Home » Archives for October 2003

Month: October 2003

Tim Bray on Dublin

Published October 31, 2003

Ireland: ‘The weather is bloody this time of year, the traffic is worse, but it’s a fine town.’ Agreed!

So I met up with SpamAssassin Dan, SpamAssassin Theo, and POPFile author John Graham-Cumming yesterday, down in San Diego — much spam stuff was discussed.

Great to meet up — not so great to miss the last train back to Irvine to my own inability to correctly read a timetable, and have to drag Dan and Theo out that way. oops, sorry guys! Not so smart, but at least we got to carry on the discussion for an hour or two more…

IBM attempting to patent the ‘wallet’

Published October 30, 2003

Patents: New Scientist reports that IBM have applied for a patent on “an electronic password ‘wallet’ that securely stores all your passwords, with overall access via a single password. The wallet pops up on screen whenever you are asked for a password. You enter the master password and the wallet then answers the online request by pasting in the appropriate password for that site.”

This should be familiar to anyone who’s used Mozilla’s Form Manager feature, which fits the patent claims perfectly. That page notes that the Mozilla feature was created in 1999, just under 3 years before the patent application. Let’s hope the USPTO remember to do a Google search this time!

Statistical Art

Published October 29, 2003

Art: Jason Salavon: Selected projects, 1997 – 2003.

Salavon operates by taking data from various sources (DVDs of late-night talk shows, homes for sale in various states, MTV’s 10 Greatest Music Videos of All Time, Playboy centerfolds, etc.), then statistically combining them and converting that into another image, movie, or whatever.

The results are excellent. Check out Homes for Sale and Every Playboy Centerfold, The Decades (normalized).

I remember somebody asking me what I thought ‘computer art’ (sic) should be like, after I dissed yet another lame pixellated Photoshop/Flash thingy. Now I have something to point at ;) I’m well impressed.

Patents and Innovation, via slashdot

Published October 29, 2003

Patents: Slashdot gets a lot of stick for cluelessness. Now and again, though, you find well-presented arguments you won’t read elsewhere. Try these:

An excellent summary of James Burke’s book, The Day the Universe Changed; I haven’t read it, but it sounds good. Reportedly, there’s a section covering a period in British history when patent law was extended to cover 100 years; ‘Like copyright today a person could not extend on a process developed on the day of their birth – they and their children (and even many of their grandchildren) would be dead long before the patent expired.’

Meanwhile, Germany refused to respect these terms, and their industry flourished — ‘a backwards agrarian society became an industrial powerhouse that far exceeded the capabilities of the British industry they ‘stole’ from, within a working lifetime.’

Details of how Lowell, Massachusetts became an industrial-era milling powerhouse through the US ‘stealing’ British patents: ‘an English immigrant, Samuel Slater … had worked his way up from apprentice to overseer in an English factory using the Arkwright system. Drawn by American bounties for the introduction of textile technology, he passed as a farmer and sailed for America with details of the Arkwright water frame committed to memory.’

Games: GameChronicles on the GTA:VC – Scarface connection. A nice summary of all (or at least, most) of the Scarface homages in the game.

Go W3C!

Published October 29, 2003

Patents: World Wide Web Consortium Presents US Patent Office with Evidence Invalidating Eolas Patent: ‘W3C Director Tim Berners-Lee urges USPTO Director to review prior art, take action’.

The specific prior art exhibits cover several 1993 postings by Dave Raggett to the www-talk mailing list.

Let’s hope the USPTO admits that their patent examiners never bothered to do a Google search ;)

Go W3C!

Published October 29, 2003

World Wide Web Consortium Presents US Patent Office with Evidence Invalidating Eolas Patent: ‘W3C Director Tim Berners-Lee urges USPTO Director to review prior art, take action’.

The specific prior art exhibits cover several 1993 postings by Dave Raggett to the www-talk mailing list.

Let’s hope the USPTO admits that their patent examiners never bothered to do a Google search ;)

Freedroid

Published October 29, 2003

Games: Commodore 64 old-timers may remember Andrew Braybrook’s classic Paradroid, easily one of the best games for that platform, and a classic by any standards. Here’s a copy of the Zzap! 64 review from 1986. Many thumbs up, and the bottom line was that Paradroid ranked as ‘THE classic shoot-em-up’.

Paradroid trivia: in the days before .plan files, Zzap! 64 published a development diary by AB! Here’s the birth of one of the game’s key mechanisms, the ‘transfer game’:

Tuesday May 21: An average morning’s contemplation until …ZAP WHIZ POW ! An idea for a game within the main one, fighting for control of a new robot. Instead of just a graphical sequence showing the takeover of a new robot, why not have to play for it, you against the robot’s brain? Base it on logic circuits and use some existing routines. A whole new game segment in a small space!

Cool.

The authors’ company, Graftgold, has a website, detailing its history. Sadly, it maps the decline of the 80’s-style small games company, and ends on this note: ‘I would recommend the games industry to anyone wanting an exciting career buts its certainly not an easy ride. Most publishers we worked with either went bust, sold out or simply did not publish the game to our expections despite tight contracts. The trouble is the developer does their bit first then the publisher can choose the level to do their bit. Unless you can get real commitment by way of big advances you cannot rely on a publisher.’

Shame. Anyway. I’m not the only Paradroid fan out there — it seems a bunch of fellow enthusiasts have come up with FreeDroid, a homage to Paradroid which seems to be evolving into an RPG! It’s quite impressive — the gameplay is virtually identical to the original. Fedora Linux users can install it using apt-get install freedroid.

BTW, related: here’s two attempts at a canon for computer gamers, at costik.com and the Ludologist (of which I’ve played 121). What I find interesting about them is how clearly one is American and Apple-II-based and the other European and Commodore-64/Amiga-based. Stay tuned for the third, Spectrum-based canon. ;)

More on the ACT EVACS E-Voting System

Published October 27, 2003

Voting: Nathan Cochrane mailed in some great tidbits about the ACT EVACS e-voting system. (thanks!)

First off, this Debian-news posting notes some snippets from an Age article by Nathan; Here’s some longer excerpts. It features some great quotes: ‘the only platform that provided robustness and voter confidence was GNU Debian Linux, with all source code released under the General Public License (GPL).’

And this one:

‘Classical voting systems, notably the Australian paper ballot, are designed precisely on such anti-trust grounds,’ Jones said. ‘We simply assume from the start that each and every participant in the system is a partisan with a vested interest in doing everything possible to help his or her favorite candidates.’
He said paper and pencil voting systems, such as that first used in Victoria in 1858, meet this test. Electronic voting does not.

This letter to LWN notes: ‘You might be interested to know that some of the work on this project is being done by ‘big name’ open source people, including Andrew Tridgell (aka Mr Samba), Dave Gibson (orionoco wireless LAN driver), Martin Pool (apache), and Rusty Russell (netfilter and other gross kernel hacks)’, and links to the code’s CVS repository!

It seems those guys performed the work on behalf of a Canberra open-source consultancy group, Software Improvements; Here’s the product brochure.

This posting to iRights gives a few more details.

It all looks like an excellent job all ’round, as far as I can see.

On Pay-Per-Mail

Published October 27, 2003

Spam: Lee Maguire on pay-per-mail schemes. A great read — recommended to anyone who has given thought to this system.

It’s usually the fear of the odd overlooked gem that has rendered anti-spam techniques impotent. A salutation from a long lost friend with the subject ‘Hi’, an important business mail sent out-of-hours from the kid’s computer, that domain renewal reminder. Most people would apply no charge on the things they want to read, and a bajillion dollars on spam. And if there’s mail you don’t want to read but have to? Chances are you’re being paid to read them already – get back to work.

SoCal: an amazing satellite picture of the wild fires, courtesy of NASA’s Earth Observatory.

More on the ACT EVACS E-Voting System

Published October 27, 2003

Nathan Cochrane mailed in some great tidbits about the ACT EVACS e-voting system. (thanks!)

And this one:

‘Classical voting systems, notably the Australian paper ballot, are designed precisely on such anti-trust grounds,’ Jones said. ‘We simply assume from the start that each and every participant in the system is a partisan with a vested interest in doing everything possible to help his or her favorite candidates.’

He said paper and pencil voting systems, such as that first used in Victoria in 1858, meet this test. Electronic voting does not.

It seems those guys performed the work on behalf of a Canberra open-source consultancy group, Software Improvements; Here’s the product brochure.

This posting to iRights gives a few more details.

It all looks like an excellent job all ’round, as far as I can see.

More pics of the wild fires, and going for a SONGS

Published October 27, 2003

SoCal: some great pictures from Derek Balling down in San Diego. Check out those skies!

Nukes: Great! The OC Weekly reports ‘the much-maligned San Onofre Nuclear Generating Station (SONGS) has finally gotten some recognition — but probably not the kind it wants: it now ranks (third) among the U.S. facilities most likely to suffer a meltdown, according to the Union of Concerned Scientists, a scientific group that monitors nuclear safety.’

A serious meltdown at SONGS would result in a massive release of radioactivity that could immediately kill more than 100,000 people in South County and northern San Diego County and ultimately cause hundreds of thousands of cases of cancer and genetic defects.

That’s 15 miles away from me, fact fans. Mind you, having grown up directly west of Sellafield’s discharge pipes, I’m used to a bit of radioactivity ;)

It’s the end of the world as we know it…

Published October 27, 2003

SoCal: Wild fires are raging throughout Southern California.

Last night, I was reading J. G. Ballard’s Millenium People (thanks Lean, it’s great!) outside on the balcony, when the Santa Ana winds whipped up suddenly, blowing hot and dry and laden with ash — then the coyotes started howling.

It felt very much like the end of the world… freaky stuff.

Everything is covered in ash; the air smells of wood smoke; the sun is a minute cent-at-arm’s-length red disc; everything is lit in a very odd reddish-orange tint. And the nearest fire is 30 or so miles away. I’d hate to see what they’re like up close…

Somehow I missed all this in Australia… I hear Sydney was like this for a week over Christmas that year.

Some links:

LA Times map of where the wild fires are
Boing Boing links to various blogs on the subject
GET OFF THE FREEWAY YOU IDIOT! ;)

It’s the end of the world as we know it…

Published October 27, 2003

Wild fires are raging throughout Southern California.

It felt very much like the end of the world… freaky stuff.

Somehow I missed all this in Australia… I hear Sydney was like this for a week over Christmas that year.

Some links:

LA Times map of where the wild fires are
Boing Boing links to various blogs on the subject
GET OFF THE FREEWAY YOU IDIOT! ;)

Farting novelty dog bomb scare!

Published October 25, 2003

Funny: A novelty dog toy which breaks wind as it bends over has sparked a major security alert at a US airport.

‘Mr Rogerson, 31, from Leeds, was grilled by FBI agents and looked on in amazement as they took a series of swabs from the replica animal’s rear end.’

On the reliability of e-voting machines

Published October 23, 2003

Tech: Diebold tech support:

‘I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here “looking dumb”.’

Wonderful.

Tribe.net

Published October 23, 2003

Networking: Tribe.net has a nifty feature over Friendster; you are encouraged to create ‘tribes’ for things, ideas, and places. Friendster, by contrast, discourages this.

Anyway, for the laugh, I’ve created a variety of tribes; Ireland , Dublin, and even a tribe for SpamAssassin. Let’s see what happens…

Worst album covers ever

Published October 23, 2003

Funny: C sends along a few classic album covers taken from this site. Here’s my favourites:

John
- Bult – Julie’s Sixteenth Birthday : Certainly the most disturbing of the bunch…

There’s plenty more…

Worst album covers ever

Published October 23, 2003

C sends along a few classic album covers taken from this site. Here’s my favourites:

John
- Bult – Julie’s Sixteenth Birthday : Certainly the most disturbing of the bunch…

There’s plenty more…

God expresses displeasure at Mel Gibson’s Christ film

Published October 23, 2003

Movies: Lightning strikes Jesus on Gibson’s Christ film set:

The incident, in which The Rock and The Count of Monte Cristo star Jim Caviezel did not sustain an injury, is the second bolt to hit the set of the movie in Italy. ‘I’m about a hundred feet away from them,’ producer Steve McEveety said, ‘when I glance over and see lightning coming out of Caviezel’s ears.’

Tentacle Porn has a long and illustrious history

Published October 22, 2003

Japan: The Guardian: Melbourne row over art ‘porn’:

‘Police in Australia have investigated pornography claims against an art gallery which exhibited a painting drawn from a 19th-century woodcut by the Japanese artist Hokusai.
The painting, The Dream of the Fisherman’s Wife, is by an Australian, David Laity, and is valued at £5,400. It is being shown in a Melbourne gallery. Like the 1814 original, it depicts a woman copulating with an octopus.

Katsushika Hokusai was an influential Japanese painter and woodcut designer in the 18th and 19th centuries — more info and pictures here. (There’s a great exhibition of his work on at the Chester Beatty Library in Dublin right now, which is where I caught it.)

He coined the term ‘Manga’ to describe a collection of sketches. Who knew he also came up with the totally bizarre ‘tentacle porn’ subgenre of anime?

E-Voting: ACT’s open-source e-voting system

Published October 22, 2003

Voting: I’ve pointed to this before, but I use taint.org partly as a searchable database of annotated bookmarks, so — for reference — here’s the Australian Capital Territory’s EVACS system, an entire, open-source e-voting system:

EVACS is the computer system that provides for electronic voting and electronic counting for ACT Legislative Assembly elections. It provides for counting according to the Hare-Clark electoral system rules set out in the Electoral Act 1992.
EVACS was written using Linux open source software to ensure appropriate transparency. A copy of the source code is available in a zip file (127 kb). The source code for the casual vacancy module is in a separate file (38 kb). For more information contact Software Improvements.

Still not perfect — it uses electronic ballot stations, instead of paper ballots — but it does support paper ballots. And it’s open source; note the keyword above — ‘appropriate transparency‘. They said it, not me ;)

Tentacle Porn has a long and illustrious history

Published October 22, 2003

The Guardian: Melbourne row over art ‘porn’:

‘Police in Australia have investigated pornography claims against an art gallery which exhibited a painting drawn from a 19th-century woodcut by the Japanese artist Hokusai.

The painting, The Dream of the Fisherman’s Wife, is by an Australian, David Laity, and is valued at £5,400. It is being shown in a Melbourne gallery. Like the 1814 original, it depicts a woman copulating with an octopus.

He coined the term ‘Manga’ to describe a collection of sketches. Who knew he also came up with the totally bizarre ‘tentacle porn’ subgenre of anime?

SF film tip: ‘The Revolution Will Not Be Televised’

Published October 22, 2003

Movies: Inhabitants of San Francisco! Or people nearby who fancy watching a great documentary! According to the SFGate.com Morning Fix, the Castro theater will be showing the amazing documentary The Revolution Will Not Be Televised between Oct 24-30.

I’ve blogged this before, but quick recap: it’s an incredible movie documenting what happened in the Venezuelan Presidential Palace on April 11th 2002, when President Hugo Chavez was briefly deposed by a coup d’etat. It covers the entire period, and amazingly has pretty-much full access to everything that Chavez, his cabinet, and his loyal soldiers did and said. A sample:

‘On the day of the coup, we only began realising what was actually going on when the state TV signal was cut. Up until then, people had been shot and there was a terrible sense of confusion, but still the reality of what was taking place hadn’t exactly sunk in. Then later that night, the media started saying that Chavez had fled to Cuba and that he had resigned, when in fact he was in the palace — and so were we. It became clear then that something very calculated and sinister was unfolding.’

Really, it’s well worth watching. Due to its comments on the actions, and spin, of the current US administration, Harry Knowles reckons it’ll never get a public release in the US outside a film festival (and I’d agree) — so you’re going to have to watch it in a lefty theater or nothing.

(BTW the website needs some work though — it uses the horrible ‘reinventing the scrollbar’ DHTML trick, urgh.)

On ‘Intellectual Property’

Published October 22, 2003

Patents: One thing that gets pretty confusing when one investigates the whole patents/open-source/copyright protection field, is the nature of the term Intellectual Property.

What’s called ‘IP’ consists of three parts: copyright, patents, and trademarks. This extract from Harvard’s ‘Intellectual Property in Cyberspace’ series notes:

In the eighteenth century, lawyers and politicians were more likely to refer to patents and copyrights as ‘monopolies’ than they were to refer to them as forms of ‘property.’ … Thomas Jefferson was the most prominent adherent of this view, but many others shared his attitude to varying degrees. ….
Another, more general manifestation of the same trend has been the growing power of the phrase ‘intellectual property.’ Before the Second World War, use of the phrase as shorthand for copyrights, patents, trademarks, and related entitlements was rare. Since that time, it has become steadily more common. n105 Today, it is the standard way for lawyers and law teachers to refer to the field.
Why does the popularity of the term matter? The answer … is that legal discourse has power. Specifically, the use of the term ‘property’ to describe copyrights, patents, trademarks, etc. conveys the impression that they are fundamentally ‘like’ interests in land or tangible personal property — and should be protected with the same generous panoply of remedies. ….
Regrettably, the pleas by Cohen and a few others that judges jettison the concept of ‘property’ and frankly confront the public policy implications of protecting certain kinds of information fell largely on deaf ears. The ‘propertization’ of the field continued — and is now well-nigh complete.

It’s common to read commentary by outsiders — journalists especially — who conflate all three forms of ‘IP’, and therefore assuming that all three should be considered as ‘equal’ to physical property. In other words, they fall into this trap.

In reality, a trademark should have much more protection than a patent; copyright over ‘bits’ is not the same thing as physical ownership of atoms; the concept of the public domain is a whole lot different between ‘things’ and ‘bits’; there’s a difference.

To this end, this disclaimer from the UN World Summit on the Information Society is very significant; they’ve recognised these issues.

This working group has come to recognize that the term ‘intellectual property rights’ carries bias and encourages simplistic overgeneralization. Therefore this working group does not carry the name IPR. In particular, this group does not endorse the legal school of thought, which advocates that productions of the mind shall be treated in a similar way as real estate property. This legal doctrine implicitly backs the concept that copyrights should last for ever.

Nice work! (thanks to Russell McOrmond and Seth Johnson for noting it.)

Meld for graphical merging

Published October 22, 2003

Software: Great LWN weekly edition last Friday; not only is there a very nice article about SpamAssassin, debunking the ‘open spam filtering rules considered harmful’ myth, but there’s a great tool tip: Meld, a new graphical merging tool.

Basically, when you have two pieces of text, and want to merge them together into one, you need a merge tool. This is a tricky job; most people just get the tool to stick them all in one file, CVS-style, and try to figure it out visually. It’s fraught with problems.

Hence the idea of using a GUI to ease the task. There have been other graphical merge tools before; I know of the proprietary one bundled with ClearCase, and tkdiff. However, both of these just aren’t very good — it’s quite simply too hard to figure out exactly what direction which piece of text came from.

Looks like meld is a fantastic effort to fix this; take a look at the screenshots. The key is the approach they’ve taken of having a drawable area in the middle between the two differing texts; this is used for lines and graphical indications of what came from where. It really seems to work, from what I can see.

Dodgy computer games studies

Published October 21, 2003

Science: A lab rat writes up a report on his participation in two psychology studies on ‘Video Game Violence’ and ‘Violence In the Media.’

Sadly, it seems clear that the video-game violence study will return biased results due to flawed test conditions.

Of the three games played, the most violent — a first-person shooter — was modified, either through incompetence or deliberate tweaking, to use frustrating control settings and a high level of difficulty; whereas the least violent — a sim game — was set up with all the defaults and automatic help enabled.

In my experience, frustration, in any task, has a direct correlation with anger levels. So a frustrating game, violent or not, will probably give more aggressive responses in a violence measurement — hence the FPS game above will almost definitely be cited as ‘inciting violent emotions’.

Bad scientists! No doctorate!

PS: hmm, I wonder if the paper will document the exact configuration
of the games?

Linux: Happy birthday, KDE! I love it. Most recent discovery: the excellent support for printing in KDE 3.1 using the kprinter GUI.

fantastic New Yorker article

Published October 20, 2003

Politics: The Stovepipe, by Seymour M. Hersh:

The notes said that Jafar was then asked, ‘But this doesn’t mean all W.M.D.? How can you be certain?’ His answer was clear: ‘I know all the scientists involved, and they chat. There is no W.M.D.’

fantastic New Yorker article

Published October 20, 2003

The Stovepipe, by Seymour M. Hersh:

The notes said that Jafar was then asked, ‘But this doesn’t mean all W.M.D.? How can you be certain?’ His answer was clear: ‘I know all the scientists involved, and they chat. There is no W.M.D.’

Control your life support via the Internet!

Published October 20, 2003

Security: Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania – It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.
‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.
Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Control your life support via the Internet!

Published October 20, 2003

Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania – It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.

‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.

Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Compare and Contrast

Published October 20, 2003

Politics: Eli Lilly wants it both ways. First off pro-free-market:

Not many U.S. companies would put ‘maintenance of free market’ at the top of their worry list, but the pharmaceutical industry has genuine reasons for concern.

But then, anti-free-market!:

Starting immediately, if a Canadian wholesaler tries to order more Lilly product than Lilly’s estimate of what is appropriate for Canadian use, ‘they will not be able to have it,’ Smith said.

‘Don’t eat slugs’

Published October 20, 2003

Funny: The Medical Journal of Australia has issued a warning: Australians, don’t eat slugs. ‘The warning came after a Sydney student contracted a potentially deadly form of meningitis after eating a slug for a $20 bet.’

Secsed-up

Published October 20, 2003

Humour: Data::Secs2 — canoncial string for nested data. A format for representing nested data structures in accordance with SEMI E5-94, Semiconductor Equipment Communications Standard 2 (SECS-II), apparently pronounced “‘sex two’ with gusto and a perverted smile.”

The manual page goes on:

In order not to plagarize college students, credit must be given where credit is due. Tony Blair, when he was a college intern at Intel Fab 4, in London invented the SEMI SECS standards. When the Intel Fab 4 management discovered Tony’s secsification of their host and equipment, they elected to have security to escort Tony out the door. This was Mr. Blair’s introduction to elections which he leverage into being elected prime minister. In this new position he used the skills he learned at the Intel fab to secsify intelligence reports on Iraq’s weopons of mass distruction.

‘Secsed-up’, surely!?

Using a Web of Trust to stop spam

Published October 20, 2003

Spam: Been thinking about a distributed ‘web of trust’ approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point — that we do not need PKI, crypto, or any other changes to identify senders in current SMTP — and it could be done today, I think.

Why we don’t need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

Traditionally, whitelisting uses just the From line, which is vulnerable to spoofing. SpamAssassin used this up to version 2.3x. Spammers started spoofing mails where ‘From’ was the same as ‘To’, and since most people had themselves in the whitelist, that worked. boo.

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token — ( from_address, ip_address ) — as the sender’s address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That’s close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

So basically, to identify someone strongly enough to provide a spam fix in plain old vanilla current SMTP, gen up a string containing their ‘From’ address, along with all the /24 masks of the IP addresses found in the ‘Received’ headers.

Remove your relays’ IP addresses, and you have an unspoofable ID for that person’s SMTP traffic. Any spammer who wants to spoof that, will have to compromise their mail server (or a server in the same /24). That’s not cost-effective for spamming.

Note that whitelisting based on that is effectively what the SpamAssassin auto-whitelist does. But for that to be more useful than the AWL, it has to extend over the internet to those people your friends haven’t corresponded with yet; ie. it’s got to be distributed.

(If you would like to comment on this scheme, I’d prefer if you could post comments at this QuickTopic forum.)

Using a Web of Trust to stop spam

Published October 20, 2003

Been thinking about a distributed ‘web of trust’ approach to fighting spam.

Kevin Burton conversing with Raph about a web-based trust metric.
Bram writes about using (non-distributed) trust metrics against spam. With code ;)
Trust Management on the WWW, by none other than Rohit Khare and Adam Rifkin!
Trust Networks on the Semantic Web, a paper.

Combine those with another key point — that we do not need PKI, crypto, or any other changes to identify senders in current SMTP — and it could be done today, I think.

Why we don’t need crypto to identify an SMTP sender

Every email message delivered via SMTP across the internet will contain these headers:

the From line
one or more Received headers

In 2.3x or 2.4x, we added code to extract the IP addresses from the Received headers, and use a combined token — ( from_address, ip_address ) — as the sender’s address.

(In fact, we use just the top 24 bits of each IP to deal with situations like DHCP or dialup pools, where a relay may get a different IP every now and again. That’s close enough, at least.)

This is much harder to forge without doing a full-scale TCP spoofing attack; which is why the SpamAssassin auto-whitelist generally works well.

(If you would like to comment on this scheme, I’d prefer if you could post comments at this QuickTopic forum.)

That Forbes Article

Published October 19, 2003

Open Source: Forbes: Linux’s Hit Men.

The dispute, which was leaked to an Internet message board, offers a rare peek into the dark side of the free software movement–a view that contrasts with the movement’s usual public image of happy software proles linking arms and singing the ‘Internationale’ while freely sharing the fruits of their code-writing labor.

(Here we go again — the old ‘free software is communism’ line, cf. the ‘Give Communism A Try!’ / Nazi Penguin posters SCO made up earlier this year.)

The article goes on to bemoan how software companies who write proprietary extensions into GPL-licensed software, have to comply with the terms of the license.

It’s all a bit of an obvious dig — but I am looking forward to the follow-up article — that’s the one where the author bemoans how commercial software companies send out their ‘enforcers’ to extort money from companies who don’t bother paying the royalties and runtime license fees their licenses require.

PS: Hmm, ‘software prole’ — maybe I’ll adopt that in the same way
Suresh has adopted ‘lower-middle-class Unix sysadmin’:

The other title came from a spammer who asked Ramasubramanian what she’d done that made him report her to her ISP.
‘I gave her a standard set of links and information on why spam is bad, and took the time to explain all this to her. She then asked me what I did for a living. When I replied that I was a Unix administrator at an ISP, she blew up and said, ‘I thought you were a successful businessman and marketer, but you are only a lower-middle-class Unix sysadmin. Don’t you dare talk to me like this!!!”

Oh look, Suresh has a journal, too; I never realised. Cool.

SCO’s no-show invoices

Published October 19, 2003

SCOvLinux: GrokLaw: Groklaw’s Open Letter Linked to SCO’s Backing Off Invoicing.

‘SCO Group Inc is backing-down from threats to invoice organizations running Linux while extending SGI’s compliance deadline.
‘A company spokesperson said yesterday SCO’s plan to invoice organizations, on the basis that Linux illegally contains SCO code, had changed following what he claimed was success of its UnixWare licensing program. . . .
‘Members of the open source community warned SCO last month in an open letter they would initiate civil action under anti-fraud and consumer protection statutes.’

My take: ‘What? You mean extortion through fraudulent invoicing is illegal? Oops, call the mail room!’

BTW, anyone who hasn’t read the GrokLaw Open Letter to SCO yet, really should. It’s a great summary of all the many points where SCO is wrong.

MS on Choice

Published October 18, 2003

Music: This is great. Microsoft’s general manager for the Windows Digital Media division, Dave Fester, on iTunes for Windows:

If you use Apple’s music store along with ITunes, you don’t have the ability of using the over 40 different Windows Media-compatible portable music devices. When I’m paying for music, I want to know that I have choices today and in the future.

Oh, the schadenfreude. (I wonder how many MP3-compatible portable music devices there are?)

AdvogatoDay

Published October 17, 2003

Tech: So, I just looked at NTK; it has a brief bit about Bram Cohen ‘having solved content distribution, (announcing) he was now tackling other simple problems: reputation systems, version control and perhaps after lunch the NP-complete set.’

Hmm, interesting! Let’s take a look at his diary — and what do I find but a whole load of entries on using trust metrics against spam. Bugger. Looks like I have my weekend reading cut out for me.

Also notable: Advogato has added native RSS support, which makes this pretty pointless; and they’ve also added an XML-RPC interface. Expect to see taint.org entries getting copied up there soon, as a result. ;)

Uptown, Downtown and Midtown

Published October 17, 2003

Language: AussieInAmerica on {up,down,mid}town:

Something that is common here in Atlantic Canadian and northeast American small cities is to refer to the CBD (or city centre/downtown) as ‘uptown’, especially if coming to the city from its environs. BUT… once I am ‘uptown’ , I would then refer to my location as ‘downtown’. In other words, ‘uptown’ is the city centre/ CBD only if you are not there yet. ‘Uptown’ becomes ‘downtown’ once you arrive there. AND, since many smaller cities have one main street that leads in and out, if you head out of ‘downtown’ up that street you are going ‘uptown’. Follow? It works for us and I can’t recall any confusion.
(Author:) Hmm, I’m glad you folk have got it sorted out! I am reminded of Grover’s existential crisis on Sesame Street as he was coming to grips with ‘here’ and ‘there’. Every time he pitter-pattered over to ‘there’, it turned into ‘here’.

Great site. Some pretty good Strine, too — ‘Jeggoda Sinny?’ really is a common query!