Category: Uncategorized

Secsed-up

Published October 20, 2003

Humour: Data::Secs2 -- canoncial string for nested data. A format for representing nested data structures in accordance with SEMI E5-94, Semiconductor Equipment Communications Standard 2 (SECS-II), apparently pronounced "'sex two' with gusto and a perverted smile."

The manual page goes on:

In order not to plagarize college students, credit must be given where credit is due. Tony Blair, when he was a college intern at Intel Fab 4, in London invented the SEMI SECS standards. When the Intel Fab 4 management discovered Tony's secsification of their host and equipment, they elected to have security to escort Tony out the door. This was Mr. Blair's introduction to elections which he leverage into being elected prime minister. In this new position he used the skills he learned at the Intel fab to secsify intelligence reports on Iraq's weopons of mass distruction.

'Secsed-up', surely!?

Using a Web of Trust to stop spam

Published October 20, 2003

Spam: Been thinking about a distributed 'web of trust' approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point -- that we do not need PKI, crypto, or any other changes to identify senders in current SMTP -- and it could be done today, I think.

Why we don't need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

Traditionally, whitelisting uses just the From line, which is vulnerable to spoofing. SpamAssassin used this up to version 2.3x. Spammers started spoofing mails where 'From' was the same as 'To', and since most people had themselves in the whitelist, that worked. boo.

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token -- ( from_address, ip_address ) -- as the sender's address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That's close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

So basically, to identify someone strongly enough to provide a spam fix in plain old vanilla current SMTP, gen up a string containing their 'From' address, along with all the /24 masks of the IP addresses found in the 'Received' headers.

Remove your relays' IP addresses, and you have an unspoofable ID for that person's SMTP traffic. Any spammer who wants to spoof that, will have to compromise their mail server (or a server in the same /24). That's not cost-effective for spamming.

Note that whitelisting based on that is effectively what the SpamAssassin auto-whitelist does. But for that to be more useful than the AWL, it has to extend over the internet to those people your friends haven't corresponded with yet; ie. it's got to be distributed.

(If you would like to comment on this scheme, I'd prefer if you could post comments at this QuickTopic forum.)

Using a Web of Trust to stop spam

Published October 20, 2003

Been thinking about a distributed 'web of trust' approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point -- that we do not need PKI, crypto, or any other changes to identify senders in current SMTP -- and it could be done today, I think.

Why we don't need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token -- ( from_address, ip_address ) -- as the sender's address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That's close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

(If you would like to comment on this scheme, I'd prefer if you could post comments at this QuickTopic forum.)

That Forbes Article

Published October 19, 2003

Open Source: Forbes: Linux's Hit Men.

The dispute, which was leaked to an Internet message board, offers a rare peek into the dark side of the free software movement--a view that contrasts with the movement's usual public image of happy software proles linking arms and singing the 'Internationale' while freely sharing the fruits of their code-writing labor.

(Here we go again -- the old 'free software is communism' line, cf. the 'Give Communism A Try!' / Nazi Penguin posters SCO made up earlier this year.)

The article goes on to bemoan how software companies who write proprietary extensions into GPL-licensed software, have to comply with the terms of the license.

It's all a bit of an obvious dig -- but I am looking forward to the follow-up article -- that's the one where the author bemoans how commercial software companies send out their 'enforcers' to extort money from companies who don't bother paying the royalties and runtime license fees their licenses require.

PS: Hmm, 'software prole' -- maybe I'll adopt that in the same way
Suresh has adopted 'lower-middle-class Unix sysadmin':

The other title came from a spammer who asked Ramasubramanian what she'd done that made him report her to her ISP.
'I gave her a standard set of links and information on why spam is bad, and took the time to explain all this to her. She then asked me what I did for a living. When I replied that I was a Unix administrator at an ISP, she blew up and said, 'I thought you were a successful businessman and marketer, but you are only a lower-middle-class Unix sysadmin. Don't you dare talk to me like this!!!''

Oh look, Suresh has a journal, too; I never realised. Cool.

SCO’s no-show invoices

Published October 19, 2003

SCOvLinux: GrokLaw: Groklaw's Open Letter Linked to SCO's Backing Off Invoicing.

'SCO Group Inc is backing-down from threats to invoice organizations running Linux while extending SGI's compliance deadline.
'A company spokesperson said yesterday SCO's plan to invoice organizations, on the basis that Linux illegally contains SCO code, had changed following what he claimed was success of its UnixWare licensing program. . . .
'Members of the open source community warned SCO last month in an open letter they would initiate civil action under anti-fraud and consumer protection statutes.'

My take: 'What? You mean extortion through fraudulent invoicing is illegal? Oops, call the mail room!'

BTW, anyone who hasn't read the GrokLaw Open Letter to SCO yet, really should. It's a great summary of all the many points where SCO is wrong.

MS on Choice

Published October 18, 2003

Music: This is great. Microsoft's general manager for the Windows Digital Media division, Dave Fester, on iTunes for Windows:

If you use Apple's music store along with ITunes, you don't have the ability of using the over 40 different Windows Media-compatible portable music devices. When I'm paying for music, I want to know that I have choices today and in the future.

Oh, the schadenfreude. (I wonder how many MP3-compatible portable music devices there are?)

AdvogatoDay

Published October 18, 2003

Tech: So, I just looked at NTK; it has a brief bit about Bram Cohen 'having solved content distribution, (announcing) he was now tackling other simple problems: reputation systems, version control and perhaps after lunch the NP-complete set.'

Hmm, interesting! Let's take a look at his diary -- and what do I find but a whole load of entries on using trust metrics against spam. Bugger. Looks like I have my weekend reading cut out for me.

Also notable: Advogato has added native RSS support, which makes this pretty pointless; and they've also added an XML-RPC interface. Expect to see taint.org entries getting copied up there soon, as a result. ;)

Uptown, Downtown and Midtown

Published October 17, 2003

Language: AussieInAmerica on {up,down,mid}town:

Something that is common here in Atlantic Canadian and northeast American small cities is to refer to the CBD (or city centre/downtown) as 'uptown', especially if coming to the city from its environs. BUT... once I am 'uptown' , I would then refer to my location as 'downtown'. In other words, 'uptown' is the city centre/ CBD only if you are not there yet. 'Uptown' becomes 'downtown' once you arrive there. AND, since many smaller cities have one main street that leads in and out, if you head out of 'downtown' up that street you are going 'uptown'. Follow? It works for us and I can't recall any confusion.
(Author:) Hmm, I'm glad you folk have got it sorted out! I am reminded of Grover's existential crisis on Sesame Street as he was coming to grips with 'here' and 'there'. Every time he pitter-pattered over to 'there', it turned into 'here'.

Great site. Some pretty good Strine, too -- 'Jeggoda Sinny?' really is a common query!

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

Humour: The null device reports a spam entitled, 'julian haight funds terrorists b alqoswmw l lgng'.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.
haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: 'patriotism is the last refuge of a scoundrel'.

Also present is some lovely pictures of Carlton, with trams, greenery, grey skies, and that distinctive turn-of-the-century Aussie architectural style. A couple of years ago, I lived just around the corner in North Melbourne; looking at those photos, it seems like I could just pop out the front door and walk through it all on the way down to the Vic market. They thoroughly evoke day-to-day just-outside-the-CBD Melbourne.

Spamcop and ‘Al-Quada’, sitting in a tree

Published October 17, 2003

The null device reports a spam entitled, 'julian haight funds terrorists b alqoswmw l lgng'.

Julian haight spamcops CEO is rumoured to have conections with Al-Quada, one of the most disruptive terrorist orginisations on earth. hes specialty is cyber terrorism. which disperses highly needed homeland security funds by rendering multi million dollar industrys unprofitable.

haights main motive is the perversion of American free enterprise.

Oh, the poor spammers! One comment quotes Samuel Johnson: 'patriotism is the last refuge of a scoundrel'.

iTunes adding indie tunes

Published October 17, 2003

Music: Indie Labels Debut At iTunes Music Store: 'I happened to notice a Thievery Corporation release from Eighteenth Street Lounge Music in the 'Just Added' section...doing some more exploring, I found releases from Matador (Interpol, Pizzicato Five) and Nettwerk (BT) as well.' (thx Karlin !)

Hmm -- that's good news for iTunes, but pretty bad news for EMusic. Those labels are all very well-represented on EM.

Wonder if I can run iTunes under Wine?

Recycling – Australia has it right

Published October 16, 2003

Environment: The Irish Times reports:

The State is facing a waste crisis that is threatening to bury the country, according to the Minister for the Environment, Mr Cullen. He said yesterday every person in this State was now producing 700 kg of household and commercial waste a year.
'That is three times more than they do in the Netherlands. If this continues, the figure will rise to two tonnes per person by 2015,' he said.
Landfills in six out of 10 regions in the country had less than three years capacity left, yet people were producing enough waste to cover every single town in Ireland. 'We have to change. Doing nothing is not an option,' Mr Cullen said.

Well, duh. So what have they done? They've setup a website, raceagainstwaste.com, with a page on recycling replete with techie details of how recycling works, then suggesting such gems as 'if they do not already run one, suggest to your local authority that it considers starting a plastics recycling scheme.'

Brilliant. I'm sure they'll listen. Nice delegation, Mr Cullen!

In the meantime, apparently 92.2% of the 'waste stream' is sent to landfills instead of recycling.

I'm not just knocking here -- the amazing thing about recycling is that it's been done right elsewhere. All this wheel-reinvention is totally superfluous. Here's the details on Victoria, Australia's kerbside recycling system; it's pretty simple.

Each household gets 1 large basin-type plastic tray thing, in which you can put washed, unsealed, recyclable plastic containers. You tie up bundles of recyclable paper into another pile when you leave out the rubbish. And finally, you get a wheelie bin for the rest; stuff that really is rubbish. The bin guys then keep the 3 types of rubbish separate when they pick it up.

Yes, it takes a little bit of time to wash the plastic containers and tie up the paper into bundles. But nobody minds; they're doing the right thing! It's a hell of a lot better than chucking the lot into a single container and hoping that some expensive machine at the far end can sort it all out again.

It's also better than the current Irish and US systems, where we're expected to bring certain kinds of trash to a centralized drop-off point ourselves. First off, this is very impractical unless you've got a car to do it in -- and sufficient motivation to do so; and secondly, the bulkiest rubbish -- packaging, paper and plastic -- is not included, just glass.

The Bin Tax

Published October 15, 2003

Over the past few months, Dublin has seen increasing resistance to newly-introduced rubbish-removal charges, or as they're being called, 'the bin tax'.

The charges are:

levied in addition to the 'local services' charges in income tax,
- which already cover rubbish removal.

The last point is key -- UK residents may be reminded of a similar flat-rate tax introduced by Thatcher in the 80's... and we all know how that ended.

The result is that a large number, 75% of the population in the affected areas, have taken the course of non-payment of the charges.

There's been lots of organised protest throughout Dublin, with constant picketing outside bin depots. Joe Higgins TD (a member of the Dail, the Irish parliament) and County Councillor Clare Daly have spent three weeks in jail so far, due to protesting on this issue.

Now, things are really starting to heat up -- reportedly, the bin workers are starting to support the campaign, refusing to cross protest lines and refusing to drive lorries from depots if protesters are present. In some depots, they have even joined the picketers!

It's not all good though -- yesterday, national news shocking footage (SMIL) of a protester being dragged for several hundred feet by a speeding van.

This one's getting interesting.

Snippets

Published October 15, 2003

Bits: BarbieOS, a cutdown version of Debian from Mattel. Really. 'BarbieOS 1.0 is the result of almost a year's worth of marketing research into what pre-adolescent girls want in a mobile Linux solution aimed at being a desktop replacement.' (via Ben)

Great site -- also has US.BLAST.D Worm Wreaks Havoc on US Post Office, Mail Delivery Halted ('Until a patch can be created by Microsoft and deployed by the MCSEs who maintain the nation's critical infrastructure, President Bush has urged all Americans to lock in a safe or a drawer all of their pens, pencils, stamps, white paper and envelopes so that they cannot be exploited by the virus and used to write out more copies of itself.'

-- and An Open Letter from RIAA President Hillary Rosen to Music Pirates Everywhere ('Currently an RIAA-backed online service known as Pressplay allows users to subscribe for $18.95 a month to a small library of popular works and listen to them via half-quality audio streams if they have broadband connections. Users may download 10 songs a month to burn to CDs if they wish. Pressplay exclusively supports the Windows Media Audio format, and therefore each song benefits from active scripting support, expiration dates, copy protection and proven Microsoft security. With embedded scripts, each song can also enhance the user experience by opening web pages featuring more music they might like to buy. After only 8 months online and a strategic partnership with AOL, Pressplay currently boasts more than 100 subscribers and is growing every day.')

Spam: Bayesian comment filter for Movable Type, nifty. Pity it's still using the Paul Graham method, which is not so hot. (thx Antoin!)

The Funniest Thing I’ve Read

Published October 15, 2003

Humour: Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I've read in months -- thanks Tom!

(Background: 'The Barefoot Doctor' is the 'healer' who writes for The Observer Magazine on 'wellbeing, alternative therapies and medicines and ways to cope with modern life'. Everything can apparently be healed through kidney massage and a few essential oils.)

Q: A case study, Mr Barefoot: my bus has crashed - I've got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the 'Used Tickets' receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.
What herbs and aromatic oils would you recommend?
Doc: you may jest - however, aromatic oils or potions can be extremely effective in speeding the healing process eg - manuka honey,lavender, marigold etc - thanks for bringing it up
Q: oooh good answer. yes i'm going out to buy some manuka honey right away. what do you do with it, is it nice on toast?
lavender, marigolds? is he opening a kitchen department?
Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.
Can recomend any effective massage oils for my friend? Its quite urgent because he's beginning to talk incoherently about bright lights, can't move and fainting.
Thank you, 3000
(... snip several hundred similar hilariously bitchy 'questions'... Barefoot Doctor disappears for a while...)
Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree -- or can't find first gear?

(BTW the real 'barefoot doctors' were a different kettle of fish entirely; 'part-peasant, part-doctor' commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 15, 2003

Spam: I've been meaning to collate a page about why I don't like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, 'So...we punish everyone in the world, and hope that a delay of one or more hours is considered 'acceptable'? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.'

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There's even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the 'edge cases' that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don't retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That's really not a lot of data -- 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, 'greylisting' will work fine in the short term, until it becomes reasonably common -- then the spamtool developers will start adding retry code.

Then we're back to square one -- except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That's not really progress.

The Funniest Thing I’ve Read

Published October 15, 2003

Guardian Talk: The Barefoot Doctor, live online. This is the funniest thing I've read in months -- thanks Tom!

Q: A case study, Mr Barefoot: my bus has crashed - I've got a compound fracture in my right leg, the bone is sticking out from under the skin and is wedged into the 'Used Tickets' receptacle, my skull has had a good old thump against the seat in front and is impersonating a boiled egg after the first thump with the teaspoon, and my ribs have been broken into bits like a packet of smokey bacon crisps someone has stood on.

What herbs and aromatic oils would you recommend?

Doc: you may jest - however, aromatic oils or potions can be extremely effective in speeding the healing process eg - manuka honey,lavender, marigold etc - thanks for bringing it up

Q: oooh good answer. yes i'm going out to buy some manuka honey right away. what do you do with it, is it nice on toast?

lavender, marigolds? is he opening a kitchen department?

Q: My unfortunate friend received a quite severe beating in the street a few days ago and has since been passing blood in his urine, in copius amounts.

Can recomend any effective massage oils for my friend? Its quite urgent because he's beginning to talk incoherently about bright lights, can't move and fainting.

Thank you, 3000

(... snip several hundred similar hilariously bitchy 'questions'... Barefoot Doctor disappears for a while...)

Q: Where is he? Maybe the Barefoot Cab Driver who learnt to drive by karmic chanting has driven into a tree -- or can't find first gear?

(BTW the real 'barefoot doctors' were a different kettle of fish entirely; 'part-peasant, part-doctor' commune-level health workers in revolutionary China.)

For Reference: Why Greylisting Sucks

Published October 14, 2003

I've been meaning to collate a page about why I don't like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There's even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the 'edge cases' that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

From, To addrs and HELO string used
proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
random seed used to generate random hashbuster tokens etc., so the body text matches

That's really not a lot of data -- 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, 'greylisting' will work fine in the short term, until it becomes reasonably common -- then the spamtool developers will start adding retry code.

Then we're back to square one -- except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That's not really progress.

KDE patch, and my cat

Published October 14, 2003

Linux: So, I like being able to move windows around using the keyboard very quickly. In particular, one nifty feature of Sawfish was corner.jl, a Sawfish lisp snippet which 'provides functions to move a window into a screen corner.'

Some background: my desktop layout is essentially divided into 4 corners (e.g. 4 xterms in a 'one in each corner' layout), or 2 sides (e.g. mail reader on the left, web browser on the right), depending on the size of the windows.

Using corner.jl, one could just throw the mouse into any part of a window's area, hit a key, and the window would move where you wanted it.

I've since moved to KDE, and missed that functionality. So a while back, I reimplemented it as a patch to kwin. Here it is, and bug 65338 is the KDE bug entry tracking it as a feature request.

Not much traction in persuading the KDE folks to apply it, but hey, that's open source for ya. The patch will always be around anyway ;)

Pets: My cat brings me presents.

Specifically, today he brought me a mouse's liver and left it on the doorstep. At least I think it's a mouse's liver; the scale seems right. No sign of the rest of the mouse, though...

This is with no less than 3 bells on his collar; I don't know how he does it, unless it's simply that the rodents round here are just not used to the concept of predation.

BTW, the mouse's liver wound up flushed down the toilet.

Getting Postfix to use an SSH tunnel for outgoing SMTP

Published October 14, 2003

Given all the fuss over blocking dynamic IPs due to spam, I've long sent outgoing SMTP via my server (which lives on a static IP). I download my mail from that using fetchmail over an SSH tunnel, and have done for a while. It's very reliable, and that way it really doesn't matter where I download from -- quite neat. Also means I don't have to futz with SMTP AUTH, IMAP/SSL, Certifying Authorities, or any of the other hand-configured complex PKI machinery required to use SSL for authentication.

However, I've been using plain old SMTP for outgoing traffic, by just poking a hole in the access db for the IP I'm on. A bit messy and generally not-nice.

So I decided to make it sensible and deliver using SMTP-in-an-SSH-tunnel. In the same SSH tunnel, in fact ;) With Postfix, it turned out very easy -- here's how to do it:

Add this option to the SSH commandline in the SSH tunneling script (I'm presuming you have one ;):

-L 8025:127.0.0.1:25

That'll port-forward port 25 on the remote system to port 8025 on localhost, so that if a connection is made to port 8025 on localhost, it'll talk to port 25 on the remote host. Std SSH tunneling there.

Now for Postfix -- add this to /etc/postfix/main.cf:

default_transport = smtp:localhost:8025

This means that Postfix will always use SMTP to localhost on port 8025 for any non-local deliveries.

Run service postfix reload (cough, Red Hat-ism) and that's it! A whole lot easier than I was expecting... Postfix rocks.

SPF again

Published October 13, 2003

Spam: Craig is publishing SPF records. Worth noting that I've been publishing SPF records for jmason.org for a month or two, even though the protocol hasn't even stabilised yet -- working on the 'if you build it, they will come' approach ;)

Anubis looks great; I've been meaning to hack up something like that. Nifty!

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

Science: EU broadside at GM firms' 'lies' (Ananova):

'They tried to lie to people, they tried to force it upon people ... it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.
'So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn't they start with such products, so they could prove to the world that this was exactly what they were interested in doing?
'It will solve starvation among shareholders, but not the developing world unfortunately.

That's the EU Environment Commissioner, Margot Wallstrom, launching a broadside against 'US biotech companies', accusing them of 'forcing' unsuitable GM technology onto Europe.

Ouch.

It's interesting to note that much of their biotech companies' tactics seem to work well in the US, but overseas, the tactics play out predominantly as blatant strong-arming, astroturfing support, and being 'economical with the truth', as the phrase goes.

Some rethinking of their strategy might be helpful -- although really, IMO, some thought as to how to make their products relevant to consumers, instead of money-spinning for their shareholders, might work best of all. Making some moves towards the much-vaunted 'solving starvation in the developing world' might just be the best way to that.

‘It will solve starvation among shareholders, but not the developing world’

Published October 13, 2003

EU broadside at GM firms' 'lies' (Ananova):

'They tried to lie to people, they tried to force it upon people ... it is the wrong approach and we simply have not accepted that and European citizens have not accepted it. You simply cannot force it upon Europe.

'So I hope they have definitely learned a lesson from it and especially when they now try to argue that this will try to solve the problems of starvation in the world. After all, why didn't they start with such products, so they could prove to the world that this was exactly what they were interested in doing?

'It will solve starvation among shareholders, but not the developing world unfortunately.

That's the EU Environment Commissioner, Margot Wallstrom, launching a broadside against 'US biotech companies', accusing them of 'forcing' unsuitable GM technology onto Europe.

Ouch.

Firing Automatic Weapons Upwards Considered Harmful

Published October 13, 2003

Humour: BBC: Serbia wedding guests 'down plane'.

Guests at a wedding in central Serbia have apparently shot down a small aircraft by mistake.
They were celebrating in the traditional way - firing off shot after shot into the air above the wedding party. Unfortunately, there was a two-seater aircraft flying overhead. One eye-witness told reporters the plane was shot in the left wing.

oops!

Spam: Spammers try fooling filters with digital signatures (ZDNet). oh look, they quote myself and Theo ;)

BitTorrent and Google’s IP

Published October 13, 2003

Tech: Sam Ruby on Foo Camp. Foo camp sounds cool; a little bit circle-jerky, but still interesting. But that's not what I wanted to write about -- the thing I wanted to mention was BitTorrent; it just struck me recently -- one key thing about BT that makes it great is that it's designed by the UNIX philosophy -- make one tool that does one thing very well, and make it pluggable, so it can be used by other things easily.

It doesn't have a GUI to search for torrents -- the user does that in their web browser, mail, by swapping notes on napkins, whatever. It just does P2P file transfer very very well -- and that's file transfer of some file or another, hence legality issues around P2P are side-stepped. BT is cool.

Patents: Cluetrain on patents:

Well, Google is (jm: going after patents). And the VCs are paying for it. Hell, some of them insist on it. That's what I gathered last night, while schmoozing at the opening evening at PC Forum. First, Larry Page, Google's founder and CEO, told me he hates patents and would rather not deal with them as an issue at all. Then Google board member and lead VC John Doerr surprised a small gaggle of patent skeptics (including Page, Dave Winer and myself) that he loved patents. Patents are one of the things that make America great, he said, and went on to insist that they encourage innovation, cure cancer, raise the dead, and bring peace in our time. (Or something like that. Whatever, he likes patents a lot). So don't expect Google to abandon their hunt for patent lawyers anytime soon.
Listening to John, I began to think one problem is that just caring about patents puts your mind inside the system, where it gets stuck to intellectual flypaper. Or worse, political flypaper.

Linux graffiti

Published October 10, 2003

Funny: some Linux graffiti from Norway -- a bit more accomplished than IBM's efforts, but still -- Linux?! (link via the ArcterJournal)

SMTP Sender Authentication

Published October 10, 2003

Spam: SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

Schemes similar to this -- calling back to a sending server to verify that a mail was really sent via that host -- have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:

J C Lawrence's 'forward chained digital signatures' on Received headers
William at elan.net's 'complex callback verification requirying full message tracking server functionality with dns extensions'
Russ Nelson's Q249
Our own 'porkhash'

I still like this style of system, I think, but in terms of deployability and simplicity, I'm supporting Sender-Permitted From for now -- which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.

Another bonus of SPF is that it's simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It's not always easy in the anti-spam field to find a solution like that ;)

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

SMTP Sender Authentication

Published October 10, 2003

SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

J C Lawrence's 'forward chained digital signatures' on Received headers
William at elan.net's 'complex callback verification requirying full message tracking server functionality with dns extensions'
Russ Nelson's Q249
Our own 'porkhash'

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

Jewish Superheroes

Published October 10, 2003

Odd: The Jewish Hero Corps, featuring Magen David, Menorah Man, Dreidel Maidel, Yarmulkah Youth, Hypergirl/Matza Woman, and several others. However, The Golem -- as seen in The Amazing Adventures of Kavalier & Clay -- is strangely absent.

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Iraq: Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.
As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.
Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. ... It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.
Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.
The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.
It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No 'US commanders' are named, so it's all off-the-record.

Humour: on a lighter note, BBC Radio 4's Loose Ends, recorded in the Spiegeltent in Dublin last weekend, featuring 'writers Anne Enright and John Arden, Desmond Guinness of the Irish Georgian Society, comedian Dara O'Briain, Chieftain Paddy Moloney and Loose Ends regular Emma Freud.'

Iraq: guerrilla tactics planned from the start?

Published October 10, 2003

Parallels with Vietnam becoming ominous for US commanders (Irish Times, subscriber-only). An interesting view on the situation Iraq:

US commanders in Iraq now believe that during the invasion, lower-echelon Iraqi troops mounted a token defence against US armour and air power while thousands of Republican Guard members went to ground in order to wage a prolonged guerrilla war during the subsequent occupation.

As the current attacks evolve in sophistication and momentum, US troops believe that the current phase of the war is not an ad-hoc development, but part of a pre-planned strategy designed to frustrate US plans to rebuild Iraq.

Further indicators as to the source of the insurgency lie in the weaponry and tactics employed. US convoys and patrols are repeatedly attacked with IEDs configured as roadside bombs along with RPG strikes. ... It is believed that the plastic explosives and RPGs were released from military stores in the run-up to the invasion and pre-deployed among the population for a war of attrition.

Wounding rather than killing the enemy is a classic feature of this type of war of attrition. By wounding as many enemy troops as possible, the guerrilla army ties up the resources of the occupying force as it seeks to evacuate and treat its personnel.

The architects of the current attacks recognise that it is far more expensive for the US to medically evacuate and treat injured soldiers than to simply process them for burial. For the insurgents, the psychological effect of their attacks is greatly enhanced with families and politicians in the US confronted with mutilated and disfigured soldiers returning from Iraq.

It would appear that the war in Iraq did not end on May 1st. It simply entered a new phase designed to render Iraq ungovernable.

No 'US commanders' are named, so it's all off-the-record.

Happiness measured

Published October 9, 2003

Science: Fantastic article in New Scientist volume 180 (4 Oct 2003), covering how science is beginning to identify the keys to a happy life, and perform studies measuring people's happiness.

That's a subscribers-only link unfortunately, but I'll excerpt a few choice snippets:

First off, money:

Can money buy happiness? The short answer is, yes - but it doesn't buy you very much. And once you can afford to feed, clothe and house yourself, each extra dollar makes less and less difference. ... In the past half-century, average income has skyrocketed in industrialised countries, yet happiness levels have remained static (see Graph). It seems absolute income doesn't make much difference once you have enough to meet your basic needs. Instead, the key seems to be whether you have more than your friends, neighbours and colleagues.

Looks:

First the bad news: good-looking people really are happier. When Diener got people to rate their own looks, both with and without make-up, there was a 'small but positive effect of physical attractiveness on subjective well-being'.

But don't compare your looks with what the media puts out:

In a new study, Laurie Mintz and her colleagues from the University of Missouri-Columbia found that women who saw advertisements featuring lithe and flawless young models for just one to three minutes rated their own bodies more negatively and showed an increase in depression. Mintz was alarmed how quickly the women's self-esteem was undermined. And she believes people are becoming more dissatisfied as new technology allows the media to create ever more unrealistic images.
Mintz recommends less drastic steps to contentment: avoid unrealistic media images; understand that such pictures are airbrushed and 'Photoshopped' to perfection; appreciate your body for what it does rather than how it looks.

Friends:

It is hard to imagine a more pitiful existence than life on the streets of Calcutta or in one of its slums, or making a living there as a prostitute. Yet despite the poverty and squalor they face, such people are much happier than you might imagine. 'We think social relationships are partly responsible,' says Diener.

And a global comparison:

The latest global analysis of how levels of satisfaction and happiness vary from country to country shows that the most 'satisfied' people tend to live in Latin America, Western Europe and North America. Eastern Europeans are the least satisfied.
... There is plenty more about national happiness levels that has researchers scratching their heads. One of the most significant observations is that in industrialised nations, average happiness has remained virtually static since the second world war, despite a considerable rise in average income (see Graphic). The exception is Denmark, where people have become more satisfied with life over the past 30 years - no one is quite sure why.

and the effects of consumerism:

A growing number of researchers are putting the static trend down to consumerism. Survey after survey has shown that the desire for material goods, which has increased hand in hand with average income, is a 'happiness suppressant'.
One study, by Tim Kasser at Knox College in Galesburg, Illinois, found that young adults who focus on money, image and fame tend to be more depressed, have less enthusiasm for life and suffer more physical symptoms such as headaches and sore throats than others (The High Price of Materialism, MIT Press, 2002). Kasser believes that people tend to embrace material values when they are feeling insecure (retail therapy, anyone?). 'Advertisements have become more sophisticated,' says Kasser. 'They try to tie their message to people's psychological needs. But it is a false link. It is toxic.'

Lots of good bits. Pity it's subscribers-only!

EMusic is dead

Published October 9, 2003

Music: All good things must come to an end. EMusic has been bought out by some bunch called 'Dimensional Associates', and will no longer offer its excellent download service; instead you're limited to a measly 40 MP3s per month. (For context -- last time I downloaded some listening material was on Monday, and I picked up about 80 MP3s in a single sitting.)

They've shut down their message boards; third-party discussion groups are filled with wailing and gnashing of teeth; and worst of all, I can't even download the remaining stuff on 'My Stash' (the downloads-to-do list) because they're overrun with rats deserting the sinking ship. (no reflection on the rats -- I'm one myself.) Either that, or they've just turned them off; which is annoying as I had lots of music lined up to download when I got a chance.

This is very bad news -- Apple's iTunes is full of crappy music, Mac-only, and DRM-crippled; Rhapsody is Windows-only and DRM-crippled; there's really no other legal MP3-download option.

I guess I'll just have to go back to buying 1 or 2 CDs every few months when I'm buying stuff from Amazon (which I do nowadays anyway, in addition to EMusic) and just listening to the radio in general instead.

Thanks anyway, EMusic, for introducing me, helping me get into, or helping me rebuild my collection of such great music as:

Ladytron
Lemon Jelly
Belle and Sebastian
TRS-80
Yo La Tengo
Pepe Deluxe
Layo And Bushwacka
Asian Dub Foundation
The Pixies
Stereolab
Johnny Cash
Future Sound of London
Freq Nasty
Matmos
Cornershop
Thievery Corporation
Cocteau Twins

It was great while it lasted.

Ah well, I guess I'll save a tenner a month, which I can put towards the GameFly subscription...

Spammer ‘Cloaking Devices’

Published October 9, 2003

Spam: Cloaking Device Made for Spammers (Wired).

'Try to find the real IP,' he said. 'This host is in rackshack.net, the most antispam ISP.' A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.

It's using DNS trickery and a set of reverse proxies. This is standard practice among a small number of the upper echelon of spammers these days.

Of course, many of the techniques used to do this -- such as the subversion of Wintel PCs on cable modem networks -- are highly illegal, so the spammer/crackers are heading deep into jail-time territory.

I'm really posting this because of this entry at Boing Boing, in which Cory notes: 'I'm pretty skeptical about the untraceability of these systems -- I suspect that rather, they are resistant to some tools, not resistant to others, and not hard to write new tools to uncover.'

They're untraceable from where we're standing -- these are compromised machines. The only way to trace from that machine onwards, is for the abuse staff of those machines' ISPs to help out, or to get hold of the machine itself. This is not so easy -- which is why the spammers do it.

(I would have posted this as a comment on BB!, but they've stopped accepting comments, as noted previously. grr)

Anyway. As time goes on, the development of Wintel spamware-installing worms, and hands-on cracking of Unix servers to install trojans (PDF), is becoming more and more common. There's definitely an increasing crossover between spammers, virus-writers and crackers, as the Wired News article notes.

This is very much illegal activity under existing computer crime laws, and much more serious than whatever the anti-spam legislation out there considers spamming to be. Maybe the big spammers are going increasingly 'all-out', given that the lawmakers are finally giving the anti-spam laws some teeth...

Whoops

Published October 9, 2003

Funny: So, I guess this is the Korean equivalent of Dublin's Mao restaurant? Hitler Bar. (thx Eoin)

USPTO ‘chime in’ with tips for EU’s patent laws

Published October 8, 2003

Patents: While I was reading LWN's excellent writeup on the results of the EuroParl patent vote, I came across this very worrying snippet:

Readers in the United States may be interested to know that the U.S. government has chimed in with opposition to article 6a, which states that patents can not be used to block interoperability.

Sure enough, it links to an FFII page noting

'the US' believes that conversion between patented file formats should generally not be allowed without a license, and therefore demands deletion of Art 6a.'

'the US' is in quotes because FFII reckon that evidence suggests that this is the US Mission's IPR representatives forwarding the text direct from the US Patent Office, since the USPTO is an agency of the Dept of Commerce.

.... 'It is part of a US Government 'Action Plan' to 'promote international harmonisation of substantive patent law' in order to 'strengthen the rights of American intellectual property holders by making it easier to obtain international protection for their inventions'. This plan has been promoted aggressively by top officials of the US Patent Office in international fora such as WIPO, WSIS and OECD as well as through bilateral negotiations.'

BTW, that is exactly the wording used in the USPTO's 21st Century Strategic Plan paper. FFII go on to comment on their letter, including this note:

'The US' is propagating conventional wisdom such as 'the more patents the more property, the more property the more innovation', which is in sharp contrast to consensus of all serious scholars of software economics, as expressed in numerous studies conducted in the USA and in reports by the US Academy of Sciences.
Moreover, 'the US' has been ignoring the voice of its own software industry, which is, as shown by last year's FTC hearings, characterised by 'continued animosity against software patents' and whose major players, including such companies as Adobe, Oracle and Autodesk, all opposed software patentability at the USPTO hearing of 1994. The same USPTO which is ghostwriting this paper in the name of 'the US' today proceded to legalise program claims shortly after the 1994 hearing, thereby completely ignoring the voice of the US software industry.

One comment on the LWN story notes: 'as the United States is seeking to rewrite European law to their
agenda, what steps can European Citizens take to help turn the USPTO agenda around into something approaching the spirit of the US Constitution and those who wrote it?'

A good question.

Mekong Naga fireballs

Published October 8, 2003

Odd: Naga fireballs: Timing still a mystery for scientists (Bangkok Post):

Methane and phosphine, a mix of phosphorus and hydrogen, were found in waterways near the Mekong. These gaseous substances were believed to cause the fiery balls, researchers said, though they were not sure exactly how or why they occur. Plant and animal remains release methane as they break down which probably combines with chemical fertiliser, containing phosphorus nutrient, used on farms in the area, to cause the fireballs. The soil in the riverbed is rich with the element.
However, the occurrence of crimson balls also required energy and microbes, which researchers cannot explain.
Mr Saksit called inexplicable aspects of the display a miraculous event while Mr Pinit predicted the study would cause him more headaches. He still did not know why the fireballs tended to emerge only on the full moon night of the 11th lunar month every year.

Laos to 'cash in' on Naga fireballs (The Nation):

Authorities from Vientiane Municipality's Pak Ngum district and the Lao National Authority have prepared sites along the banks of the Mekong River and its tributary, the Nam Ngum, for tourists to view the fireballs rising from the currents tomorrow night, an official said yesterday.
Pak Ngum, where the Nam Ngum river meets the Mekong, is located some 50 kilometres south of the Laotian capital and opposite Nong Khai's Phon Pisai district. Although it has no hotels, residents are willing to provide home stays for tourists, said an official at the Pak Ngum district office.

Spam: CNET removes anti-spam software 'made by spammers' (The Reg). oops!

iTrike — the World’s First Solar-Powered Internet Rickshaw

Published October 8, 2003

Green: iTrike: the World's First* Solar-Powered Internet Rickshaw, from wireless.psand.net. Psand.net have done a great job in the past mucking about with wireless at green events in the UK from what I can see -- I think I've even blogged about 'em -- but they've outdone themselves this time. Cool!

PS: mmm, proper cider... yum.

Diebold voting machines, DMCA, Michael Moore

Published October 7, 2003

e-Voting: Wired has an absolutely mind-numbing list of issues with the security of Diebold voting machine procedures, including passwords printed in manuals which the staff can take home, that same password being reused for multiple systems including the on-site machines at polling stations, tamper-resistance measures being omitted, poll supervisors hired without background checks, bicycle locks being used to secure voting machines, one shared key used to 'secure' the memory cards, etc.

'The election process is mainly based on trust,' Ginnold said. 'We trust that poll workers are not going to be tampering with them.'

It's simply insane to replace a known-good voting system (even if it's just First-Past-the-Post instead of Proportional Representation, but that's another issue) with a quick hack like this, IMO.

Please vote anyway, if you're a CA citizen. And not for the fondling meathead, naturally.

DMCA: EFF: Unintended Consequences: Five Years under the DMCA. An incredible list of cases where the DMCA was used unfairly to restrict competition, research, or fair use, some of which I didn't even know about. For example, I didn't realise that the International Information Hiding Workshop Conference will no longer hold conferences on US soil after Professor Ed Felten was threatened over their SDMI paper.

Politics: Michael Moore on how to talk to your conservative brother-in-law. MM may play to the gallery now and again, but sometimes, he's a genius:

Paying workers more money makes you money!
Dear brother-in-law, when you don't pay people enough for them to take care of life's essentials, it ends up costing you and everybody else a lot of money. When you pay your employees more money, what do you think they do with it? Invest it in stocks? Hoard it in offshore accounts? No! They spend it! And what do they spend it on? The stuff you make and sell! If you pay people squat, or lay them off, they can't buy your stuff. They become a drain on the economy; some turn to crime, and when they turn to crime, it's your Mercedes they want, not some junker Oldsmobile in their poor neighbour's driveway.

Science: IgNobel prize winners 2003, including a prize for the nation of Liechtenstein for renting out the entire country for 'corporate conventions, weddings, bar mitzvahs, and other gatherings'.

Idyllwild and Language Trivia

Published October 6, 2003

Life: so myself and C took a one-night-only trip up to Idyllwild this weekend, hiking up to that rock formation and camping overnight. Great fun.

The rock is called 'Suicide Rock'. It's good to see morbid naming is international, but I should note that the prize for best placenames has to go to Victoria, Australia's Mount Buggery, though.

(I drove past Mt. Buggery last year, and, disappointingly, it seems they've renamed it on the official maps. But the other 'I can't believe we're still crossing this bloody mountain range and haven't made it to Melbourne yet' placenames still exist.)

Language: Riverbend blog notes interesting trivia in passing: Winnie the Pooh, in Arabic, is 'Winnie Dabdoob'.

Open Source: GROKLAW on the WSIS fiasco earlier this summer. Briefly, the WSIS -- the World Summit on the Information Society -- came out with a position pro-open-source, and quite a few large companies seemed to say 'eek!' and promptly lobbied as hard as they could to give that line a vasectomy.

Interestingly, they did the same to the spam-related positions, cutting 'a number of proposals, including prosecution of spammers' down to a watery 'take appropriate action on spam at national and international levels'. Snore. Fantastic work, guys.

Weblogs: When did Boing Boing stop taking comments? (looks) seems to be around about this entry of Sep 10. As far as I can see, this is the last comments page.

Shame -- I'm with Jeremy on this one.

Dublin: is this entry, by London's 3W the real winner of the competition to design the new U2 studio in Dublin's Sir John Rogerson's Quay?

when big contracts go bad

Published October 3, 2003

Software: A big-contract software dev horror story from the University of Cambridge. KPMG and Oracle come out of it with a lot of egg on their face. (found on Simon Cozens' blog).

Lee Maguire notes an interesting artifact on the W3C site: 'BenoÃ®t BÃ©zaire'. This is encoded UTF-8 -- which was then turned into HTML entities! Oops...

Booting Linux

Published October 3, 2003

Linux: so it seems one of the GNOME guys wants to rewrite the rc.d boot script system in Python. Eek!

Games: Someone has broken into Valve Software's network and stolen the source code for Half-Life 2 -- shacknews:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

Insanely bad news for Valve. :(

Florida State Government Spammed Me!

Published October 2, 2003

Spam: Well, this is just incredible. I've just been spammed by a .gov domain -- myfloridahousemail.gov.

The irony of my first .gov spam coming from Florida is inescapable.

The message came from an IP address registered to State of Florida/Dept. of Management Services, bldg 4050 esplanade way suite 115d, Tallahassee, FL 32399-0950 US. That address looks genuine. It really does look like it came from the Florida House of Representatives.

And it was sent to a spamtrap which is on a few spammer address lists, but has never been a genuine user address. And, obviously, I don't live in Florida ;)

Read the spam here.

Another bad USPTO software patent

Published October 2, 2003

Patents: MS patents 'phone-home' failure reporting.

There's a catch, in that it's not just plain old 'phone home', as seen in probably a hundred products since 1960 -- they've added a 'match the reported error messages against a db of known issues on the server side' step. So that's vaguely inventive -- well, no, it's totally obvious, but at least nobody I can think of off the top of my head has done that before. (Well, I lie, it sounds a bit like KDE's crash reporting tool which does a similar search before reporting a bug.)

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren't 'examined', they are 'processed'. The examination process is driven by production 'goals'; to be rated in the key rating category of 'Production Goal Achievement' as 'fully successful' you must have at least 95%; less than that you are marginal; less then 90% you are 'unsatisfactory', meaning your entire rating is 'unsatisfactory' meaning a '90 day letter' to get it 'fully successful' else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it's stunningly easy to rip off GPRS customers. Another well-designed system I don't think.

Another bad USPTO software patent

Published October 2, 2003

MS patents 'phone-home' failure reporting.

The notable comment, though, is
this:

There is a significant institutional culture issue that has a strong influence on how the Office functions that took root several decades ago and has, regretfully, increased, monotonically, over time. The management attitude, in a nutshell, is that patents aren't 'examined', they are 'processed'. The examination process is driven by production 'goals'; to be rated in the key rating category of 'Production Goal Achievement' as 'fully successful' you must have at least 95%; less than that you are marginal; less then 90% you are 'unsatisfactory', meaning your entire rating is 'unsatisfactory' meaning a '90 day letter' to get it 'fully successful' else you are fired. Also there are other time related requirements to meet, such as no amended application pending more than two months without an action. Persons get fired (yes, this does happen) almost always for low production or exceeding time limits for actions, almost never for improperly allowing claims.

Great.

Tech: It seems it's stunningly easy to rip off GPRS customers. Another well-designed system I don't think.

Shark Sandwich

Published October 2, 2003

Comedy: some Spinal Tap snippets:

a review of a live performance, noting the demise of the band's own Web-based music downloading service, Tapster -- David St. Hubbins is quoted saying 'they shut down Tapster out of force of habit.'
Derek Smalls notes regarding Tapster, 'It has to start with saying, 'look we're worried about being ripped off', so we started TAPSTER ourselves...so we're ripping ourselves off. If a problem comes up, we'll sue ourselves and we'll pocket the difference.' (guess this was before the aforementioned shutdown.)
The A-Z of Spinal Tap: 'For U2's Popmart tour, the show's designer Willie Williams and the band decided the group should emerge from a giant lemon.' ... 'The Edge comes down from the stairs, and to start his guitar he has to kick a switch on his foot-pedal. Well, he ended up on his hands and knees, feeling around for the pedal. Later he said to me, 'There I was at the debut, the premiere opening night, and this voice came into my head: I'm Derek Smalls.''
So, as mentioned in the movie, Nigel and David grew up in Squatney, East London. But did you know that Derek Smalls grew up in Nilford -- 'a 'very small, very wretched, very dire little place' on the River Null, near Wolverhampton. Also known as Nilford-on-Null.'

Daytime Fireballs

Published October 1, 2003

Astronomy: APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.

I saw a similar daytime fireball streak through the sky when I was in Fraser Island in Australia last year; a little bit smaller than this one, mind you ;) Unfortunately, I didn't get a picture in time. Very cool though!

Daytime Fireballs

Published October 1, 2003

APOD: A Daytime Fireball Over South Wales. Great picture
of a fireball disintegrating in the daytime sky.

Spammers Now Relaying via SMTP AUTH

Published October 1, 2003

Spam: A nasty new development -- spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)

This ROKSO file indicates one spammer's modus operandi:

These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs - such as with 'admin/admin' - following a certain pattern and hoping to find a combination that lets him in.
An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.
MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.

Incredible. There's no way at the SMTP/IP level to tell that this relay was compromised; blacklisting will definitely cause collateral damage in response; so content analysis is pretty much necessary, as far as I can see.

And in another worrying development: it turns out that the latest Outlook worm, W32.Swen, doesn't bother trying to randomly generate usernames etc. or send via SMTP directly. Instead, it asks the user for their username, password and SMTP server!

Spammers Now Relaying via SMTP AUTH

Published October 1, 2003

A nasty new development -- spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)

This ROKSO file indicates one spammer's modus operandi:

These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs - such as with 'admin/admin' - following a certain pattern and hoping to find a combination that lets him in.

An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.

MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.

Sterling on bad tech

Published September 30, 2003

Bruce Sterling: 10 Technologies That Deserve to Die. I can't disagree with any of these, really -- except for manned spaceflight -- I'm not giving up on that one dammit! ;)

Very informative details of what happened with the NY power failure, from an insider at one of the nuke plants supplying power.

Hooray -- my new Gamecube's arrived!

Quicksilver

Published September 30, 2003

Neal Stephenson's new book upends geek chic -- Paul Boutin, Slate. Three thousand pages?! Yeesh.

find-hidden-word-text – read hidden text in Word docs

Published September 29, 2003

find-hidden-word-text - a command-line UNIX tool to ease the task of discovering hidden text in MS Word documents.

More specifically, it is an implementation of Method 2 from Simon Byers' paper, Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents.

In other words, it'll display just the hidden text (if any exists) in Word docs. Go forth and discover accidental leaks!

Art-Market, ArtPrice, Servergroup, Groupe Serveur etc. spamhaus

Published September 29, 2003

So a few months ago, I setup a cookie-producing mailto honeypot page at foojlist.php.

Well, I just got the first bite -- and it's a live one. It's our old friends at artprice.com. They're a French spamhaus, operating from Saint-Romain-au-Mont-d'Or, France, and reports claim that it's all the work of one guy -- Thierry Ehrmann.

There's lots of reports in USENET, and here's their SBL listing, noting 'extremely intense french spam source.'

This posting to NANAE notes that Colt France are not responding to complaints about them, either -- but notes that 'in France collecting e-mail addresses with the intention to send commercial mails without permission of the holders can be punished by law (article 226-18 of the Code Pe'nal - up to 5 years of prison or 300.000 euro)'. Interesting!

Full details of the spam, and the access_log entries from their web-scraper's accesses, are attached.

Here's the spam:

Received: from mail1.artmarket.com (mail1.artmarket.com [194.242.43.183])
by dogma.slashnull.org (8.11.6/8.11.6) wixh ESMTP id h8SLJZV12710
for < ( email addr deleted ) @fooj.jmason.org>; Sun, 28 Sep 2003 22:19:35 +0100
Date: Sun, 28 Sep 2003 22:19:35 +0100
Message-Id: (spam-protected)
From: A  R  T (spam-protected)
To: < ( email addr deleted ) @fooj.jmason.org>
Subject: [adv] 1700 - 2003  Story of the Art Market
MIME-Version: 1.0
Content-Type: text/html;    charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<HTML><HEAD>
<TITLE>Artists search engine by Artprice TM - copyright Artprice.com</TITLE>
<META http-equiv=''Content-Type'' content=''text/html; charset=iso-8859-1''>
<META name=''UNSUB'' content=''<!--26398522_1-->''>
<META name=''ROBOTS'' content=''NOINDEX''>
</HEAD>
<BODY bgcolor=''#FFFFFF'' text=''#000000''>
<TABLE cellspacing=''0'' cellpadding=''0'' align=''center'' border=''0''>
<TR> 
<TD><IMG src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><A" href="''http://www.artistbiography.com/''><IMG" src="'http://web.artprice.com/img/bio.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><A" href="''http://web.artprice.com''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><A" href="''http://web.artprice.com''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>A</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/HelpBlack.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/AMI/AMInsight.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/nb.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>T</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/E.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>P</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/A.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>I</B></TD>
<TD><IMG src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/3818.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>C</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/L.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>E</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B>C</B></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>O</B></TD>
<TD align=''center'' bgcolor=''#FF0000''><B>M</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/today.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><A" href="''http://www.artprice.net''><IMG" src="'http://web.artprice.com/img/map.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/L.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD" align=''center''><A href="''http://www.art-online.com''> </A></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><A" href="''http://www.americanartists.com/''><IMG" src="'http://web.artprice.com/img/bio.gif'" border=''0''></A></TD>
<TD align=''center'' bgcolor=''#000000''><B><FONT color=''#FF0000''>A</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/arch02.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B><FONT color=''#FF0000''>R</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD" align=''center''><B><FONT color=''#FF0000''>T</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD><A" href="''http://web.artprice.com/corporate/EN/Visite/pages/3834.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/H.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/search.gif''></TD>
</TR>
<TR>" 
<TD><IMG src="''http://web.artprice.com/img/bio.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center'' bgcolor=''#FF0000''><B><FONT color=''#000000''>M</FONT></B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/C.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/fs.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>A</B></TD>
<TD><IMG src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>R</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/F.gif''></TD>
<TD" align=''center''><B>K</B></TD>
<TD><IMG src="''http://web.artprice.com/img/ps.gif''></TD>
<TD><A" href="''http://www.artprice.de''><IMG" src="'http://web.artprice.com/img/Home.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Shop.gif''></TD>
<TD" align=''center''><B>E</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/B.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ps.gif''></TD>
<TD" align=''center''><B>T</B></TD>
<TD><A href="''http://web.artprice.com/corporate/EN/Visite/pages/jb02.htm''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
</TR>
<TR> 
<TD><IMG src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/G.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/contact.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/map.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B>C</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/sig.gif''></TD>
<TD><A" href="''http://www.13thcenturyart.com/''><IMG" src="'http://web.artprice.com/img/HelpBlack.gif'" border=''0''></A></TD>
<TD><IMG src="''http://web.artprice.com/img/Home.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/E.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/affil.gif''></TD>
<TD" align=''center''><B>O</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Account.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/D.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/Mediums/J.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/ind.gif''></TD>
<TD" align=''center''><B>M</B></TD>
<TD><IMG src="''http://web.artprice.com/img/Mediums/I.gif''></TD>
<TD><IMG" src="''http://web.artprice.com/img/bio.gif''></TD>
</TR>
</TABLE>
<BR><BR><BR>
<TABLE" border=''0'' bgcolor=''#FFFFFF'' align=''center''><TR>
<FORM method=get action=''http://web.artprice.com/en/artistsearch.aspx''><TD>
<A href="''http://web.artprice.com''>
<IMG" src="'http://web.artprice.com/Img/B/artprice_140.gif'" align=''absmiddle'' border=''0'' alt=''artprice''></A> 
<INPUT type=text name=searcharti size=39>
<INPUT type=submit value=''OK'' style=''CURSOR: hand''>
<INPUT type=hidden name=l value=en>
</TD>
</FORM>
</TR></TABLE>
<CENTER>
<FONT size=''1'' face=''Arial''>
THE WORLD LEADER IN ART MARKET INFORMATION - WELT-LEADER IN KUNSTMARKT-INFOS
<BR>LEADER MONDIAL DE L'INFORMATION SUR LE MARCHE 
DE L'ART</FONT>
</CENTER>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<BR><BR><BR>
<TABLE cellspacing=''3'' background=''http://web.artprice.com/Img/B/pixBl.gif''>
<TR> 
<TD> <FONT face=''Arial'' size=''1''>
<b>To remove</b> your email: (spam-protected)
please click below:<br><a 
href="'http://list.artaddiction.com/?m=(email_address_hidden)%40fooj.jmason.org'>
(spam-protected)
</a><br>
In" case the above link does not work you can go to<br>
http://list.artaddiction.com/<br>
or reply to this message as it is.<br>
Please allow us 72 H for your e-mail to be removed.<br>Thank you for your co-operation. </FONT></TD>
<TD><FONT face=''Arial'' size=''1''>
<b>Pour désinscrire</b> votre email : (spam-protected)
cliquez ci-dessous :<br><a 
(spam-protected)
Si le lien ci-dessus ne fonctionne pas, vous pouvez aller sur :<br>
http://list.artaddiction.com/
<br>ou répondez svp à ce message sans en modifier le contenu.<br>
Votre désinscription sera effective dans les 72 H.<br>Merci de votre coopération. </FONT></TD>
</TR><TR><TD colspan=''2''><FONT size=''1'' face=''Arial''>En conformité avec la loi 
78-17 du 6/1/78 (CNIL), vous pouvez demander à ne plus figurer sur notre 
fichier de routage.<BR>
<IMG src="'http://web.artprice.com/img/LogoArtp_90.jpg'" border=''0'' align=''absmiddle''>IX 
:28<BR>
</FONT><FONT face=''Arial, Helvetica, sans-serif'' size=''1''>Artprice.com - Domaine 
de la Source BP 69 - F-69270 St Romain au Mont D'or - RCS : 411 309 198</FONT></TD>
</TR></TABLE></BODY></HTML>

And, after decoding the address it was sent to, here's the access_log entries the address was scraped with:

194.242.43.13 - - [26/Sep/2003:21:09:34 +0100] ''GET /foojlist.php HTTP/1.0'' 200 4066 ''-'' ''Art-Online.com 0.9(Beta)''

That's one line from their scraping run, during which they scraped every single page on spamassassin.taint.org, including tar and zip archives, CGI scripts, everything -- making 534 requests between 21:07:31 and 21:16:49.

The Google File System

Published September 28, 2003

Boing Boing links to a paper on the design of the Google Filesystem, Google's in-house redundant-array-of-inexpensive-PCs cluster filesystem.

It's very, very nice -- and full of interesting tidbits about Google's architecture.

'the system must efficiently implement well-defined semantics for
- multiple clients that concurrently append to the same file. Our files are often used as producer- consumer queues or for many-way merging. Hundreds of producers, running one per machine, will concurrently append to a file. Atomicity with minimal synchronization overhead is essential. The file may be read later, or a consumer may be reading through the file simultaneously.'
'The workloads also have many large, sequential writes that append data to files. Typical operation sizes are similar to those for reads. Once written, files are seldom modified again. Small writes at arbitrary positions in a file are supported but do not have to be effcient.'

A perfect example of traditional UNIX system design!

You Might Be An Anti-Spam Kook If…

Published September 27, 2003

You Might Be An Anti-Spam Kook If... -- very funny list from Vernon Schryver, concerning the many Final Ultimate Solutions to the Spam Problem (FUSSP) (link via Raph).

Raph says he, too, has a FUSSP, but says 'I realize that using a trust metric to defeat spam, while probably effective, won't be easy.' Nevertheless, I'd be interested in hearing it, for one. Go on Raph, write it up! ;)

Funny: Whisky boss 'amazed' by spy interest: 'The boss of a tiny Scottish distillery says he is amazed to learn that US spies have been monitoring his whisky plant for weapons of mass destruction.'

Ishkur’s Guide

Published September 27, 2003

Ishkur's Guide to Electronic Music v2.0, via MeFi.

Not bad at all! It actually has 2 Congo Natty tracks listed -- even if it gets the name wrong for one of them ;) I'll nitpick, though; the categories around drum and bass, ragga jungle, jungle, and breakbeat are a bit randomly-connected together; they didn't really tie together that way at all IMO. And he randomly decided that hardcore should be renamed 'breakcore', created a new category for all that gabba shite, then called it hardcore. But hey... if you're going to try to make some kind of sense out of it, you have to break some eggs, and never mind -- there's lots of nice samples!

BTW I can't believe he lists Rob Hubbard's theme music to Zoids in the Techno/VGM category. Has someone really released that?

And in passing, I should note, the description for 'Not Trance' under 'Trance' is spot on. As are many of the other recent trance/house-related categories. And, alright, some of the recent d'n'b categories too...

Happy 20th birthday, GNU!

Published September 26, 2003

20 years ago tomorrow, on 27th September 1983, the GNU project was announced:

Free Unix!

Starting this Thanksgiving I am going to write a complete Unix-compatible software system called GNU (for Gnu's Not Unix), and give it away free to everyone who can use it. Contributions of time, money, programs and equipment are greatly needed. ......

So that I can continue to use computers without violating my principles, I have decided to put together a sufficient body of free software so that I will be able to get along without any software that is not free.

Thanks to Ciaran O'Riordan for pointing this out!

I Say Risbubh

Published September 25, 2003

I keep getting this one, with a question about whether spammers can use it to get past filters:

Aoccdrnig to rceent rsceearch at an Birtsih uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.

Firstly, it's a crock. That text is incomprehensible! Plus, it's not entirely truthful in its message -- try this variant, which really does make the 'rset' a 'toatl mses':

Aidnroccg to rceent rrceesah at a Biitsrh usvitrneiy ...

Or maybe it's just me who has to spend about 10 times as long trying to comprehend it. (Or maybe my font's too small. whatever...)

Secondly, every 'trick' that results in spammers embedding large up-front blocks of readable text in their mails, scrambling letters around like that, using l33t-sp3ak, i n s e rt i n gs p ac e s, 92384 adding lsdjfgk random foo words to viagra confuse filters, etc. etc. will do nothing but hurt them.

Bear in mind they make money from spam by making sales -- if they have to increasingly obfuscate their message to get through, their would-be 'customers' will not be able to read the messages, their sales will go down, and spamming will become unprofitable.

Remember: if the costs of spamming goes up (through effective filters, increasing complexity to evade detection, and legislation to prosecute them), and the returns go down, the spamming becomes unprofitable and more spammers will give up.

Good news on software patents

Published September 25, 2003

Great news from the European Parliament -- the good amendments have been passed and it looks a lot better. James Heald of FFII is quoted as saying 'the directive text as amended by the European Parliament clearly excludes software patents. It hangs together incredibly cohesively.'

Congratulations to our MEPs who grasped the highly technical nuances of the issue, and voted the right way, and to the groups who advised them so well. No congrats to me who went on holidays just before this vote. ;)

Now, all that remains is to ensure that the Council of Ministers also do the right thing; unfortunately FFII note that 'in the past, the Council of Ministers has left patent policy decisions to its patent policy working party, which consists of patent law experts who are also sitting on the administrative council of the European Patent Office (EPO). This group has been one of the most determined promoters of unlimited patentability, including program claims, in Europe.' Not encouraging.

Meta: still catching up and getting through the jetlag...

Back

Published September 23, 2003

Back from a great week-and-a-half in Ireland. Lots of fun (and Guinness) was had, Luke and Lean were successfully married, Ireland is officially the most beautiful country in the world, weather was amazing, got to meet up with virtually everyone, and I'm now back at the computer catching up.

Of course, some git has joe-jobbed both myself and a mailing list I'm on, so there's thousands of bounce messages as a result and the server is slow as a wet week. Argh. But at least the SoBig onslaught has died down a bit.

Interestingly, I reported some spam to SpamCop a week or two before the joe-job. I wonder if the two really are connected -- ie. report spam, and the spammers will decode the listwashing tokens from their mails, figure out your email address, and add you to their 'enemies list'?

This is the first time I've reported spam to SpamCop in a long time, and the first joe-job I've been victim of. It seems like more than a coincidence, IMO.

On hols

Published September 11, 2003

I'm in Ireland for my friends' wedding for the next week and a half, so blogging will be infrequent. ;)

Ireland or Iraq?

Published September 9, 2003

In this article by Salam Pax, about how he got into weblogging, he says:

While the world was moving on to high-speed internet, we were being told it was overrated.

Heh, sounds like an Eircom quote ;)

Leni Riefenstahl, suing 12-year-olds and FFB

Published September 9, 2003

Leni Riefenstahl dead at 101 (CNN). Riefenstahl's Triumph of the Will, the 1934 Nazi propaganda film, is rightly famous -- it's technically excellent -- but became a millstone around her neck for the rest of her life. To my mind, this lesson illustrates that an artist (or scientist) can never divorce the work one does from that work's implications to society.

Music: 12-year-old sued for downloading music. ' 'I got really scared. My stomach is all turning,' Brianna said last night at the city Housing Authority apartment where she lives with her mom and her 9-year-old brother.' Way to go, RIAA.

Spam: Paul Graham: a spam filter that fights back. Basically auto-spidering URLs found in spam messages as a form of anti-spam DDoS.

Microtution spam warning

Published September 9, 2003

Just received a mail from a bunch called 'microtution', looking to write a collaborative political weblog. More details here.

But hold on there -- this was an out-and-out spam, sent via an open proxy, using a spam tool, with faked headers, to a spamtrap address they scraped from one of my sites. Anyone considering helping out on this collaborative weblog might like to consider who they're helping.

The mail was sent from 213.176.81.230, direct to my MX, from 'Fredericka' <promiseman@promiseman.com>, Subject 'need help with political blog'.

Penguinitis

Published September 9, 2003

Good interview with Samba's Tridge. He explains where the penguin mascot came from -- I never knew the linux penguin was in fact a fairy penguin! All those trips bringing visitors to Phillip Island while I was in Melbourne were not wasted then. ;)

Some time later Linus was looking for a mascot for Linux, and apparently the incident at the National Aquarium helped influence him towards choosing a penguin. If you go there now you will see a little plaque commemorating the fateful day when Linus caught 'penguinitis' from one of the fairy penguins in the enclosure (the 6ft one, of course).

ha ha ha ha

Published September 8, 2003

ThisIsLondon: 'David Blaine thought he was ready for anything. The US illusionist suspended in a glass box over London had prepared himself for 44 days of starvation, loneliness and boredom.

But there was one thing he had not planned for - Londoners.

... the prize for invention went to golfers who teed up with clubs on Tower Bridge and tried hitting the box with golf balls.'

Back again

Published September 8, 2003

So I'm back -- I was up in Sunnyvale last week, on a work trip. Met up with Dan Kohn for the first time, which was great, and also had an impromptu SpamAssassin summit with Craig and Dan Quinlan -- and got to meet the newest arrival in the Hughes family, the very cute Evan Alice.

I was hoping to meet up with a few more people, but didn't quite organise it in the limited time there. Maybe next visit!

ObLAvBayAreaComment: Amazing how much better the drivers are up there, too. ;)

Still averaging about 68 SoBig.F virus mails, at about 100Kb each, for a total of about 7Mb per hour. That means my 'reject' mailbox is at 412 megs since Friday afternoon. Beats Charlie Strosser's figures ;)

It's all getting quietly bitbucketed, but the side-effects are still nasty. Take a look at this, for example; someone at adjv503ry3ec.ab.hsia.telus.net (142.59.69.220) has been spewing SoBig.F's at the FoRK list, using my address, non-stop for weeks. Argh.

Patents: Richard Allen MP tackles the thorny software patents issue. It's great being able to follow his thinking on these lines -- more politicians should consider starting a weblog along these lines. True transparency.

Much better than Arlene McCarthy's railing against 'The Misinformation Campaign ... by the Free Software Alliance', whoever they are... I particularly like this statement from her PR:

If we were to follow the demands of these lobbyists then we would be handing over inventions to US multinationals and getting no return on our R&D investments in the field of computer implemented inventions. This will sound the death knell for our brightest and best European inventors, whilst the US and Japan will demand licence fees from European companies for the use of their patents. Without patent protection there will be no financial incentive for our most creative industries to develop genuine inventions.

... but -- given that (a) software patents cannot currently be enforced in Europe, and (b) that 77% of the (currently-unenforceable) EPO software patents are registered already to non-EU companies, the only way for the US and Japan to 'demand licence fees from European companies for the use of their patents' would be if McCarthy's proposed directive was passed, allowing those patents to be enforced in the EU. Oops -- own goal!

VR: so I don't lose this, Jaron Lanier's 11 reasons why Virtual Reality has not yet become commonplace.

History: Came across the original SpamAssassin pre-release 'try it out' mail:

after quite of while of thinking about it, I've finally rewritten the spam filter I've been using for a while, and released it as free software.

It's called SpamAssassin, and it's a mail filter to identify spam using text analysis. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify spam, which it then tags for later filtering using the user's own mail user-agent application.

Urban Design and Vogon Poetry

Published August 30, 2003

via Boing Boing, Stating the bleeding obvious: if you drive instead of walk, you get fat. Well, duh!

But the alternative is, if you walk or cycle instead of drive, you'll get killed. 'American pedestrians are roughly three times more likely to be killed by a passing car than are German pedestrians - and more than six times more likely than Dutch pedestrians. For bicyclists, Americans are twice as likely to be killed as Germans and more than three times as likely as Dutch cyclists.'

However, Irvine has some of the best cycling infrastructure (and weather) I've ever seen -- except nobody uses it, apart from the weekender recreational cyclists.

Can't figure out why -- I guess it's just a cultural thing; everyone drives, and people cycling or walking near some cars seems to give the drivers heart attacks. (Seriously. The other night, a driver honked and slowed to a crawl after spotting myself and Catherine walking along -- on the sidewalk, 10 feet from the roadway. And not making any sudden movements, either.)

As Kasia said, s/Connecticut//:

You can do all sorts of weird things in Connecticut suburbs, from walking your cat on a leash to painting tiger stripes on your car -- but strap a camera to your back and take out the two wheeler for a spin and you're the weirdest thing since the Keebler elves.

The EU Software Patent protest makes Indymedia. interesting intersection!

But I think they could have looked into the translation issues a bit more; 'software patents kill efficient software development' isn't exactly urgent enough ;) Also -- is the idea of the software patents song and mime a sort of 'stop patents through Vogon poetry' thing?

Baghdad Burning scraped RSS, via Sitescooper RSS feeds.

Decent C String APIs

Published August 30, 2003

meanwhile, back in C-land...

strlcpy() - a replacement for strcpy() and strncpy(), with some very nice performance figures.

I usually use snprintf() to do this, but even that has differint semantics between platforms which needs workarounds. Plus the perf numbers regarding strlcpy() are nice. Plus it's BSD-licensed. (Found via Linux Weekly News.)

In passing, it's worth noting that strncpy() imposes a pretty hefty performance hit (4x - 10x in tests there), due to a wierd specified behaviour; it NULs out unused parts of the buffer! ouch.

See also MS' strsafe APIs. However, the code for that is available only on Windows, which makes it pretty much useless for most C code I'd be writing, and they note 'performance hits'.

Vendor liability in US spam law proposal

Published August 30, 2003

Good presentation by Anne Mitchell, ex-Habeas CEO, now of ISIPP -- 'False Positives: the Baby in the Bathwater' and 'Putting the Responsibility for Spam where it Belongs: The Case for Vendor Liability' (PDF, 317KiB). Note this bit:

In June of 2003, ISIPP's Anne Mitchell worked closely with Senator John McCain's office to help develop and draft legislation which would hold vendors liable for advertising in spam.
This legislative draft was introduced as an amendment to the Burns-Wyden CAN-SPAM Act, and adopted by committee as part of the bill. Vendor liability is now part of the Burns-Wyden bill.
The proposed legislation makes liable any vendor who advertises in spam which violates the general provisions of the law.
Exceptions are made if the vendor truly did not know, and could not have been reasonably expected to know, that their information would go out in spam.

That could be interesting.

Time Traveller Spammer caught

Published August 29, 2003

Wired: Turn Back the Spam of Time. An article about the time-travel spammer, now fingered as Robert 'Robby' Todino:

The anonymous e-mail offered $5,000 to any vendor capable of promptly delivering a collection of far-fetched gadgets for conducting time travel. Among the mysterious devices sought by the message's author were an 'Acme 5X24 series time transducing capacitor with built-in temporal displacement' and an 'AMD Dimensional Warp Generator module containing the GRC79 induction motor.'

He's genuinely interested, it seems -- but has a few psychological difficulties. (Thanks to Gary Stock for spotting it.)

Brehon Law, Pepys’ rival, and some really bad food

Published August 29, 2003

2 history lessons today: Dervala writes about the Brehon Laws of ancient Ireland. Dervala's weblog has become a great source of smart reading material, and is firmly on my daily list.

History: The Electronic Telegraph: Code-breaker reveals a diarist to rival Pepys (via forteana). Not quite as saucy as old Sam, though; he was a Puritan. Shame.

Food: The World's Worst Food, courtesy of Joe McNally via NTK. A bit short of the traditional brain/tongue/tripe dishes however. (Relevant: low grade meat products, urgh.)

SCOvEveryone: Economist interview with Darl McBride of SCO. Interestingly, it notes 'in 1998, Mr McBride himself won what he calls a 'seven-figure settlement' by suing his employer at the time, IKON Office Solutions (who, he says, had breached contract by urging him to move to an office outside Utah).' Nice! However, the SCO management page doesn't mention that, for some reason... (Link)

Date: Fri, 29 Aug 2003 09:45:13 +0100
From: "Martin Adamson" (spam-protected)
To: (spam-protected)
Subject: Code-breaker reveals a diarist to rival Pepys

The Electronic Telegraph: Code-breaker reveals a diarist to rival Pepys

(Filed: 29/08/2003)

A Puritan's journal written in cryptic shorthand to foil the King's men paints a vivid picture of 1600s London, reports Will Bennett

A remarkable million-word account of life in late 17th century England which is as vivid as Samuel Pepys's diary has been transcribed by experts after lying largely forgotten for more than three centuries.

A specialist code-breaker was brought in to crack the shorthand that Roger Morrice, a Puritan minister turned political journalist, used in part of the diary to stop the King's agents reading it.

While Pepys's often hedonistic diary was long regarded as the most detailed record of life in Restoration England, Morrice's more strait-laced Entring Book gathered dust in a little-known British library.

The Entring Book was acquired by Dr Williams's Library in London, which specialises in the history of English Nonconformist churches, in the early 18th century and it remained there until a few years ago.

Then a team of academics based at Cambridge University launched a project to transcribe the diary, which covers the years 1677 to 1691 and presents an entirely different view of late 17th century England from that of Pepys.

Now the transcription has been completed and six volumes of Morrice's well-informed account of a turbulent period during which England was ruled by three different monarchs will be published in 2005.

About 40,000 words of the diary were in code and the team, led by the Cambridge academic Dr Mark Goldie, brought in an expert in 17th century shorthand to reveal for the first time what Morrice had written.

"At that time you could be arrested for sending newsletters and information around the country and so he did not want Charles II's and James II's agents to see what he had written," said Dr Goldie.

The shorthand expert, Dr Frances Henderson, from Oxford, not only cracked the code but discovered the names of some of Morrice's contacts, whose names he had written in cipher to protect their identities.

Then, as now, journalists had government sources, and Dr Henderson found that Morrice got much of his information from a man called Collins, an official at the Privy Council who was prepared to leak information to him.

As a convinced Puritan, Morrice was extremely critical of what he saw as the moral laxity of Restoration England. He described Tunbridge Wells, then a fashionable spa patronised by royalty, as "the most debauched town in the kingdom".

With evident approval, he reported the reaction of Ben Haddi Mor, the Moroccan ambassador to London, when some Englishmen urged the diplomat to "receive a whore into his bed".

"He said to our great rebuke and shame, 'My religion forbids whores, does not yours?'," wrote Morrice. "He said 'that when I come home I shall then be counted a liar in my own country for my master will not believe me that so many ladies came open-faced with bare breasts to see me'."

In the winter of 1683-84 the Thames froze so hard that coaches travelled across the ice, an ox was roasted and bullbaiting and other sports were held on the river's surface.

"The concourse and all manner of debauchery upon the Thames continued upon Lord's day and Monday the 3rd and 4th of this instant," wrote Morrice disapprovingly.

Morrice used one of his sources to get information about the birth of James Stuart, the Catholic heir to James II and later the Old Pretender.

"The child was a large full child in the head and the upper parts but not suitably proportioned in the lower parts," wrote Morris scathingly, appalled by the prospect of another Catholic monarch.

However, just a few months later Prince William of Orange's troops marched into London and installed the Protestant Dutchman as William III.

Morrice wrote that women "shook his soldiers by the hand as they came by and cried, 'Welcome, welcome, God bless you, you came to redeem our religion, laws, liberties and lives' ".

Voight-Kampff and Plugins

Published August 29, 2003

an SF free-sheet has applied the one test that really matters to the current SF mayoral candidates:

Is a particular candidate human or an insidious replicant, possessed of physical strength and computational abilities far exceeding our own, but lacking empathy and possibly even bent on our destruction as a species?

It's the Voight-Kampff Test. No, not the band, this one. The results are hilarious:

TW: You're in a desert walking along in the sand when all of the sudden you look down, and you see a tortoise, Tom, it's crawling toward you. You reach down, you flip the tortoise over on its back, Tom. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't, not without your help. But you're not helping. Why is that, Tom?

Tom Ammiano: That's interesting. I don't know. I'm a republican?

(thanks Ben!)

Patents: The W3C has set up a new list to evaluate ways to work around the Eolas patent on plugins, which, after all, are part of the HTML specification.

Good. I never liked plugins anyway, always playing loud music, halting the browser while they start up, or crashing the lot with their buggy spyware code. Good riddance! Now we can get back to the sensible 'helper application in a separate window' paradigm ;)

Download Caps: Pay To Receive Viruses

Published August 28, 2003

Many non-US-based broadband systems impose a download cap -- a limit on how much data a customer can download in one month. In some of the Irish ISPs' cases, it's 3Gb of data per month, with hefty per-Mb charges after that.

Well, here's something. I filter my mail for viruses and spam on my server, and divert the viruses off to a side folder. I just checked, and that folder contains 1 gigabyte of virus data, received since SoBig.F started up last week.

Given that most users don't have a colocated server to divert their viruses on, and therefore would have had to download that 1 gigabyte of virus mail before their virus scanner got to take a look -- that's a hefty third of the download cap gone, due to a virus.

I wonder if Eircom, Telstra down under, and the other capping ISPs, will be giving their customers refunds as a result?

(BTW, by contrast, I only received 10 megs of spam.)

McCarthy report withdrawn

Published August 28, 2003

Apparently, the McCarthy report -- which would have legalised software patents in Europe -- has been withdrawn from debate for this EuroParl session.

'It's been sent back to the committee stage to be fixed because there was too much contraversy or too many amendments requested. It will go to plenary again after JURI do some more work on it. Possibly september 22nd, probably early October.'

And you thought it couldn’t get crazier

Published August 27, 2003

This is absolute insanity. Let's say you're buying a car, and you're checking out what will work out best, between an SUV and a fuel-efficient hybrid, money-wise. Let's check the options:

SUV: $86,000 in tax breaks
hybrid: $2,000 tax break

Unbelievable.

But don't worry -- there'll be plenty of gas to run the SUVs, since the US is checking the possibility of pumping oil from Iraq to Israel. (That's assuming the entire Arab world doesn't turn into a seething pit of 'told you so' hatred as a result, but hey....)

As Yoz says, 'How To Blow Up The Middle East In One Easy Step':

yozlet: They saved the game before they did this, right? Right?

Bilskirnir: Two US senators responsible for MPAA regulation may be up for lucrative $US1.15 million jobs as lobbyists with the same organisation:

'It's obscene for Tauzin and Breaux to be in the running for the MPAA, the fattest media lobbying job in Washington, while advocating in Congress on behalf of companies that control the MPAA,' said Robert McChesney, Professor of Communications at the University of Illinois at Urbana-Champaign. 'It tends to confirm what the vast majority of Americans have suspected - relaxed media ownership rules are an X-rated exercise in power and influence.'

As Nathan points out, an analogue of non-compete agreements, for would-be politicians-turned-lobbyists, would be a good way to deal with this one.

Tech: in more calming news: Dell Patents 'Reboot and See If That Fixes It' Technical Support Process (BBSpot via Craig).

Red Bull

Published August 27, 2003

Red Bull was made in Thailand -- I never realise it went from Thailand to Europe instead of vice-versa. (link via the great 2bangkok.)

Also, via Ben -- an amazing account of what recovering your vision feels like after 43 years of blindness...

Wow

Published August 25, 2003

BBC to create the BBC Creative Archive. This is insanely cool. Danny O'Brien has written a fantastic overview, so read that for more details. But check out this quote:

I believe that we are about to move into a second phase of the digital revolution, a phase which will be more about public than private value; about free, not pay services; about inclusivity, not exclusion.

In particular, it will be about how public money can be combined with new digital technologies to transform everyone's lives.

That's BBC Director General Greg Dyke totally 'getting it'. So cool.

Italy now opt-in-only, SoBig.F phones home

Published August 22, 2003

Heads up for all the businesses out there sending mail to European customers -- the EU E-Privacy Directive is now coming into force. Italy is the latest country to implement it; so businesses mailing Italian customers or prospects may wish to make sure that they abide by these rules:

Companies may send direct marketing email only to customers and subscribers who have given their prior consent to receiving such, either by subscribing explicitly or by providing their details during a prior transaction, such as a purchase.
Forged headers and other means of disguising or concealing the sender's identity is illegal.
All messages must bear opt-out details as well.
Apparently, in the Italian rendition, senders may also 'collect' addresses but must immediately give the user a clear opportunity to opt-out at that point -- but as far as I know this isn't in the core EU directive.

Similar laws will be coming in all over Europe, so USian senders should really pay attention: opt-in -- it's not just a good idea, it's the law (in Europe at least ;).

Malware: It sounds like SoBig.F is about to call home for new code (scroll down to 'Downloading Functionality'). This is not good. :( Block port 8998/udp.

SoBig.F, the assorted bounce messages from forged SoBig.F mails, the assorted replies from autoresponders and list admin software from forged SoBig.F mails, and (of all things) user complaints about the forged mails (argh! surely they know they're forgeries by now!) are really driving me up the wall. As I check my mail, there's at least 400 of these messages this morning alone.

IP: Lessig lays into USPTO director: 'If Lois Boland said this, then she should be asked to resign.' ... 'That someone who doesn't understand them is at a high level of this government just shows how extreme IP policy in America has become.'

Slammer crashed nuke power plant safety systems for 5 hours

Published August 21, 2003

Slammer worm crashed nuclear power plant safety systems for 5 hours (SecurityFocus).

Humour: BBspot: SpamAssassin Unveils New HomeAssassin Product for Unwelcome Visitors.

Aside: I wonder if the team behind NPR's Day to Day program realise how close that name is to the classic Chris Morris/Armando Ianucci UK fake news programme, The Day Today. Hopefully there'll be less sports reports from Alan Partridge on the NPR version...

More SCO: the Vegas show in full

Published August 21, 2003

a must-read: Bruce Perens posts and then demolishes the Las Vegas slideshow comprehensively, demonstrating that one of the code snippets SCO showed did in fact date from 1973, not 1979; and the other snippet was a clean-room reimplementation based on the published specification for the Berkeley Packet Filter, and the SCO code most likely came from the BSD-licensed implementation.

That raises two points: 1. the SCO 'pattern-recognition team' need to go back to Google school; 2. why didn't the SCO implementation of the BPF code maintain the legal copyright attribution text it was supposed to include, so they would have noticed this when out 'recognising' 'patterns'?

I'm looking forward to this getting to court eventually...

Open source not welcome – USPTO

Published August 21, 2003

USPTO seeks to block WIPO open source meeting.

(WIPO) is not the place for discussions about 'open source' software (...) a senior U.S. official argued on Monday. Reviewing the original mission of the World Intellectual Property Organization (WIPO), said Lois Boland, the U.S. Patent and Trademark Office (PTO) acting director of international relations, it is 'clearly limited to the protection of intellectual property. To have a meeting whose primary objective is to waive or remove those protections seems to go against the mission.'

Boland was referring to a July request by a group of scientists, academics, open-source advocates and others for a meeting at WIPO on 'open and collaborative projects,' including open-source software. The WIPO secretariat initially replied favorably to the idea.

Well, that's a shame. Let's hope WIPO reconsider, because it really would be an interesting idea to have everyone involved talking about this stuff.

Holidays

Published August 20, 2003

Did you know that George W has spent more days of his presidency on vacation than any president in recent history, and is currently in the middle of a month-long extravaganza worthy of a French public sector worker?

Don't mind me, I'm just jealous and missing Eurohols. (factoid via the SFGate morning fix)

I am speechless yet again.

Malware: The SOBIG.F deluge continues. No, not the virus itself; the various AV scanners around the world, telling me that some machine on the internet forged a message with my address. Accordingly, here's a set of SpamAssassin rules to catch them; write a procmail rule to detect that in the resulting X-Spam-Status header and divert.

The Irish 419 scam

Published August 19, 2003

FROM: UNIVERSAL STAKES LOTTERY, IRELAND. (forwarded by Rick Kleffel on the forteana list)

SCOvEveryone: so SCO showed some 'evidence' of code-copying from SCO to Linux -- problem is, it's code from UNIX v7, written around 1978/79; the code was released in BSD UNIX, rereleased by SCO/Caldera themselves under a BSD license later, and versions appear in textbooks under public domain. In other words, the SCO 'pattern analysis' team who found this 'copied code' didn't realise that this source had been released long ago -- even by their own company, no less. ho hum, good luck prosecuting based on that. next!

Blogs: Malte, one of the SpamAssassin dev team, now has a weblog too -- and with a better translation of the 'W32.Blaster caused the blackout' theory too. ;)

From: "James" (spam-protected)
Date: Mon Aug 18, 2003 4:15:40 AM US/Pacific
To: (spam-protected)
Subject: Congratulation! ( Please acknowledge this mail asap)

FROM: UNIVERSAL STAKES LOTTERY
IRELAND. REF NUMBER: 014/060/532 BATCH NUMBER: 762901-PCD03

Sir/Madam,

We are pleased to inform you of the result of the Lottery Winners International programs held on the 3rd of July, 2003. Your e-mail address attached to ticket number 27522465896-6453 with serial number 3772-554 drew lucky numbers 7-14-18-23-31-45 which consequently won in the 2nd category, you have therefore been approved for a lump sum pay out of 2,000,000 (EUROS ) (TWO MILLION EUROS)

CONGRATULATIONS!!!

For security purpose and clarity, we advise that you keep your winning information confidential until your claims have been processed and your money remitted to you. This is part of our security protocol to avoid double claiming and unwarranted abuse of this program by some participants. All participants were selected through a computer ballot system drawn from over 20,000 companies and 30,000,000 individual email addresses and names from all over the world. This promotional program takes place every year. This lottery was promoted and sponsored by eminent personalities like the Sultan of Brunei. We look forward to your active participation in our next year USD50 million slot. You are requested to contact our clearance office to assist you with the claim and transfer of your winnings fund into your instructed account by acknowledging the receipt of this mail with the email address below.

Email address: (spam-protected)

Note that, all winnings must be claimed not later than one month. After this date all unclaimed funds will be null and void.

Please note in order to avoid unnecessary delays and complications, remember to quote your reference number and batch numbers in all correspondence. Furthermore, should there be any change of address do inform our agent as soon as possible. Congratulations once more and thank you for being part of our promotional program. NOTE: YOU ARE AUTOMATICALLY DISQUALIFIED IF YOU ARE BELOW 18 YEARS OF
AGE.

Sincerely yours,

James Clark.

(Lottery Coordinator)

Blackout caused by W32.Blaster?

Published August 19, 2003

Frank Bergmann forwards some bits on FoRK that are quite interesting:

The failed Niagara power station belongs to National Grid USA. This power supplier is listed as a reference customer of Northern Dynamics -- who refer to themselves as the 'home of the OPC experts'. ... OPC stands for OLE for Process Control.

(I cleaned up some of the translation from this Heise.de article.)

Top Firebird tip

Published August 19, 2003

Mozilla Firebird has this feature that obviously seemed like a good idea, but unfortunately isn't really -- automatic image resizing.

Well, while surfing about looking at the next-gen Bluecurve screenshots, I came across a screenshot with a link to linuxart.com, which had a top tip:

type 'about:config'
scroll down to browser.automatic_image_resize, double click, change to 'false'

Hey presto!

Monday morning quickies – gifts patented

Published August 18, 2003

FFII have discovered that Amazon.com have received a patent from the EPO 'which covers all computerised methods of automatically delivering a gift to a third party'. It seems to cover Amazon's 'One-Click' ordering system, as well.

Wierd: Tiny town to reek of sex. Don't get excited -- it's only moth pheromones. (via Peter Darben on the forteana list.)

Medical slang, including:

ATS: Acute Thespian Syndrome
Departure lounge -- Geriatric ward
DBI: Dirtbag index (calculated by the number of tattoos on the body multiplied by number of recent missing teeth, to estimate days without a bath)
NFN: Normal for Norfolk
Pumpkin positive: When you shine a penlight into the patient's mouth and his brain is so small his whole head lights up
PFO: Pissed, fell over
Scepticaemia: What doctors develop with experience

And -- finally! -- an explanation for that ER term:

Stat: Immediately, shortened from the Latin statim

Linux: GrokLaw on SCO and Sun's Linux indemnification FUD. Well worth a read -- especially the bit where Mr. GrokLaw finds an old SCO contract that does include indemnification terms. Indemnification, that is, with some pretty serious get-out clauses and stings in the tail.

Weather: Mont Blanc closed due to record heatwave. 'This year, for the first time since its conquest in 1786, the heatwave has made western Europe's highest peak too dangerous to climb. Mont Blanc is closed. The conditions have been so extreme, say glaciologists and climate experts, and the retreat of the Alps' eternal snows and glaciers so pronounced, that the range -- and its multi-billion-pound tourist industry -- may never fully recover.'

Food: Cooking for the Mafia. 'Conrad Gallagher was the highest flier in the gaudy firmament of New Ireland. A Michelin star at the age of 26, and a swank restaurant, called Peacock Alley'. Not too long afterwards, things had not gone so well -- he was in the Brooklyn Detention Centre. Pretty terrifying article -- a US jail is not one of the nicest places in the world...

Spam: The Howard Dean election campaign ran into a wrinkle last week -- and pretty soon was apparently 'joe-jobbed'. This one is going to get interesting, if the Dean campaign follow up, as joe-jobbing an election campaign is in violation of federal election law, and is apparently taken quite seriously.

Reminder: keep an eye on Spamvertized.Org for the latest news in political spam!

Dynamic HTML madness

Published August 15, 2003

Absolutely incredible -- Lemmings in DHTML. It's perfectly playable -- amazing. Thanks JA!

NY weblog blackout coverage

Published August 15, 2003

The NY weblogs have really come through with incredible street-level views of the blackout. Highlights:

CamWorld
WorldNewYork
FTrain: As Brooklyn Slowly Drunkened
Amy LAngfield, stuck in the subway

Fantastic reading. It actually sounds like fun to me -- shades of 'no school due to bad weather' days when I was a kid ;)

Thanks Sergi!

Published August 15, 2003

So an Amazon parcel just arrived, containing Bruce Schneier's Secrets and Lies, with a little 'thank you' note from someone called Sergi -- a Sitescooper and WebMake fan. Thanks Sergi! (and thanks, Amazon wishlist ;)

Of course, now I feel guilty for neglecting those apps, in favour of SpamAssassin. Someday I'll get them all up-to-date...

‘Who Wants to be a Millionaire’ walkthrough

Published August 15, 2003

Wow -- this guy won $250,000 on WWTBAM, and blogged it up, in excruciating detail. (His 'Phone a friend' friend also details his experiences, too). It sounds terrifying...

Hacking: Real-life UNIX disaster recovery.

Commuting: Guardian: A Life Inside meets commuter hell. The author of 'A Life Inside' is a convicted felon, undergoing a gradual release from prison; recently he's been permitted to commute to a day job outside the big house.

'I've had a good run, I suppose. More than a year of almost incident-free commuting.' -- until this episode, where one of those space invaders -- the type who is perfectly happy to push you out of the way to make themselves comfortable -- arrives...

I leaned farther away. Soon my back was hurting. Hang on a minute, I thought. I've paid the same as him for this seat. I was entitled to sit up straight. So I did. Back came the elbow. I wasn't budging. And so battle commenced.

A glance at his computer revealed little activity. He was obviously too preoccupied with trying to make me budge. I was determined to resist this blatant act of aggression. I couldn't help thinking it would never happen in prison - not without ensuing combat. I thought about my pal Toby Turner. This laptop lout was lucky he wasn't sitting next to him in his heyday. I could just imagine Toby's reaction to the elbow treatment.

Paying no heed to the mass of silent bystanders, my shaven-headed friend would have been on his feet in a flash. 'Do you know how many fuckin' anger management courses I've done?'

'Er, no,' his startled tormentor would stutter.

'Six fuckers!' Toby would yell, 'and I still ain't passed!'

Flash Mobs hit Ballyhoo

Published August 14, 2003

The latest interweb craze, 'Flash Mobs', have hit Ballyhoo, according to The Ballyhoo Examiner:

'There was about 15 of them, and they went around the shop muttering 'carriages' or 'cabbages', I'm not quite sure which' .... Brendan says he himself would be 'game on' to take part in the next one, as long as it isn't in his own employers' this time, or a bank.

Art: Size does matter, Jamaicans decide (Guardian):

Two naked 7ft-high bronze figures - a male and a female - looking skywards on a dome-shaped fountain embossed with Bob Marley's lyrics 'None but ourselves can free our minds'. But according to the statue's critics the artist is too light-skinned, the male figure is too generously endowed, and both are, well, too naked. .... Another writer ridiculed Renaissance sculptors for being not generous enough. 'Just because Europe's classical statues had small penises, ... does not mean Jamaica must follow suit.'

SCOvEveryone: Groklaw forwards an interesting theory: Does SCO Unixware 7.1.3 contain substantial portions of SuSE Linux Enterprise Server 8 -- including the GPL'd device drivers? The author writes:

It is my belief and opinion that SCO has indeed borrowed engineering concepts and methods from their association with UnitedLinux. Many of these new features and the remarkable similarity with SLES 8 did not occur until after they started to participate in UnitedLinux and since these features were available to SuSE customers before SCO's involvement I am inclined to believe that SCO's engineering team has been influenced or tainted by the Linux development process. I cannot say if UnixWare 7.1.3 or SLES 8 share common code; as I said I am not a source licensee. I feel these issues need to be investigated further.

Referrer Spam Again

Published August 14, 2003

More referrer spam stuff. As Mark states in the comments here, it seems that the referrer-spamming is using real browsers run by real people -- no bots, no proxies.

The spammers create HTML pages which contain an IMG tag, using one of our pages in the SRC attribute. This causes the user's browser to attempt to download the page -- giving the correct referrer URL -- but it's not particularly visible to the user -- since it's a HTML page, not an image. All they're likely to see is a 'broken image' icon, and more likely the image is hidden anyway using a hidden div or width=0 height=0 attributes.

Anyway, I took a look at the HTML for those sites. Interestingly, all of them use a distinctive HTML style, with a redirecting frame and some Javascript to load the following pop-up ad:

http: //pb. xxxconnex. com/pb.phtml? d=aporndomain.net &sc=EXPN &ip=9999999999 &c=preview

Where 'aporndomain.net' is a porn domain, not necessarily always the same one as you're viewing, and '9999999999' is a 10-digit number. This then loads a frameset containing another random popunder ad from a load of domains. It also throws a few hidden ones into the corner, loads them as pop-unders, loads a javascript timer to open new ones occasionally, etc. etc. etc. As you close 'em, new ones open, and so on. Glad I don't run IE ;)

I would bet these guys, xxxconnex.com -- or one of their customers -- are the ones behind the referrer-spamming as a result. Their WHOIS info states they are:

Admin, Domain  info@webfinity.net
1E Braemar Ave
Unit 19
Kingston 10, WI N/A
JM
876-357-8404

Interestingly, that phone number and address also shows up in ROKSO as well, listed under domain registrations controlled by the 'Dynamic Pipe / Webfinity / Python Video' spam gang, ie. one of the biggest sources of porn spam out there. They're diversifying it seems!

Based on some suggestions on Kasia's weblog, I think I now have a good comeback -- still working on this though.

The Cluetrain List

Published August 13, 2003

Chuq van Rospach has a great idea -- instead of a do not spam list, an I am your customer, not your asset, and quit treating me like one list:

Where do-not-spam lists are useful (and ought to be mandatory) are third party sales and rentals. Any time someone buys or rents a list, that list has to be filtered against the do-not-spam list. If you're on it, you fall out of the transfer. that would include any time that information moves from one company to another, the do-not-spam restrictions apply. (ditto, IMHO, for phone and other personal information. I'll go further, actually. I think there ought to be a generic 'do not sell me as an asset' list, preventing transfer of personal information of any kind without permission. Or more correctly, a I am your customer, not your asset, and quit treating me like one list.

Great idea. Really, the resale of contact information for marketing purposes sounds fantastic to marketers -- but as The Story of Nadine demonstrates, it only takes two years for the contact information to be sold (via a chain of increasingly dodgy operators) from DeliverE, a subsidiary of Excite to horse bestiality porn spam.

Involuntary Park at Porton Down

Published August 13, 2003

Amazing! Porton Down is the UK's center for research into chemical and biological weapons, and has been since 1916. Not the nicest place you could think of -- by a long shot.

Well, it turns out that the massive no-go buffer zone around Porton Down, existing for 87 years, has preserved 'the largest remaining continuous tract of chalk downland in Britain'. 'The farming revolution of the 20th century, the development, the tourism, have all passed it by.' 'The disrupters are the large-scale inputs of chemicals, the pesticides, herbicides and artificial fertilisers that are the essence of intensive farming. At Porton Down, these have never arrived.'

As a result, it's now an amazing wildlife heritage site. Quite hard to get to see it -- but good to know it's there! Thanks to Bruce Sterling for forwarding this along the Viridian list.

Reminds me of something I heard about Chernobyl -- since the area around it is heavily irradiated, and therefore a no-go area for humans, it's become a de-facto wildlife refuge (even if half of the animal inhabitants are sterile as a result.)

‘International blacklists’ absurdity

Published August 12, 2003

OK, this is very stupid.

----- Transcript of session follows -----
... while talking to mail.(elided).com.:
>>> RCPT To:
<<< 591  The mail server you are SENDING FROM is listed on an
international blacklist. Send your questions to
blacklist-admin@(elided).net
554 5.0.0 Service unavailable

The mailserver in question is dogma.slashnull.org, 212.17.35.15. It's never been on a blacklist. However, it does live outside the US -- in Ireland, to be exact.

So it appears (from the wording) that someone is actually filtering their mail feed and blocking all mail from Ireland. Hello!? It's worth noting, in passing, that I strongly doubt that blocking all mail from Ireland (a) reduces your spam load one iota or (b) accomplishes anything apart from pissing off Irish people. Ah well, not my problem...

SCO: In other news, Ben sends on this Pinky and The Brain rendition of the SCO-vs-the-world saga from Nicholas Petreley -- worth a titter. Given that SCO are now sending invoices to Linux users, including charging 32 bucks for embedded developers -- who almost definitely are not using Read-Copy-Update and that kind of absurdly-high-end code -- it's pretty accurate.

Malware: The latest Windows worm, coming to a system near you; make sure ports 135-139, 445 and 593 are blocked, if you really have to run Windows for some reason. The worm's author includes this notable text string: billy gates why do you make this possible ? Stop making money and fix your software!!

Iraq: Amazing postmortem of the Iraq war. Summary: absolutely inept on the Iraqi side. 'The only order I got was to dismantle my airplanes -- the most idiotic order I ever received.'

Don’t Replace SMTP To Fix Spam

Published August 11, 2003

Every now and again, someone says 'to fix spam, we must ditch SMTP and start all over again'. Eric Rescorla describes why this is not the case.

Great blog -- I think I'll add that to my list. (found via Ed Felten.)

Monday Morning Quickies

Published August 11, 2003

The Dublin Flash Mob. All went off very well, from the sounds of it. However, this picture contains some wierdness -- who the hell is that guy, second from the left, who's stolen my haircut circa 2 years ago?! Those are my sideburns, give 'em back!

(ObSoCalJoke: they tried to organise a flash mob in southern CA, but couldn't find anywhere with a big enough parking lot for all those single-occupant SUVs. Ba-dum-tish!)

Telecoms: The Communications Workers of America union have released some figures on Verizon's profit margins etc. Interesting to note some figures -- like they charge 4 dollars for call waiting, a service which costs them 0.82 of a cent to provide -- that works out at a 48,680% profit margin, which must be nice. In addition, Verizon use 'splitters', which result in a copper pair being unusable for DSL -- just like Eircom do in rural Ireland. Interesting to note that, even after deregulation, LLU and general introduction of competition, the same problems still arise.

Science: BBC: Scientific research put under spotlight. Terrible article from the Beeb, who should know better.

Basically the article pins some of the blame for recent absurd claims of scientific breakthroughs, like the Raelian's claims they cloned a human, on the peer review process.

What they're missing is that, in most cases of these absurd claims, the research had not been peer reviewed -- instead a press release was put out in advance. Peer review remains the most effective way to demolish bad science. However, the news media shows no sign of being willing to sit around and wait for other scientists to analyse the latest claims, before publishing them.

Spam: Salon: Meet The Spam Nazi. More on the bizarre story of the Jewish leader of a Nazi party, who now peddles 'make penis fast' pills.

Politics: Ian 'Freenet' Clarke says he's leaving the US.

Linux: I've given up on blogging the SCO-v-everyone thing, it's getting too absurd. GrokLaw is covering it much better than I could anyway. Plus: You say po-TAY-to, I say po-TAH-to.

Movies: I concur with Waider -- Pirates of the Caribbean is great. Best summer blockbuster in years; Hollywood can still pull off a good big movie now and again (by using young directors it seems). Buckle those swashes! Aarrr!

Long-chain Monomers

Published August 10, 2003

PR-otaku -- I've just got to buy Pattern Recognition, it looks amazing.

Just finished Nickled and Dimed: On (Not) Getting By in America, by Barbara Ehrenreich; a great read, although pretty grim. (thanks mum!)