Brews you can use

I finally got around to cleaning my draft lines and taps after <mumble> months, probably over a year. I don’t know whether to be gratified by what came off/out of them, or horrified that I was drinking stuff that passed through, near, around — within the same zip code — as it. Shudder. The beer and cider tastes much better now, although that may be psychological.

I’ve got to get around to doing that more often.

While I was at it, I put the brown ale I brewed on 9/8 on tap. It was still warm and this time overcarbonated, but otherwise very drinkable. I think I’ll be enjoying this one tomorrow evening when it finally cools down. I also racked a stout that I brewed on 9/23.

And now I’m having a little toast. Some petrus oud bruin that’s been sitting in my fridg^H^H^H^H^Hcellar for a year or so. Quite good stuff.

I poured it, and sat down to write this post, when I noticed some of my spam alarms were going off at work. Bugger. Well, I guess I get to celebrate some beer progress with a bit of spam killing while I’m at it.

So, I work on a presentation off and on for a few weeks. It’s to a bunch of engineers I don’t know, trying to introduce them to e-mail concepts, internals, basically “how it works” stuff. Second nature to me. I’m a bad public speaker, so that’s a bad sign.

Worse, I’m phoning it in. Everyone listening (and the guy shuffling the slides ’cause I couldn’t get netmeeting to work in time…) is also on the phone. Only I’m off mute. No natural human interaction or feedback.

It’s supposed to be an introduction. I get into micromachine man mode, and blow through the material, in a 45-minute uninterrupted ramble.

But the worst came when I was talking about spam.

(NSFWWCFFW — [not safe for work web content filtering firewalls] stuff behind cut….)
Read the rest of this entry »

The week began on a somewhat amusing note, with one of the morning’s spams starting off with:

Forward-looking companies invest in total administrative alignment. Indeed, another optimal power drill hardly pours freezing cold water on another tuba player.

How personalized….

Some days, it just doesn’t pay to turn the old brain on. Trying to make sense of things is the quickest path to insanity. Raging, blubbering, ululating, bloody, squirrel-butchering insanity.

But enough about work…

As a longtime advocate of free software, free operating systems, and (in a pinch) Macs, it occurred to me that I hadn’t been driven into a good lather over Microsoft in almost 5 years. Quite the feat, probably a record for me since I switched from DOS to Unix around 1992-1993. That streak ended today.

As I see it, Microsoft is partly responsible for about 80% of the spam on the Internet. It works roughly this way:

• Microsoft sells desktop OS software with multiple exploitable server programs turned on by default.
• They then encourage people to connect this monstrosity to the Internet.
• Vulnerabilities get exploited, and used to install programs that scan other computers for vulnerable services. As a result, any Internet connected machine will probably get probed by such a program every couple minutes. The usual “time-to-0wnership” given by security researchers is on the order of 15 minutes. Connect to the Internet to download the new service pack? You’ll probably be exploited before it downloads.
• These programs can usually be instructed to act as a proxy, often for sending spam or performing click-through advertising fraud. In theory, they can be instructed to do anything up to and including melting down most of the Internet as we know it, and are often used to steal credit card numbers, passwords, etc. and host phishing sites, but we’ll keep focused on spam here… of which these infected machines send 70-80%.

It gets even scarier. Windows box running slower than usual? It’s probably infected with multiple such programs doing god-knows-what. Anti-virus programs help some, but the malware authors can trivially evade these by re-encrypting their code, so some currently in-the-wild worms can only be cleaned by a format and reinstall, after which the machine is back to its initial, vulnerable state waiting to get reinfected.

Windows is by far the most problematic OS for this sort of thing, but similar programs target UNIX and MacOS X hosts with insecure PHP scripts (e.g. old versions of Wordpress [kick me]) or guessable passwords. Unlike these, though, a networked Windows box should probably be treated as suspect a priori.

So, you’re Microsoft, you’ve unleashed this mess on the Internet, there are a few things you can do to help. For example, you could work with anti-spam efforts, and put your considerable weight behind best practices such as port 25 filtering, mail server rate limiting, etc. that take a huge bite out of spam at the source. You could also use your control of practically every PC user’s desktop to include some educational materials, informing them that the Internet is a very dangerous place, and as a result, they will need to explicitly enable and limit access to any services they wish to run.

Or you could engage in plain old PR, organizing useless conferences every year, appropriating a poorly thought-out fad (e.g. SPF) as your own, and trying to force its adoption so it looks like you’re doing something about spam….

To be fair, Microsoft seems to be somewhat involved with the former, but keeps a very low profile. The big push, PR, and Microsoft name are behind “Sender ID”, a Microsoft-rebranded SPF which will do nothing to combat spam, much less the spam zombies Microsoft helped create.

What a waste. Microsoft is powerful enought that if they had put their muscle behind something that worked instead of this (at best) distraction, we might actually have eradicated most spam by now.

I have been scouring the internet for code for extracting URLs from e-mail for the purposes of spam filtering. There’s not much out there that isn’t proprietary, written in perl, or defeated by relatively simple obfuscations. I’ve been thinking of writing my own, but one look at what I’m up against Is almost enough to make me scream, run away, and “just hit delete” for a while…
Read the rest of this entry »

Yesterday morning, I got an e-mail from the author of the DCC (a collaborative anti-spam system) inquiring about this graph:

(click for bigger graph)

(original here, with some more context) asking if I had made any configuration changes recently. This graph corresponds to the number of messages being reported to the DCC as spam/bulk, and the uptick was mostly reports from the mail servers at work.

After a bit of digging, we figured out that this was a result of us enabling URL-based blocking with DCC, which results in each blocked message being reported as a spam message. This test is blocking and reporting a couple million spams per day to our users, but other graphs show a concurrent uptick in blocked/trapped spam corresponding to roughly 30-40 million more spams blocked per day, mostly (if not completely) due to our reports. Cool!