taint.org: Justin Mason’s Weblog

• Ruby Best Practices – Full Book Now Available For Free! : one for the to-get queue
  (tags: best-practices ruby book free download toread library pdf reference coding)

• Top Ten One-Liners from CommandLineFu Explained : worth it for #10: ‘Capture video of a linux desktop’: ‘$ ffmpeg -f x11grab -s wxga -r 25 -i :0.0 -sameq /tmp/out.mpg’
  (tags: video capture x11 ffmpeg cli bash linux)

• Sexy Executives : ‘The finest corporate photography – from their extranets, to you’ (via Adrian Weckler)
  (tags: via:adrianweckler funny business blogs ceo photography executives zzzz)

Just heading this one off before it gets too much further…

A couple of weeks ago, a researcher found a bug in the spamass-milter project, an open-source milter to integrate SpamAssassin filtering into an MTA. Here’s the exploit details.

This H-Online story covered it:

Security vulnerability in SpamAssassin filter module

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers.

(I think this is the source article on Heise.de.)

That was more-or-less accurate — but the problem is the “chinese whispers” effect, where a news story on another site builds on misreadings of another news article. eSecurityPlanet:

Security Flaw Found in SpamAssassin Plug-in

The SpamAssassin Milter plug-in has been found to contain a security vulnerability. [...]

sigh.

To clarify: spamass-milter is not a part of SpamAssassin. it’s a third-party product which allows sendmail/postfix users to integrate spamassassin into their message flows as a milter.

Tags: spamassassin security spamass-milter milter news heise bugs

• a sad story of connections made via second-hand small ads : ‘“It’s free to advertise,” Ned explained. “And we have a lot of things we don’t need.” So each week, they advertised for sale in Loot something from their apartment. This was their social life. Some weeks – the good weeks – they had three or four people who came to see what they were selling.’
  (tags: loot stories london small-ads for-sale second-hand irish-times irishwomans-diary rosita-boland)

• RE2: a principled approach to regular expression matching : Russ Cox’ C++ lib to provide safer, guaranteed-linear-time, non-exponential regexps, at the cost of dropping support for backreferences and generalized zero-width assertions. actually looks quite useful, unlike most “I’ve fixed regexps” claims ;)
  (tags: regular-expressions regexps efficiency linear-time exponential-time backreferences google re2)

• VOGON PLIERS : quick! where’s my towel?!
  (tags: via:spoon funny google-maps google pliers vogons)

• NexPod, Freedom of Espresso : Nespresso-compatible capsules — fill up with your own freshly-ground coffee and use in any Nespresso machine
  (tags: nespresso coffee capsules espresso)

• Wall anchors & plasterboard/dry lining walls : Boards thread with good advice regarding wall fixings for drylined walls
  (tags: diy boards walls howto)

• openstache, closestache : new nomenclature for “{” and “}”. This I can get behind
  (tags: moustache silly openstache closestache squiggly brackets punctuation intercal bang-splat)

• DIY Burglar Alarm : Damian Beresford’s experience installing his own home alarm. pretty cheap, sounds quite easy too
  (tags: alarm home-alarms house security diy install)

• Post-mortem for February 24th, 2010 outage – Google App Engine : extremely detailed; power outage in the primary DC resulted in a degraded fleet, and on-calls didn’t have up-to-date on-call docs to respond correctly
  (tags: google gae appengine outages post-mortems multi-dc reliability distcomp fleets on-call)

• Wrex in Effect, or, Deep Space and the Negro/Injun/Krogan Problem : fantastic article about Mass Effect’s political allegory. I’m slightly disappointed that Mass Effect 2 didn’t live up to ME1’s quality, IMO
  (tags: mass-effect games gaming politics)

• Ubisoft DRM Authentication Servers Go Down : Assassin’s Creed 2 players unable to play the game for no less than 10 hours due to failure of their DRM servers. nice work Ubisoft
  (tags: drm fail defective-by-design gaming ubisoft assassins-creed)

• Remote Pair Programming : using ssh, screen and emacs
  (tags: ssh screen editors emacs pair-programming xp remote collaboration)

• Gallery experiment proves theory that science can be fun – The Irish Times – Fri, Mar 05, 2010 : Dublin’s Science Gallery is proving to be a massive success. good news. just wish I could visit more often!
  (tags: science science-gallery art museums tcd dublin ireland)

• More Best of the Email – The Daily WTF : the “45-hour workweek vs 80-hour vacation” one is a bureaucratic classic
  (tags: email via:eoin funny daily-wtf bureaucracy hr health-and-safety omgwtfbbq)

• Update News! (in first two posts) – Steam Users’ Forums : mind-boggling work decoding Portal-2-related ARG content by Portal fans. as one jwz commenter put it: ‘Seriously, if aliens ever contact us, the internet will have it worked out and replied to in about three hours fast.’ Also, people are confused by the concept of modems and BBSes; I feel old
  (tags: glados portal arg incredible effort)

• Unit Testing Achievements : XBox style achievements for Python’s ‘nose’ unit testing framework, eg. ‘Major Letdown: all tests in a suite of at least 100 pass except the last.’ genius!
  (tags: via:simonw funny testing unit-tests python xbox gaming achievements nose)

• FastMail and sessions : a clever HTTP session-management trick (via Tony Finch)
  (tags: via:fanf web http sessions cookies fastmail)

• McSweeney’s Internet Tendency: Selections From H.P. Lovecraft’s Brief Tenure as a Whitman’s Sampler Copywriter : Lovecraftian ads for chocolate. ‘There is a dimension ruled by a blind caramel God-King who sits on a vast, cyclopean milk-chocolate throne while his mindless, gooey followers dance to the piping of crazed flutes. It is said that there are gateways in our world that lead to this caramel hell-planet. The delectable Caramel Chew may be one such portal.’
  (tags: caramel lovecraft mcsweeneys geek parody funny food cthulhu chocolate)

• Approaching 100% spam block: Spamhaus releases the Domain Block List : DBL announcement. working on the SpamAssassin support for 3.3.1…
  (tags: spamassassin anti-spam dbl spamhaus dnsbls)

• Phishing in Irish : someone has gone to the trouble of translating the ‘Hang Seng Bank’ phish to Gaeilge. I would surmise that some phisher has a table of CCTLD-to-language mappings and is pasting their text into Google Translate before spamming their .ie address list. If only they knew how few people can read it!
  (tags: irish gaeilge funny languages translation)

• Buzz by analise torrez from Mobile : EPIC BURRITO THREAD demonstrating the true power of Google Buzz
  (tags: burritos mmmm yum food lisey google-buzz epic)

• 2010 Irish Blog Awards Nominations : bloody hell, where did these all come from?! wow
  (tags: blogs ireland blogging awards)

• Search results for url:taint.org on Delicious : wow, you can search a time period for everyone who bookmarked pages on a specific site (via Britta)
  (tags: delicious search nifty tools egosurfing via:britta)

• Mindblowing Python GIL : ‘presentation about how the Python GIL actually works and why it’s even worse than most people even imagine.’ A good chunk btw could be rephrased as ‘pthreads is worse than most people even imagine’. pretty awful data, though
  (tags: python gil locking synchronization ouch performance tuning coding interpreters threads pthreads)

• RFC 5782 – DNS Blacklists and Whitelists : John Levine gets DNS*Ls standardized, at last. we should really check SpamAssassin to see if it’s compliant, I guess ;)
  (tags: dnsbls anti-spam dnswl dnsbl rfcs standards via:fanf)

• ElasticSearch : nifty; Apache-licensed distributed, RESTful, JSON-over-HTTP, schemaless search server with multi-tenancy
  (tags: search distributed rest json apache elasticsearch http)

• Chip and PIN is broken : Ross Anderson’s lab demo an attack on TV whereby any Chip-and-PIN debit card can be used in conjunction with a MITM device, with a PIN of “0000″, verified online, and producing a receipt saying “PIN Verified”. thoroughly hosed
  (tags: security banking money chipandpin crypto ross-anderson)

• Tethering with your O2.ie iPhone : well done O2, you’ve made it insanely complicated and marginally useless
  (tags: tethering iphone o2 ireland wireless 3g tariffs telco)

• How do we kick our synchronous addiction? : great post on the hazards of programming in an async framework, and how damn hard it is. good comments thread too (via jzawodny)
  (tags: via:jzawodny coding python javascript scalability ruby concurrency erlang async node.js twisted)

• PeteSearch: How to split up the US : wow. fascinating results from social-network cluster analysis of Facebook, splitting up the entire USA into 7 clusters
  (tags: clusters facebook data statistics maps culture analytics datamining demographics socialnetworking graph dataviz)

• Inside View from Ireland: Analysing Electronic Forensics Evidence : fascinating note from Bernie Goldbach: ‘MORE THAN 20 YEARS ago, I worked with message traffic and the work told me the importance of verifying source material.’
  (tags: bernie spam anti-spam authentication spoofing security phishing)

• Op-Ed Contributor – Microsoft’s Creative Destruction – NYTimes.com : MS internal politics routinely torpedoed cool new projects. surprise, surprise. ‘Engineers in the Windows group falsely claimed [ClearType] made the display go haywire when certain colors were used. The head of Office products said it was fuzzy and gave him headaches. The VP for pocket devices was blunter: he’d support ClearType and use it, but only if I transferred the program and the programmers to his control.’
  (tags: cleartype microsoft software bureaucracy politics culture management corporate nytimes)

• Dublin City Development Plan 2011-2017: Public Consultation – boards.ie : Dublin City Council is offering the ability to public consultation via a Boards forum. cool
  (tags: boards dublin council consultation politics civic)

• Trojan torrent sites – why you should never reuse passwords : ‘for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.’
  (tags: passwords security torrents warning twitter accounts)

• What Second Life can teach your datacenter about scaling Web apps : good scaling advice from Linden Labs’ Ian Wilkes (who doesn’t seem to have a blog, sadly)
  (tags: linden ian-wilkes scaling datacenters scalability deployment ops services)

• Lift View First : explaining Lift’s code-free “display only” templating system. I like it. Very similar concept to WebMake’s “scraped templates”: http://webmake.taint.org/doc/scraping.html , nearly 10 years old now!
  (tags: java scala lift templates templating scraping)

• Daily Links Posts from pinboard.in : hmm. may be one for the TODO list
  (tags: pinboard tags blog wordpress rss links)

• Ross Anderson and Steven J Murdoch rip into Verified By VISA : ‘this is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure.’
  (tags: verified-by-visa security phishing web banks banking money authentication finance visa 3dsecure papers)

• Spamalyser : a custom pastebin for spam messages. cool
  (tags: spamalyser spam anti-spam paste pastebin web)

• DNS Pre-fetch Exposure on Thunderbird and Webmail : Ugh, very bad idea indeed. A backchannel for spammers/phishers/attackers from the mail reader is something we definitely do not want to provide. This is why we chose to cut URLs at the registrar boundary for URIBL lookups in SpamAssassin
  (tags: privacy email dns mozilla thunderbird prefetching urls abuse security spam)

• Pricewatch – The route of the problem : great article about Dublin Bus’ shortcomings, featuring an interview with Antoin! Very interesting to hear about the upcoming GPS-based accurate bus timetabling service to be visible via their website, that’ll be fantastic
  (tags: gps busses dublin-bus dublin mass-transit commute travel)

• explanation of the PS3 exploit : good walk-through by Nate Lawson
  (tags: ps3 root hypervisor exploits mod-chips consoles reversing)

• The SAY2K10 bug [LWN.net] : LWN follows up on the FH_DATE_PAST_20XX fiasco. ‘It would appear that what SpamAssassin needs is some dedicated maintenance talent which is not dependent on evening hours put in by developers committed to other projects.’ I wish
  (tags: spamassassin say2k10 bugs maintainance lwn commentary)

• Whisky Map of Distilleries in Scotland (Malt Madness Distillery Data) : wow. my new shopping list. also: now do one for Ireland ;)
  (tags: whisky yum reference maps geodata distilleries single-malts)

• The Apache Software Foundation Announces Apache SpamAssassin Version 3.3.0 : w00t!
  (tags: asf apache spamassassin releases 3.3.0 anti-spam)

• The New Data Center Rack From … IKEA? : the LACKRack — IKEA’s “LACK” side tables have exactly 19 inches of space, perfect for rackmounted hardware with a little hacking
  (tags: lack ikea funny furniture hardware datacenter rackmount)

• Waiting for the Apple Tablet, with Joel Johnson : possibly the best article written yet about the iTablet
  (tags: itablet apple civilization vans bulldogs off-the-grid products consumerism joel-johnson)

• Dublin & Wicklow Walks » Lugnaquilla : this is the plan for tomorrow — looks good!
  (tags: lugnaquilla walks wicklow dublin ireland hiking)

• AOL sacks pretty much the entire US postmaster team : ‘This is a totally devastating blow to everyone’
  (tags: aol anti-spam layoffs postmaster email smtp)

• One Mutation per 15 Cigarettes Smoked : aka, lung cancer develops after 50 pack-years of smoking. sobering thought
  (tags: cancer lung-cancer smoking tobacco risk mutation)

• The Top Google Search Result for each Unicode character : exactly what it says on the tin
  (tags: google search unicode hublog)

• How would you serve 100,000 simultaneous comet requests with node.js? : C10K microbenchmarking fun in Javascript (via:simonw)
  (tags: web http javascript scaling comet c10k node.js long-poll)

• French Anti-Piracy Organisation Hadopi Uses Pirated Font In Own Logo : ‘Of course you have to appreciate the irony – the agency in charge of enforcing France’s new anti-piracy legislation using a pirated proprietary font in its very own logo.’ hoho! hoist by their own petard
  (tags: hadopi piracy copyright design fail france fonts typography logos ip)

• YouTube – Mass Effect 2 Launch Trailer : whoa. really looking forward to this, Mass Effect was one of the best games I’ve ever played
  (tags: mass-effect games via:colmbrophy xbox scifi video youtube trailers)

• Auto-appendectomy in the Antarctic: case report — Rogozov and Bermel 339: b4965 — BMJ : holy shit. This is absolutely amazing, a first-person account of auto-appendectomy (via infovore)
  (tags: history science russian medicine antarctica medical amazing appendectomy surgery)

• Google Translate fail : Google reckons that the English translation of “Amhran na bhFiann” — the Irish national anthem — is “Save The Queen”. ie. part of the *English* national anthem. the perils of machine learning (via Adam Maguire)
  (tags: via:AdamMaguire funny fail google translation machine-learning)

• Google Agrees to Censor Encyclopedia Dramatica Entry in Australia : nice work, Aussies! this is very stupid indeed (via Waxy)
  (tags: censorship google satire australia stupid encyclopedia-dramatica trolling)

• Mobile Internet access data retention (not!) : so, it seems the wireless ISPs don’t have sufficient IPv4 space for their customers, and are filtering access to the internet via NAT; unfortunate side effect is that this breaks data retention as defined in the UK. wonder if the same applies here?
  (tags: uk data-retention privacy nat isps wireless mobile phones networking internet filtering)

• I was a Doctor at an online pharmacy : Reddit thread from answers from a “doctor” at a dodgy online prescription-drugs store, supposedly not a spamvertized one though
  (tags: medicine pharma spam reddit iama scummy illegal law)

• Semi-Realtime Satellite Desktop Backgrounds : Russ Garrett with another set of near-realtime desktop weather imagery (cf. http://taint.org/xplanet/ )
  (tags: weather desktop image satellite realtime backgrounds)

• Upload and store your files in the cloud with Google Docs : no sync or automated backup yet, so more like sendspace than dropbox, limited usefulness
  (tags: google backup online-backup sync storage)

• the MagicJack : a GSM femtocell for the home — USB-driven, the size of a pack of cards, $40. this won’t last long
  (tags: femtocells gsm phone home voip telephone)

• Zamberlan Snow Chains : chains — for your shoes. basically crampon overshoes, to deal with ice and snow, EUR45
  (tags: chains ice snow shoes boots footwear weather crampons)

• Irish Weather Network : live weather-station data from across Ireland, overlaid on a Google Map, using amateur and professional stations. fascinating
  (tags: weather data mapping ireland live)

• Malicious App In Android Market : phisher creates a banking app for Android phones which relays the authorization details to another site, possible because of insufficient app vetting (via Mulley)
  (tags: apps iphone android smartphones phones mobile phishing security banking fraud)