Skip to content

Justin's Linklog Posts

Small World

Published May 23, 2003

wow, this is wierd.

So I did a quick blog-hop, as you do. First, I visited Bernie’s interim weblogs.com blog (thanks for the link B! BTW, this looks cool).

From there, I hopped to Micheal O’Foghlu’s site, and finally settled the question — yes, he is related to Cormac O’Foghlu, who I used to work with ;)

On to Sean McGrath’s blog, where I came across an interesting link to DemoTelco — a nifty site where anyone can set up a blog and write entries via SMS messages. Set up by a Dublin company, Newbay.

Cool. To check it out, I took a look at one of the blogs on the ‘most popular’ sidebar, and what do you know — it’s Caelen King’s foneblog!

Lots of (er, frankly bizarre) pics of Caelen and Barbara. Given the shots of Euro coins and crappy Dublin weather, I guess they’re back from their round-the-world trip, then…

Sure enough, it notes:

We are back in Ireland and back at work – Our Really Big Adventure is over

Know that feeling. :( Still, at least they went to the bother of finishing up their travelogue. I think I’ll take a read over that in full when I get a chance…

The ‘One Bite Of The Apple’ Problem

Published May 23, 2003

Ray Everett-Church of CAUCE writes regarding the latest US Senate anti-spam bill.

This bill simply creates a set of baseline standards for truthfulness, which if the spammer can meet, they can send as much spam as they wish. This characteristic, common to all the leading spam bills, makes it a gross misnomer to call them ‘anti-spam.’ ‘Anti-consumer,’ sure. ‘Pro-spam,’ even. But not ‘anti-spam.’

Any legislation that permits all of America’s estimated 23 million small businesses to legally send everyone at least one email cannot be considered anti-spam. And any bill that limits a consumer’s recourse to clicking an opt-out link 23 million times isn’t going to make our lives any better. By limiting enforcement to Attorneys General or the FTC, with no recourse for consumers, these bills virtually guarantee the status quo: extremely limited enforcement. Even the FTC and state AGs have said giving them more enforcement power without commensurate resources is a waste of time.

A good example of why opt-out does not work as a basis for anti-spam action; it permits every single potential sender to still spam you once, in full legality — what’s been called the ‘one bite of the apple’ problem.

Given that (as Ray says) there’s 23 million small businesses in the US, that’s a potential 23 million spams to your email address, and 23 million ‘remove’ requests you’d have to send to unsubscribe — every three years, to boot. Full open letter from CAUCE here.

Cat Murderer

Published May 23, 2003

My cat has turned into a murderer. For the last week, he’s been going out and bagging 1-2 wild animals per day; mostly rabbits, but some voles and a finch too.

It’s really wrecking my head. I don’t have the nuts to kill a half-dead rabbit in cold blood, so I wind up leaving them in the bushes to die; and I’m sure that’s exactly what happens to most of ’em. The other day I had to fish out a dead baby rabbit, put it in a plastic bag, and dump it in the bin.

Maybe I should leave them out for the hawks. There’s a pretty big peregrine and red-tailed hawk population around here.

Alternatively, maybe some cat transformation sets would help… at least around the house: ‘The cat which became a hood figure is likely to have a broom at any moment, and is likely to begin cleaning.’

Bonus: via jwz:

‘Shooting The Messenger’

Published May 23, 2003

Yoz does a great job rounding up some Plan For Spam links. First off, he links to a great essay, Shooting The Messenger, which nicely rebuts the idea that to deal with spam, we need an SMTPng. Recommended. (He goes a bit overboard with some hard-ass filtering recommendations at the end IMO, though…)

Secondly, Yoz links to a couple more posts. The first is a friendly-fire incident involving the SpamCop DNS blacklists, illustrating the dangers of peer-to-peer ‘this is spam’ reporting. There’s a related issue with the SpamCop DNSBL, in that it’s over-sensitive; one report can sometimes be enough to get a site BLed, which is not good. The problems with SpamCop’s hair-trigger thresholds are well-documented, and — hopefully — Julian will fix them soon.

The second is a mail from John Gilmore to Politech. He says ‘a simple rule for anti-spam measures that preserves non-spammers’ freedom to communicate is: No anti-spam measure should ever block a non-spam message. But there isn’t a single anti-spam organization that actually follows this rule.’

Wrong. That’s exactly the SpamAssassin angle. If the user says it’s not spam, it’s not spam — and we have to figure out a way to get our scoring system to return that result, if at all possible. And yes, it gets it wrong about 0.1% of the time — and that’s why we never tell users to block, bounce or delete spam if at all possible; just mark it ‘possible spam’ and divert to another folder, and always let a human take a look to verify that decision.

Given the nature of the spam problem, and the nuisance it poses to virtually everybody trying to use email, that’s the best that can be done at this point.

And yes, something has to be done. Spam is a massive problem. If it’s not dealt with somehow, and kept out of our day-to-day inboxes, people will stop using mail. Before spam filters became ubiquitous, I talked to many casual internet users who (a) closed down their email address every 6 months to escape the flood, or (b) gave up reading their mail because of it. (And why did spam filters become ubiquitous?)

It comes down to: what’s better for the internet — a mislabelled email in your ‘spam bucket’ folder — or no email at all?

valid reverse DNS now required to mail an AOL user

Published May 22, 2003

Given that something like 8.13% of of the hosts that have sent non-spam mail to me do not have reverse DNS information recorded, the fact that AOL have just switched this on as a requirement will be interesting:

Breakthrough in photonics

Published May 22, 2003

New Scientist: Alchemy with light shocks physicists:

Claims of ‘unexpected and stunning new physical phenomena’ are rare in the abstract of a reputable scientific paper. But the latest report by photonics crystal pioneer John Joannopoulos and his group at MIT, soon to be published in Physical Review Letters, does not disappoint.

The researchers document the ultimate control over light: a way to shift the frequency of light beams to any desired colour, with near 100 per cent efficiency. ‘The degree of control over light really is quite shocking,’ comments photonics expert Eli Yablonovitch at the University of California, Los Angeles.

If the effect can be harnessed, it will revolutionise a range of fields – turning heat into light, for example, or prized terahertz rays. Right now, the only way to shift the frequency of a light beam involves sending an extremely intense light pulse – with a power of many megawatts or even gigawatts – along next to it.

This interacts with the first beam and alters its frequency, but the technique is expensive, requires high-power equipment, and is generally pretty inefficient. But when Joannopoulos and his colleagues Evan Reed and Marin Soljacic investigated what happens when shock waves pass through a device called a photonic crystal, they discovered a completely unexpected effect.

I’m just posting this because I like the word ‘photonics’ ;) But this is apparently really cool new tech.

Escher Meets The Flower Show, Little Elves, and W3C on Patents

Published May 22, 2003

BBC: How does Dyson make water go uphill? A very cool hack from a Dyson engineer for the Chelsea Flower Show — an M. C. Escher-influenced water feature which gives the illusion that the water is flowing uphill.

A set of four glass ramps positioned in a square clearly show water travelling up each of them before it pours off the top, only to start again at the bottom of the next ramp.

It is a sight which defies logic, and has become probably the most memorable image of this year’s show.

Mr Dyson says his inspiration was a drawing by the Dutch artist MC Escher (he of Gothic palaces where soldiers are eternally walking upstairs, and of patterns where birds turn into fish).

Privacy: Danny forwards this post which discusses what the poster calls the ‘little elves’ problem. Very good point and contains this great real-world example:

Peter Wright in ‘Spycatcher’ … describes one of the problems arising out of the Berlin Tunnel Operation thus: ‘So much raw intelligence was flowing out from the East that it was literally swamping the resources available to transcribe (and translate) and analyse it. MI6 had a special transcription center set up in Earl’s Court, but they were still transcribing material seven years later when they discovered that George Blake had betrayed the Tunnel to the Russians from the outset’.

Funnily enough, I have the same problem — a lack of processing power to deal with the raw incoming volume — with my spamtraps from time to time. Now I can describe it in terms of ‘little elves’.

Patents: W3C announce patent policy. They’ve decided on Royalty-Free as a requirement, good news. TimBL’s comments on the decision:

Many participants in the original development of the Web knew that they might have sought patents on the work they contributed to W3C, and that they might have tried to secure exclusive access to these innovations or charge licensing fees for their use. However, those who contributed to building the Web in its first decade made the business decision that they, and the entire world, would benefit most by contributing to standards that could be implemented ubiquitously, without royalty payments.

This decision on the W3C Patent Policy coincides almost exactly with the tenth anniversary of CERN’s decision to provide unencumbered access to the basic Web protocols and software developed there, even before the creation of W3C. In fact, the success of technical work at the World Wide Web Consortium depended significantly on that decision by CERN. The decision to base the Web on royalty-free standards from the beginning has been vital to its success until now. The open platform of royalty-free standards enabled software companies to profit by selling new products with powerful features, enabled e-commerce companies to profit from services that on this foundation, and brought social benefits in the non-commercial realm beyond simple economic valuation. By adopting this Patent Policy with its commitment to royalty-free standards for the future, we are laying the foundation for another decade of technical innovation, economic growth, and social advancement.

Quite. I remember seeing Mosaic for the first time — my first thought was ‘wow, it’s like those commercial hypertext systems, but it’s free’. Initially, the free-ness was a lot more important than the network transparency it also offered.

There had already been several commercial hypertext systems, with expensive licensing terms. I’d only ever seen them bundled with other products (like the AIX documentation viewer) or used in kiosk systems.

They pretty much foundered when HTTP and HTML became available. But there’s no question to my mind that if CERN had made HTTP/HTML a commercial, licensed, or royalty-paying proposition, we wouldn’t even be talking about the web (or should I say the ‘WWW’?) nowadays.

The national ‘Do Not Call’ list

Published May 20, 2003

(of the phone variety). I’ve been driven mad by telemarketers; one of the more irritating local innovations (thankfully ‘sales cold calls’ are pretty hard to operate with European privacy laws, so it wasn’t a problem back home).

Well, Congress over here recently passed a ‘do not call’ list, so you could ring up the maintainers and ask for your number to be added, and hey presto, no more phone spam. Well, CalPundit writes:

The federal law doesn’t cover banks, airlines or phone companies or calls made within a state.

Wow. That’s like saying ‘the law doesn’t cover calls made on a day ending in ‘y’.’ In my experience, those companies make 95% of the calls. Great.

Think I’ll stick with the tried-and-trusted ‘ring through to answerphone during the afternoon and early evening’ filter…

DMCA: IP: Using treaties to lock in DMCA enforcement:

On May 6, President Bush and Prime Minister Goh of Singapore signed the U.S.-Singapore Free Trade Agreement (the ‘FTA’). President Bush has termed the FTA ‘the first of its kind’ – apparently meaning that it is the first free trade agreement between the United States and an Asian nation.

But the FTA is also the first of its kind in another sense, as well. It is the first international trade agreement to demand that the signatories implement anti-circumvention provisions similar to those of the hotly controversial Digital Millennium Copyright Act (‘DMCA’).

It’s Naomi Klein meets Slashdot ;) Hopefully it’ll be blocked though, since it has serious domestic results too:

This step will have international, as well as domestic consequences: If Congress approves the FTA, it will not able to alter the DMCA without violating its obligations to Singapore.

Of course, according to some correspondents, Ireland’s copyright regime (reformed in 2000) quietly inserted its own DMCA provisions. Of course, nobody noticed, except for the legal lobbyists who were hoping this would happen. Doh. Is nowhere safe for freedom-to-tinker these days?

The 419ers Meet Their Match

Published May 19, 2003

Scam-O-Rama: Absolutely incredible. These guys have taken the art of 419er-baiting to the ultimate extreme — they’re successfully extracting money from the ‘Lads from Lagos’:

Wow. Also this IDG.NET story notes:

There’s an odd battle building in the dark alleys and byways of the Internet, being fought by diverse characters such as Dr. Sigmund Freud, Kris Kringle, the late Princess Margaret, a German-Hungarian gypsy called Hans Gneesunt-Boompsadazi, a Chinese restaurateur called Hu Flung Dung, and the Patagonian Liberation Front. ….

In what is regarded as the Titanic of the genre … three bogus explorers called Captain Stabbin, Lonslo Tossov and Ilichy Miracsky, in their equally fictitious boat ‘The Lucky Lad’, kept a gang of Lads on the run for several months with clowning exploits describing their supposed passage up and down the West African coast, failing to meet the Lads on several occasions for a variety of improbable reasons.

Eventually the good captain pulled the plug on the reverse scam, informing the lads in no uncertain terms that they were ‘mugus’ — a word used in Nigeria to denote an utter idiot.

I came across this while looking for info on the practice of signing guestbooks as Mugu Guyman. One theory I’ve heard is that means a 419er has visited the guestbook, scraped the email addresses for 419 fraud, and it’s a sign for other 419ers to keep away from those addresses as they’re already ‘taken’. As the quote says above, ‘Mugu’ is apparently a term meaning something along the lines of ‘gullible idiot’. Most of the comments seem to support this:

  • ‘me i done here mugu mugu off’
  • ‘TOGO GUYMEN KEEP OFF FROM THIS SITE I DEY HERE LAGOS ?TOGO GHANA GUYMEN MUGU NO DEY HERE’
  • ‘Avary good site pls all guyman keep off,oooooooooooooooooo.’

Then, a few seem to indicate that it’s a sign to other 419ers not to spam those addresses while a scam is in progress:

  • ‘south africa, jo bong, mugu guyman kindly keep offoooooooooooooo someone have visitedooooooooooooooo and still waiting for reply ok’
  • ‘VERY HICE ALL MUGU GUYMAN KEEP OFF IT HAS BEEN DONE PLEASE DON,T SPOIL JOB FOR I DONO DO ALL0000000000000000000000000000000000000’

Dunno what all the oooooooooing is about though… ;)

Guinness Really IS Good For You

Published May 16, 2003

New Scientist: The Last Word: ‘Q: I have heard that it is possible to live on Guinness and milk alone. Is this true, or even partially true?’

A: This is not quite true. Guinness does contain many vitamins and minerals in small quantities, but is lacking vitamin C, as well as calcium and fat. So, to fulfil all of your daily nutritional requirements you would need to drink a glass of orange juice, two glasses of milk, and 47 pints of Guinness. — Nigel Goodwin , University of Nottingham’

No problem!

The ‘Private Jessica Lynch’ Spectacle

Published May 16, 2003

Karlin posts a good story on the whole ‘rescue of Private Jessica Lynch’ story. Great quote:

Further, British military Group Captain Al Lockwood, the British Army spokesman at central command in Iraq, says that the British could not believe the pandering way in which the US military dealt with the US media, culminating in the Lynch episode, and the gushing, unquestioning acceptance of same by the US media. ‘In reality we had two different styles of news media management,’ said Lockwood. ‘I feel fortunate to have been part of the UK one.’

Guardian story here:

The American strategy was to concentrate on the visuals and to get a broad message out. Details – where helpful – followed behind. The key was to ensure the right television footage. The embedded reporters could do some of that. On other missions, the military used their own cameras, editing the film themselves and presenting it to broadcasters as ready-to-go packages. The Pentagon had been influenced by Hollywood producers of reality TV and action movies.

One interesting result is that, while the US media (or TV at least) is happy to spew this pabulum, for some reason, these days, most other media outlets world-wide are a bit more likely to apply a critical eye, suspecting spin.

No matter whether it’s true or not, excessive media management (or filming of action movies ;) over flimsy stories is quickly exposed. This promulgates the impression world-wide that the wool is being pulled over the viewers’ eyes, and that the source of the news is fundamentally telling fibs.

SCO’s strong-arm tactics

Published May 15, 2003

In case you missed it — SCO’s letter to Linux customers. Executive summary:

  • open-source code development methodology bashing, to start with
  • SCO will ‘suspend their own Linux-related activities’, whatever they were
  • all users of Linux are vaguely threatened in a ‘cartooney’ fashion
  • ‘Similar to analogous efforts underway in the music industry, we are prepared to take all actions necessary to stop the ongoing violation of our intellectual property or other rights.’

Classy! And a bonus good point from a comment on this LJ article: ‘According to this article, SCO Linux 4.0 contains version 2.4.19 of the Linux kernel. … By the act of distributing the Linux 2.4.19 kernel, SCO has irrevocably released any and all of their intellectual property present in the 2.4.19 kernel under the (terms of the) GPL.’

Chris Horn back on top in Iona

Published May 15, 2003

my ex-employers, IONA Technologies Announces Chris Horn as CEO — again:

In a series of further moves, Mr. Barry Morris, CEO since May 2000, Mr. Steven Fisch, COO, who joined the company in August 2002, and Mr. David James, Executive Vice President Corporate Development, who joined in 1997, have resigned.

‘The Board of IONA Technologies is responding firmly to the challenges and opportunities of the changed marketplace, to position the company for profitable growth and to take advantage of market opportunities through business and new product development. I want to thank Barry, Steven and David for their enormous contributions to IONA and I wish them well in their next challenges,’ said Dr. Chris Horn.

Good to hear it!

Microsoft using cloak-and-dagger tactics to fend off Linux

Published May 15, 2003

Ah, some good old-fashioned sleazy MS stuff:

Chris O’Rourke, a Microsoft employee, described attending LinuxWorld, a trade fair in California, where he ‘purported to be an independent computer consultant’ working with several public school districts, according to an e-mail message he sent on Aug. 20, 2002. ‘In general, people bought this without question,’ Mr. O’Rourke wrote. ‘Hook, line and sinker.’

He said his goal was to glean intelligence about the competition. His guise, Mr. O’Rourke said, ‘got folks to open up and talk.’ Mr. O’Rourke did not respond to a fax and voice mail message seeking comment.

Hilarious — if you can’t beat ’em, send in the clowns. Via the NYT.

Telecoms sans Frontieres

Published May 14, 2003

Salam Pax blogs about an interesting NGO:

I have heard today that a NGO called Communication sans frontiers has arrived in Iraq and will help. They will probably be doing what the Red Cross is doing, a center in Baghdad and a team moving around Iraq. The Red Cross has been moving its phone service, if you can call it that, around Baghdad. Two days for each district and they depend on the word of mouth to spread the news, usually they end up with huge lines and waiting lists but everybody is grateful. Many people have no way telling their relatives abroad how they are doing. A couple of Arabic TV stations, mainly Jazeera, has been putting their cameras in the street and allowing people to send regards to their relatives abroad, tell them they are OK hoping that they would be watching at the time. So what the Red Cross has been doing, and I think what Communication sans frontiers would ultimately be doing is much appreciated.

According to this comment on the command-post.org blog, it’s actually called Telecoms Sans Frontieres:

Telecoms sans Frontieres has created a new humanitarian aid concept: the humanitarian telephone system. TSF’s mission is to operate anywhere in the world, in the heart of military conflicts or in the wake of natural disasters, in order to enable the local population to simply say: I’m alive.

Now there’s a cool idea for any BOFHs who fancy doing some interesting volunteer work for a year… ;)

Ali G in the NYT

Published May 14, 2003

A classic Ali G moment, via Maureen Dowd in the New York Times (username: sitescooper/sitescooper):

  • YOUNG MAN: How does you make countries do stuff you want?
  • MR. BAKER: Well, the way you deal with countries on foreign policy issues . . . is you deal with carrots and sticks.
  • YOUNG MAN: But what country is gonna want carrots, even if it’s like a million tons of carrots that you’re giving over there—-
  • MR. BAKER: Well, carrots — I’m not using the term literally. You might send foreign aid — money, money.
  • YOUNG MAN: Well, money’s better than carrots. Even if a country love carrots and that is, like, their favorite national food, if they get given them—-
  • MR. BAKER: Well, don’t get hung up on carrots. That’s just a figure of speech.
  • YOUNG MAN: So would you ever send carrots? You know, is there any situation—-
  • MR. BAKER: No, no.
  • YOUNG MAN: What about if there was a famine?
  • MR. BAKER: Carrots, themselves? No.

Beautiful.

Initially, there were a lot of media reports in the UK and Ireland, about how negatively it was taken in the US; this interview with the director reckons that was rubbish put about by UK media:

‘I’ve got a theory about this: In Britain, we’re no longer world leaders in anything. … Yet the one thing we still maintain, and cling on to jealously, is that we’ve got the best sense of humour in the world. So we don’t like the idea that people in other countries get our sense of humour. We prefer to cling to the idea that our comedy is too sophisticated for the Americans And yet the truth is rather different. If you look at sitcoms, with a couple of exceptions, all the best ones come from America, like Friends, Frasier, Seinfeld and so on.’

‘I actually think Americans get the undertones of satire almost better than the British. It can’t be coincidence that the best comedies on our TV are all imported from America.’

But then even the bad reviews never said that Ali G was too sophisticated, complaining instead that the satire wasn’t subtle enough. Maybe the Americans are the more comedy-literate, after all.

More on C-R

Published May 14, 2003

TidBITS weighs in. They cover the issues very well, and also have noticed the problem that arises when a C-R system decides to challenge e-commerce notifications — like your air travel e-tickets, for example.

Found at Gary Robinson’s blog, where he also links a couple of taint.org items, cheers Gary ;)

Also, from /.: the House of Lords debates the etymology of ‘spam’. Quite funny:

Lady Saltoun of Abernethy: My Lords, do the Government have any plans to restrict unsolicited faxes? My fax paper is always being wasted by people who send me faxes I do not want. I do not know whether they could be called ‘corned beef’ or something, but I have had enough of them.

Plus another anti-spam Senate bill, from Rep. W.J. ‘Billy’ Tauzin (R-La.) and F. James Sensenbrenner Jr. (R-Wis.). This one is apparently riddled with loopholes: ‘this is yet another bill . . . attempting to get rid of the porn and the scams, but really clearing the way for legitimate companies to spam,” said John Mozena, co-founder of … CAUCE.’

The Perils of Challenge-Response hits PoliTechBot

Published May 13, 2003

As I’ve said before, C-R is not an acceptable way, alone, to deal with spam. You’re just pushing the work away from yourself, and onto your legitimate correspondents — and you won’t make any friends as a result. Things get worse when anything more complex than simple person-to-person mail intrudes, like internet mailing lists. (And come on folks — that particular innovation is only 24 years old ;)

Case in point this week: Declan McCullagh gets bitten:

My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today.

and Dave Farber says:

If I start getting a flood of challenges from earthlink ipers that require my response I will most likely declare them SPAM and you will stop receiving IP mail.

John Levine’s follow-up is well worth a read, as he predicts massive (and trivial) whitelist exploitation by spammers to avoid C-R — and then we’ll be worse off than we were when we started.

Finally, there’s quite a funny quote in John’s mail:

A relatively easy to solve problem with challenge systems is that most of them are written by dimwits who don’t understand the way that e-mail really works. In 1983 the 4.3BSD Berkeley Unix ‘vacation’ program correctly dealt with mail from lists and other mechanical sources, yet 20 years later I still see out-of-office replies from Lotus Notes and MS Exchange to list mail every day. (Is there really nobody at IBM or Microsoft who used 4.3BSD or knows the rules of thumb to recognize non-personal but legit mail?)

I have often wondered that myself ;)

Northern Ireland policing: imploding

Published May 12, 2003

Wow, the policing situation in Northern Ireland is undergoing meltdown (again).

First off, ‘Stakeknife’ has been named. He was a very high-up member of the IRA (‘head of security for the IRA’s northern command’ apparently), and a double agent for the British Army’s FRU division. The Sunday Herald coverage is here. This is seemingly due to some revelations by a double-agent turned whistleblower.

He’s not a nice character by all accounts:

‘It would be tantamount to being exposed as running a Latin American-style murder squad if the truth came out,’ one said. Unlike Nelson, Stakeknife sometimes did the killings himself. He is also supposed to have arranged for republican targets to be in the wrong place at the wrong time so loyalist hit teams could ‘take them out’. An intelligence source added: ‘This guy was licensed to kill and he killed very many people — or arranged their deaths.’

So, last week, Castlereagh barracks — where files on the agent were kept, and ‘supposedly the most secure security force barracks in western Europe’ — was broken into by a team from British Army intelligence. From that article, it seems pretty brazen; they used army passes, went directly to the room where the papers were moved, knew that security teams were not operational, took exactly the right files, and left:

One former FRU source said: ‘There was no way it was paramilitaries — they couldn’t pull it off. The branch couldn’t do it as they’d get spotted by their own pals in the RUC and MI5 just don’t do rough stuff like this. There’s no one except an intelligence corps CME team who could do this and there is no other motive for them doing it than protecting Stakeknife.’

More NI stuff: Martin McGuinness transcripts: Cryptome again. Surprisingly interesting, mostly for the relaxed chats with Mo Mowlam!

  • Mo: ‘Ahem, the second thing I was gonna say was that I was gonna go to AMERICA and if I’ve got it I’m still gonna go for a couple of days, this week. So I won’t be around much and then I’m on two weeks holiday.’
  • MM: ‘Right’.
  • Mo: ‘So, it was really if there was anything, ahem?’
  • MM: ‘Your holiday plans and mine are colliding then.’
  • Mo: ‘I’m going 26th for two weeks’.
  • MM: ‘So am I, 26th for two weeks.’
  • Mo: ‘Your not going to TURKEY I hope?’
  • MM: ‘No I’m going to Kerry.’
  • (Both laugh)

EMusic again

Published May 12, 2003

So I’ve signed up for EMusic. Just my luck — with perfect timing, they’ve instituted a new download policy, whereby one has to use a proprietary download application — and it doesn’t work on Red Hat versions after 7.3; to quote their install instructions:

The Linux version of the Download Manager 2.0 was developed for Red Hat 6.2, 7.3 and Mandrake 8.1. Any flavors of Linux outside of these may not support the EMusic Download Manager 2.0. If you are having issues, we recommend that you switch your Linux flavor or OS in order to download with the EMusic Download Manager 2.0.

There’s two workarounds: use the Red Hat 7.3 shared libraries for system libc and libnss, as described by John Anderson of genehack.org here; or apparently, a local proxy can be used as long as you use the IP address of the proxy in the emusicdlm app — not the hostname.

I’m conflicted now; I was about to go recommending this service to all and sundry, but

  • it really makes the Linux version a hell of a lot harder to run. (I hope they fix that, at least). Previously, it was simply ‘right click to download’, which is insanely easy and simple.

  • more worryingly — in my experience, this kind of ‘tightening up’ is often symptomatic of a company running out of cash and spiralling ’round the plughole, IMO. :(

On the good side, once I downloaded and set up the genehack hack^Wworkaround, it’s now working perfectly.

I’ve just downloaded an album from their service in about 3 minutes (at 400Kb/s), first try, and the tracks are all crystal-clear VBR MP3s. Now that’s nice…

(PS: -1 for whichever glibc genius decided to change the libnss API incompatibly.)

Horrific – when botfly larvae attack

Published May 10, 2003

Horror as maggots bore into game farmer’s eye (Saturday Star, South Africa):

‘I was in the veld hunting with a group of foreign tourists when I felt something flick into my eye. I thought it was just a miggie but that evening my whole face started to swell,’ he said.

Spangenberg went to his doctor and was given eye drops but the swelling got worse. ‘I started getting terrible migraines and at times I could see nothing but dark and light shadows out of my eye.’

His doctor sent him to eye specialist Bruce Staples in Bethlehem who suspected that the Bot fly was responsible but initially couldn’t spot the larvae – so he treated the inflammation.

When Spangenberg came in again, Staples spotted the worms in the retina and managed to hunt them down with the laser. Staples said by that stage they had begun to pupate and started to run and hide when he went after them with the laser.

This story notes that, in Africa at least, they generally attempt to infect sheep eyes rather than those of humans; but snopes has pictures (warning: extremely gross) from an earlier infestation in Honduras.

Botfly larvae are horrible, horrible little creatures. Urgh. This combines two of my pet neuroses — maggots and things happening to eyes — I think I’m going to get sick…

The FTC’s ‘Fridge’

Published May 9, 2003

wow, the FTC get so many reports of spam, they have to use this monster to deal with it! That’s serious volume.

(Image courtesy of spamNEWS and Neil Schwartzman — thanks Neil)

for posterity: the FormMail advisory

Published May 9, 2003

Myself and Ronald F. Guilmette co-wrote an advisory on vulnerabilities in FormMail. Here it is, archived from RFG’s bugtraq posting:

Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9

By manipulating inputs to the FormMail CGI script, remote users may abuse the functionality provided by FormMail to cause the local mail server on the same (web) server system to send arbi- trary e-mail messages to arbitrary e-mail destination addresses. Such e-mail messages may contain real or forged sender e-mail addresses (in the From: headers) entirely of the attacker’s choosing. In some cases, the envelope sender addresses of such messages may also be set to arbitrary values by the attacker.

I helped with a few cases where FormMail is vulnerable here, namely the injection of newlines attack.

When this came out, I was in Australia, packing in preparation for a month-long camping trip around Victoria ;) The Lake Catani campsite at Mount Buffalo was amazing. (whoa, compare that page with this e-commerce monstrosity — urgh)

UFO Roundup on Saddam’s Alien Technology

Published May 9, 2003

Saddam Hussein, or Mighty Morphin’ Power Ranger? You decide:

… (UFO Roundup Middle East correspondent) Mohammed Daud al-Hayyat has a theory that the golden necklaces worn by Saddam and his son Qusay are protective devices given to them by the reputed Zarzi aliens. …

‘People say that when they wear these necklaces, Saddam and Qusay have only to clasp hands, and the circle of light will appear,’ Mohammed explained, ‘The alien vortex will instantly transport them to safety. In this manner, they can create the circle without the Zarzi aliens being present.’ …

‘The latest rumor is that Saddam will shortly address the people of Iraq from an alien base on the moon! They say this will happen in four or five days.’

Classic! Snipped from UFO Roundup, via the Forteana list; full extract here. (Link)

‘Then they just drop off’

Published May 7, 2003

The BBC reports on one animal-borne disease which I, for one, do not want to see making that zoonotic jump to humans:

Gruesome VD hits Tanzania baboons

Scientists are investigating a horrific new venereal disease which is affecting baboons in Tanzania. … Male baboons are particularly badly hit by the new disease, says Elibariki Mtui from the African Wildlife Foundation in Arusha. ‘The genitals kind of rot away, then they just drop off,’ he said.

Salam’s Back

Published May 7, 2003

Good news — Dear Raed is back on the air, in one piece!

Let me tell you one thing first. War sucks big time. Don’t let yourself ever be talked into having one waged in the name of your freedom. Somehow when the bombs start dropping or you hear the sound of machine guns at the end of your street you don’t think about your ‘imminent liberation’ anymore.

But I am sounding now like the Taxi drivers I have fights with whenever I get into one.

Reactionary taxi drivers — the same the world over ;) A fantastic read. So many details from the point of view of a ‘normal’ Iraqi on the streets. If you’ve been following the war and subsequent events, you can’t miss it.

IDF fires on British defense attache

Published May 6, 2003

Israeli Defence Force fires on parents of injured British peace activist (Independent) (and the British defence attache to Tel Aviv): ‘The parents of a British peace activist who was shot in the head by Israeli troops, came under fire themselves’ … (they) ‘were in a British diplomatic convoy entering the town of Rafah in the Gaza Strip when Israeli soldiers at a checkpoint fired a shot’. ‘The incident … took place despite the Israeli Army being given notice of the journey on at least three occasions’. Incredible. More at the Guardian, too.

SARS genome decoding ‘couldn’t have been done without mail’

Published May 5, 2003

just got back from a super-quick booze-soaked weekend visit to Ben in SF. It was so good to visit a city once again, and get the opportunity to paint the town red, hit the bars, eat in plentiful cheap restaurants, and generally enjoy city life (which I’ve been missing massively since the move from Dublin). But now back in post-suburban Irvine to cope with the hangover.

Also got to meet up with Komal, one of my co-workers up there — which was cool. Unfortunately it was a super-speedy weekend whistle-stop tour though, so having a good social meet-up with all the guys will have to wait until the next visit. ;)

Net: ‘The Canadian scientists who broke the genetic code for SARS … say they couldn’t have done it without the Internet. … The key to that collaboration was ordinary e-mail‘.

It also turns out the ProMED mailing list was the central point at which SARS reports were collated in the early stages, even despite evasion and cover-up by the Chinese state.

So there you go — as usual, SMTP is the killer app — or in this case, a life-saving app! All the more reason to figure out ways to deal with spam and return SMTP to its top spot in the protocol pantheon.

Good thing the FTC Spam Forum went so well, then. Sounds like there was unprecedented agreement between the non-spam folks, clear understanding of the issues by quite a few of the Washington denizens, and maybe even some good footage of the other side digging holes for themselves.

Health: US, Asian Airlines Disagree on SARS. Me, I just wish the airlines would stop being so bloody cheap, and bring in more fresh air rather than recirculating. ;)

Scientists from the Michael Smith Genome Sciences Centre of the B.C. Cancer Agency say their achievement relied on rapid communication with scientists around the world. The key to that collaboration was ordinary e-mail, said Steven Jones of the Vancouver-based research agency in a teleconference Thursday sponsored by Science magazine.

“Within a day of us having a press release announcing our participation in the sequencing we had an amazing amount of e-mail from scientists all around the world,” Jones said.

As soon as the sequence was decoded, the B.C. researchers posted it on the Internet.

“People were, within minutes of that, able to download the sequence and analyse it in their own laboratories and their own computers,” Jones said.

“The Internet has had a profound impact on how this data has been shared and how scientists have collaborated.”

A short time later, researchers at the Atlanta Centers for Disease Control published the sequence of a coronavirus taken from another SARS patient.

The genetic coding for the two viruses were virtually identical, boosting confidence that the coronavirus was in fact the causal agent.

Now both sequences are posted on the World Wide Web for the benefit of researchers in many countries racing to find a reliable test for SARS, and a vaccine to prevent it.

Scientists say the speed of the decoding was amazing.

The first reports of the new disease came from China in November, and on March 13 cases were reported in Toronto and Vancouver. The sequences were posted on the net on April 15.

By contrast, it took years to identify the agents behind diseases like AIDS and hepatitis C.

Mel Crajdon of the B.C. Centre for Disease Control said all evidence points to the coronavirus as being the cause of SARS, despite some seemingly contradictory findings.

Earlier this week Frank Plummer, who heads the National Microbiology Laboratory in Winnipeg, said he was puzzled by the number of people who show evidence of the SARS coronavirus but not symptoms of the disease.

Crajdon suggested the apparent anomaly is due to imperfect understanding of how the disease presents itself, as well as lack of reliable tests for the presence of the virus.

“I’m not surprised by the results that have been obtained to date and I think that they will rapidly improve,” he said.

More than 5,400 cases of SARS have been diagnosed worldwide, with at least 394 deaths. In Canada, there have been 23 deaths, all in the Toronto area.

  • – –

On the Net:

SARS sequences: http://sciencemag.org/features/data/sars

SARS data: http://aaas.org

SARS Comments: http://eurekalert.org

Unicode, and how Java got it wrong

Published May 1, 2003

Tim Bray is opening my eyes to lots of the itty bitty details of i18n with Unicode. I had very vague ideas about so many things he’s writing here, so it’s an educational read, especially this:

In Java, characters are represented by the char data type, which is claimed to be a ’16-bit Unicode character’. Unfortunately, as I pointed out recently, there really is no such thing. To be precise, a Java char represents a UTF-16 code point, which may represent a character or may, via the surrogate mechanism, represent only half a character. The consequence of this is that the following methods of the String class can produce results that are incorrect: charAt, getChars, indexOf, lastIndexOf, length, and substring. Of course, if you are really sure that you will never have to deal with an ‘astral-plane’ character, to the point of being willing to accept that your software will break messily if one shows up, you can pretend that these errors can’t happen.

To me, this feels just like deciding that you’ll hever have to deal with more than 64K of memory, or a database bigger than 32 bits in size, or a date after December 31, 1999. What Hunter S. Thompson would call ‘bad craziness.’ I’ll settle for ‘shortsighted.’

Wow, and there was I thinking Java had that sorted. If you ever plan to deal with 21st-century-style i18n (ie. using Unicode), you’d better read these articles.

Spam: via BoingBoing, how to extract 500 bucks, painlessly, from telemarketers, under the TCPA. Not yet applicable to spam — but who knows, maybe in a few month’s time…

Open Source: Colm MacCarthaigh caught Dell out a few months ago; turns out they were distributing a wireless AP, the Dell Truemobile 1184, which contained a modified Linux distro — but were not distributing the source to the GPL’ed parts.

Well, all credit to Dell. They’ve admitted their slip-up, resolved the problem admirably, and openly, and have shipped Colm a CD-ROM with all the GPL’ed source on it , which Colm has made available here . Mistakes happen, but it was nicely resolved.

EMusic.com vs. Apple

Published May 1, 2003

a message on Dave Farber’s IP list tipped EMusic.com as a little-known alternative to Apples new music store. So I took a look, and whaddya know, it’s incredible! Here’s the key points:

  • A fantastic selection of my favourite genres: roots reggae, dancehall, ambient and drum and bass. This is exactly the stuff you can’t find on P2P nets nowadays, and it’s not on Apple’s store either. EMusic is not so hot for the top-40 stuff, but let’s face it, I will never want to listen to Britney’s latest anyway.

  • ‘Try before you buy’ 30-second track tasters, so you can listen to
    • the tune just enough to see if you like it before committing.
  • A flat monthly rate of 10 bucks, for 50 tracks a month.

  • Download as plain old un-DRM-encumbered MP3s. So it’ll work fine on my Linux desktop, and pretty much any music-listening device you can possibly imagine for the next few years.

Wow. I’m so signing up for this. I think in 10 minutes I’ve identified my next 6 months’ listening material…

The ‘Overseas Spammers’ and ‘Do Not Mail List’ Fallacies

Published April 30, 2003

Declan McCullagh: A modest proposal to end spam. Good article on Larry Lessig’s ‘spam bounties’ proposal.

Lofgren’s plan won’t give everyone who gets spammed new rights to sue (although spam victims may already may have some rights under state antispam or other laws). Instead, it states that people sending unsolicited commercial e-mail must label it with ‘ADV:’ in the subject line or run the risk of being sued by the Federal Trade Commission. If you are the first to report an unlabeled spam-o-gram to the government, you will get a bounty of ‘not less than 20 percent’ of the fine the spammer pays, assuming it can ever be collected.

There are problems with this. As far as I know, the FTC is not having a problem collecting spam — the figures I’ve seen (can’t recall them right now) indicate that they get hundreds of megs a day. (Even the SpamAssassin.org spamtraps get over 100Mb a day.)

The difficulty is chasing down the perpetrator, and prosecuting. That takes law-enforcement manpower, and that’s just not there right now — because, let’s face it, spam is not a serious offence like rape or murder.

Anyway, Declan says that the major problem is that the spammers are offshore:

For one thing, an increasing percentage of it comes from overseas, and you can be certain that offshore bulk mailers will gleefully thumb their noses at Congress. Ken Schneider, chief technical officer of antispam company Brightmail, estimates that 30 percent to 50 percent of the spam his company tracks comes from outside the United States. ‘It’s a big number,’ Schneider said. ‘It’s a global economy, and spammers are certainly taking advantage of it.’

This is a frequent misapprehension. This is not the case. It’s true that much spam is relayed through machines in Asia and South America, but the originators — the people who are writing the spam and sending it to compromised relay machines and proxies — are US-based. In fact, a vast quantity of ’em seem to be based in Florida. (This is the thing about country-code blacklists. In reality, if we could track a message all the way back to the origin, a state-code blacklist for FL would probably work much better ;)

In other news from the same article:

… Sen. Chuck Schumer, D-N.Y., is expected to introduce a bill this week to create an national ‘do not e-mail’ list–an idea that the New Democrats touted earlier this month.

OK, while I’m here, let’s debunk ‘do no mail’ lists too. ;) ‘Do not call’ lists work well for telephones, since you typically have only one phone number. But for email:

In summary, I’m not confident a ‘do not mail’ list could actually be operable.

Finally — The SBL’s answer to the EMarketersAmerica.org SLAPP lawsuit.

New Yorker on Spam

Published April 30, 2003

Via Ben:

Much funnier than Seinfeld would have you believe.

Unhappy Intelligence

Published April 30, 2003

I’ve been trying to reduce all the anti-war stuff, since there’s plenty of other sources for that and I reckon I’m boring everyone. But this story’s a doozie — US, UK intelligence agencies accuse Bush and Blair of distorting and fabricating evidence in rush to war:

A high-level UK source said last night that intelligence agencies on both sides of the Atlantic were furious that briefings they gave political leaders were distorted in the rush to war with Iraq. ‘They ignored intelligence assessments which said Iraq was not a threat,’ the source said. Quoting an editorial in a Middle East newspaper which said, ‘Washington has to prove its case. If it does not, the world will for ever believe that it paved the road to war with lies’, he added: ‘You can draw your own conclusions.’ …

‘The INC saw the demand, and provided what was needed,’ he said. ‘The implication is that they polluted the whole US intelligence effort.’

WWII’s Campest Spy

Published April 29, 2003

BBC: Wartime role of Queen’s dressmaker. ‘Details have emerged about the wartime activities of the Queen’s dressmaker Sir Hardy Amies, who died last month aged 93.’

Apparently, he served with the Special Operations Executive (SOE) in Brussels, liaising with the Belgian resistance. During this time, he organised a photo-shoot for Vogue magazine featuring members of the resistance movement posing for photographs!

Seems he got away with it, though — another officer writes in his file:

‘However, it is not for me to reason why, but no doubt the profile of Lt.Col Amies in the next issue of the Vogue will cause a flutter in many feminine hearts when they realise that their handsome couturier is, after all, the Scarlet Pimpernel of this war.’

Threats close Kabul’s Irish bar

Published April 29, 2003

BlogStart:

Booze: BBC: Threats close Kabul’s Irish bar:

Terrorism alerts have prompted the owners of Kabul’s only bar to close down temporarily. The Irish Club has been a roaring success with correspondents reporting hundreds of drinkers inside at a time since it opened on Ireland’s national holiday, St Patrick’s Day.

But the popularity of the bar, which is open only to foreigners in the predominately Muslim state, appears to have attracted the interest of terrorists, United Nations staff in the city said. ….

Owners of the bar hope it will reopen next week, but its clientele is set to shrink after the UN banned its staff from going there for security reasons and other foreign aid organisations and diplomatic missions have issued warnings to their personnel. ‘It’s been placed off limits indefinitely after warnings that it could be the target of a terror attack,’ said UN spokesman David Singh.

Still, the owners say they’ll do some renovation work while it’s closed. Looking forward to the Beeb story about ‘Kabul’s Irish bar now boasts extensive beer garden and function room’ next month…

Spam: In other news, it seems AOL, Yahoo! and Hotmail are banding together to ‘reduce spam’. This could be interesting.

A peek into a spammer’s inbox, and ‘targeting’

Published April 29, 2003

Aardvark.co.nz: The Sound Of A Spammer’s Laugh. Depressing reading. The article’s has screenshot of two MMF-spam dropboxes — here’s one. It’s full of mails from the spammer’s victims. Upshot: make sure your friends know not to reply to spam — and definitely not MMF spam. Mind you, if you’re reading this blog, you and your friends are probably too smart for that anyway ;)

Also: Brad Templeton on spam’s 25th birthday; Brian Hayes in American Scientist. The latter has this nice (although wholly unscientific ;) graph of spam topics — and it sounds like Brian’s getting spammed by artmarket.com.

That raises an interesting point. Spam is frequently trumpeted (by the spammers) as ‘targeted’. What this often means, in reality, is that they’ve just randomly selected addresses and put them in a list as supposedly targeted for a given topic; or else run a Google search for a related term, and shoved a load of addresses from all pages found into a ‘targeted’ list.

For example, my spam load includes:

  • Artmarket, above. I’ve never been known to buy art, apart from a few cheapo prints, and that was off-line.

  • The septic tank spammers. I have about 30 spams from the last 2 years flogging septic tanks. I don’t even know what one looks like.

  • Turkish political spam. Don’t have a clue. I went to Turkey on holiday once, but I never gave my email address to anyone ;)

  • the obvious stuff everyone gets: Japanese, Chinese and Korean spam. I can’t even read the ideograms, let alone understand the written language.

Plus the usual MMF, get rich quick, and porno spam. Not once have I seen a spam hawking DVDs of Koyaanisqatsi, classic breakbeat releases, or the new William Gibson novel — now that would be targeting. But no…