Quick note: taint.org, and the other sites on the same host, will be down for somewhere between 30 minutes and an hour tomorrow, at 1000 UTC, as the host moves to a new datacenter (and a new IP address).
Handily, the host will also get a hefty RAM upgrade, which should improve matters the next time we get slashdotted ;)
(If you need to get in touch during the downtime, jmason at gmail dot com will be the best bet.)
Update: this is now complete.
Politics: EDRI-gram notes that the Firenze Linux User Group’s server was tampered with last month at its ISP colo:
On Monday 27 June 2005, two members of FLUG (Firenze Linux User Group) visited the data centre of Dada S.p.a., in Milan, where the community server of the group is physically housed, in order to move it to another provider.
When the server was put out of the rack, however, it was discovered that the upper lid of the server case was half-opened. At a closer inspection, it was also discovered that the case lid was scratched, as if it had been put out and reinserted into the rack. Worse, the CD-ROM cable was missing, as were the screws that kept the hard disks in place.
What is particularly worrying is that the server hosted an anonymous remailer, whose keys and anonymity capabilities could have been compromised. Considering what happened to Autistici/Inventati server - which hosted another anonymous remailer – this possibility is not so far fetched. This begs the question whether a co-ordinated attempt at intercepting anonymous/private communications on the Internet has been ongoing in the past weeks and months.
Bizarre goings-on.
Tags: case, edri-gram, firenze, group, lid, linux, politics, rack, remailer, server, user
Computing: mentioned in a Slashdot thread about green server farms — a page extolling the OpenVPS virtual-server software’s environmental benefits:
OpenVPS is good for the environment: a low-end server these days consumes no less than 200W. Given that typical servers run 24/7/365 this amounts (to) 1752 KWh per year. And because every joule of energy consumed by a server is transformed to heat, you need to at least double this to consider the air conditioning costs, which brings us to 3504 KWh per year. …
At some point this becomes an ethical question: If my CPU is 99.9% idle, is it environmentally (not to mention fiscally!) responsible of me to keep this server running?
Virtualization technologies such Linux VServer used by OpenVPS offer a very viable alternative. If the server acts and feels like a dedicated server, what difference does it really make if it’s actually virtual? Yet consolidating 30 physical servers into 30 OpenVPS accounts running on one (albeit power hungry) server would save over 100000 kWh per year. That’s as much energy as is consumed on average by 10 houses!
What an excellent point! The OpenVPS dev’s slashdot commment reveals another good demo of this –
# cat /proc/uptime 16000520.62 9482790.31
The first number is seconds of uptime, the second number is seconds spent in a CPU-idle state. So the server for taint.org, going by those numbers, has spent 59% of its time in a CPU-idle state — and converting fossil fuels to waste heat in the process…
Tags: computing, cpu-idle, energy, kwh, number, openvps, point, server, slashdot, uptime, year
Web: Slurpie – (another) distributed peer-to-peer downloading protocol (via HtP).
This looks pretty interesting; no special server is required, Slurpie can be used to download files from a HTTP/FTP server in a ’swarming’ fashion similar to BitTorrent.
However, Slurpie does require a central server of its own, which it needs to ‘know about’ somehow in advance, and that server will then know who’s downloading what. Not sure how you’d do that effectively; in this case, a .torrent-type file format that contains the ‘main’ file URL and a URL for the Slurpie server, might be more effective.
Tags: download, fashion, file, ftp, htp, http, protocol, server, slurpie, url, web
Names: Popbitch sez ‘Microsoft are just about to launch their new Windows Server 2003. The project manager who oversaw its development? Todd Wanke.’
Sure enough, it’s true. But that’s not all he did — he was also involved with the Windows 2000 Customer Love Team. No smutty jokes please, I’m being perfectly serious here…
Tags: customer, development, love, manager, microsoft, names, popbitch, project, server, sez, windows
Social: Next-Generation File Sharing with Social Networks. One thing — the central server is not actually required, as WASTE showed. Otherwise good stuff…
I have a feeling that whatever clients are built to implement social-network-based sharing will need a way to deal with a user being a member of multiple indepedent networks, where Network A has a policy that would not permit Network B’s users to connect, but User X is a member of both.
Tags: file, generation, member, network, networks, next, server, social, thing, user
Admin: So, taint.org has moved to a new server. With any luck, this message should show up there and get blogged…
Spam: Spamcop.net on securing MS Exchange systems against relaying. If you run an Exchange server that’s accessible from the net, this is a must-read. Summary:
Tags: default, exchange, iis, net, part, server, spam, spamcop, summary
Spamcop.net on securing MS Exchange systems against relaying. If you run an Exchange server that’s accessible from the net, this is a must-read. Summary:
Tags: default, exchange, iis, net, part, server, spamcop, summary
Security: Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:
BUCHAREST, Romania – It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.
‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.
Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.
One question: why was an internet-connected computer controlling the life support systems? eeek.
Tags: computer, contains, cybercrime, emerges, message, nexus, nightmare, scenario, security, server, south
Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:
BUCHAREST, Romania – It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.
‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.
Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.
One question: why was an internet-connected computer controlling the life support systems? eeek.
Tags: computer, contains, cybercrime, emerges, message, nexus, nightmare, scenario, server, south
Spam: I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:
First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’
Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.
Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery
if the first attempt fails.
There’s even buggy SMTP servers that do not support retrying, believe it or not.
(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)
Manual whitelisting == work == what spam filtering is trying to reduce == bad.
Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.
For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:
That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.
So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.
Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.
Tags: collate, mail, message, page, server, smtp, spam, update, verp, world
I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:
First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’
Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.
Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery
if the first attempt fails.
There’s even buggy SMTP servers that do not support retrying, believe it or not.
(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)
Manual whitelisting == work == what spam filtering is trying to reduce == bad.
Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.
For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:
That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.
So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.
Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.
Tags: collate, mail, message, page, server, smtp, spam, update, verp, world
Spam: SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.
Schemes similar to this — calling back to a sending server to verify that a mail was really sent via that host — have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:
I still like this style of system, I think, but in terms of deployability and simplicity, I’m supporting Sender-Permitted From for now — which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.
Another bonus of SPF is that it’s simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It’s not always easy in the anti-spam field to find a solution like that ;)
BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)
Tags: authentication, list, mail, message, pointer, schemes, sender, server, smtp, spam, spf
SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.
Schemes similar to this — calling back to a sending server to verify that a mail was really sent via that host — have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:
I still like this style of system, I think, but in terms of deployability and simplicity, I’m supporting Sender-Permitted From for now — which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.
Another bonus of SPF is that it’s simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It’s not always easy in the anti-spam field to find a solution like that ;)
BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)
Tags: authentication, list, mail, message, pointer, schemes, sender, server, smtp, spf
Spam: A nasty new development — spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)
This ROKSO file indicates one spammer’s modus operandi:
These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs – such as with ‘admin/admin’ – following a certain pattern and hoping to find a combination that lets him in.
An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.
MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.
Incredible. There’s no way at the SMTP/IP level to tell that this relay was compromised; blacklisting will definitely cause collateral damage in response; so content analysis is pretty much necessary, as far as I can see.
And in another worrying development: it turns out that the latest Outlook worm, W32.Swen, doesn’t bother trying to randomly generate usernames etc. or send via SMTP directly. Instead, it asks the user for their username, password and SMTP server!
Tags: account, admin, auth, mail, mdaemon, password, server, smtp, spam, username
A nasty new development — spammers are now exploiting closed relays to send spam, by brute-force attacking their SMTP AUTH interfaces. SMTP AUTH is a system used to allow legitimate mail server users to send outgoing mail securely, by authenticating them first. ( sample documentation here.)
This ROKSO file indicates one spammer’s modus operandi:
These relays were abused using SMTP AUTH. That is, the spammer supplied a valid username/password pair to the server, was authenticated, and therefore granted permission to send mail anywhere. Such attacks are therefore successful only when weak passwords are used. This spamhaus constantly scans the net to find abusable servers to use in subsequent spam runs. All brands of servers (sendmail, exchange, mdaemon, rockcliffe, etc) are equally targeted, as long as they support SMTP AUTH. The attacker tries several username/password pairs – such as with ‘admin/admin’ – following a certain pattern and hoping to find a combination that lets him in.
An analysis done in july 2003 has shown that a total of 276 combinations are attempted (of course new ones can have been added in the meanwhile): Usernames: webmaster, admin, root, test, master, web, www, administrator, backup, server, data, abc each with the following passwords: username, username12, username123, 1, 111, 123, 1234, 12345, 123456, 1234567, 12345678, 654321, 54321, 00000000, 88888888, admin, root, pass, passwd, password, super, !@#$%^&* as well as with a blank password.
MDaemon users beware! The account creation tool of recent versions of MDaemon defaults the password to the account name. If the default is accepted, the account will be open to be exploited by this spamhaus.
Incredible. There’s no way at the SMTP/IP level to tell that this relay was compromised; blacklisting will definitely cause collateral damage in response; so content analysis is pretty much necessary, as far as I can see.
And in another worrying development: it turns out that the latest Outlook worm, W32.Swen, doesn’t bother trying to randomly generate usernames etc. or send via SMTP directly. Instead, it asks the user for their username, password and SMTP server!
Tags: account, admin, auth, mail, mdaemon, password, server, smtp, spam, username
Many non-US-based broadband systems impose a download cap – a limit on how much data a customer can download in one month. In some of the Irish ISPs’ cases, it’s 3Gb of data per month, with hefty per-Mb charges after that.
Well, here’s something. I filter my mail for viruses and spam on my server, and divert the viruses off to a side folder. I just checked, and that folder contains 1 gigabyte of virus data, received since SoBig.F started up last week.
Given that most users don’t have a colocated server to divert their viruses on, and therefore would have had to download that 1 gigabyte of virus mail before their virus scanner got to take a look — that’s a hefty third of the download cap gone, due to a virus.
I wonder if Eircom, Telstra down under, and the other capping ISPs, will be giving their customers refunds as a result?
(BTW, by contrast, I only received 10 megs of spam.)
Tags: cap, download, folder, gigabyte, isps, mail, month, server, spam, virus
Joe St. Sauver’s excellent presentation on open proxies has been updated. Interesting snippet: Morpheus 3.2 – the filesharing app — is shipping with proxy support. P2P Networks Try to Throw RIAA Off Their Trail (AtNewYork.com):
Morpheus will offer its users the option of connecting to its network via a public proxy server (define). A proxy server acts as an intermediary between two Internet users so that one user does not know the identity of the other. Morpheus won’t be hosting the proxy servers but will instead direct users to a ‘worldwide network’ of public proxies.
iMesh apparently may also include this support, too, in an upcoming version.
Tags: app, morpheus, network, presentation, proxy, riaa, sauver, server, snippet, support
Tube Rules — lessons in London Underground etiquette. My favourite: don’t wear massive backpacks.
Dave Malone on broken time-sync software. It seems Tardis, the popular Windows time-syncing software, used HTTP to get a trustworthy timestamp. OK, that’s pretty bad — using TCP/IP against a webserver to try and get a usable time — it’ll be several seconds off in most cases, and is pretty suboptimal in general.
But at least they set up their own server, instead of glomming off someone else’s bandwidth and CPU, right? Nope — they used a server at maths.tcd.ie, along with only 2 others worldwide. And they used GET. And they didn’t send a User-Agent header. And the server wasn’t even a public time server since 1996 anyway.
All seems well now — Dave instituted a policy of returning ‘1999′ as the date, and hopefully everyone has noticed by now. ;)
Tags: etiquette, favourite, london, server, software, tardis, time, tube, underground, windows
‘Greylisting’, as described here, has received a lot of attention recently. However, I don’t think it’s a goer; here’s why:
Firstly, as Alan Leghart pointed out on the SpamAssassin-talk list:
This method proposes to delay EVERY SINGLE MESSAGE until a database match is found for sending IP, FROM, and TO. So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’?
Read his message for a sample typical daily scenario which shows how bad this can be. Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server. Even the 300Mhz SpamAssassin spamtrap server gets through mail faster than that, and it’s seeing an absurd mail load ;)
Secondly, many VERPing mailing lists and newsletters will need manual whitelisting. Requiring manual intervention == work == what spam filtering is trying to reduce == bad.
Thirdly, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.
IMO, ‘greylisting‘ would work fine until the spamtools start retrying, then we’re back to square one — except some legit mail takes a long time to get delivered, and the bandwidth wasted by spam has doubled due to all those retrying spams.
Tags: attention, firstly, goer, greylisting, lot, mail, message, server, spam, world
Myself and Ronald F. Guilmette co-wrote an advisory on vulnerabilities in FormMail. Here it is, archived from RFG’s bugtraq posting:
Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9
By manipulating inputs to the FormMail CGI script, remote users may abuse the functionality provided by FormMail to cause the local mail server on the same (web) server system to send arbi- trary e-mail messages to arbitrary e-mail destination addresses. Such e-mail messages may contain real or forged sender e-mail addresses (in the From: headers) entirely of the attacker’s choosing. In some cases, the envelope sender addresses of such messages may also be set to arbitrary values by the attacker.
I helped with a few cases where FormMail is vulnerable here, namely the injection of newlines attack.
When this came out, I was in Australia, packing in preparation for a month-long camping trip around Victoria ;) The Lake Catani campsite at Mount Buffalo was amazing. (whoa, compare that page with this e-commerce monstrosity — urgh)
Tags: advisory, anonymous, attacker, bugtraq, formmail, mail, myself, rfg, sender, server
I’ve just fixed my desktop machine (had to buy a new CPU, unfortunately, after the old one died during shipping).
I then upgraded to Red Hat 9 (woo, very nice), switched to KDE for my desktop, and took a look at software suspend (because the machine is too noisy to leave on permanently in the corner of the living room).
However, the latter won’t work with my video card; instead, the machine reboots continually when resuming from suspend. Problem.
A bit of thinking about the problem came up with a nifty solution… I’d heard of folks using a VNC server for their main desktop, in order to connect to it from any machine they found themselves near, and not be ‘tethered’ to one particular desktop machine. The same system also means I can run my desktop with a virtual display, and just ‘connect’ to this from the real one. Then, when I want to suspend, I can just kill off the X server, suspend, and start up a new one after resume.
If you’re curious about how to do this, read on…
From: Justin Mason
Subject: setting up a VNC desktop
Software suspend won’t work with my video card; instead, the machine reboots continually when resuming from suspend. Problem.
A bit of thinking about the problem came up with a nifty solution… I’d heard of folks using a VNC server for their main desktop, in order to connect to it from any machine they found themselves near, and not be ‘tethered’ to one particular desktop machine. The same system also means I can run my desktop with a virtual display, and just ‘connect’ to this from the real one. Then, when I want to suspend, I can just kill off the ‘hardware’ X server, suspend, and start up a new one after resume.
First, install xf4vnc. This gives you a VNC server that can use the ‘Render’ extension, and therefore display anti-aliased text efficiently. Installation of this is a bit of a manual job, unfortunately, since the author hasn’t actually packaged it in any way. Not too hard though; just 3 copy commands; I don’t think you actually need any files apart from the two in the xf4vnc-linux-i386 group.
Create a file called ~/.xserverrc containing:
:: /usr/local/bin/Xvnc-xf4vnc -depth 16 -geometry 1152×864 -deferupdate 10 :0
Best to make the depth and geometry match your current display.
Next, create a script called ~/bin/x containing:
:: #!/bin/sh
:: X :1 &
:: sleep 4
:: vncviewer -compresslevel 0 -quality 9 -fullscreen -display :1 localhost:0
(ie. start an X display on :1, then display vncviewer to that display.) Don’t forget to make it executable with chmod.
Now, close your current X desktop, return to the console, and run startx to start a new one. This won’t display; instead, it’ll run GNOME/KDE/whatever using a virtual framebuffer. CTRL-Z and bg that process.
Run the x script. It’ll connect to your virtual desktop. That’s it!
You can now hit CTRL-ALT-Backspace to your heart’s content. When your display is killed, the applications and desktop remain untouched. When you rerun the x script, it’ll reconnect and nothing will have changed apart from the mouse pointer position. In fact, I just restarted my X server halfway through that sentence ;)
Have fun!
Tags: bit, desktop, display, machine, problem, resume, server, software, solution, vnc
reStructuredText is apparently the new wave of text-based markup – in the Python community at least. ;)
It’s basically a reworking of Zope’s StructuredText, which — like my own EtText, which is what this blog is written in — is itself a reworking of Setext. Setext is an old Amiga smart-text format which I first encountered in the Plexus web server back in 1993. Plexus, BTW, was what HTTP server number 70-something ran.
It’s interesting. I’d been considering modifying EtText to use some StructuredText ideas, such as indentation indicating tag-nesting levels. But it looks like reStructuredText has got rid of that idea, and instead does what EtText does: ie. indentation indicates quoting. So it must have driven someone up the wall in that case.
There’s a reStructuredText primer here. Compare with EtText’s quick intro. (gack, what is that font I’m using there? ;)
Still, a few other nice ideas to steal ;) — I like the idea of ending the paragraph with colon-colon to indicate that the next quoted block is a code sample in monospace format. hmm…
Tags: ettext, format, idea, indentation, plexus, restructuredtext, server, setext, structuredtext, wave
Rottenflesh.net, a piss-take of Freshmeat.net (found via Sweetcode).
About: openJ-GNU is a web secure server that quickly generates backgrounds. It uses mv for menubars. openJ-GNU generates user-interfaces.
Changes: openJ-GNU 3.24.7 enhances robustness for sites that also use newGeekNr. It also was rewritten in Tcl and patches a remote root bug in configuration. One of the developers was sacked. It also compiles.
Tags: bug, freshmeat, newgeeknr, root, rottenflesh, server, sweetcode, tcl, use, web
it looks like the the latest internet worm is making the rounds, and this one’s a biggie. It’s been dubbed ‘SQLSlammer’, since it hammers on the Microsoft SQL ports, attempting to exploit yet another commonly-unpatched 7-month-old MS vulnerability. The best bit: it uses UDP broadcasts to do this, so the traffic load is massive compared to previous worms, so there’s lots and lots of backbone hosage as a result. Coverage:
Quick fix: update those router filters to deny all traffic, both UDP and TCP, on port 1434. (you shouldn’t need to update the firewall filters of course, because nobody’s stupid enough to allow access to open-internet MS SQL traffic, right? ;)
Tags: biggie, internet, microsoft, server, sql, sqlslammer, traffic, udp, vulnerability, worm
Some folks reckon that mailservers should have reverse DNS — in other words, that the SMTP server should have a fully-valid forward-to-reverse mapping for its address, to cut down on spam and forgeries. All well and good.
Some other folks reckon that filtering on it is therefore a good way to cut down on spam.
It’s a nice idea, apart from 2 things:
filtering based on this suffers the same problem some DNSBLs have: a false positive hurts the user, rather than the person who is at fault; also the user is virtually powerless to fix it.
the correlation between spam and missing reverse DNS is no longer as strong as it used to be, as far as I can tell; spammers know they should pick a relay or proxy with a reverse DNS entry to get through filters, and as it becomes a requirement for relaying in general, more hosts have this anyway (regardless of exploitability or not).
Tags: address, dns, idea, mapping, reverse, server, smtp, spam, user, way
ICAP-server, an (imaginatively-named) daemon which implements ICAP. This seems to be a transcoding proxy server; in other words, it will convert HTML content on the fly, while you browse.
ICAP itself seems to be a protocol for rewriting HTTP responses; in other words, it allows a proxy server to include a small snippet of ICAP client code, and call out to an ICAP server to do the rewriting. Nifty.
Sounds like this could be very handy for low-bandwidth situations; use ICAP to “downshift” web pages into low-bandwidth versions. For example, banner ads can be trimmed out, heavy images converted to small, low-quality JPEGs, etc. One to watch (or help out with).
Ericsson used to have a commercial product which did something similar, but I can’t find it now…
Tags: content, daemon, fly, html, http, icap, icap-server, protocol, proxy, server
The weblog of Justin Mason; incoherent ramblings about Apache SpamAssassin, anti-spam, perl, software development, and the web, from an Irish software developer.
The opinions expressed on this web site are my personal opinions, and do not in any way represent those of my employer.
