Linux: So, I like being able to move windows around using the keyboard very quickly. In particular, one nifty feature of Sawfish was corner.jl, a Sawfish lisp snippet which ‘provides functions to move a window into a screen corner.’
Category: Uncategorized
Given all the fuss over blocking dynamic IPs due to spam, I’ve long sent outgoing SMTP via my server (which lives on a static IP). I download my mail from that using fetchmail over an SSH tunnel, and have done for a while. It’s very reliable, and that way it really doesn’t matter where I download from — quite neat. Also means I don’t have to futz with SMTP AUTH, IMAP/SSL, Certifying Authorities, or any of the other hand-configured complex PKI machinery required to use SSL for authentication.
Spam:
Craig is publishing SPF records. Worth noting that I’ve been
publishing SPF records for jmason.org for a month or two,
even though the protocol hasn’t even stabilised yet — working on
the ‘if you build it, they will come’ approach ;)
EU broadside at GM firms’ ‘lies’ (Ananova):
‘They tried to lie to people, they tried to force it upon people … it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.
‘So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn’t they start with such products, so they could prove to the world that this was exactly what they were interested in doing?
‘It will solve starvation among shareholders, but not the developing world unfortunately.
That’s the EU Environment Commissioner, Margot Wallstrom, launching a broadside against ‘US biotech companies’, accusing them of ‘forcing’ unsuitable GM technology onto Europe.
Ouch.
It’s interesting to note that much of their biotech companies’ tactics seem to work well in the US, but overseas, the tactics play out predominantly as blatant strong-arming, astroturfing support, and being ‘economical with the truth’, as the phrase goes.
Some rethinking of their strategy might be helpful — although really, IMO, some thought as to how to make their products relevant to consumers, instead of money-spinning for their shareholders, might work best of all. Making some moves towards the much-vaunted ‘solving starvation in the developing world’ might just be the best way to that.
Tech: Sam Ruby on Foo Camp. Foo camp sounds cool; a little bit circle-jerky, but still interesting. But that’s not what I wanted to write about — the thing I wanted to mention was BitTorrent; it just struck me recently — one key thing about BT that makes it great is that it’s designed by the UNIX philosophy — make one tool that does one thing very well, and make it pluggable, so it can be used by other things easily.
Funny: some Linux graffiti from Norway — a bit more accomplished than IBM’s efforts, but still — Linux?! (link via the ArcterJournal)
Odd: The Jewish Hero Corps, featuring Magen David, Menorah Man, Dreidel Maidel, Yarmulkah Youth, Hypergirl/Matza Woman, and several others. However, The Golem — as seen in The Amazing Adventures of Kavalier & Clay — is strangely absent.
Iraq: Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:
Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:
US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.
As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.
Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. … It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.
Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.
The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.
It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.
No ‘US commanders’ are named, so it’s all off-the-record.
Humour: on a lighter note, BBC Radio 4’s Loose Ends, recorded in the Spiegeltent in Dublin last weekend, featuring ‘writers Anne Enright and John Arden, Desmond Guinness of the Irish Georgian Society, comedian Dara O’Briain, Chieftain Paddy Moloney and Loose Ends regular Emma Freud.’
Science: Fantastic article in New Scientist volume 180 (4 Oct 2003), covering how science is beginning to identify the keys to a happy life, and perform studies measuring people’s happiness.
Music: All good things must come to an end. EMusic has been bought out by some bunch called ‘Dimensional Associates’, and will no longer offer its excellent download service; instead you’re limited to a measly 40 MP3s per month. (For context — last time I downloaded some listening material was on Monday, and I picked up about 80 MP3s in a single sitting.)
Patents: While I was reading LWN’s excellent writeup on the results of the EuroParl patent vote, I came across this very worrying snippet:
Green: iTrike: the World’s First* Solar-Powered Internet Rickshaw, from wireless.psand.net. Psand.net have done a great job in the past mucking about with wireless at green events in the UK from what I can see — I think I’ve even blogged about ’em — but they’ve outdone themselves this time. Cool!
Life: so myself and C took a one-night-only trip up to Idyllwild this weekend, hiking up to that rock formation and camping overnight. Great fun.
Software: A big-contract software dev horror story from the University of Cambridge. KPMG and Oracle come out of it with a lot of egg on their face. (found on Simon Cozens’ blog).
Linux: so it seems one of the GNOME guys wants to rewrite the rc.d boot script system in Python. Eek!
Comedy: some Spinal Tap snippets:
Astronomy:
APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.
APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.
I saw a similar daytime fireball streak through the sky when I was in Fraser Island in Australia last year; a little bit smaller than this one, mind you ;) Unfortunately, I didn’t get a picture in time. Very cool though!
Spam: A nasty new development — spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)
A nasty new development — spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)
This ROKSO file indicates one spammer’s modus operandi:
These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs – such as with ‘admin/admin’ – following a certain pattern and hoping to find a combination that lets him in.
An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.
MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.
Incredible. There’s no way at the SMTP/IP level to tell that this relay was compromised; blacklisting will definitely cause collateral damage in response; so content analysis is pretty much necessary, as far as I can see.
And in another worrying development: it turns out that the latest Outlook worm, W32.Swen, doesn’t bother trying to randomly generate usernames etc. or send via SMTP directly. Instead, it asks the user for their username, password and SMTP server!
Bruce Sterling: 10 Technologies That Deserve to Die. I can’t disagree with any of these, really — except for manned spaceflight — I’m not giving up on that one dammit! ;)
Very informative details of what happened with the NY power failure, from an insider at one of the nuke plants supplying power.
Hooray — my new Gamecube’s arrived!
Neal Stephenson’s new book upends geek chic — Paul Boutin, Slate. Three thousand pages?! Yeesh.
find-hidden-word-text – a command-line UNIX tool to ease the task of discovering hidden text in MS Word documents.
More specifically, it is an implementation of Method 2 from Simon Byers’ paper, Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents.
In other words, it’ll display just the hidden text (if any exists) in Word docs. Go forth and discover accidental leaks!
So a few months ago, I setup a cookie-producing mailto honeypot page at foojlist.php.
Well, I just got the first bite — and it’s a live one. It’s our old
friends at artprice.com. They’re a French spamhaus, operating from
Saint-Romain-au-Mont-d’Or, France, and reports claim that it’s all the
work of one guy — Thierry Ehrmann.
There’s lots of reports in USENET, and here’s their SBL listing, noting ‘extremely intense french spam source.’
This posting to NANAE notes that Colt France are not responding to complaints about them, either — but notes that ‘in France collecting e-mail addresses with the intention to send commercial mails without permission of the holders can be punished by law (article 226-18 of the Code Pe’nal – up to 5 years of prison or 300.000 euro)’. Interesting!
Full details of the spam, and the access_log entries from their web-scraper’s accesses, are attached.
Boing Boing links to a paper on the design of the Google Filesystem, Google’s in-house redundant-array-of-inexpensive-PCs cluster filesystem.
It’s very, very nice — and full of interesting tidbits about Google’s architecture.
-
‘the system must efficiently implement well-defined semantics for
- multiple clients that concurrently append to the same file. Our files are often used as producer- consumer queues or for many-way merging. Hundreds of producers, running one per machine, will concurrently append to a file. Atomicity with minimal synchronization overhead is essential. The file may be read later, or a consumer may be reading through the file simultaneously.’
-
‘The workloads also have many large, sequential writes that append data to files. Typical operation sizes are similar to those for reads. Once written, files are seldom modified again. Small writes at arbitrary positions in a file are supported but do not have to be effcient.’
A perfect example of traditional UNIX system design!
Ishkur’s Guide to Electronic Music v2.0, via MeFi.
Not bad at all! It actually has 2 Congo Natty tracks listed — even if it gets the name wrong for one of them ;) I’ll nitpick, though; the categories around drum and bass, ragga jungle, jungle, and breakbeat are a bit randomly-connected together; they didn’t really tie together that way at all IMO. And he randomly decided that hardcore should be renamed ‘breakcore’, created a new category for all that gabba shite, then called it hardcore. But hey… if you’re going to try to make some kind of sense out of it, you have to break some eggs, and never mind — there’s lots of nice samples!
BTW I can’t believe he lists Rob Hubbard’s theme music to Zoids in the Techno/VGM category. Has someone really released that?
And in passing, I should note, the description for ‘Not Trance’ under ‘Trance’ is spot on. As are many of the other recent trance/house-related categories. And, alright, some of the recent d’n’b categories too…
20 years ago tomorrow, on 27th September 1983, the GNU project was announced:
Free Unix!
Starting this Thanksgiving I am going to write a complete Unix-compatible software system called GNU (for Gnu’s Not Unix), and give it away free to everyone who can use it. Contributions of time, money, programs and equipment are greatly needed. ……
So that I can continue to use computers without violating my principles, I have decided to put together a sufficient body of free software so that I will be able to get along without any software that is not free.
Thanks to Ciaran O’Riordan for pointing this out!