DNS Pre-fetch Exposure on Thunderbird and Webmail : Ugh, very bad idea indeed. A backchannel for spammers/phishers/attackers from the mail reader is something we definitely do not want to provide. This is why we chose to cut URLs at the registrar boundary for URIBL lookups in SpamAssassin
(tags: privacy email dns mozilla thunderbird prefetching urls abuse security spam)Pricewatch – The route of the problem : great article about Dublin Bus’ shortcomings, featuring an interview with Antoin! Very interesting to hear about the upcoming GPS-based accurate bus timetabling service to be visible via their website, that’ll be fantastic
(tags: gps busses dublin-bus dublin mass-transit commute travel)
Month: January 2010
explanation of the PS3 exploit : good walk-through by Nate Lawson
(tags: ps3 root hypervisor exploits mod-chips consoles reversing)The SAY2K10 bug [LWN.net] : LWN follows up on the FH_DATE_PAST_20XX fiasco. ‘It would appear that what SpamAssassin needs is some dedicated maintenance talent which is not dependent on evening hours put in by developers committed to other projects.’ I wish
(tags: spamassassin say2k10 bugs maintainance lwn commentary)
Whisky Map of Distilleries in Scotland (Malt Madness Distillery Data) : wow. my new shopping list. also: now do one for Ireland ;)
(tags: whisky yum reference maps geodata distilleries single-malts)The Apache Software Foundation Announces Apache SpamAssassin Version 3.3.0 : w00t!
(tags: asf apache spamassassin releases 3.3.0 anti-spam)The New Data Center Rack From … IKEA? : the LACKRack — IKEA’s “LACK” side tables have exactly 19 inches of space, perfect for rackmounted hardware with a little hacking
(tags: lack ikea funny furniture hardware datacenter rackmount)
Waiting for the Apple Tablet, with Joel Johnson : possibly the best article written yet about the iTablet
(tags: itablet apple civilization vans bulldogs off-the-grid products consumerism joel-johnson)
Dublin & Wicklow Walks » Lugnaquilla : this is the plan for tomorrow — looks good!
(tags: lugnaquilla walks wicklow dublin ireland hiking)
AOL sacks pretty much the entire US postmaster team : ‘This is a totally devastating blow to everyone’
(tags: aol anti-spam layoffs postmaster email smtp)One Mutation per 15 Cigarettes Smoked : aka, lung cancer develops after 50 pack-years of smoking. sobering thought
(tags: cancer lung-cancer smoking tobacco risk mutation)The Top Google Search Result for each Unicode character : exactly what it says on the tin
(tags: google search unicode hublog)
How would you serve 100,000 simultaneous comet requests with node.js? : C10K microbenchmarking fun in Javascript (via:simonw)
(tags: web http javascript scaling comet c10k node.js long-poll)French Anti-Piracy Organisation Hadopi Uses Pirated Font In Own Logo : ‘Of course you have to appreciate the irony – the agency in charge of enforcing France’s new anti-piracy legislation using a pirated proprietary font in its very own logo.’ hoho! hoist by their own petard
(tags: hadopi piracy copyright design fail france fonts typography logos ip)YouTube – Mass Effect 2 Launch Trailer : whoa. really looking forward to this, Mass Effect was one of the best games I’ve ever played
(tags: mass-effect games via:colmbrophy xbox scifi video youtube trailers)
Auto-appendectomy in the Antarctic: case report — Rogozov and Bermel 339: b4965 — BMJ : holy shit. This is absolutely amazing, a first-person account of auto-appendectomy (via infovore)
(tags: history science russian medicine antarctica medical amazing appendectomy surgery)Google Translate fail : Google reckons that the English translation of “Amhran na bhFiann” — the Irish national anthem — is “Save The Queen”. ie. part of the *English* national anthem. the perils of machine learning (via Adam Maguire)
(tags: via:AdamMaguire funny fail google translation machine-learning)
Google Agrees to Censor Encyclopedia Dramatica Entry in Australia : nice work, Aussies! this is very stupid indeed (via Waxy)
(tags: censorship google satire australia stupid encyclopedia-dramatica trolling)
Mobile Internet access data retention (not!) : so, it seems the wireless ISPs don’t have sufficient IPv4 space for their customers, and are filtering access to the internet via NAT; unfortunate side effect is that this breaks data retention as defined in the UK. wonder if the same applies here?
(tags: uk data-retention privacy nat isps wireless mobile phones networking internet filtering)I was a Doctor at an online pharmacy : Reddit thread from answers from a “doctor” at a dodgy online prescription-drugs store, supposedly not a spamvertized one though
(tags: medicine pharma spam reddit iama scummy illegal law)
Semi-Realtime Satellite Desktop Backgrounds : Russ Garrett with another set of near-realtime desktop weather imagery (cf. http://taint.org/xplanet/ )
(tags: weather desktop image satellite realtime backgrounds)Upload and store your files in the cloud with Google Docs : no sync or automated backup yet, so more like sendspace than dropbox, limited usefulness
(tags: google backup online-backup sync storage)the MagicJack : a GSM femtocell for the home — USB-driven, the size of a pack of cards, $40. this won’t last long
(tags: femtocells gsm phone home voip telephone)Zamberlan Snow Chains : chains — for your shoes. basically crampon overshoes, to deal with ice and snow, EUR45
(tags: chains ice snow shoes boots footwear weather crampons)
Irish Weather Network : live weather-station data from across Ireland, overlaid on a Google Map, using amateur and professional stations. fascinating
(tags: weather data mapping ireland live)Malicious App In Android Market : phisher creates a banking app for Android phones which relays the authorization details to another site, possible because of insufficient app vetting (via Mulley)
(tags: apps iphone android smartphones phones mobile phishing security banking fraud)
fixing a frozen condensate trap on a condensing boiler : another day, another broken boiler
(tags: boilers home maintainance diy fix cold frozen)
Two Gentlemen of Lebowski : nicely done; Lebowski a la Shakespeare (via Waxy)
(tags: via:waxy shakespeare writing humor lebowski movies parody funny)
Una “UnaRocks” Mullally on the state of Irish blogs : ‘I think that ‘first wave’ of Irish blogging was over a long time ago, probably around the time Blogorrah hit the dirt, but in spite of time and an increase of participants and bigger audience there seems to be no real drive to improve content. People will always read something good – online or offline – and until that something good (hopefully in plural) starts to emerge and while good bloggers log off indefinitely, Irish blogging, for what it’s worth, is in a state of disarray.’
(tags: irish irishblogs ireland writing blogosphere blogging unarocks)
Happy new year! Or maybe not. Doh.
Over a year ago, Lee Maguire noticed that a contributed SpamAssassin rule, FH_DATE_PAST_20XX, was naively written — simply to match any date in the year 2010 or later — and would start to false-positive on all mail in 14 months. We made the trivial fix to avoid this (for at least 10 years, by which point the rule would have obsoleted itself through normal means), and I committed it to SVN.
Problem solved, right? Nope. I’d committed to trunk, but in a moment of inattention had forgotten to backport the fix to the stable release branch, 3.2.x, as well. Nobody else noticed the mistake, and several months later, boom:
Bugger.
Annoyingly, the GA had assigned this rule 3.5 points in the 3.2.0 rescoring run. This meant that the effective default threshold had been lowered from 5.0 points to 1.5, which produced a 2% false positive rate during the first 13 hours of the new year.
After that point, the fix was pushed to the sa-update channel, and anyone who runs sa-update regularly (as they should!) was brought back to normal filtering behaviour.
The rule is superfluous anyway, since it overlaps with a better-written “eval” rule, DATE_IN_FUTURE_96_XX. Accordingly, most likely scenario is that it’ll be removed.
Personally, I see a few lessons from this:
Obviously, I need to pay more attention. This is easier said than done though, since SpamAssassin has nothing to do with my day job anymore; it’s a spare-time thing nowadays, and that’s a rare resource, unfortunately. :( But still, a chastening result, and I’m very sorry for my part in this screwup.
We need more active committers on Apache SpamAssassin. If we’d had more eyes, the fact that I’d forgotten to backport the fix might have been spotted. we’re definitely in a better situation now in this regard than we were 6 months ago, so that’s good.
IMO, this is a good demonstration of how too many simple rules are risky; without careful vetting and moderation, it’s easy for a bad one to slip past. Perhaps we need to move more towards a DNSBL/network-rule driven approach, although this has its downsides too. Still thinking about this.
It’d be good to fix the GA so that it wouldn’t assign such high points to simple rules like this, without some indication that a human has vetted them and believes them trustworthy.
Daryl posted a good comment on /.:
Clearly we dropped the ball on this one. As far as I know it’s our first big rule screw up in the project’s 10 years. If you’re going to screw up you might as well do it well.
+1 to that!
And to everyone who had to clean up the fallout and spend a holiday recovering lost mails from spam folders… sorry :(
Atheist Ireland Publishes 25 Blasphemous Quotes : in protest against the Fianna Fail religious right’s ludicrous new blasphemy law
(tags: blasphemy ireland law legal censorship democracy atheism religion quotes)