Forum ('TIF') says
spam-savvy thieves are using info from 'out of office' email
autoresponders and cross-referencing it with publicly available personal
data to target empty homes.'
Criminals are buying huge lists of email addresses over the internet and
sending mass-mailings in the hope of receiving 'out of office'
auto-responses from workers away on holiday.
By cross-reference such replies with publicly available information from
online directories such as 192.com or bt.com, the burglars can often
discover the name, address and telephone number of the person on
holiday. Tif is advising users to warn their staff to be careful of the
information they put in their 'out of office' messages.
"You wouldn't go on holiday with a note pinned to your door saying who
you were, how long you were away for and when you were coming back, so
why would you put this in an email?" said David Roberts, chief executive
at Tif. (via VNUNet)
My take on this? Bullshit.
I mean, how many house burglars (a) have the know-how to set up a fast
internet connection, get hold of an addresses CD, and send a spam; and
then (b) how often does a Reply-To address on a spam stay active once it's
sent -- assuming it ever worked in the first place -- before the ISP
whacks their account? I would guess 6 hours at the most, and most spam
runs wouldn't even be halfway through by that stage (from what I hear).
Self-promoting bullshit of the highest order I reckon.
Steppe by
Step (Guardian). "I started wondering if (the 'six degrees of
separation' theory) was true today. ... So 35 years on from the original
experiment, I decided to test out the urban myth on a world stage: how
many steps would it really take to get to someone on the other side of the
planet?"
The London-based "city girl" author, Lucy Leveugle, makes it in 9 steps
(hey, the world has expanded!) to Purev-Ochir Gungaa, a nomadic herdsman
in the middle of the steppes of Outer Mongolia. Amazing.
308
referrer hits from www.xxxstoryarchive.com, 282 from amateur-porn.us, 282
from nude-lesbians.us, etc. Somehow I doubt it. All the hits
are 404s, looking for e.g.
nn.nn.nn.nn - - [12/Jan/2003:18:52:13 +0000] GET /pics54754-96 HTTP/1.1 404 284 http://www.celebrity-nude-pics.com/ "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
Hits from hosts at AT&T WorldNet Services and an SBC PPPoX pool. They're
all MSIE 6 on Windows, and it's been going on for a month or so.
Theory: sounds like MSIE's download-to-'view'-offline functionality has bugs;
when it hits a 404, maybe it requeues that request but then sends it to
entirely the wrong IP.
Alternative theory: it's a pathetically underpowered DDoS. ouch!
Anyone else seen this?
Who knew relocating with a cat could be so tricky?
Well, actually, I did. He hates travel. I'm considering just putting him
in a crate and handing him off to a courier to do it.
Paul Graham's Spam Conference
seems to be doing great; they've moved to a bigger room, and are expecting
480 (!!) attendees.
I still can't make it due to all this movage, but thankfully there's a few
SpamAssassin folks going, so we'll still be able to snarf some good
tricks with any luck.
In other news, the public mass-check submission run for SpamAssassin 2.50
is about to start; with the new with-bayes and with-net-tests dimensions
in the matrix, it's going to be the biggest run yet. Should be fun.
Frequent drinking cuts heart attack risk (New Scientist). ' Half an
alcoholic drink every other day, be it wine, whisky or beer, can reduce
the risk of heart attacks by a third, a new study shows. The 12-year study
published in The New England Journal of Medicine found that the frequency
of drinking was the key to lowering the risk of heart disease, rather than
the amount, the type of alcohol, or whether or not it was drunk with
food.'
Well, looks like it's been announced; McAfee and NAI
are buying Deersoft. I wish I could comment properly, but I'm
in mid-packing right now and things are a total hectic mess :(
New Scientist: Turing tests filter spam email. "Simple tests
designed to distinguish computers from humans are increasingly being used
to clamp down on unsolicited, or 'spam', email advertising."
The article notes that Yahoo! has imposed such a test to block automated
account-signup-then-spam bots. (Thankfully -- that might discourage
some of the more automated 419 spammers.)
Sorry 'bout the lack of blogging -- very busy 'round here, what with
a new SpamAssassin release in the pipeline and a move to the US
in the offing...
Samuel Pepys has a
weblog:
This morning (we living lately in the garret,) I rose, put on my suit
with great skirts, having not lately worn any other, clothes but them.
Went to Mr. Gunning's chapel at Exeter House, where he made a very good
sermon.
Anyway, still recovering from the holidays. Hope you all had a good one..
Yahoo!: Deadline Passes for European Digital Copyright Law. 'A
deadline for adopting a new EU law on copyright protection has passed with
just two member countries signing up, dealing a blow to media and software
companies beset by unauthorized duplication of their works across the
Internet.' The two countries are Greece and Denmark, which is odd,
considering I thought Ireland had do so too.
Other actors in the private sector, such as Internet service providers,
have weighed in heavily on the issue, opposing laws that could
ultimately hurt consumer rights.
Yay ISPs!
BBC: An Irish republican song, A Nation Once Again, has been voted the
world's top tune according to a BBC World Service poll. 'Following a
late surge in votes, the Irish sing along crossed the finishing line ahead
of a patriotic Hindi song, Vande Mataram.'
'The poll had to deal with people trying to influence the vote through fan
sites and spamming.' No shit. The funniest thing about this poll was
the way it suddenly stopped being about 'the world's top 10 tunes' and
suddenly became 'how many 'net users can each country mobilize to vote
for a patriotic song'.
Still, I'm impressed the clicky fingers of the Irish net population (pop.
6 million) managed to beat those of India (pop. 1 billion)!
Guardian:
DrugScope, the drug charity, says that an 'intensive media campaign
against the drug ecstasy has led to an increase in cocaine use among young
people'. whoops.
'Studies show the reason they no longer use ecstasy is because of the
scare stories,' said a spokesman for the charity. 'They haven't seen
similar stories about cocaine and their belief is that cocaine is the
safer drug. The reality is that cocaine, especially crack cocaine, is a
much more harmful drug - it kills more people each year and more people
have dependency on it.'
They also add a few UL-busting facts:
DrugScope's guide argues that there are no recorded examples of heroin
ever being cut with ground glass ... no drug is instantly addictive and
that addiction generally takes several months to develop ... physical
withdrawal from heroin is like a bad bout of flu, not a near-death
experience.
Aaron's trip to
CA comes to a end in a big bang of serious meeting-up.
I read his blog using the rss2mail mail-based news aggregator he wrote (I
live in e-mail, especially while I'm still on the wrong side of dialup),
and I think this is the most homepage-link-laden blog entry I've ever
read. 45 links, count 'em! Wow, I hope he can keep all those
name-to-face mappings clear ;)
In other news: it seems that football (proper football, played with feet,
ie. soccer) is bad for you: the World Cup
penalty shoot-out caused a surge in heart attacks for England fans
(New Scientist). Ban Football Now!
Son
of Star Wars leaves drivers stranded (Guardian). Interesting
collision between military and civvie radio technology.
The upgrading of the security and surveillance systems at (RAF
Fylingdales base in Yorkshire, which is planned to be used as a UK base
for new US 'Star Wars' projects) ... is knocking out the electrical
systems of expensive cars. ... High power radar pulses trigger the
immobilising devices of many makes of cars and motorcycles - BMW,
Mercedes and Jeep among them. Many have had to be towed out of range
of the base before they can be restarted.
Wing Commander Chris Knapman, of RAF Fylingdales, said it was not up to the
base to resolve the problem. 'We have had the frequencies we use for a very
long time,' he said. 'They are allocated to commercial, military and
government users, and the allocation is very tightly controlled. As far as
we are concerned, the radars are working on frequencies which are well
known, and most car manufacturers take that into account.'
A spokesman for Jeep said: 'The problem is that the government gives
manufacturers such a narrow band to operate in - so the radio wave (sic)
we use for our key fob is severely restricted.'
AOL patents instant messaging (/.). 'Specifically, any technology
that provides 'a network that allows multiple users to see when other
users are present and then to communicate with them' is covered.'
The CNet story which /. references points out that the patent
was filed in 1997 -- but that's still 6 years after I wrote a similar perl
script on the Maths Department UNIX
machines in TCD. There's a myriad of similar apps, of the same
vintage, too.
The thing I find amazing is this, however -- the AOL patent actually
cites prior art in its References section, namely the
xhtalk README file, dated 1992. There's nothing different between
xhtalk and AOL Instant Messenger apart from the protocol and the look
and feel, and those aren't key to the patent.
The US patent office really needs to start reading the patent
applications before granting them.
Danny reports "the
always excellent c't magazine analyses the hypotheticals of the Dutch
IP-surveillance scandal:
According to anonymous sources within the Dutch intelligence
community, all tapping equipment of the Dutch intelligence services
and half the tapping equipment of the national police force, is
insecure and is leaking information to Israel. ..."
Yikes. You'd think they'd have learnt from Ireland's mistakes.... this article
(update: moved to here) reports that massive back-door use by a
third-party government occurred before in similar circumstances, during
the Anglo-Irish negotiations of 1985.
For those of you who don't know, these discussions were between the
Republic of Ireland and the UK, and took place in London.
In order to allow the negotiating team to contact their government and
civil service securely, a million-pound cryptographic system had been
bought in order to secure the link between the Irish Embassy in London and
the government in Dublin.
Unfortunately, this equipment was thoroughly compromised.
It turns out that the Swiss company from which the equipment was bought,
namely Crypto AG, had cooperated with the NSA and the BND (the NSA's
German equivalent), to allow them to decipher the traffic trivially.
(Judging from the snippet from another article below, sounds like this was
done using a known-plaintext attack).
The NSA routinely monitored and deciphered the Irish diplomatic messages.
All it took then was for the UK's NSA equivalent, GCHQ, to pull some
strings, and the UK government had a distinct advantage in the
negotiations from then on.
Another source for details on Crypto AG's breakage is Der Spiegel,
issue 36/96, pages 206-207. Here's some snippets:
The secret man (sic) have obviously a great interest to direct the
trading of encryption devices into ordered tracks. ... A former
employee of Crypto AG reported that he had to coordinate his
developments with "people from Bad Godesberg". This was the
residence of the "central office for encryption affairs" of the BND,
and the service instructed Crypto AG what algorithms to use to create
the codes.
Members of the American secret service National Security Agency (NSA)
also visited the Crypto AG often. The memorandum of the secret workshop
of the Crypto AG in August 1975 on the occasion of the demonstration of
a new prototype of an encryption device mentions as a participant the
cryptographer of the NSA, Nora Mackebee. ...
Depending on the projected usage area the manipulation on the
cryptographic devices were more or less subtle, said Polzer. Some
buyers only got simplified code technology according to the motto "for
these customers that is sufficient, they don't not need such a good
stuff."
In more delicate cases the specialists reached deeper into the
cryptographic trick box: The machines prepared in this way enriched
the encrypted text with "auxiliary informations" that allowed all who
knew this addition to reconstruct the original key. The result was the
same: What looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more
than a finger exercise for the informed listener.
Full text here.
So what's the bottom line? Use GPG! ;)
From: Julian Assange (spam-protected)
To: (spam-protected) (spam-protected)
Date: Mon, 14 Oct 1996 13:24:31 +1000 (EST)
Approved: (spam-protected)
Subject: BoS: Crypto AG = Crypto NSA/BNG ?
Thanks to Anonymous for this English translation of the German
original.
secret services undermine cryptographic devices
Archive of "DER SPIEGEL" issue 36/96 pages 206-207
"Who is the authorized fourth"
Secret services undermine the protection of cryptographic devices.
Switzerland is a discreet place. Uncounted millions of illegal money
find an asylum in the discreet banks of the republic. Here another
business can prosper, which does not need any publicity: the
production of cryptographic devices.
A top address for tools of secrecy was for several decades the company
Crypto AG in Zug. It was founded in 1952 by the legendary Swedish
cryptographer Boris Hagelin. Hundreds of thousands of his
"Hagelin-machines", pendants of the German "Enigma" devices, were used
in World War II on the side of the Allies.
A prospectus of the company states: "In the meantime, the Crypto AG
has built up long standing cooperative relations with customers in 130
countries." Crypto AG delivers enciphering devices applicable to voice
as well as data networks.
But behind this solid facade the most impudent secret service feint of
the century has been staged: German and American services are under
suspicion of manipulation of the cryptographic devices of Crypto AG in
a way that makes the codes crackable within a very short time, and
this allegedly happened until the end of the eighties.
Customers of Crypto AG are many honorable institutions, like the
Vatican, as well as countries like Iraq, Iran, Libya, that are at the
top of the priority list of U.S. services. At the beginning of the
nineties the discreet company was suspected to play an unfair game.
What was the source of the "direct precise and undeniable proofs" U.S.
president Reagan referred to when he ordered the bombardment of Libya,
the country he called the wire puller of the attack against the disco
La Belle? Obviously the U.S services were able to read encrypted radio
transmissions between Tripoli and its embassy in East Berlin.
Hans Buehler, a sales engineer of Crypto AG, got between the fronts of
the secret service war. On March 18, 1992, the unsuspecting tradesman
was arrested in Teheran. During the nine and a half months of solitary
confinement in a military prison he had to answer over and over again,
to whom he leaked the codes of Teheran and the keys of Libya.
In the end Crypto AG paid generously the requested bail of about one
million German marks (DM), but dismissed the released Buehler a few
weeks later. The reason: Buehlers publicity, "especially during and
after his return" was harmful for the company. But Buehler started to
ask inconvenient questions and got surprising answers.
Already the ownership of the Crypto AG was diffuse. A "foundation",
established by Hagelin, provides according to the company "the best
preconditions for the independence of the company".
But a big part of the shares are owned by German owners in changing
constellations. Eugen Freiberger, who is the head of the managing
board in 1982 and resides in Munich, owns all but 6 of the 6,000
shares of Crypto AG. Josef Bauer, who was elected into managing board
in 1970, now states that he, as an authorized tax agent of the
Muenchner Treuhandgesellschaft KPMG [Munich trust company], worked due
to a "mandate of the Siemens AG". When the Crypto AG could no longer
escape the news headlines, an insider said, the German shareholders
parted with the high-explosive share.
Some of the changing managers of Crypto AG did work for Siemens
before. Rumors, saying that the German secret service BND was hiding
behind this engagement, were strongly denied by Crypto AG.
But on the other hand it appeared like the German service had an
suspiciously great interest in the prosperity of the Swiss company. In
October 1970 a secret meeting of the BND discussed, "how the Swiss
company Graettner could be guided nearer to the Crypto AG or could
even be incorporated with the Crypto AG." Additionally the service
considered, how "the Swedish company Ericsson could be influenced
through Siemens to terminate its own cryptographic business."
The secret man have obviously a great interest to direct the trading
of encryption devices into ordered tracks. Ernst Polzer*, a former
employee of Crypto AG, reported that he had to coordinate his
developments with "people from Bad Godesberg". This was the residence
of the "central office for encryption affairs" of the BND, and the
service instructed Crypto AG what algorithms to use to create the
codes. (* name changed by the editor)
Members of the American secret service National Security Agency (NSA)
also visited the Crypto AG often. The memorandum of the secret
workshop of the Crypto AG in August 1975 on the occasion of the
demonstration of a new prototype of an encryption device mentions as a
participant the cryptographer of the NSA, Nora Mackebee.
Bob Newman, an engineer of the chip producer Motorola, which
cooperated with Crypto AG in the seventies to develop a new generation
of electronic encryption machines, knows Mackebee. She was introduced
to him as a "counselor".
"The people knew Zug very good and gave travel tips to the Motorola
people for the visit at Crypto AG", Newman reported. Polzer also
remembers the American "watcher", who strongly demanded the use of
certain encryption methods.
Depending on the projected usage area the manipulation on the
cryptographic devices were more or less subtle, said Polzer. Some
buyers only got simplified code technology according to the motto "for
these customers that is sufficient, they don't not need such a good
stuff."
In more delicate cases the specialists reached deeper into the
cryptographic trick box: The machines prepared in this way enriched
the encrypted text with "auxiliary informations" that allowed all who
knew this addition to reconstruct the original key. The result was the
same: What looked like inpenetrateable secret code to the users of the
Crypto-machines, who acted in good faith, was readable with not more
than a finger exercise for the informed listener.
The Crypto AG called such reports "old hearsay" and "pure invention".
But the process, that was started by the company against the
former employee Buehler, on the grounds that he had said that there
might be some truth in the suspicions of the Iranian investigators,
surprisingly ended in November of last year.
After the trial, that could have brought embarrassing details to the
light, the company agreed to an settlement outside the court. Since
that time Buehler is very silent with regard to this case. "He made
his fortune financially," presumed an insider of the scene.
"In the industry everybody knows how such affairs will be dealed
with," said Polzer, a former colleague of Buehler. "Of course such
devices protect against interception by unauthorized third parties, as
stated in the prospectus. But the interesting question is: Who is the
authorized fourth?"
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
(spam-protected) | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
(spam-protected) | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
thanks to blogs, wifi and the web, bullshitting a keynote at a
conference isn't quite as easy to pull off as it used to be! From Dan Gillmor's keynote at Supernova, via BoingBoing:
At PCForum, Joe
Nacchio, the CEO of Qwest was on-stage, doing a Q and A. Joe was whining
about how hard it is to run a phone company these days. Dan (Gillmor)
blogged, "Joe's whining." A few moments later, he got an email from
someone who wasn't at the conference, someone in Florida, with a link to
a page that showed that Joe took $300MM out of the company and has
another $4MM to go -- gutting the company as he goes.
Esther Dyson described this as the turning point. The mood turned ugly.
The room was full of people reading the blog and everyone stopped being
willing to cut Joe any slack.
I've just found Gary
Robinson's blog, which is a bit silly, as boasts the primary source
after Paul Graham's'A Plan For
Spam' paper for modern Bayesian spamfiltering techniques. I'd only read
Gary's
page describing the Robinson-combining technique, but he's been doing
a good job of blogging the anti-spam world in general recently. Hence,
he's made the blogroll ;)
Some choice links from his blog:
First off -- Jon Udell
points out why reply-to-whitelist systems are Bad:
The email thread that provoked this message will soon dissolve.
Including x@y.com might have been useful, but the moment has passed. If
I urgently need to contact x@y.com , I may have to grit my teeth and
register to do so. But no ad-hoc communication is going to make it over
that activation threshold.
And a different kind of whitelist -- the IronPort Bonded Sender type, from
Whitelists: the weapon of choice against spam (ZDNet):
After a one and half months of testing, IronPort identified hundreds of
thousands of false-positives. At that rate, the mail generated by
IronPort's customers alone, which make up a small percentage of the
total amount of e-mail that traverses the Internet, is resulting in
over one million false-positives per year.
Hmm. Well, I'm not 100% convinced here -- I did see Amazon.FR, who are
apparently Bonded Sender customers, send a promotional mail to a mailing
list. I also saw several reports from other places regarding the same
mail. How often does a mailing list order goods from an e-commerce site?
(But, having said that, that's the only Bonded Sender issue I've seen in
about 6 months -- so let's put that down to teething issues, or someone on
the list who decided to act up when ordering some goods.)
Spamland.org, a new Wiki for
spamfiltering.
Debra Bowen, a California State Senator, is proposing a hardcore new anti-spam
bill. "It would bar unsolicited e-mail advertising and allow people
who receive it to sue the senders for $500 per transmission. A judge could
triple the penalty if he or she decided the violation was intentional. ...
'The ($500) fine's really intended to get a whole generation of
computer-savvy folks to help us do the enforcement,' Bowen says. 'Getting
rid of spam is never going to be the district attorney's first priority
and it shouldn't be."' She notes also that she's "seen estimates that it
could grow to 50 percent in the next five years." Too late -- it's
already there, as far as I can tell.
FWIW, I like the sound of this -- she's requiring that commercial e-mail
senders have an existing verified-opt-in relationship beforehand. Sounds
good to me.
And finally, a very
interesting set of tests on Robinson-combining strategies. Very
interesting, that is, if you're implementing a Bayesian spam filter.
Otherwise quite boring. ;)
Check out The World's
Top Ten -- Nationalist Marching Songs, that is, as far as I can see --
featuring:
India's winning.
Just in case they get cleaned out as vote-rigging, here's what it looks
like right now:
 
AT&T
reinvent the wheel (via New Scientist). "a user could safely sign up
for a monthly email newsletter by specifying the source of the newsletter
and limiting it to 12 messages over the next year. If the address fell
into the hands of spammers, their messages would be blocked by the
software before it reached the user's inbox. 'The 'Single Purpose'
address system reduces spam by stopping it right before the user sees
it,' says John Ioannidis, at AT&T's research laboratory in New Jersey,
US. The software is currently at the prototype stage."
In other words, they've re-written TMDA, The Tagged Message Delivery Agent.
Nice one.
BBC - the Great Smog of 1952 recalled. "Fifty years ago, a choking
cloud enveloped much of London and the Home Counties - a toxic fog which
killed at least 4,000 people. Here, Barbara Fewster, 74, recalls the Great
Smog of 1952." A very Ballardian tale of this environmental disaster:
After a long time we arrived at Kew Bridge - that's at least 10 miles from
Hampstead - when my fiancé called out to me, 'I've lost you, where have you
got to?' I must have veered off out of range of the sidelights.
At that point, a milk float passed by and my fiancé told me to get in so
we could follow its taillights. He put his foot down. Well, then the
milkman disappeared and we could hear the float bouncing over the grass
on Kew Green. All I could do was get out of the car and continue
walking. We later came across a car that had overtaken us earlier on in
the journey - it was up a tree, crashed, and no sign of the occupant.
'Spam'
Likely to Clutter E-Mail for Some Time, says Jupiter Research (via
Reuters).
"It's getting easier to send spam messages. You can buy a CD-ROM with
millions of e-mail addresses for next to nothing and send it out for
next to nothing," said Jared Blank, senior analyst at Jupiter.
"Spammers are clever people and there is clearly an arms race between
spammers and people trying to prevent spam that just constantly
escalates," said Forrester analyst Jim Nail. "Having simple lists of
spammers and domains -- that's not enough because spammers change
domains or addresses to stay ahead."
So, good news: I have a job. Bad news: well, I think that side is obvious ;)
The mother of all package tours: With the world expecting an attack on
Iraq any time now, no one in their right mind would take a holiday there -
would they? You'd be suprised, says Johann Hari (Guardian).
A fascinating article, from so many angles -- First, the tourists:
I met Julie and Phil. They seemed an almost comically suburban couple:
polite, a little posh, all golf jumpers and floral smocks. But then Phil
mentioned that his last holiday had been to North Korea. "Yeah, I've
been twice since they opened the borders to tourists. I'm a bit of a
celebrity there now. People come up to me in the streets and say, 'Why
have you come to our country twice?'." ...
Then there was Hannah. How to explain her? A frightfully well-spoken
Englishwoman in her early 50s. When we first met, she dispensed with the
small talk to say: "I think Saddam is a great man and the USA is a
great big global bully. My theory is that he should be given Kuwait.
It's perfectly logical if you look at the map." "I think he's rather
handsome too," she went on. "Every woman does really. I'd rather like
to inspect his weapon of mass destruction myself."
And the politics:
Talking politics in Iraq is like a magic-eye picture, where you have to
let your brain go out of focus, not your eyes. One very distinguished
old man in a Mosul souk welcomed me warmly and told me how much he had
loved visiting London in the 1970s. After much oblique prodding, he said
warmly, "I admire British democracy and freedom." He held my gaze. "I
very much admire them."
... As we wandered around, looking at the grim exhibits, one of the
soldiers on duty guarding the museum told me that three of his brothers
died in that war. Everybody in the country lost somebody - yet it is
almost impossible to get anybody to talk about it. They speak in a small
number of bloodless stock-phrases.
After more than 10 such encounters, it suddenly hit me that the people
of Iraq are not even allowed to grieve their huge numbers of dead in
their own way. They are permitted only a regulation measure of
state-approved grief, which must be expressed in Saddam's language: that
of martyrdom and heroism, rather than wailing agony about the futility
of a war which slaughtered more than a million people yet left the
borders unchanged and achieved nothing.
Thanks to Ben Walsh for the
forwardy goodness.
"I am Mr Brunce Anthony, the bill exchange director at the
NATIONAL WESTMINSTER BANK PLC." Yes, it's a 419 from that well-known
third-world country, the UK.
(PS: Brunce?! what kind of name is that?! Everyone knows only
Americans have that kind of ludicrous given name ;)
Date: Wed, 13 Nov 2002 10:40:51 +0100
From: "Brunce Anthony" (spam-protected)
To: (spam-protected)
Subject: FROM: BRUNCE IN UK
Dear Sir,
I am Mr Brunce Anthony, the bill exchange director
at the NATIONAL WESTMINSTER BANK PLC,
135 BISHOPSGATE LONDON EC2M 3UR.
I am writing this letter to solicit for support and assistance
from you to carry out this business
opportunity in my department.
Lying in an inactive account is the sum of
Thirty Million United States Dollars($30,000,000.00)belonging
to a foreign customer(Stanley Heard),the former
President(Bill Clinton's personal physician) and
Chairman of the National Chiropractic Health Care
Advisory Committee who happens to be deceased.
He died with his wife and two children in a plane
crash on Board a small airplane that plunged into a river.
Ever since he died the Bank has been expecting his
next of kin to come and claim these funds.
To this effect, we cannot release the money unless some one
applies for it as the next of kin, as indicated in our Banking Guideline.
Unfortunately he has no family member here in the UK or America
who are aware of the existence of the money as he was he was a contract
physician to the Chairman of Royal Bank of Scotland.
At this juncture I have decided to do business with you in colloboration with
officials that matter in the Bank, to this effect we solicit your assistance,
in applying as the next of kin, then the money will be proccesed
and released to you, as we do not want this money
to go into the Bank, Treasury as an unclaimed bill.
The Banking law and guideline stipulate that if such money remains
unclaimed for a period of Five years the money will be transfered into the Bank s'
Treasury as unclaimed bill. Our request for
a Foreigner as a next of kin is occassioned by the fact that the
customer was a Foreigner and a British cannot stand as next of kin.
Sir, 15% of the money will be your share as a Foreign partner,
while 5% will be for any expenses incured during the transaction,
thereafter we would visit your country once the money hits your account for
disbursement and investment.
Please reach me at the above email or
fax if willing to do business with us.
Best regards,
Mr. Brunce Anthony
Danny
O'Brien: Help stop the flood of spam, in the Sunday Times. Great
article:
We have had enough of the filth pouring into our mailboxes. Danny
O?Brien launches a Doors campaign to clean up e-mail and puts forward a
six-point plan involving government, industry and you the reader
DOORS SIX-POINT ACTION PLAN
SOFTWARE MAKERS must improve antispam software, and fast. Filtering
spam is good, but only masks the problem. Spam-spotting software must
report what and who it has found back to the ISPs, so they can block
further spams.
Interesting!
Man
uses cell phone to take photo up schoolgirl's skirt. You knew it was
inevitable.
Police said Hamano was riding behind the girl on an escalator at JR
Kashiwa Station when he took out his mobile phone, held it underneath
the girl's skirt and took a photo. The girl was alerted to his presence
by the noise emitted by the phone camera's shutter. She turned around
to catch Hamano with his hands between her legs.
(via 0xdeadbeef, from MDN's "waiwai" section)
Guardian:
Courage under fire. No matter what you think about what's going on in
Israel and Palestine, Caoimhe, and the other international observers,
require your support:
Friday was a very close call. Caoimhe was shot in the left thigh as she
stood in between a firing IDF tank and three young boys in the street. I
spoke to her on the phone shortly after the attack as she lay in her
hospital bed. She explained that she had been trying to persuade the
IDF, after they shot dead a nine-year-old boy, to stop shooting at the
children. They had told her to get out of their way or they would shoot
her. It was while she was clearing the children off the streets that she
was shot. She is sure she was a direct target; the tank was close by,
the soldier pointed his gun at her and fired, and continued to do so as
she crawled to an alleyway for shelter.
I asked an IDF spokesman for his explanation. 'We are in the middle of a
war and we cannot be responsible for the safety of anyone who has not
been coordinated by the IDF to be in the occupied territories right now.
While we do not want innocent Palestinians to suffer, or internationals
to get hurt, we are trying to ensure the safety of the Israelis and we
will not tolerate internationals interfering with IDF operations. It is
not the job of internationals to stand in the line of fire, unless they
are the son of God, but he hasn't come yet.'
A great tale of systems wierdness, via 0xdeadbeef:
'We're having a problem sending email out of the department.' 'What's
the problem?' I asked. 'We can't send mail more than 500 miles,' the
chairman explained.
Date: Tue, 26 Nov 2002 14:57:40 -0800
From: (spam-protected) (glen mccready)
To: (spam-protected)
Subject: The case of the 500-mile email.
>Forwarded-by: Nev Dull (spam-protected)
>Forwarded-by: Kirk McKusick (spam-protected)
>From: Trey Harris (spam-protected)
Here's a problem that *sounded* impossible... I almost regret posting
the story to a wide audience, because it makes a great tale over drinks
at a conference. :-) The story is slightly altered in order to protect
the guilty, elide over irrelevant and boring details, and generally make
the whole thing more entertaining.
I was working in a job running the campus email system some years ago
when I got a call from the chairman of the statistics department.
"We're having a problem sending email out of the department."
"What's the problem?" I asked.
"We can't send mail more than 500 miles," the chairman explained.
I choked on my latte. "Come again?"
"We can't send mail farther than 500 miles from here," he repeated. "A
little bit more, actually. Call it 520 miles. But no farther."
"Um... Email really doesn't work that way, generally," I said, trying
to keep panic out of my voice. One doesn't display panic when speaking
to a department chairman, even of a relatively impoverished department
like statistics. "What makes you think you can't send mail more than
500 miles?"
"It's not what I *think*," the chairman replied testily. "You see, when
we first noticed this happening, a few days ago--"
"You waited a few DAYS?" I interrupted, a tremor tinging my voice. "And
you couldn't send email this whole time?"
"We could send email. Just not more than--"
"--500 miles, yes," I finished for him, "I got that. But why didn't
you call earlier?"
"Well, we hadn't collected enough data to be sure of what was going on
until just now." Right. This is the chairman of *statistics*. "Anyway,
I asked one of the geostatisticians to look into it--"
"Geostatisticians..."
"--yes, and she's produced a map showing the radius within which we can
send email to be slightly more than 500 miles. There are a number of
destinations within that radius that we can't reach, either, or reach
sporadically, but we can never email farther than this radius."
"I see," I said, and put my head in my hands. "When did this start?
A few days ago, you said, but did anything change in your systems at
that time?"
"Well, the consultant came in and patched our server and rebooted it.
But I called him, and he said he didn't touch the mail system."
"Okay, let me take a look, and I'll call you back," I said, scarcely
believing that I was playing along. It wasn't April Fool's Day. I
tried to remember if someone owed me a practical joke.
I logged into their department's server, and sent a few test mails.
This was in the Research Triangle of North Carolina, and a test mail to
my own account was delivered without a hitch. Ditto for one sent to
Richmond, and Atlanta, and Washington. Another to Princeton (400 miles)
worked.
But then I tried to send an email to Memphis (600 miles). It failed.
Boston, failed. Detroit, failed. I got out my address book and started
trying to narrow this down. New York (420 miles) worked, but Providence
(580 miles) failed.
I was beginning to wonder if I had lost my sanity. I tried emailing a
friend who lived in North Carolina, but whose ISP was in Seattle.
Thankfully, it failed. If the problem had had to do with the geography
of the human recipient and not his mail server, I think I would have
broken down in tears.
Having established that -- unbelievably -- the problem as reported was
true, and repeatable, I took a look at the sendmail.cf file. It looked
fairly normal. In fact, it looked familiar.
I diffed it against the sendmail.cf in my home directory. It hadn't been
altered -- it was a sendmail.cf I had written. And I was fairly certain
I hadn't enabled the "FAIL_MAIL_OVER_500_MILES" option. At a loss, I
telnetted into the SMTP port. The server happily responded with a SunOS
sendmail banner.
Wait a minute... a SunOS sendmail banner? At the time, Sun was still
shipping Sendmail 5 with its operating system, even though Sendmail 8 was
fairly mature. Being a good system administrator, I had standardized on
Sendmail 8. And also being a good system administrator, I had written a
sendmail.cf that used the nice long self-documenting option and variable
names available in Sendmail 8 rather than the cryptic punctuation-mark
codes that had been used in Sendmail 5.
The pieces fell into place, all at once, and I again choked on the dregs
of my now-cold latte. When the consultant had "patched the server," he
had apparently upgraded the version of SunOS, and in so doing
*downgraded* Sendmail. The upgrade helpfully left the sendmail.cf
alone, even though it was now the wrong version.
It so happens that Sendmail 5 -- at least, the version that Sun shipped,
which had some tweaks -- could deal with the Sendmail 8 sendmail.cf, as
most of the rules had at that point remained unaltered. But the new
long configuration options -- those it saw as junk, and skipped. And
the sendmail binary had no defaults compiled in for most of these, so,
finding no suitable settings in the sendmail.cf file, they were set to
zero.
One of the settings that was set to zero was the timeout to connect to
the remote SMTP server. Some experimentation established that on this
particular machine with its typical load, a zero timeout would abort a
connect call in slightly over three milliseconds.
An odd feature of our campus network at the time was that it was 100%
switched. An outgoing packet wouldn't incur a router delay until hitting
the POP and reaching a router on the far side. So time to connect to a
lightly-loaded remote host on a nearby network would actually largely be
governed by the speed of light distance to the destination rather than by
incidental router delays.
Feeling slightly giddy, I typed into my shell:
$ units
1311 units, 63 prefixes
You have: 3 millilightseconds
You want: miles
"500 miles, or a little bit more."
Trey Harris
--
I'm looking for work. If you need a SAGE Level IV with 10 years Perl,
tool development, training, and architecture experience, please email
me at (spam-protected) I'm willing to relocate for the right opportunity.
WSJ: If TiVo Thinks You Are Gay, Here's How to Set It Straight: when a
learning "personalisation" algorithm gets it massively wrong.
PS: I think it was Mimi
Smartypants who noted that she occasionally misses the odd TV program,
just so TiVo doesn't get the wrong idea.
PPS: Joe McNally, who fwded this, notes that IMDB's learner has gone a bit
haywire recently, too: "If you liked 'Iris'," it told me the other
week, "you'll also enjoy 'Planet of the Apes'." Click further, and
apparently you'll also also enjoy 'Pearl Harbour', 'Donnie Darko' and
'Bend It Like Beckham'. Sounds like a game of What Links?
PPPS: all irrelevant in Europe -- TiVo's west-pond-only.
According to the Minister for Communications, Marine and Natural
Resources, Mr. D. Ahern, Ireland will "transpose into Irish law the
requirements of
European Parliament and Council Directive 2002/58/EC concerning the
processing of personal data and the protection of privacy in the
electronic communications sector" before the end of 2003.
It will be nice to be able to point to the law, eventually -- for what
that's worth. Since most spammers are USian, relaying via other
countries, actually acting on the law will not be quite so simple.
But it will be an improvement.
Hashish 'fell on to back of army lorry'. "Spain's defence
ministry is still at a loss to explain how three-quarters of a tonne of
hashish had turned up in an army truck. ... 'Anybody could have put the
toxic substance there,' said the defence minister". Don't worry
minister, I'm sure the customs officials haven't heard that one before...
Fantastic ending:
But now both he and the armed services are being ruthlessly lampooned
by, among others, The Puppet Show News ... Mr Trillo, a member of the
strict Opus Dei Catholic lay order, is routinely portrayed as a
uniformed pothead whose favourite pastime is getting stoned with the
mascot of the Spanish Legion, a little white goat called Blanquita.
As both he and Blanquita mourned the lost Eurofighter by lighting up a
giant joint at the weekend, the defence minister declared: "It's the
only way to fly."
Date: Tue, 26 Nov 2002 10:43:29 +0000
From: "Martin Adamson" (spam-protected)
To: (spam-protected)
Subject: Hashish 'fell on to back of army lorry'
The Guardian
Hashish 'fell on to back of army lorry'
Giles Tremlett in Madrid
Tuesday November 26, 2002
It is a matter, you might say, that is shrouded in dense, aromatic smoke -
Spain's defence ministry is still at a loss to explain how three-quarters of a
tonne of hashish had turned up in an army truck in the country's north African
enclave of Melilla.
Embarrassed officials tried to claim that the troops it has permanently
stationed in north Africa would never have succumbed to the temptation of
smuggling the region's most important cash crop across the Mediterranean.
The high-quality Moroccan hashish, almost certainly produced in the nearby Rif
mountains, was found by police sniffer dogs in the port of Melilla as the
truck waited to be shipped to Almeria.
"Anybody could have put the toxic substance there," said the defence minister,
Federico Trillo, after explaining that the truck had been parked, unattended,
in Melilla's port for about two days.
Local police disagreed. The truck had only been parked there for a few hours,
they said. They suggested that the khaki kit bags stuffed full of
shrink-wrapped dope could only have come from within the Spanish armed forces.
The questioning of eight uniformed suspects has shed no further light on the
case and opposition politicians have called for a full explanation from Mr
Trillo.
The drugs bust has done little to improve ties with nearby Morocco, which
claims Melilla as its own and is constantly accused by Madrid of turning a
blind eye to hashish-smuggling.
The find also came at a troubled time for the newly professional Spanish armed
forces, which are failing to attract recruits and retain their aircraft: they
lost their only trial version of the £50m Eurofighter in an accident last
week.
Mr Trillo, a proud military man and stern Catholic conservative, hoped the
standing of the armed forces had improved after special forces ejected six
poorly armed Moroccan gendarmes from the Parsley islet over the summer.
But now both he and the armed services are being ruthlessly lampoonedby, among
others The Puppet Show News, Spain's equivalent of Spitting Image.
Mr Trillo, a member of the strict Opus Dei Catholic lay order, is routinely
portrayed as a uniformed pothead whose favourite pastime is getting stoned
with the mascot of the Spanish Legion, a little white goat called Blanquita.
As both he and Blanquita mourned the lost Eurofighter by lighting up a giant
joint at the weekend, the defence minister declared: "It's the only way to
fly."
Guardian Unlimited © Guardian Newspapers Limited 2002
Sliced
liver, anyone? "The first public autopsy in Britain for 170 years
brought back vivid memories of medical school - and an acute sense of
hunger - for the Guardian's junior doctor Michael Foxton."
"The process of dismemberment is a deeply weird and dysphoric experience,
and it is a dangerous border to cross. I remember the first time I had to
do it, as a medical student in an operating theatre. It was a man with
stomach cancer, who I had been talking to on the ward the morning before
his operation. When the surgeon brought his knife down to make the first
cut on his belly, it was everything I could do to stop myself reaching
out and grabbing his hand to stop him. Doctors have to cross that line.
We have to separate the thinking, smiling, family man from the clinical
material. If I hadn't done that I couldn't possibly cut a hole and force
a huge chest drain tube a centimetre across into a writhing patient on a
respiratory ward at three in the morning, without going mad."
now that's a great name tag:
I just dug up this classic piece of
lunacy from the Montauk UFO contingent. Highly recommended if you
like reading this kind of wierdness...
DA: Hmmm. Who do these aliens eat?
AC: They specifically like young human children, that haven't been
contaminated like adults. Well, there is a gentleman out giving a lot of
information from a source he gets it from, and he says that there is an
incredible number of children snatched in this country.
DA: Over 200,000 each year.
AC: And that these children are the main entree for dinner.
yum yum!
Blather:
I See Dead People, by Mick Cunningham and Dave Walsh. "It's
Halloween, it's Trinity College in Dublin, and we're in a packed lecture
hall ... for an evening of public lectures entitled "Over Their Dead
Bodies... The Secrets That Dead Bodies Tell". And dead bodies speak
volumes. "
I went along to this -- it was fantastic stuff, although extremely gory at
times. Worth reading, and be thankful they don't have copies of Dr.
Harbison's slides.
hooray! IrelandOffline (in the person of chairman Dave) has
been nominated for the Irish Internet
Association's Net Visionary award for Social Inclusion.
Everyone (in Ireland I guess) is entitled to vote, so please, please do so
and show your support for our call for decent internet access on this
benighted isle.
Wired - A Prayer Before Dying: "the astonishing story of a doctor who
subjected faith to the rigors of science - and then became a test subject
herself", by Po Bronson:
In July 1995, back when AIDS was still a death sentence, psychiatrist
Elisabeth Targ and her co-researchers enrolled 20 patients with advanced
AIDS in a randomized, double-blind pilot study at the UC San Francisco
Medical Center. All patients received standard care, but psychic healers
prayed for the 10 in the treatment group. The healers lived an average
of 1,500 miles away from the patients. None of the patients knew which
group they had been randomly assigned to, and thus whether they were
being prayed for. During the six-month study, four of the patients died
-
a typical mortality rate. When the data was unblinded, the researchers
learned that the four who had died were in the control group. All 10
who were prayed for were still alive.
But read
on -- it's not as simple as all that...
FTC: "Spam Harvest"
Results Reap Help for Consumers Trying To Avoid Spam. Some
good prosecutions (yay!):
The FTC alleged that NetSource One and James R. Haddaway, operating as
WorldRemove, used spam and the Internet to sell a service they claimed
would reduce or eliminate spam from consumers' e-mail. The claims were
false. In fact, using an undercover account to test the claims, the FTC
found it received more spam after signing up for the service. The agency
charged the defendants with violations of the FTC Act.
Plus some good official studies to back up our own, unscientific
research:
In an effort to determine what online activities place consumers at risk
for receiving spam, Northeast Netforce investigators seeded 175
different locations on the Internet with 250 new, undercover e-mail
addresses and monitored the addresses for six weeks. The sites included
chat rooms, newsgroups, Web pages, free personal Web-page services,
message boards and e-mail service directories. One hundred percent of
the e-mail addresses posted in chat rooms received spam; the first
received spam only eight minutes after the address was posted.
Eighty-six percent of the e-mail addresses posted at newsgroups and Web
pages received spam; as did 50 percent of addresses at free personal Web
page services; 27 percent from message board postings; and nine percent
of e-mail service directories.
Plus, the lie of "targeting":
Spam Harvest partners also found that the type of spam received was not
related to the sites where the e-mail addresses were posted. For
example, e-mail addresses posted to children's newsgroups received a
large amount of adult content and work-at-home spam.
WSJ: For Bulk E-Mailer, Pestering Millions Offers Path to Profit.
I'm just trying to make a living like everyone else, says Ms.
Betterly. ... (she) quickly discovered that she could make a profit if
she got as few as 100 responses for every 10 million messages sent for a
client, and she figures her income will be $200,000 this year.
And she's based in Tampa, Florida. What is it about Florida?!
Some folks reckon that mailservers should have reverse DNS -- in
other words, that the SMTP server should have a fully-valid
forward-to-reverse mapping for its address, to cut down on spam and
forgeries. All well and good.
Some other folks reckon that filtering on it is therefore a good
way to cut down on spam.
It's a nice idea, apart from 2 things:
-
filtering based on this suffers the same problem some DNSBLs have: a
false positive hurts the user, rather than the person who is at fault;
also the user is virtually powerless to fix it.
-
the correlation between spam and missing reverse DNS is no longer as
strong as it used to be, as far as I can tell; spammers know they
should pick a relay or proxy with a reverse DNS entry to get through
filters, and as it becomes a requirement for relaying in general, more
hosts have this anyway (regardless of exploitability or not).
Joel on Software now features a great new article on what
he calls "Leaky Abstractions". Some snippets:
-
Even though network libraries like NFS and SMB let you treat files on
remote machines "as if" they were local, sometimes the connection
becomes very slow or goes down, and the file stops acting like it was
local, and as a programmer you have to write code to deal with this. The
abstraction of "remote file is the same as local file" leaks. ...
(jm: the 'transparent does not always mean good' problem)
-
Something as simple as iterating over a large two-dimensional array can
have radically different performance if you do it horizontally rather
than vertically, depending on the "grain of the wood" -- one direction
may result in vastly more page faults than the other direction, and page
faults are slow. Even assembly programmers are supposed to be allowed
to pretend that they have a big flat address space, but virtual memory
means it's really just an abstraction, which leaks when there's a page
fault and certain memory fetches take way more many nanoseconds than
other memory fetches.
(jm: the 'why objects are not always the way to do it' problem)
And finally, he ends with a killer:
Ten years ago, we might have imagined that new programming paradigms would
have made programming easier by now. Indeed, the abstractions we've
created over the years do allow us to deal with new orders of complexity
in software development that we didn't have to deal with ten or fifteen
years ago, like GUI programming and network programming. And while these
great tools, like modern OO forms-based languages, let us get a lot of
work done incredibly quickly, suddenly one day we need to figure out a
problem where the abstraction leaked, and it takes 2 weeks. And when you
need to hire a programmer to do mostly VB programming, it's not good
enough to hire a VB programmer, because they will get completely stuck in
tar every time the VB abstraction leaks.
Well said! Read
the article!
ICAP-server, an
(imaginatively-named) daemon which implements ICAP. This seems to be a
transcoding proxy server; in other words, it will convert HTML content on
the fly, while you browse.
ICAP itself seems to be a protocol for rewriting HTTP responses; in
other words, it allows a proxy server to include a small snippet of
ICAP client code, and call out to an ICAP server to do the rewriting.
Nifty.
Sounds like this could be very handy for low-bandwidth situations; use
ICAP to "downshift" web pages into low-bandwidth versions. For example,
banner ads can be trimmed out, heavy images converted to small,
low-quality JPEGs, etc. One to watch (or help out with).
Ericsson used to have a commercial product which did something similar,
but I can't find it now...
Trinity College, Dublin is
currently embroiled in a minor kerfuffle with Lucasfilm over "an uncanny
resemblance between the 18th-century Long Room Library at Trinity, and the
"Jedi Archives" in the latest episode of the "Star Wars" epic."
(Reuters)
The resemblance really is uncanny -- I noticed it myself on watching the
movie, but assumed there must have been a hundred similar libraries around
the world. Sounds like Trinity think there's only one after all. Given
that it's Trinity, maybe they're right.
Compare: the
Jedi archives vs. the Long
Room.
the
Anti-Telemarketing EGBG Counter-Script:
Telemarketers make use of a telescript - a guideline for a telephone
conversation. This script creates an imbalance in the conversation
between the marketer and the consumer. It is this imbalance, most of
all, that makes telemarketing successful. The EGBG Counterscript
attempts to redress that balance.
Half of the coolness here is the excellent, form/script-based design.
Well suitable for printing out and sticking to the wall beside the
'phone...
I've been reading an article in Edge Magazine, How To
Get Rich, by Jared Diamond (author of Guns, Germs and Steel). He
investigates more deeply into the differences between cultures, and the
effect this has had on their history and dominance, as he did in GG+S;
this time with economic might in mind.
For example, he notes that the Chinese, in the middle ages, were a
sea-faring nation of astounding skill, exploring most of the coasts of
Asia and Africa for trade. They were on the verge of rounding the Cape of
Good Hope (and, in the words of Diamond, "colonising Europe" ;) when a
new emperor with an anti-Navy bias took power, and recalled them. Since
the entirety of China's empire was ruled solely by one power, the emperor,
that was that. (Compare with Columbus, who could "shop around" the many
superpowers of Europe until his trip across the Atlantic was funded.)
Then, this morning, a pertinent link arrived via Kyle Moffat of forteana:
an ancient Chinese
map of Africa is now on show in Cape Town (BBC).
The Chinese map, covering more than 17 square metres, was produced in
silk. It is thought to be a copy of a map sculpted into rock 20 or 30
years earlier. ...
The Da Ming Hun Yi Tu, or Amalgamated Map of the Great Ming Empire,
is a unique snapshot of history. Created in China in 1389, and clearly
showing the shape of Africa, more than 100 years before Western
explorers and map-makers reached the continent.
BTW, worth noting that I came across the Diamond article from a link in
Clay Shirky's guest-blog at Boing Boing. Clay, as usual, is throwing up
lots of reading material, which I just don't have time to read ;) so I'm
syncing it all to my Palm with Sitescooper. Come on Xerox, where's that
electronic paper!?
similar to the much-discussed-elsewhere http search trick, which figures out the top 100 websites according to PageRank, here's the top 100 CGI scripts according to PageRank. They're incomplete, since only scripts with "cgi-bin" in the URL will show up, but hey ho. The top ten:
And the winner is:
boo.
let's ask Googlism some
hard questions.
Googlism, what is the web?
OK, what about the internet?
-
the internet is falling
-
the internet is not printed on paper
-
the internet is like is like a penis
-
the internet is no substitute
And Ireland?
-
ireland is dedicated entirely to development aid
-
ireland is at an end
-
ireland is again the "dirty man" of europe when it comes to
-
ireland is not disneyland
-
ireland is british (what?!)
-
ireland is looking for a german inhouse translator
Right. That's quite enough I think...
rOD links
to Massholes, an incredible gripe site for residents of Massachusetts to
bitch about shitty driving, for example:
Dear Masshole Driver,
WHAT on earth makes you think that making a right hand turn from the
left hand lane is a good idea??? Really, I'd like to know.
Signed,
The-nice-person-you-totally-cut-off-and-almost-killed
Incredible stuff. Sounds like they could do with the cool innovation
recently introduced here -- the "dob-a-dangerous-driver" line (1).
Let's say you're doing what a friend of mine did a few months ago:
crossing the road, with your kid in a buggy, at a pedestrian crossing,
with the lights in your favour -- then a speeding driver breaks the lights
at top speed and nearly totals the pair of you.
This great innovation then allows you to whip out your mobile phone (hey,
this is europe, everyone has one (2)), and immediately report the car's
registration number -- and 2 weeks later he receives a fine! Hey presto,
instant justice. (3)
And in the last week, they've introduced penalty points for bad driving;
12 points and you lose your license. Things can only get better -- for
the pedestrians that is, at least. ;)
(1: no, it's not really called that BTW)
(2: except me, that is -- I'm so far ahead of the bleeding edge I've
given them up)
(3: well, I'm exagerrating, I think there was more witness and due
process involved, but it's pretty close.)
(4: errno==EDANGLE: dangling footnote found)
ThinkGeek sent me a
voucher for 30 bucks. Thanks ThinkGeek (or Sourceforge, I'm not sure
which)! So here's what I got:
 Mousetrap For Your
Fridge Or File Cabinet!
When is the last time you played with your marbles? Welp, dust off your
old marble collection (or use the included marbles) and set them on a
journey they'll never forget.
You design the marble's treacherous path down the steep slope of your
fridge or file cabinet (or any metal surface, as these things are
magnetic). You have at your arsenal a combination of chutes, funnels,
catapults, spinners and sheer drop offs to arrange according to your mood
and tastes.
Give your marble the gift of extreme sports, all in the comfort of your
own home or office. Because happy marbles breed happy times...
Too cool. Thanks ThinkGeek/Sourceforge!
(On the other hand, BTW, their chosen shipper for Europe happily charges
an extra 6 euros for "import duty". but hey, the toy was free.)
man, this is sweet! BBC front page
coverage for Ireland Offline...
"Eircom has cited congestion of the network and not enough demand as
the arguments against unmetered (internet access)," said Mr (Dave)
Long (IO chairman).
BT-owned ESAT is just one of the telecom operators challenging Eircom
to offer a wholesale unmetered product.
"There is huge pent-up demand and our ears are sore from listening to
our own customers. For Eircom to say there is no demand is
condescending and naive," said (Una) McGirr (of ESAT BT).
Maybe what Eircom mean, is that there's not enough demand to outweigh
the unfeasibly large revenues they make from metered internet calls...
(ish!): The management of Sydney's Taronga Zoo has mooted
"manual stimulation" of Kibabu the gorilla, in order to grab some monkey
semen for artificial insemination.
"I believe it's done in Europe", they say (maybe they're harking back to
the days of Weimar Berlin). Zookeepers, being the ones who'd get their
hands dirty (so to speak), are -- understandably -- not too keen.
It now looks like something called "electro-ejaculation" will be used
instead... sounds painful. (Link from forteana.)
Date: Thu, 31 Oct 2002 07:04:12 +1000
From: Peter Darben (spam-protected)
Subject: Gorilla Wankers
-----
(from The Age (Melbourne) 31.10.02)
http://www.theage.com.au/articles/2002/10/30/1035683478852.html
Gorilla tactics rejected
October 31 2002
By Phillip Cornford
Kibabu the gorilla's inability to produce offspring has become an
embarrassing industrial issue for Taronga Zoo in Sydney.
The zoo management's proposal for an artificial insemination program using
manual stimulation of the sedated gorilla was vetoed by zookeepers.
"It was too bloody dangerous," a zookeeper said last night. "What if he
woke up?"
Red-faced Taronga officials last night confirmed the masturbation program
was proposed last May, but said there had been no further attempt to employ
it. "I believe it's done in Europe," a spokesman said. "There's been a lot
of discussion on how to get semen from Kibabu for artificial insemination."
Instead, Kibabu - whose harem numbers five females - will probably be
stimulated by an electrical device, a process called
electro-ejaculation. Kibabu's failure emerged yesterday as about 350 zoo
staff planned to stop work at 2pm tomorrow to discuss workplace agreement
issues, including wages, working hours, stress and job-related risks.
-----
peter
My googlism:
apparently I'm a tool to autoretrieve news from popular, or am I
scheduled to be tried on those charges in december? yikes.
the EU's scientific advisors have stated that cod stocks
in Europe are at their lowest ever levels, and will collapse without
action. grim! More at New
Scientist.
Things are getting crazy in the fight against spam: it seems AOL
blocked access (for two weeks) to its mailserver from Telia.com, one of
Sweden's biggest ISPs (if not the biggest), due to spam.
Attached is an unauthorized translation of an article in the Swedish IDG paper
Computer Sweden (web edition, Oct 24), provided by Claes Tullbrink.
Until a (previous) article was published, noting this ban, AOL had not
succeeded in contacting Telia to talk about it. Amazing stuff.
Date: Thu, 24 Oct 2002 14:51:19 +0200
From: Claes Tullbrink (spam-protected)
Subject: Telia.com not blocked by AOL any longer
Computer Sweden (in Swedish, password may be required after today):
http://computersweden.idg.se/ArticlePages/200210/24/20021024131806_CS539/20021024131806_CS539.dbp.asp
Oct 24, pm.
For more then two weeks mail from Telia.com was blocked by AOL.
Jocelyn Cole, AOL UK, confirmed the block, which was due to big amounts of
spam sent from Telia domains to AOL. The block is now removed, and AOL
is cooperating with Telia to find a long term solution to decrease the amount
of spam sent from Telia, to protect AOL customers.
Press officer Jan Sjöberg, Telia, says it was the article that solved the
issue: a Telia contact person name was mentioned in the article, and it seems
that AOL had read the articles [and *so* and in no other way knew who they
could contact? CT]
Jan Sjöberg is still not sure how the block was related to spam: due to spam,
reports of spam or a customer's open mail relay. Telia will investigate.
[proxies was not mentioned. I don't know if "reports of spam" relates to
refusing to accept plain mail reports sent to (spam-protected)
Claes
blog is a Good Word -- official. From Bayesian analysis
of my mail spool, blog shows up 1525 times in non-spam mail, and
never in spam.
Over on Boing Boing, Danny O'Brien notes
People who know me well enough, or google well enough, to uncover out my
weirder behaviours will know that I can't drive. It's not some
high-falutin' statement about the environment. I'm just not very good at
remembering which pedal does what.
Well, it's good to hear there's one more out there; me neither. It's
become a bit of a worry recently, since I may be moving to LA, which is
notoriously one of the most ped-unfriendly places in the world (Antarctica
excepted).
But why, you ask? I don't know -- but I think it's a combo of these
factors:
-
owning a car in Ireland is phenomenally expensive: due to bizarre
traits of the insurance biz over here, it costs about $100-$140 a
week to drive a car. That's quite a luxury. For that price,
you might as well just take cabs everywhere and let someone else
do the hard work.
-
I live more-or-less in Dublin city centre, so walking and cycling does
the trick nicely.
-
Dublin's got good public transport for when the weather's bad (see
also cabs above).
-
er, laziness.
I guess it may be something I'll have to sort out, at some stage, maybe.
Eventually. (Damn that laziness!)
Bernie Goldbach is currently blogging live from the floor of
OPEN_HOUSE_001, Media Lab Europe's inaugural conference.
I'm impressed -- by the technology, that is ;) . He's blogging via email
from a Nokia 9210i Communicator, to a Radio weblog, then via XML-RPC to
the Kirbycom New Media Cuts Movable Type blog. cool!
Anyway, that's enough of that -- gotta get back to work!
|
