taint.org: Justin Mason’s Weblog

Reminder — Ireland’s Blackout Week starts tomorrow:

Take part in Blackout Week

1. To demonstrate your feelings about [IRMA's censorship demands], you can make your avatar black on any websites you have a presence on.
2. This is inspired by Creative Freedom New Zealand’s blackout campaign.
3. From Black Thursday on the 5th of March, for one week, set your picture on sites like Facebook, Bebo, Twitter, MSN, etc black to raise awareness for Blackout Ireland.
4. On that Thursday we encourage you to express yourself publicly about this issue, whether by blog posts, letters to newspapers or any form of communication you can think of.

Tags: blackout, blackoutirl, censorship, internet, ireland, irma, isps

As Adrian noted last week, IRMA are demanding that Eircom block the Pirate Bay — first on a list of websites they don’t like — on pain of being sued. On top of that, they intend for the other Irish ISPs to follow suit — here’s a key line from the letter they sent to Blacknight MD Michele Neylon:

in the event of a positive response to this letter it is proposed to make practical arrangements with Blacknight of a like nature to those made with eircom.

If that comes to pass, this will be an appalling situation for Irish internet users, and we need to act to ensure it doesn’t happen. Digital Rights Ireland:

The net effect of this scheme, if it is allowed to go into effect, will be to impose an internet death penalty on two groups. On users, who will be cut off on the allegation of a private body, with no court involvement, and on websites, which could be blocked to Irish users based on a court hearing where only one side is heard.

Pace Mulley:

So first they’ll start with the Pirate Bay. Then comes Mininova, IsoHunt, then comes YouTube (they have dodgy stuff, right?), how long before we have Boards.ie because someone quoted a newspaper article or a section of a book?

Digital Rights Ireland have posted an excellent document detailing the following plan of action for Irish internet users concerned about this:

• Contact your ISP and let them know that this is a key issue for you, as their customer.

• Join up with your fellow netizens. Subscribe to the Blackout Ireland blog. Follow the #blackoutirl hashtag on Twitter. Join the Blackout Ireland Facebook group. It looks likely that there’ll be a week-long blackout campaign starting next Thursday, March 5th.

• Contact politicians. This is likely to cause irreparable damage to the Irish internet, so our pols should be very worried. See the DRI post for details on getting in touch with Minister for Communications Eamonn Ryan.

New Zealand is running their own blackout campaign right now, so that may help our planning.

International readers — make no mistake, you’re next. IRMA in this case is acting as the local delegate of IFPI, which stated in 2007 that this was one of the 3 technical options for ISPs to control piracy:

Here’s some other interesting coverage:

Fantastic interview with BitBuzz CEO Alex French:

If ISPs, including Eircom, agree not to oppose blocking access to The Pirate Bay and other similar websites, is this not an agreement to web censorship? “I don’t think there is any other way to interpret it,” said French.

“They are essentially agreeing to censor certain websites at the behest of the recording industry, without these websites ever having necessarily shown to be illegal in the Republic of Ireland. I would have a huge concern over what other websites may be blocked and what other industries will pile in now that the precedent has been set.”

Some sample letters:

• letters to IRMA, and to Minister Eamon Ryan from Paul McCarthy

• A sample letter to your ISP from Charles Julienne

And further discussion — here’s a massive boards.ie discussion thread, now closed in favour of this newer thread.

Update: here’s the letter I sent to the Minister, if you’re curious or need inspiration.

Tags: blackoutirl, eircom, filesharing, grassroots, ifpi, internet, ireland, irma, isps, pirate-bay, politics

• Symantec buys MessageLabs : hope this works out well for Matt and the guys
  (tags: messagelabs anti-spam consolidation buyouts mergers symantec)

• There is NOTHING “overplayed” about privacy concerns : great rant opposing Symantec CEO’s wittering about how online privacy is a lost cause
  (tags: privacy online internet web symantec rants)

• S3rsync : ‘Full Rsync layer to Amazon S3 storage’. preserves file perms, symlinks, partial files. commercial, charged at 5 cents per hour of rsync time used
  (tags: rsync s3 amazon aws storage backup sync)

• why you shouldn’t believe companies when they play down data leaks : in 2006, T-Mobile lost data on 17m customers, but noted that they could find no evidence of misuse or compromise, so made no public announcement — until last weekend, when _Der Spiegel_ discovered this data for sale online. so much for keeping it quiet. another argument for compulsory breach disclosure
  (tags: der-spiegel t-mobile deutsche-telekom privacy security breaches breach-disclosure via:pogowasright germany leaks)

• macvim – Google Code : ‘a port of the text editor Vim to Mac OS X that is meant to look better and integrate more seamlessly with the Mac than the older Carbon port of Vim’ (thanks MinHee Hong!)
  (tags: vim macos mac editors porting tools applications)

Tags: amazon, anti-spam, applications, aws, backup, breach-disclosure, breaches, buyouts, consolidation, der-spiegel, deutsche-telekom, editors, germany, internet, leaks, mac, macos, mergers, messagelabs, online, porting, privacy, rants, rsync, s3, security, storage, symantec, sync, t-mobile, tools, via:pogowasright, vim, web

• MailChannels’ Ken Simpson on the new email RFCs : diffed. the explicit statement that there is no length limit to mail headers is potentially tricky
  (tags: rfcs rfc-5321 rfc-5322 email standards internet smtp)

Tags: email, internet, rfc-5321, rfc-5322, rfcs, smtp, standards

• Vint Cerf interviewed on spam, malware etc. : pretty much the EFF party line, I think: “every man for himself”. also talks about net neutrality
  (tags: vint-cerf internet filtering spam malware abuse network-neutrality anti-spam eff)

• video of a fake e-Passport being accepted by airport security reader : an e-Passport for “Elvis Aaron Presley”, no less, happily scanned by an Amsterdam passport security station. hahahaha!
  (tags: elvis funny security e-passports video via:slashdot rfid)

• Facebook adds Ireland as a Friend : ‘Dublin will be the centre for Facebook’s international operations and will provide a range of online technical, sales and operations support to Facebook’s users and customers across EMEA region.’ good news
  (tags: facebook dublin ireland web2.0 emea)

• RFC-5321 (Obsoletes: 2821) : The newest rev to the Simple Mail Transfer Protocol (via fanf)
  (tags: rfcs rfc-2821 standards internet smtp email rfc-5321)

• RFC-5322 (Obsoletes: 2822) : the newest rev to the Internet Message Format for email (via fanf)
  (tags: via:fanf rfc rfc-2822 rfc-5322 standards email internet)

Tags: abuse, anti-spam, dublin, e-passports, eff, elvis, email, emea, facebook, filtering, funny, internet, ireland, malware, network-neutrality, rfc, rfc-2821, rfc-2822, rfc-5321, rfc-5322, rfcs, rfid, security, smtp, spam, standards, via:fanf, via:slashdot, video, vint-cerf, web2.0

Del.icio.us 2.0 goes live yay! I’ve been waiting for this for yonks

10 years of Boards.ie massive ~50GB RDF/XML dump, for open crunching, to generate interesting “SIOC Semantic Web” apps

Postmaster.comcast.net how to get mail delivered successfully to Comcast, the usual stuff

Why we’ll never replace SMTP ‘The reason that e-mail is uniquely useful is that you can exchange mail with people you don’t already know. The reason that spam exists is that you can exchange mail with people you don’t already know.’ +1

“Bikes-for-Billboards” scheme exposes major planning flaws ‘what was initially hailed as “free bikes” has become one of the biggest planning controversies to hit Dublin in years.’ No shit. 70% of sites are on the Northside, rather than the richer Southside; and each bike will cost over EUR300k in ad revenue!

Rob Enderle’s page on Wikipedia detailing this analyst’s hilariously wrong pro-SCO, anti-Apple/Linux predictions over the years. John Gruber: ‘the only way it would be worthwhile for reporters to [quote him] would be if they were willing to describe him as “almost always utterly wrong”‘

Tags: ads, advertising, analysts, anti-spam, apple, bikes, billboards, blogging, boards.ie, comcast, cycling, del.icio.us, dublin, email, enderle-group, funny, fussp, guidelines, history, internet, ireland, isps, jc-decaux, john-gruber, Links, linux, mail, microsoft, oh-dear, planning, postmaster, releases, rob-enderle, scandals, sco, semantic-web, sioc, smtp, spam, tech, urban, via:archiseek, wikipedia

Joey Hess suggests that current discussions about the superfluity of DVCS systems have a parallel in how the internet protocol world, circa 1993, played out:

I’m reminded of 1993. Using the internet at that time involved using a mishmash of stuff — Telnet, FTP, Gopher, strange things called Archie and Veronica. Or maybe this CERN “web” thing that Tim Berners-Lee had just invented a few years before, but that mostly was useful to particle physicists.

Then in 1994 a few more people put up web sites, then more and more, and suddenly there was an inflection point. Suddenly we were all browsing the web and all that other stuff seemed much more specialised and marginalised.

I would disagree, a little. Back in the early ’90’s, I was a sysadmin playing around with internet- and intranet-facing TCP/IP services (although in those days, the term “intranet” hadn’t been coined yet), so I gained a fair bit of experience at the coal-face in this regard. The mish-mash of protocols – telnet, gopher, Archie, WAIS, FTP, NNTP, and so on — all had their own worlds and their own views of the ‘net. What changed this in 1993 was not so much the arrival of HTTP, but TimBL’s other creation: the URL.

The URL allowed all those balkanized protocols to be supported by one WWW client, and allowed a HTML document to “link” to any other protocol –

The WWW browsers can access many existing data systems via existing protocols (FTP, NNTP) or via HTTP and a gateway. In this way, the critical mass of data is quickly exceeded, and the increasing use of the system by readers and information suppliers encourage each other.

This was a great “embrace and extend” manoeuvre by TimBL, in my opinion — by embracing the existing base of TCP/IP protocols, the WWW client became the ideal user interface to all of them. Once NCSA Mosaic came along, there really was no alternative to rival the Web’s ease of use. This was the case even if you didn’t have a HTTP server of your own; you could still access HTML documents and remote URLs.

In essence, HTML and the URL were the trojan horse, paving the way for HTTP (as HTML’s native distribution protocol) to succeed. It wasn’t the web sites that helped the WWW “win”, but embrace-and-extend via the URL.

For what it’s worth, I think there is an interesting parallel in today’s DCVS world: git-svn.

Tags: dvcs, git, history, html, http, internet, protocols, web, www

I’m on the technical advisory board for MailChannels, a company who make a commercial traffic-shaping antispam product, Traffic Control. Basically, you put it in front of your real MTA, and it applies “the easy stuff” — greet-pause, early-talker disconnection, lookup against front-line DNSBLs, etc. — in a massively scalable, event-driven fashion, handling thousands of SMTP connections in a single process. By taking care of 80% of the bad stuff upfront, it takes a massive load off of your backend — and, key point, off your SpamAssassin setup. ;)

Until recently, the product was for-pay and (relatively) hard to get your hands on, but as of today, they’re making it available as a download at http://mailchannels.com/download/. Apparently: “it’s free for low-volume use, but high volume users will need a license key.”

Anyway, take a look, if you’re interested. I think it’s pretty cool. (And I’m not just saying that because I’m on their tech advisory board. ;)

Tags: anti-spam, internet, mail, mailchannels, networking, plug, smtp, tcp, traffic-control, traffic-shaping

As I noted on Monday, the Irish branches of several major record companies have brought a case against Eircom, demanding in part that the ISP install Audible Magic’s Copysense anti-filesharing appliances on their network infrastructure.

I thought I’d do a quick bit of research online into how they do their filtering. Here’s what the EFF had to say:

Audible Magic’s technology can easily be defeated by using one-time session key encryption (e.g., SSL) or by modifying the behavior of the network stack to ignore RST packets.

It’s interesting to see that they used RST packets — this is the same mechanism used by the “Great Firewall of China” to censor the internet:

the keyword detection is not actually being done in large routers on the borders of the Chinese networks, but in nearby subsidiary machines. When these machines detect the keyword, they do not actually prevent the packet containing the keyword from passing through the main router (this would be horribly complicated to achieve and still allow the router to run at the necessary speed). Instead, these subsiduary machines generate a series of TCP reset packets, which are sent to each end of the connection. When the resets arrive, the end-points assume they are genuine requests from the other end to close the connection — and obey. Hence the censorship occurs.

But there’s a very easy way to avoid this, according to that blog post:

However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall’s reset packets, then the connection will proceed unhindered! We’ve done some real experiments on this — and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall — just shut your eyes and walk onto Platform 9¾.

Clayton, Murdoch, and Watson’s paper on this technique provides the Linux and FreeBSD firewall commands they used to do this. Here’s Linux:

   iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP

For FreeBSD, the command is:

   ipfw add 1000 drop tcp from any to me tcpflags rst in

So assuming Copysense haven’t changed their approach yet, it’s trivial to block Copysense’s filtering, if both ends are running Linux or BSD. I predict if Copysense becomes widespread, someone will patch Windows TCP to do the same.

I love Audible Magic’s response:

The current appliance happens to use the TCP Reset to accomplish this today. There are many other technical methods of blocking transfers. Again, we have strategies to deal with them should they ever prove necessary. This is why we recommend our customers purchase a software support agreement which provides for these enhancements that keep their purchase up-to-date and protect their investment.

in other words, “hey customers! if you don’t have a support contract, you’re shit out of luck when the p2p guys get around our filters!” Nice. ;)

Tags: audible-magic, censorship, copysense, eircom, filtering, internet, ireland, p2p, rst, tcp

As I noted last year, BT, the ISP I use here in Ireland, disconnects broadband sessions on a daily basis, assigning a new IP address; this is really aggravating to anyone who uses a VPN, such as most telecommuters. Reportedly, this is done to work around deficiencies in their billing system.

A comment from Jeremy on that post suggested something interesting, though:

Just had a very helpful tech support guy on from BT. [... he] told me to restart the modem sometime that will make it convenient for the 24 hour IP change – i.e. restart it at 6am, and then it’ll change IP every day at 6am.

I’ve tested this, and it works. Much more convenient! Now the renumbering and VPN breakage can take place when I want it to — at the start of the workday, instead of some random point chosen by BT’s billing system. Quite an improvement.

To make this useful, here’s a script, “reboot-zyxel”, which will reboot your Zyxel P-660RU router remotely over the LAN. (It requires perl and curl.)

Tags: adsl, broadband, bt, esat, hacking, internet, modems, p-660ru, routers, scripts, software, zyxel

Here’s a great presentation from Joe St Sauver presented at the London Action Plan meeting recently: Infected PCs Acting As Spam Zombies: We Need to Cure the Disease, Not Just Suppress the Symptoms

Some key points in brief:

Despite all our ongoing efforts: the spam problem continues to worsen, with nine out of every ten emails now spam; spam volume has increased by 80% over just the past few months and users face a constantly morphing flood of malware trying to take over their computers. Bottom line: we’re losing the war on spam.

The root cause of today’s spam problems is spam zombies, with 85% of all spam being delivered via spam zombies.

The spam zombie problem grows worse every day (with over ninety one million new spam zombies per year)

Users don’t, won’t, or can’t clean up their infected PCs; and ISPs can’t be expected to clean up their infected customers’ PCs.

Filtering port 25 and doing rate limiting is like giving cough syrup to someone with lung cancer — it may suppress some overt symptoms but it doesn’t cure the underlying disease.

Filtered and rate-limited spam zombies CAN still be used for many, many OTHER bad things, and they represent a huge problem if left to languish in a live infected state.

Joe’s take — “we’re in the middle of a worldwide cyber crisis”. I agree. He suggests a new strategy:

It is common for universities to produce and distribute a one-click clean-up-and-secure CD for use by their students and faculty. It’s now time for our governments to produce and distribute an equivalent disk for everyone to use.

I agree the existing schemes are clearly not working; this is an interesting suggestion. Read/listen to the presentation in full for more details; pick up PDF, PPT and video here.

Tags: anti-spam, botnets, ddos, internet, joe-st-sauver, london-action-plan, security, smtp, windows, zombies

The European Health Insurance Card is dead handy, providing access to healthcare for EU residents while travelling in Europe – it’s definitely worth having one.

There were a few reports in the Irish newspapers last week of an announcement by the Health Service Executive, warning of “a bogus website” which charges a fee of EUR22 to process applications for this:

The HSE also warned that the site is asking applicants to submit detailed financial information. “It has come to the attention of the Health Service Executive that Irish residents are being targeted by a website which is unnecessarily charging people to apply for EHIC cards. The bogus site concerned — http://www.ehic-card.eu/ — is not connected to the HSE,” said the HSE in a statement.

I’d link to the HSE’s press release on the topic, but it’s down, apparently — and that’s pretty indicative of the problem. You see, I’ve been trying to apply for one of these recently.

The HSE has been announcing that there’s no need to use this “bogus site”, since we can just use the “real” site at http://www.ehic.ie/ to apply for one. Here’s what they neglect to mention:

• (a) that unless you’re a pensioner you can’t apply for one online — you have to print out a form, fill it in, and post it to your local health office.
• (b) there’s no indication on the site as to what exactly your “Local Health Office” may be, just a long list of mysterious locations.
• (c) in order to apply, the form demands that you supply all that ‘detailed financial information’ — namely your name, address, date of birth, proof of residency, and PPS number — anyway.
• (d) the “bogus site” isn’t really all that bogus after all.

If they had a simple and usable online application process, perhaps they wouldn’t be plagued by other sites attempting to offer that service for what is really a quite reasonable EUR22 fee?

This is a pretty frequent phenomenon on Irish governmental websites; a half-assed attempt to bring governmental services online, resulting in shiny informational sites, full of clip-art of smiling people talking on the phone, which all come down to a bottom line of “print this out and post it in” or “call this number” – business as usual. Having said that, at least I can generally still get a human on the phone, which still beats dealing with US government agencies, I guess!

BTW, I notice the HSE claim that it only takes 10 working days for an EHIC to arrive using their system. I applied for mine 3 weeks ago, and there’s been no word yet…

Tags: ehic, eu, government, health, hse, internet, ireland

Renesys Blog: The Bluesecurity Fiasco – in which Todd Underwood, CSO for Renesys Corporation, applies some real-world knowledge of how the internet works to the “timeline of events” press release, issued by BlueSecurity as part of their ongoing PR about the DDoS.

Judging by the comments at Slashdot, this really needs to be more widely read.

Here’s some highlights:

The timeline from BlueSecurity [...] is frustratingly vague. It uses phrases like ‘tampering with the Internet backbone using a technique called “Blackhole Filtering”.’ As Thomas Pogge, a philosophy professor of mine, used to say: that’s not even wrong yet. There is no “Internet backbone”, there is no technique known as “Blackhole Filtering”, and blackhole routing is not normally described as tampering. So the whole explanation is nonsense. [...] Let’s clear one thing up for the press and everyone else: this event just wasn’t that interesting. The attack against bluesecurity was a run-of-the-mill denial of service attack.

His conclusion:

I believe that the PR engine from BS is in overdrive spinning this event as fast as they can. But the concrete facts being put out by them simply to not add up. In the process they seem to be doing two things: 1) trying to imply or state that someone at UUnet was bribed by a spammer. This is simply ridiculous. I know many of the people who work for UUnet and they are honest, hardworking and extraordinarily clever people. They would not be crooked, or stupid, enough to do such a thing and if they were, they would have been trivially caught by change-management procedures. Moreover, such a change at UUnet (or BTN) wouldn’t have caused the event BS claims to have witnessed anyway. Additionally, 2) BS is trying to deflect attention from the damage that they caused at Six Apart. It would be much better if they could just claim ignorance of the DOS, apologize and move on. I recognize that that isn’t going to happen, but it sure would make this whole thing easier to handle.

Well said.

Of course, this is pretty much immaterial — the people who are using Blue Frog, and vocally supporting Blue Security, don’t really care what happened. All they care about is that someone is taking some kind of direct action against spammers, in some way or another, and if there’s a little “friendly fire” and some bending of the truth, why, this is a war! What, do you support the spammers?

It’s disappointing — the amount of disinformation being successfully pumped out (and accepted!) on this story is massive.

Tags: anti-spam, blue-frog, bluesecurity, ddos, internet, routing, security

    --> Sending: ATZ
    ATZ
    OK
    --> Sending: ATQ0 V1 E1 S0=0 &C1 &D2
    ATQ0 V1 E1 S0=0 &C1 &D2
    OK
    --> Sending: ATH1
    ATH1
    OK
    --> Modem initialized.
    --> Sending: ATDT1892150150
    --> Waiting for carrier.
    ATDT1892150150
    CONNECT 45333

45 measly kilobits per second! This is incredibly painful — and expensive at 5 cents a minute! I briefly considered getting around it by hiring a 3G data-card for the couple of weeks before my DSL is activated — but that too is insanely overpriced.

Hurry up, DSL…

Tags: 1996, 45kbps, ath0, dialup, eircon, internet, ireland, modems, retro

Ever wondered what today’s internet meme images would look like on mid-’80’s home computing hardware?

Wonder no longer!

Tags: c64, commodore, computing, funny, hacks, hardware, internet, meme, today

On saturday, I spent a little time trying to work out how to give Steve Jobs my money; more accurately, I wanted to get some way to buy music from the iTunes Music Store from my Linux desktop, and this isn’t as easy as it really should be, because the official iTMS is a mess of proprietary Mac- and Windows-only DRM-laden badness.

Here’s a quick walkthrough of how this went:

• install iTunes in my VMWare Windows install
• sign up for iTMS, and give Apple all my personal info, including super-s3kr1t card verification codes, eek
• buy a song
• find the DRM’d file in the filesystem; it’s an .m4p file, and xine doesn’t seem to like it
• do some googling for ‘iTunes DRM remove linux’; that leads to Jon Lech Johansen’s JusteTune
• download and run JusteTune installer
• get obscure hexadecimal error code dialog. hmm! what could that mean?
• download and run .NET runtime, link on JusteTune page
• rerun JusteTune — it works this time
• select Account -> Authorize, enter login info
• drag and drop file — it’s decrypted!

So, that yields a decrypted AAC file, which I can play on Linux using xine. That’s the hard part done!

However, I want to play my purchases in JuK, the very nice iTunes-style music player app for KDE.

While the gstreamer audio framework supports playback of AAC files with the gstreamer0.8-faad package (’sudo apt-get install gstreamer0.8-faad’), JuK itself can’t find the file or read its metadata, so it doesn’t show up in the music collection as playable. I don’t want to go hacking code from CVS into my desktop’s music player — possibly the most essential app on the desktop — so transcoding them to MP3 seems to be the best option.

Somebody’s already been here before, though — that’s one of the benefits of being a late adopter! Here’s a script to convert .m4a files to .mp3 using the ‘faad’ tool (’sudo apt-get install faad’).

During this work, I came across Jon Lech Johansen’s latest masterwork — SharpMusique, a fully operational native Linux interface to the iTMS. Building on Ubuntu Hoary was a simple matter of tar xvfz, configure, make, sudo make install, and it works great — and automatically de-DRMs the files on the fly as it downloads them! Now that’s the way to enjoy the iTMS on Linux, at least until Apple’s engineers break it again.

Update, May 2006: Apple’s engineers broke it. Thanks Wilfredo ;)

End result: a brand new, complete, high-quality copy of Dengue Fever’s new album, Escape From Dragon House. Previously I’d only had a couple of tracks off this, so I’m now a happy camper, music-wise.

BTW, I was also considering trying out the new Yahoo! Music Store, but it too uses fascist DRM tricks and is platform-limited, and I’m not sure how breakable it is. On top of that, the prospect of not being able to try it out before handing over credit-card details put me off. As far as I can see, I can’t even look up the albums offered before subscribing. All combined, I’ll stick with iTMS for now.

Tags: apple, drm, internet, itunes, linux, software

Travel: Toorcon was great fun! Lots of interesting conversations.

Unfortunately they had a cruddy internet connection, so I’m majorly backlogged, and can’t write about any of it just yet ;)

Tags: connection, cruddy, fun, internet, toorcon, travel

Television: Tony Bowden: BBCtorrent? ‘Later this month, the BBC will launch a pilot project that could lead to all television programmes being made available on the internet.’ I have my fingers firmly crossed here. This could be really excellent news. Of course, not being located in the UK could make it not-so-easy to actually watch them from here, but the underlying thinking is really cool.

Tech: LayerOne. Weekend conf in LA, with Danny O’Brien — think I might just tag along!

Patents: Posting this here so I can find it in future. Here’s a /. comment saying ‘if it becomes impossible to safely develop software in the US and EU due to patents, innovation will move to India and China’. This isn’t quite true anymore — my response, noting the Brazil/Glaxo/AZT case.

Tags: bbc, bbctorrent, course, internet, month, news, pilot, project, television, thinking

Spam: CNN: First four charged under ‘can spam’ law:

Court documents in the landmark case in Detroit describe a nearly inscrutable puzzle of corporate identities, bank accounts and electronic storefronts in one alleged spam operation.

At one point, investigators said, packages were sometimes delivered to a restaurant, where a greeter accepted them and passed them along to one defendant.

Detroit Free Press: 4 Oakland men cited in 1st U.S. spam case:

The four are accused of secretly commandeering computers that forward e-mail for some of the nation’s biggest corporations — including Ford Motor Co. — to send millions of junk messages advertising herbal supplements, diet patches and sexual enhancement pills and products.

Other unwitting companies and agencies whose computers were used include Unisys Corp., Amoco Corp., the Administrative Office of the United States Courts and the U.S. Army Information Center, according to a complaint filed in U.S. District Court in Detroit on Wednesday. …..

Unraveling the trail of spam took four months. Berg said that because of the use of proxy servers, trying to trace the spam back to the original sender was difficult. …..

In Karlsruhe, Germany, an Internet security expert and activist named Anders Henke runs what he calls a “proxy pot,” a system that simulates a mail proxy but doesn’t actually forward mail. It sits on the Internet, looking vulnerable to the sophisticated scanning software used by spammers to sniff out open proxies.

Starting in early January, the complaint says, Henke’s proxy pot intercepted 5 million attempts from computer accounts linked to the Michigan men.

Tags: case, cnn, complaint, corp, court, internet, law, pot, proxy, spam

Funny: AP: SoCal city falls victim to Internet hoax, considers banning items made
with water. It’s the old ‘dihydrogen monoxide’ hoax again:

‘It’s embarrassing,’ said City Manager David J. Norman. ‘We had a paralegal who did bad research.’

The paralegal apparently fell victim to one of the many official looking Web sites that have been put up by pranksters to describe dihydrogen monoxide as ‘an odorless, tasteless chemical’ that can be deadly if accidentally inhaled.

So — ha ha, stupid Aliso Viejo city officials. But seriously — why is a paralegal making decisions on scientific issues? Isn’t that what the EPA and their environmental scientists are there for? Tail wagging the dog, I think.

Tags: city, dihydrogen, funny, hoax, internet, monoxide, paralegal, research, socal, victim, water

Ireland: Bad news from home.

A truly ground-breaking concept, the ‘Group Broadband Scheme’, has been watered down into a shadow of what it could be with a requirement that all community internet access schemes be operated in association with ‘an Internet Service Provider or Authorised Operator’.

In other words, rather than a radical new way to provide affordable non-profit, community-owned high-speed internet access in rural areas, it’s just business as usual:

‘With the launch of the 1st Call for Group Broadband Scheme proposals, it is clear the Minister intends to require that any application for funding under the group broadband scheme initiative be made in association with an Internet Service Provider (ISP) or Authorised Operator (AO)’, said (Ireland Offline) chairman Christian Cooke, ‘a so-called Broadband Internet Service Provider (BISP)’. …..

Experience in the UK has shown that the commercial provision of broadband in rural areas is not financially viable. Low population and wide dispersal lead to lower margins than can be supported by a profit-oriented enterprise. ….

Ireland Offline warned that the prerequisite of partnering with a BISP as a condition of GBS funding, there is a very real danger of companies cherry-picking more lucrative areas, leaving communities for which the funding should have been made available … without any services.

‘In short, in its current form, the group broadband scheme initiative bears no resemblance to the group water schemes, to rural broadband provision’, said Cooke, ‘and every resemblance to the packaging of subsidized local monopolistic franchises, monopolistic because no competitor could go head-to-head with a subsidized service. It is therefore better to think of them as not so much like group water schemes as ‘group coca-cola schemes’.’

IrelandOffline press release here.

In other EU news — the EU Parliament has approved the IP Enforcement Directive. The Greens report:

• Patents are included within the scope of the directive.
• only 3 parts of the directive are limited to ‘commercial scale’. This means that the provisions of Articles 7(1), 8 and 9 can potentially be used against consumers. In the US this kind of legislation has been used to target, amongst others, children and their parents for downloading music.
• there are concerns amongst ISPs that they can be attacked for ‘providing’ the means to download content which is protected by copyright.

James Heald: ‘Exactly what will now happen, and exactly what surprises it may lead to, will now depend on the different details of how the directive is now implemented from member country to member country across Europe.’

Tags: access, association, authorised, broadband, funding, group, internet, ireland, provider, scheme, service

Ireland: Apparently, the Internet Society of Ireland (ISOC) has set up its first Chapter working group to establish a consensus on best principles for governing the .IE registry.

Should be some fireworks, I hope ;)

Tags: chapter, consensus, group, internet, ireland, isoc, registry, society

Green: iTrike: the World’s First* Solar-Powered Internet Rickshaw, from wireless.psand.net. Psand.net have done a great job in the past mucking about with wireless at green events in the UK from what I can see — I think I’ve even blogged about ‘em – but they’ve outdone themselves this time. Cool!

PS: mmm, proper cider… yum.

Tags: green, internet, itrike, job, mmm, powered, psand, rickshaw, solar, time, world

In this article by Salam Pax, about how he got into weblogging, he says:

While the world was moving on to high-speed internet, we were being told it was overrated.

Heh, sounds like an Eircom quote ;)

Tags: article, eircom, heh, internet, pax, quote, salam, world

The Guardian reports that fake-news genius Chris Morris is collaborating on a new show with Charlie Brooker:

This has led to persistent rumours on internet talkboards and gossip sites that the show will be based around TVGoHome’s character Nathan Barley.

Barley, the star of a fictional TVGoHome docusoap, is a loathsome public school educated, Hoxton-dwelling new media type, obsessed with gadgets and extreme sports.

But given Morris’s fondness for windups and spoofs, this could just as easily be a red herring.

Apparently, Morris and Brooker have collaborated before on smaller segments. Whatever it is, I’m all for it. Fact times Importance equals News!

Gross: The Indian ‘fly boy’ has doctors baffled. ‘Doctors carried out a cystoscopy to clear the boy’s urinary tract, but the treatment has failed because two more flies emerged out of his penis on Monday.’ (aaargh)

Tags: boy, character, docusoap, genius, gossip, guardian, internet, show, star, tvgohome

<

p>The New Zealand Herald reports that ‘internet retailers nationwide are banding together to fight a Canadian company’s demands for them to pay up or be shut down.’ A Montreal-based company called DE Technologies has ‘written to several e-commerce operators demanding licensing fees for use of international e-commerce processes.’

<

p> The affected ISPs and e-commerce companies are banding together to fight the patent. The NZ Ministry of Economic Development is quoted as saying ‘This is a commercial matter. If people wish to dispute the validity of the patent there are mechanisms in the Patents Act (1953) for them to seek to have the patent revoked’. However, one company has received legal advice indicating that an attempt to have the patent overturned could cost up to NZ$150,000, and some background on the FightThePatent site indicates that there may also be only 12 days (or so) from today to do so.

<

p> DE Technologies’ news page gives an interesting angle on their activities in NZ. It seems Ed Pool, the CEO of DET, believed in 2001 that it was ‘an insult to call it a business process. To this day, no one has been able to duplicate this design.’ However, it seems that by 2003, at least 40 NZ-based e-commerce outfits have now figured out the details, because that’s how many legal letters his lawyers have reportedly sent. One such letter demanded a $US10,000 signing fee, a ‘royalty rate’ of 1.5% on every transaction, and 11 US cents for each document generated.

Worth noting that the patent has also been granted in Singapore and the US — where it apparently caused a public outcry and was raised on the Senate floor as an example of a ‘bad patent’, before it was granted anyway.

Tags: company, herald, internet, isps, licensing, ministry, new, patent, use, zealand

Hmm. The Irish branch of the BSA claims that the percentage of illegal software used in Ireland stood at 42 percent for 2002.

Does that mean 42 percent of all software running in Ireland is a pirate copy? I wonder if anyone ever audits this figures — qui custodiet etc. The article continues:

‘The lack of improvement on Ireland’s piracy rate can be attributed to the proliferation of Internet piracy … and a certain amount of apathy,’ said Julian McMenamin, BSA Ireland chairman. ‘But whatever the excuse, a piracy rate of 42 percent is appalling.’

Is internet piracy really that widespread in the workplace? I can imagine your typical 15-year-old firing up KaZaa or whatever, but is this really likely for your typical Irish IT staffer? I doubt it, to be honest.

And given Ireland’s broadband woes, it’d probably be cheaper to hop in the car, drive to the local Compustore, and buy it over the counter, just to avoid paying those ISDN charges. ;)

Just to contradict the ‘internet piracy’ statement, in this story, McMenamin then states that ‘a particular problem in Ireland was small and medium-sized companies purchasing a licence that is too small, or not upgrading their licence as their companies grow. An offending company might typically have a 10-user licence but allow 50 people to use the software.’

This is a hell of a lot more likely than the ’scary internet’ bugbear, but I would still find it very hard to imagine that this is a uniquely Irish problem that could account for Ireland supposedly having nearly twice the rate of piracy of the UK (42% in Ireland vs. the UK’s 26%).

While taking a look at the BSA site, I note that their automated tool, GASP, now exposes the illegal distribution and storage of copyrighted music, apparently: ‘new features in GASP v6.5 include reports that show a complete listing of MP3 files on audited systems’.

I wonder if my collection of MP3s downloaded from eMusic.com, and ripped from albums I bought, would set off its alarms. Given that the MP3 format has no way to differentiate between pirated and non-pirated music, I would imagine so. False positives a go-go!

Patents: Eamon O’Tuathail’s call for action against software patents. The vote of the Legal Affairs Committee of the EP was yesterday, apparently. Wonder how it went…

Tags: bsa, gasp, internet, licence, percent, piracy, problem, rate, software, wonder

So, Poland just joined the EU – welcome! ;)

Meanwhile, time for a trawl through IrelandOffline news.

Boards.IE have had enough of crappy internet from the telcos — they’re hoping to launch an ISP. Given one company’s continuing stranglehold over the Irish internet, they’ll need every bit of luck they can get. Good luck guys.

And, in case anyone’s swallowing that ‘there isn’t the demand’ line, check this story out:

The story goes how Old Man Kennedy was getting his shoes shined back in ‘29 and the shoe-shine boy was telling him what stocks looked good and what didn’t. Old Man Kennedy knew the game was up and it was time to get out of the market.

I got my hair cut this morning and the middle-aged man beside me was telling the barber how he had downgraded his ISDN line to get DSL but the DSL failed the test and now he’s stuck with a normal line. The barber was asking him what company he applied through, told him of the others, asked how far from the exchange he was, told him where the exchange was (as he didn’t know), said ‘mmm, that’d be about 3km, as the crow flies. But it’s not as the crow flies – it’s the turns in the road and that.’

Now if my barber can give me the technical requirements for DSL and people are talking of stimulating demand, you have to realise that something fishy is going on.

Forfas delivers damning broadband report : ‘Irish DSL prices for small businesses are about five to six times higher’ than other European countries. Hmm, I wonder why the telcos are reporting a lack of demand.

IrelandOffline’s Broadband – The Next Steps for Ireland document, which was presented to the Dail’s Joint Committee on Communications last week. Conclusions:

• Prioritise Wireless: ‘it is no longer time for trials’

• Increase Availability of Affordable Backhaul

• Raise Public Awareness of Alternative Technologies

And how’s about this for an Alternative Technology? Tethered balloons trialing in the North. Genius. The company is called Skylinc, and uses blimps flying at 1500m; each provides a coverage area of 80km diameter. The result is ‘fibre rate service at DSL prices’; non-contended for 30,000 customers, with 1-10 MB/s throughput. I really hope they can pull this off….

Tags: barber, company, demand, dsl, internet, irelandoffline, line, luck, man, time

As I’ve said before, C-R is not an acceptable way, alone, to deal with spam. You’re just pushing the work away from yourself, and onto your legitimate correspondents — and you won’t make any friends as a result. Things get worse when anything more complex than simple person-to-person mail intrudes, like internet mailing lists. (And come on folks — that particular innovation is only 24 years old ;)

Case in point this week: Declan McCullagh gets bitten:

My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today.

and Dave Farber says:

If I start getting a flood of challenges from earthlink ipers that require my response I will most likely declare them SPAM and you will stop receiving IP mail.

John Levine’s follow-up is well worth a read, as he predicts massive (and trivial) whitelist exploitation by spammers to avoid C-R — and then we’ll be worse off than we were when we started.

Finally, there’s quite a funny quote in John’s mail:

A relatively easy to solve problem with challenge systems is that most of them are written by dimwits who don’t understand the way that e-mail really works. In 1983 the 4.3BSD Berkeley Unix ‘vacation’ program correctly dealt with mail from lists and other mechanical sources, yet 20 years later I still see out-of-office replies from Lotus Notes and MS Exchange to list mail every day. (Is there really nobody at IBM or Microsoft who used 4.3BSD or knows the rules of thumb to recognize non-personal but legit mail?)

I have often wondered that myself ;)

Tags: anything, bsd, innovation, internet, mail, mailing, result, spam, way, work

Boca (Raton, FL) stamping itself spam capital (Palm Beach Post):

‘Boca Raton is stamping itself worldwide for millions of Internet users flooded in spam as the ‘world spam capital,’ said Steve Linford, director of the Spamhaus Project …

‘We’d rather be known for our parks and quality of life,’ Boca Raton Mayor Steven Abrams said.’

Found via spamNEWS.

Tags: beach, boca, capital, internet, palm, post, raton, spam, the, worldwide

just got back from a super-quick booze-soaked weekend visit to Ben in SF. It was so good to visit a city once again, and get the opportunity to paint the town red, hit the bars, eat in plentiful cheap restaurants, and generally enjoy city life (which I’ve been missing massively since the move from Dublin). But now back in post-suburban Irvine to cope with the hangover.

Also got to meet up with Komal, one of my co-workers up there — which was cool. Unfortunately it was a super-speedy weekend whistle-stop tour though, so having a good social meet-up with all the guys will have to wait until the next visit. ;)

Net: ‘The Canadian scientists who broke the genetic code for SARS … say they couldn’t have done it without the Internet. … The key to that collaboration was ordinary e-mail‘.

It also turns out the ProMED mailing list was the central point at which SARS reports were collated in the early stages, even despite evasion and cover-up by the Chinese state.

So there you go — as usual, SMTP is the killer app — or in this case, a life-saving app! All the more reason to figure out ways to deal with spam and return SMTP to its top spot in the protocol pantheon.

Good thing the FTC Spam Forum went so well, then. Sounds like there was unprecedented agreement between the non-spam folks, clear understanding of the issues by quite a few of the Washington denizens, and maybe even some good footage of the other side digging holes for themselves.

Health: US, Asian Airlines Disagree on SARS. Me, I just wish the airlines would stop being so bloody cheap, and bring in more fresh air rather than recirculating. ;)

Date: Sun, 04 May 2003 12:20:16 -0400
From: STEPHEN JONES (spam-protected)
To: (spam-protected) (spam-protected)
Subject: Internet is a good thing says Steve Jones clone

Internet played a key role in decoding SARS genome, scientists say

DENNIS BUECKERT

OTTAWA (CP) – The Canadian scientists who broke the genetic code for SARS just weeks after the disease appeared say they couldn’t have done it without the Internet.

Scientists from the Michael Smith Genome Sciences Centre of the B.C. Cancer Agency say their achievement relied on rapid communication with scientists around the world. The key to that collaboration was ordinary e-mail, said Steven Jones of the Vancouver-based research agency in a teleconference Thursday sponsored by Science magazine.

“Within a day of us having a press release announcing our participation in the sequencing we had an amazing amount of e-mail from scientists all around the world,” Jones said.

As soon as the sequence was decoded, the B.C. researchers posted it on the Internet.

“People were, within minutes of that, able to download the sequence and analyse it in their own laboratories and their own computers,” Jones said.

“The Internet has had a profound impact on how this data has been shared and how scientists have collaborated.”

A short time later, researchers at the Atlanta Centers for Disease Control published the sequence of a coronavirus taken from another SARS patient.

The genetic coding for the two viruses were virtually identical, boosting confidence that the coronavirus was in fact the causal agent.

Now both sequences are posted on the World Wide Web for the benefit of researchers in many countries racing to find a reliable test for SARS, and a vaccine to prevent it.

Scientists say the speed of the decoding was amazing.

The first reports of the new disease came from China in November, and on March 13 cases were reported in Toronto and Vancouver. The sequences were posted on the net on April 15.

By contrast, it took years to identify the agents behind diseases like AIDS and hepatitis C.

Mel Crajdon of the B.C. Centre for Disease Control said all evidence points to the coronavirus as being the cause of SARS, despite some seemingly contradictory findings.

Earlier this week Frank Plummer, who heads the National Microbiology Laboratory in Winnipeg, said he was puzzled by the number of people who show evidence of the SARS coronavirus but not symptoms of the disease.

Crajdon suggested the apparent anomaly is due to imperfect understanding of how the disease presents itself, as well as lack of reliable tests for the presence of the virus.

“I’m not surprised by the results that have been obtained to date and I think that they will rapidly improve,” he said.

More than 5,400 cases of SARS have been diagnosed worldwide, with at least 394 deaths. In Canada, there have been 23 deaths, all in the Toronto area.

• - –

On the Net:

SARS sequences: http://sciencemag.org/features/data/sars

SARS data: http://aaas.org

SARS Comments: http://eurekalert.org

Tags: app, city, code, internet, sars, smtp, spam, thing, visit, weekend

NYT: Internet Is Losing Ground in Battle Against Spam.

‘We have allowed these spam cops to rise out of nowhere to be self-appointed police and block whole swaths of the industry,’ said Bob Dallas, an executive of Empire Towers, an e-mail firm in Toledo, Ohio, widely cited on antispam lists used by many Internet companies.

‘This is against everything that America stands for,’ Mr. Dallas added.

‘The consumer should be the one in control of this.’

Wow, way to shoot yourself down in flames. Without a spam filter to detect unsolicited bulk mail and differentiate from the solicited stuff from their friends and legit subscriptions, the consumer has control how, exactly?

BTW, Empire Towers have a very impressive ROKSO listing. It says: ‘Empire Towers (ET) is a hard-line stealth spamming operation whose spams are illegal in most US states. ET goes to elaborate lengths to hide spam origins and obfuscate URLs. They operate by obtaining multiple class C netblocks on multiple ISPs known for lax handling of spam complaints, the class Cs serving to make their account more valuable to the ISP so in theory harder to terminate.’

Tags: class, consumer, control, empire, ground, internet, losing, nyt, spam, towers

Jason Kottke: Portal Wars II: When Search Engines Attack. He makes a great point (from Robert Morris at Etech 2002): while advances on the internet are typically heralded as tech-driven, in fact they’re more often usability-driven. Examples:

Mosaic was not an advancement in technology over TBL’s original browser. Blogger is a highly-specialized FTP client. IM is IRC++ (or IRC for Dummies, depending on your POV).

Dead right. Good tech, without the rough edges sanded down, and a degree of comprehensibility, is useless.

Aside: I wonder if Robert Morris, IBM is any relation to Robert T Morris, the 1988 internet worm guy?

Tags: attack, engines, etech, fact, internet, irc, point, portal, search, wars

The Open Proxy Problem, a PowerPoint/PDF presentation shown at the Internet2 Members Meeting of April 9th 2003, by Joe St Sauver, Ph.D (Director, User Services and Network Applications University of Oregon Computing Center).

Well worth a read if you’re interested in network security or spam. Joe’s done an astonishing job of researching every angle of the issue, from historical comparisons to ‘blue boxes’ circa 1971, the status of proxy servers to the Chinese government, and even a statistical analysis of proxy DNSBL overlap. (BTW, did you know that the New York Times was broken into via an open proxy?)

Tags: april, internet, network, open, pdf, powerpoint, presentation, problem, proxy, sauver

Remote Sendmail Header Processing Vulnerability.

Attackers may remotely exploit this vulnerability to gain ‘root’ or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn’t need any specific knowledge of the target to launch a successful attack.

Sendmail versions from 5.79 to 8.12.7 are vulnerable.

Protection mechanisms such as implementation of a non-executable stack do not offer any protection from exploitation of this vulnerability. Successful exploitation of this vulnerability does not generate any log entries.

Great…

Tags: attackers, email, exploitation, header, internet, processing, protection, remote, sendmail, vulnerability

Slashdot posts a story about ‘Hacking the Streamium’ — the Streamium is an ‘internet micro hi-fi’ made by Philips. The poster writes ‘the main gripes (are) that Philips controls which Internet radio stations you can listen to and that the PC-link software … only runs on Windows. I managed to fix both of these problems by reverse engineering the PC-link protocol and writing my own pc-link server in perl, which can be run on practically any OS, *and* can trick the Streamium into playing any Internet MP3 stream that you want’.

A quick look at his page notes ‘the protocol consists of fairly simple xml tags’. It sure does; I’d imagine it took all of 5 minutes with a tcpdump reversing that! In fact, it looks so easy to reverse-engineer, you’d have to wonder if the engineers at Philips weren’t hoping something like this might happen ;)

Tags: hacking, internet, pc-link, philips, poster, protocol, radio, slashdot, story, streamium

BBC: High hopes for Everest cybercafe. ‘Tsering Gyalzen hopes the internet facility at Mount Everest base camp will open by March. Proceeds from the venture will support pollution control at the camp, which is used by climbers hoping to scale the world’s highest peak. Mr Gyalzen, a member of the Sherpa community, says launch plans for the ambitious project are in the final stage. He told the BBC he was awaiting permission from the authorities to install VSAT digital satellite and other equipment at the base camp, which is over 5,000 metres above sea level.’ How cool is that?

Tags: base, bbc, camp, cybercafe, facility, high, internet, march, tsering, venture

FTC to Hold Three Day Public Spam Workshop. ‘The Federal Trade Commission will host a three-day ‘Spam Forum’ Wednesday, April 30 through Friday, May 2, to address the proliferation of unsolicited commercial e-mail and to explore the technical, legal, and financial issues associated with it. The forum will be held at the Federal Trade Commission, 601 New Jersey Avenue, N.W., Washington, D.C. It will be open to the public and preregistration is not required.

A Federal Register notice to be issued shortly says, ‘To explore the impact that spam has on consumers’ use of e-mail, e-mail marketing and the Internet industry, the Commission will convene a public forum. E-mail marketers, anti-spammers, Internet Service Providers (ISP), ISP abuse department personnel, spam filter operators, other e-mail technology professionals, consumers, consumer groups, and law enforcement officials are especially encouraged to participate.”

Tags: commission, day, federal, forum, ftc, internet, isp, public, spam, trade

SiliconRepublic: Ireland second last in Europe for broadband. But I think regular readers will know that ;) ‘Ireland’s already shaky claim to the title European digital hub was looking even more risible than usual today, following the latest internet penetration survey, which shows us to be languishing in second last place out of 16 European countries in terms of broadband internet penetration. ‘

The usual story — with quotes from IO’s Dave Long — and that’s not surprising. I should imagine things will improve a lot this year, now that the ComReg seems a little more on the job, and eircom have halved their prices.

But the really interesting thing is this: ‘Among the survey’s other findings were that 7.5pc (12 million) of all European households now subscribed to a broadband internet service. 6.3 million customers signed up for broadband for the first time in 2002 — an increase of 55pc over 2001. … It further predicted that a further 7.2 million European homes will acquire broadband for the first time this year, bringing the total to 19.1 million or 11.9pc of total households.’

That’s excellent news, and wipes out the FUD put about by some telcos (guess which ones) that there just isn’t demand in the current market. Clearly there is strong demand throughout the rest of Europe — and there really isn’t much difference between there and here. In fact, if anything, I reckon there would be more demand here, based on the take-up of other high-tech accessories like mobile phones and games consoles.

Tags: broadband, claim, demand, internet, last, penetration, siliconrepublic, survey, time, year

Boing Boing notes that the SQL Slammer worm ’caused service outages at tens of thousands of Bank of America ATMs and wreaked havoc at Continental Airlines. Apparently, customers at most of the #3 American bank’s 13,000 automatic teller machines were unable to process transactions for a period of time.’

Does anyone else find it very scary to contemplate an ATM network connected to the internet, with a sufficiently open set of firewalls that a semi-documented Microsoftish SQL protocol can traverse as far as the ATM servers? Sure, it probably took a few hops, compromising a couple of SQL servers along the way, but each of the firewalls in question must have had that MS-SQL port open for those servers. Yikes.

Someone should teach those guys about network compartmentalization for security; something like an ATM network, where security is hugely essential, should never have a direct IP-based connection to the internet, no matter how many firewalls and gateways are in place.

Spam: NACS: Spam Detection. Great, Catherine’s new email system at UCI uses SpamAssassin. Nothing like getting bug reports from your SO ;)

On the other side, though, they’ve written an excellent set of pages on how to detect and act on the SpamAssassin markup in various MUAs.

Tags: atm, bank, boing, internet, network, security, set, spam, spamassassin, sql