My hosting company are trialling a central spam blocking option on my domain. Actually it is a marketing exercise to get me to buy it but it was interesting enough to accept. It is a reputable system using Barracuda which incorporates a rule based algorithmic scoring system with user whitelisting and blacklisting plus, after a while, a Bayesian component. It is all web based and quite easy to use and seems to be effective.
The reason I won’t be continuing after the trial is that I now get as many “quarantine” messages from the system as there used to be spam and I have to read them. The reason is subtle and one that they didn’t think of.
One of the “features” of own-domain email is that you have the potential of a nearly infinite number of email addresses. The hosting people encouraged this by providing a “nobody” facility—a mechanism that sends any mail for which there isn’t a designated box or alias to a single address. I exploit this by giving every (organisation) that I deal with a unique address when I sign up; e.g. for mailing lists, payment accounts etc. That way I can tell if they forward it to “partners” or sell their address list. It has only happened to me once but was useful to prove the case.
A side effect of this is that if a spammer does a random name type of attack then I get it all in my inbox, not a huge amount but enough to notice. Unfortunately the new spam block system doesn’t recognise this so opens a quarantine management box for every new address it sees and sends me a summary and a password for it.
What it ought to do is activate the forwarding rules BEFORE processing the mail, then I would only get one box for the whole lot and it would start to get a significant amount of data for the Bayesian algorithm to kick in—but I can’t convince them of that so I will continue to process my own spam. Popfile is good enough and there is no bandwidth problem.
Central Spam Blocking
20 Oct 2006 12:08 by Rick
Hasta la Vista?
11:44 by Rick
Eyeing the much delayed but imminent Windows Vista operating system you might think that Windows XP was dead but you would be mistaken. It still has life and Microsoft even has plans for an upgrade. SP3 is currently scheduled for mid 2008 (recently delayed—but MS is synonymous with delay). From the previews I can’t see much that is attractive about Vista from an upgrade point of view. Many of the features seem to be cosmetic for initial impact and first sale. Perhaps when software starts to exploit the underlying features rather than just stick the logo on the box then it may make sense.
Incidentally, I think I would need a new machine by then because this one has already been upgraded rather a lot; same old machine just new motherboard (died), cpu (oomph), memory (twice), ME to XP to SP2, power supply (died), screen (dying) and graphics card (soon). What we call around here a “wheels only upgrade” except that it was done piecemeal.
Wot no Printer!
19 Oct 2006 15:26 by Rick
There are some systems that you put in that have no direct access to a printer; our new church projection system is an example. But some software reports need one to be used effectively. If the software has thought of this in advance then they will have provided a file output option so you can take it away for printing elsewhere but if not then you are a bit stuck.
EasyWorship is an example. It provides options to print the schedule either in detail for those that need a paper copy, or summary as a crib sheet for the leaders. It also provides song usage statistics and database reports the same way; but if you have no printer you can do little more than read the screen.
There are two solutions to this dilemma; There is some free software called CutePDF which allows you to “print” from any application to a PDF file. This preserves all the layout and style as if it went to a high function printer. The second is built into Windows XP; the “Generic / Text Only” printer. This is very easy to set up and produces a plain text file from a text print. Not pretty but very useful if you want to manipulate it further.
Water works
17 Oct 2006 09:38 by Rick
One of the news items on the radio this moring was a report by the Institution of Civil Engineers which said that to ease the water shortage in the South-East, water waste (sewage) should be processed to the standard of drinking water and re-enter the system.
Is this new? It was a common saying in London when I grew up that the Thames passed through five pairs of kidneys before it reached the sea.
Comments
16 Oct 2006 18:35 by Rick
I have decided to relax the requrements for commenting on this blog a little. My experience with Akismet spam blocker has been very good so I have adjuusted the options so that there is now no requirement to register and login first. I will review this in a couple of weeks and see how it goes.
IE7
18:24 by Rick
In case you haven’t heard, Microsoft are about to release Internet Explorer Version 7 to the world—I am not exactly sure when. Anyway, they are so keen on it that, soon after it becomes available, they are going to push it out as a “fix” on Patch Tuesday like the monthly security repairs.
My opinion, for what it is worth, is that the average user should resist installing this for a while to give it a chance to settle down. Many web sites will not be prepared for the changes. I have not tested it yet because I don’t want to install a pre-release version onto my only working computer, so I haven’t tested and adjusted my web site for it. I expect there are many people in the same position. Give it a few weeks for the gremlins to be worked out and see what the press is like before committing yourself. This is the same even if you use an alternative browser; a surprising amount of internal Windows relies on Internet Explorer, not the least of which is Windows Update.
Of course, if you are configured for automatic updates then you will need to turn this off and set it for notify-and-manual-install for a while so you don’t wake up one day and find it has just happened.
We’ll all be Irish soon
10 Oct 2006 17:50 by Rick
Ian Graham makes an interesting point in a comment on Robin Wilton’s Post “Is this a news story?”
The Irish don’t have ID cards and their government has said that they are not going to have them. And if you’re Irish, you don’t have to carry a passport in the UK. Nor do you need a work permit (as Ireland is in the EU). So anyone from anywhere who wants to get a job in the UK without showing ID will simply say “I’m Irish”. End of story.
Managing passwords
6 Oct 2006 14:21 by Rick
The prompt for this post came from an unlikely source. Taking passwords to the grave (via Bruce Schneier) which talks about the problem of accessing a person’s assets after they are gone. We will come to that at the end.
My problem was an ageing memory and dozens if not hundreds of passwords to remember together with other important information. This had to be kept securely but readily accessible, even when away from my desk. The solution I came up with is as follows.
- Store all of the passwords and related information in a database. I chose one that is designed for the purpose and had a good encryption scheme. This is PINS. It is a freeware product which seems to have minimal support but it works well so no matter. The encryption is blowfish and it comes with a useful random password generator.
- Put the database and the software on a USB flash drive. To some extent this steers the selection of the software above because it has to be capable of running without being installed on the PC. It does however limit it to the Windows platform.
- Take regular backup copies of the database. To do this I use “Pen Drive Manager.” This is not free but very low cost. What it does is every time you plug in your flash drive it synchronises it with a copy on the PC hard drive. I run a copy on my home machine and my office machine so I have two backup copies of the database at all times.
To run this successfully you must make sure that the database that you update is always the one on the flash drive so that it is the master copy. I install a copy of PINS on each machine for convenience but you don’t have to. Also you must have a good password for the encryption of the database. Once you have got it running, all you need to remember to do is update the database copy of the passwords when you change them in real life. Of course the password you cannot store on there is the password to the database itself. You don’t even have to remember the passwords to get into your own PCs because, if pushed, you can borrow someone else’s, plug in your flash drive and run the copy of PINS loaded on there.
If I forget my flash drive, firstly, PINS locks down after a few minutes so no one can access the database. Also I can still access the passwords on the other machine by pointing at the backup database. All I have to remember to do is not update anything and also switch it back to the portable copy as soon as possible. If I lose the flash drive completely then not only is it secure but I have all the information I need to recreate it.
You don’t have to just have passwords in the database. I have network configuration details, software activation keys, credit card numbers and PINs, web upload addresses, and any other information that I mustn’t forget. There are a couple of minor bugs in the software but nothing to stop me using it which I have for over two years now.
And back to the problem that prompted the post. Give your executors a copy of the database password, perhaps in a sealed envelope (and some instructions). This will give them access to all your other passwords and the further instructions and information on the database. That way, if you are lucky, your web site will be kept online containing your life’s work, they will be able to access your email and online banking accounts and anything else they need to manage your estate. Of course if you want to take anything to the grave with you, then keep the password somewhere else.
4tell
4 Oct 2006 11:23 by Rick
I want a phone service (mobile or land line) that tells me what a call will cost before I make it. Is that too much to ask?
Oh, and when abroad, tells me what an incoming call will cost me before I answer it.
In my opinion the providers are currently in breach of contract by not doing this. It is not enough to provide a published list of tariffs unless there is some way to relate a charge to each call in advance. How can I tell what operator that 078… number belongs to so I can look it up on the tariff chart?
Dodgy NZ stamp dealing
2 Oct 2006 22:29 by Rick
When these stamps were first announced in May for release 7 June, my first thought was “eek,” they’re horrible. A sort of cross between Pocahontas and Lara Croft. Therefore I was not at all surprised to get a letter in June (dated the 2nd) to say that they were not to be released, mostly due to the objections from the Maori community.
They said that “as the stamps have not been released the stock is accounted for and will be destroyed.” Well why does the Len Jury auction catalogue that I have had today have them on the front cover, and a lot consisting of a full set—estimate 13,500 NZD? I would say that, from the accounts of the Post Office, that these stamps have been stolen and the auctioneer is handling hot property. They say “original invoice copy to vouch for authenticity” but that doesn’t mean anything. I would strongly recommend that no one buys these. The “teddy bears” fiasco from some years ago was bad enough, but this is just too blatant.
Update: I think I may have been a bit harsh on the dealers. It looks like NZ Post made one almighty foul up yet again and sold some copies by mail order before the official release date. Len Jury assures me that the invoice they have is from NZ Post. Even so I would not regard these as collectable by mainstream philatelists as they were withdrawn before the release date and hence not valid for postal use. There is some debate about whether NZ Post can order their recall from customers but I doubt it, as it was their blunder in selling them in the first place.
Webmaster