Justin's Linklog Posts

• Semi-Realtime Satellite Desktop Backgrounds : Russ Garrett with another set of near-realtime desktop weather imagery (cf. http://taint.org/xplanet/ )
  (tags: weather desktop image satellite realtime backgrounds)

• Upload and store your files in the cloud with Google Docs : no sync or automated backup yet, so more like sendspace than dropbox, limited usefulness
  (tags: google backup online-backup sync storage)

• the MagicJack : a GSM femtocell for the home — USB-driven, the size of a pack of cards, $40. this won’t last long
  (tags: femtocells gsm phone home voip telephone)

• Zamberlan Snow Chains : chains — for your shoes. basically crampon overshoes, to deal with ice and snow, EUR45
  (tags: chains ice snow shoes boots footwear weather crampons)

• Irish Weather Network : live weather-station data from across Ireland, overlaid on a Google Map, using amateur and professional stations. fascinating
  (tags: weather data mapping ireland live)

• Malicious App In Android Market : phisher creates a banking app for Android phones which relays the authorization details to another site, possible because of insufficient app vetting (via Mulley)
  (tags: apps iphone android smartphones phones mobile phishing security banking fraud)

• fixing a frozen condensate trap on a condensing boiler : another day, another broken boiler
  (tags: boilers home maintainance diy fix cold frozen)

• Two Gentlemen of Lebowski : nicely done; Lebowski a la Shakespeare (via Waxy)
  (tags: via:waxy shakespeare writing humor lebowski movies parody funny)

• Snow Chains in Ireland? – boards.ie : good thread, despite a lot of patronising asshattery
  (tags: snow weather commute mobility chains driving)

• Una “UnaRocks” Mullally on the state of Irish blogs : ‘I think that ‘first wave’ of Irish blogging was over a long time ago, probably around the time Blogorrah hit the dirt, but in spite of time and an increase of participants and bigger audience there seems to be no real drive to improve content. People will always read something good – online or offline – and until that something good (hopefully in plural) starts to emerge and while good bloggers log off indefinitely, Irish blogging, for what it’s worth, is in a state of disarray.’
  (tags: irish irishblogs ireland writing blogosphere blogging unarocks)

Happy new year! Or maybe not. Doh.

Over a year ago, Lee Maguire noticed that a contributed SpamAssassin rule, FH_DATE_PAST_20XX, was naively written — simply to match any date in the year 2010 or later — and would start to false-positive on all mail in 14 months. We made the trivial fix to avoid this (for at least 10 years, by which point the rule would have obsoleted itself through normal means), and I committed it to SVN.

Problem solved, right? Nope. I’d committed to trunk, but in a moment of inattention had forgotten to backport the fix to the stable release branch, 3.2.x, as well. Nobody else noticed the mistake, and several months later, boom:

• LWN
• Slashdot
• Heise
• jwz
• Spam Resource
• Mike Cardwell

Bugger.

Annoyingly, the GA had assigned this rule 3.5 points in the 3.2.0 rescoring run. This meant that the effective default threshold had been lowered from 5.0 points to 1.5, which produced a 2% false positive rate during the first 13 hours of the new year.

After that point, the fix was pushed to the sa-update channel, and anyone who runs sa-update regularly (as they should!) was brought back to normal filtering behaviour.

The rule is superfluous anyway, since it overlaps with a better-written “eval” rule, DATE_IN_FUTURE_96_XX. Accordingly, most likely scenario is that it’ll be removed.

Personally, I see a few lessons from this:

• Obviously, I need to pay more attention. This is easier said than done though, since SpamAssassin has nothing to do with my day job anymore; it’s a spare-time thing nowadays, and that’s a rare resource, unfortunately. :( But still, a chastening result, and I’m very sorry for my part in this screwup.

• We need more active committers on Apache SpamAssassin. If we’d had more eyes, the fact that I’d forgotten to backport the fix might have been spotted. we’re definitely in a better situation now in this regard than we were 6 months ago, so that’s good.

• IMO, this is a good demonstration of how too many simple rules are risky; without careful vetting and moderation, it’s easy for a bad one to slip past. Perhaps we need to move more towards a DNSBL/network-rule driven approach, although this has its downsides too. Still thinking about this.

• It’d be good to fix the GA so that it wouldn’t assign such high points to simple rules like this, without some indication that a human has vetted them and believes them trustworthy.

Daryl posted a good comment on /.:

Clearly we dropped the ball on this one. As far as I know it’s our first big rule screw up in the project’s 10 years. If you’re going to screw up you might as well do it well.

+1 to that!

And to everyone who had to clean up the fallout and spend a holiday recovering lost mails from spam folders… sorry :(

• Atheist Ireland Publishes 25 Blasphemous Quotes : in protest against the Fianna Fail religious right’s ludicrous new blasphemy law
  (tags: blasphemy ireland law legal censorship democracy atheism religion quotes)

• Body By Victoria – Secure Computing: Sec-C : Dr. Neal Krawetz brings the science on detecting Photoshop retouching
  (tags: pixels images forensics jpeg photoshop fake analysis detection)

• jwz – How to use Facebook with a feed reader : “Justin Mason likes this”
  (tags: jwz facebook feeds rss atom howto syndication)

• Parselets.com : ‘free, open, developer-generated APIs for a wide variety of websites. Parselets.com is a place to create and share them. [..] Check out [..] ways to use parselets from our web service, Ruby, Python, C/C++, or the *nix command-line.’
  (tags: parselets scraping html web regexps sitescooper json)

• RegExr: Online Regular Expression Testing Tool : a very nice interactive editor in Flash, supporting lots of the usual perlish stuff. via Joe
  (tags: via:jdrumgoole regexps regular-expressions spamassassin rule-dev flash regex flex utilities)

• Deployment is just a part of dev/ops cooperation, not the whole thing : metrics, monitoring, instrumentation, fault tolerance, load mitigation called out as other factors by Allspaw
  (tags: ops deployment operations engineering metrics devops monitoring fault-tolerance load)

• Build Web Apps for iPhone using Dashcode : hmm, not too tricky
  (tags: iphone html css js dev coding dashcode)

• Fill and span DVD archives with Discspan : filed under “about time I did another DVD backup”
  (tags: backup dvd spanning via:donncha linux storage offline recovery)

• mnot’s Weblog: HTTP + Politics = ? : how the Great Firewall of Oz breaks so much more than the web browser
  (tags: http web politics australia internet proxies filtering)

• Play framework : ‘a Java framework made by Web developers. Discover a clean alternative to bloated enterprise Java stacks. Play focuses on developer productivity and targets RESTful architectures.’
  (tags: java rails webdev mvc webapps play playframework)

• Turing-incomplete Lua? : discussion thread on the cons of using Turing-complete general-purpose programming languages in places where it’s not necessary, such as configuration files
  (tags: configuration turing-complete safety coding software lua)

• Why it’s time to lighten up about “weird” Japan : ‘Being majime (too serious) is not cool in Japan; likewise it is important for voyeurs of Japanese culture to recognize that most everything pop-culture-y that is exported to the West comes at us with a wink. If you’re all up in arms about it, then maybe the joke is on you.’
  (tags: japan majime seriousness fun weird news journalism)

• GameFAQs: Assassin’s Creed II (X360) Puzzle/Codex FAQ : linked by Nelson; will return to this once i’ve gotten into the game
  (tags: assassins-creed games via:nelson toread xbox)

• Chrome extension: edit textarea in an external editor : very new, but heading in the right direction (although the idea of using a browser action is probably not correct). This is the last hold-up for me to switch
  (tags: chrome web browsers google editing external editors vim emacs)

• How to build a Google Chrome extension in 15 minutes : wow. that _is_ easy; wonder if it’d be nearly as easy to write an extension as it is nowadays to write userscripts in Firefox
  (tags: user-scripts google chrome firefox extensions coding html css)

• Useful Google Chrome Extensions : from Nelson. looks like it’s becoming a viable browser, maybe I’ll give it a go
  (tags: chrome google extensions web nelson-minar)

• The Beer with the Green Label : Sierra Nevada tries to reclaim its cred – CHOW : ‘Ask a craft brewer which other brewers he most admires, and he’s likely to mention Sierra Nevada. The Chico, California, brewery is considered to be sacred ground, and its beers expertly crafted. “When you die as a brewer, you go to Chico,” says Matthew Brynildson, brewmaster of Firestone Walker in Southern California.’ paging Ben
  (tags: sierra-nevada beer ipa yum via:torrez)

• Code: Flickr Developer Blog » Flipping Out : Flickr don’t use branches. mental
  (tags: branching integration branch version-control coding flickr sysadmin wtf deployment)

• best Comic Sans story ever : MeFi commenter ftw
  (tags: comic-sans mefi funny morbid comments fonts via:fp)

• How Google/Firefox Geolocation API works : I didn’t realise Firefox’s geolocation used wifi triangulation, too
  (tags: wifi google linux firefox mapping geolocation triangulation)

• Highcharts: JavaScript Charts that don’t suck : good HN thread on better charting tools in JS
  (tags: javascript charts graphs js dataviz hacker-news)

• Charlie’s Diary: The myth of the starship : Charlie Stross’ thoughts on the true viability of interstellar travel. This was about the most thought-provoking bit of ‘Accelerando’ for me alright
  (tags: beans ships travel interstellar space ai downloading)

• Church ‘lied without lying’ – The Irish Times – Thu, Nov 26, 2009 : you have got to be kidding. Father Ted meets the Inquisition
  (tags: church catholicism ireland pathetic child-abuse appalling)

• Meeting Notes 2009 11 24 – Noisebridge : notes curated by Danny O’Brien: ‘I have volunteered to take the meetynge notes in the style of a 17th century essayist.’
  (tags: meetings hilarity 17th-century ye-olde-wiki minutes via:3ze)

• All Android Phones : so many! Saw a Hero last night, it looked pretty swish — although not quite as pretty as the iPhone ;)
  (tags: phones android htc hero os g1 mobile tech shopping)

• explicitly running author tests from a CPAN module : we do something similar in SA
  (tags: perl tests testing)

• Node.js : I’m late to the party, but this sounds lovely
  (tags: javascript server http web comet closures node.js event)

• nginx_http_push_module – Comet For The People : looks great
  (tags: nginx ajax webdev server comet scalability)

• “Source Code Optimisation”, Felix von Leitner, Linux Kongress 2009 [PDF] : Good presentation on C compiler optimization, via Cal Henderson. ‘People often write less readable code because they think it will produce faster code. Unfortunately, in most cases, the code will not be faster.’ I particularly like ‘Fancy-Schmancy Algorithms’: ‘If you have 10-100 elements, use a list, not a red-black tree; Fancy data structures help on paper, but rarely in reality. (More space overhead in the data structure, less L2 cache left for actual data.)’
  (tags: via:iamcal compilers c c++ optimization coding assembly speed for:colmmacc)

• Me and Belle de Jour – ‘Could it be Brooke?’ : LinkMachineGo knew the true identity of Belle du Jour way back when — and set a Google trap to ensnare snooping journos. nice work
  (tags: belle-du-jour google blogging blogs via:waxy privacy googlewhack identity daily-mail journalism)

• JSON Format : ‘your online JSON Formatter’. useful. via JKeyes
  (tags: via:jkeyes json formatting tools useful format debugging)

• Summary of all the MIT Introduction to Algorithms lectures : good reviews and notes from Peteris Krumins
  (tags: algorithms mit programming coding lectures)

• MacRumors iPhone Blog: Undercover 1.5 Adds Push Notification Tool to iPhone Theft Recovery App : very clever. ‘You can make the messages as enticing as you want – say, by having them pretend to be a notification from your bank account. If the crook chooses to view the push notification, Undercover will launch, [..] loading any Website of your choosing, such as the aforementioned bank’s. While the thief is distracted, Undercover will be happy to save the device’s GPS coordinates and IP address to Orbicule’s Website.’
  (tags: iphone theft crime push-notifications undercover)

• Boingo Wireless – AVOID : argh. wish I’d seen this page before I signed up for a month’s access while travelling — they’ve now charged my credit card again, over a week after I requested the account’s cancellation :(
  (tags: boingo avoid customer-service customer-hostile scams wifi travel)

• HTC Hero is on Meteor : according to Fergal, at half of the price of O2’s iPhone “deal”
  (tags: htc hero o2 iphone android phones mobile ireland meteor)

• SSL trick certificate published : ioerror published the ‘\00’ wild-card SSL cert for any domain (for affected SSL client libs at least)
  (tags: ssl tls security nul ioerror bugs exploits)

• Google employees now discouraged from using Python for new projects : ‘You have to balance Python’s strengths with its weaknesses: your engineers may be more productive using Python, but if they have to work around more platform-level performance/scaling limitations as volume increases, do you come out ahead? etc.’
  (tags: google performance scalability python unladen-swallow languages via:preddit)

• Damn Cool Algorithms: Spatial indexing : quadtrees, Hilbert curves, and geohashing, as seen in Google’s new Closure library. useful for multidimensional addressing in general
  (tags: algorithms mapping gis indexing quadtree datastructures spatial geometry)

• Mint Studio Multi-Room Wireless Speaker : $130 speakers; outputs from computer via USB, transmits to wireless receiver, which also has an iPod dock and a line-in. exactly what I’m after! (thanks Jason for the tip)
  (tags: via:jcosper music sound mp3 home wireless speakers)

• IT Law in Ireland: Irish law on hacking tools / dual-use software : specifically, a port of dessid to the iPhone, recently causing headlines
  (tags: dessid eircom hacking dual-use software distribution law ireland tools security)

• Introducing Resque – GitHub : github’s take on a good, distributed queueing system in Ruby
  (tags: ruby github queueing ipc resque)

• SBSettings : good overview of this jailbreak app
  (tags: iphone jailbreak hack software apple sbsettings unlock)

• Why would I want to jailbreak an iPhone 3GS? : Ask MeFi thread, mostly recommending tethering and SBSettings
  (tags: sbsettings jailbreaking askmefi metafilter iphone apple)

• Subversion Submitted to Become a Project at The Apache Software Foundation : woot!
  (tags: svn subversion asf apache open-source incubator)

• Spiritual search turns into a stampede as impatient lose faith in double visionaries – The Irish Times – Mon, Nov 02, 2009 : hilarious article on the BVM-witnessing hysterics in Knock. ‘if you looked hard enough, you could indeed discern a face in the play of light and shadows. When I squinted a certain way, I thought I could make out Bruce Forsyth.’
  (tags: mayo religion hysteria funny bruce-forsyth bvm fortean)

• Structural Regular Expressions : ‘The current UNIX text processing tools are weakened by the built-in concept of a line. There is a simple notation that can describe the `shape’ of files when the typical array-of-lines picture is inadequate. That notation is regular expressions. Using regular expressions to describe the structure in addition to the contents of files has interesting applications, and yields elegant methods for dealing with some problems the current tools handle clumsily. When operations using these expressions are composed, the result is reminiscent of shell pipelines.’ Paper by Rob Pike, via adulau. intriguing
  (tags: sregex via:adulau regexp rob-pike regex library text structural parsing)

• sregex – Structural Regular Expressions : ‘The sregex module implements Structural Regular Expressions.’ Python, Apache-licensed
  (tags: sregex python via:adulau regexp robpike regex library text structural parsing)

• The Rise and Fall of the Hobbyist Game Programmer : great article on the 80’s one-man shareware game hobbyists (via Walter)
  (tags: 1980s games history programming nostalgia geek gaming hobbies coding 6502 c=64)

• Mike Shroepfer on Engineering at Scale at Facebook : lots of gory details on FB’s innards via Dare Obasanjo
  (tags: facebook scaling scalability erlang caching architecture multifeed)

• Build a Silent, Standalone XBMC Media Center On the Cheap : sweet. HDMI out, MythTV streaming, and silent for $300
  (tags: mythtv hdmi tv diy linux media-center nettop htpc xbmc hardware)

• MullingarHeifer.com : ‘Become a virtual beef farmer. Control your personal food chain.’ also deliver prime beef. mmmm
  (tags: meat beef mullingar heifers cows food eating shopping ireland)

• Ubuntu 9.10 Technical Overview : lots of new features, and a switch of default IM client
  (tags: ubuntu 9.10 linux release-notes releases)

• The Best Way to Cook a Thick Steak : 30 minutes over medium heat, cooked in its own fat. whoa, I want to try this
  (tags: food delicious cooking eating meat recipe steak beef howto recipes)