Month: November 2004

humour

fontographer humour

Still can’t decide whether this is awful or funny? I’ll put it to the gallery..

Two fonts walk into a bar and the bartender says, “We don’t serve your type here.”
So the two fonts went and called the SERIF.
So, the fonts returned SANS SERIF, but they brought with them DEPUTY VETTICA. The deputy started to heavily quiz the bartender, and the fonts yelled, “Give ’em HELVETICA!”
The serif was finally located. He was around the BLOCK, reading the TIMES.
Now you may think the deputy’s name sounds Czech, but actually it is ITALIC.

technology

Putting the brakes on spammers

Post author By shaned
Post date November 9, 2004
No Comments on Putting the brakes on spammers

Pulled this off benezedrine.cx. It a tasty, easy to replicate mechanism for dealing with spammers, safe in the knowledge that you’re slowing down their grubby, stinking little operations in the process. As most spammers get paid by volume this reduces the money they make from slowing down the internet, helping to spread viruses and generally being complete assholes. The author advocates the creation of a tarpit using spamd which is basically an MTA which keeps SMTP relaying connections open but slows responses down to a C-R-A-W-L… Throw in the use of spamassasin for some dynamic spam detection together with the creation of a blacklist for tarpit redirection using information from an authoritative site like spews.org and you have a reliable system that kicks the majority of spammers where it hurts. The original text is shown below.
To quote Bill Hicks: “just trying to plant seeds”

Introduction
I don’t like getting spam. The problem is not detecting it automatically, that works very well with tools like SpamAssassin and bmf . Even though I can automatically delete spam without reading it, the spammers still successfully deliver their mails and get paid by volume. I want to hurt them. They should not be able to deliver their mails, and waste as much of their resources as possible attempting to do so.
Tarpits
Tarpits like spamd are fake SMTP servers, which accept connections but don’t deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a ‘temporary error’ code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in his queue and retry again later. If he does, the same procedure repeats. Until, after several attempts, wasting both his queue space and socket handles for several days, he gives up. The resources I have to waste to do this are minimal.
If the sender is badly configured, an uncooperative recipient might actually delay his entire queue handling for several minutes each time he connects to the tarpit. And many spammers use badly configured open relays.
Obviously, I only want known spammers to get connected to my tarpit instead of my real MTA.
Blacklists
I can use an externally maintained list of spammers like spews.org to redirect senders to the tarpit selectively. But such lists may be either to slow to include new spamming hosts, or too aggressive for my taste. Some blacklists will not only include single hosts, but entire networks that contain a single spamming host, willingly hurting innocent customers of an ISP to pressure the ISP to terminate the spammer. The blacklist maintainers document such policies, and if I agree with them, it’s my decision to block mail from such networks by using their blacklist.
But even if I’m comfortable with blocking mail from innocent bystanders and use the most aggressive blacklists combined, there will still be spammers getting mails delivered to me through newly discovered open relays. Those spam mails will of course be detected by my spam filters, so I’d like to use these IP addresses to build my own blacklist.
Building my own blacklist
Assume I have the following procmail configuration in place to detect (and file) spam:
:0fw | /usr/local/bin/bmf -m maildir -p :0: * ^X-Spam-Status: Yes in-x-spam
:0fw | /usr/local/bin/spamc :0: * ^X-Spam-Status: Yes in-x-spam
Each incoming mail is piped through the two spam detectors. If either one of them classifies the mail as spam, the message gets stored in a separate file. I could delete them instead, but I might want to check the mails for false positives every once in a while. Once the classifiers are tuned right, there will be almost no false positives, and almost all spam is detected. I’m reaching 99.95% accuracy here, with maybe 0.01% false positives, which is fine for me.
Analyzing Received: headers
I’m using one additional tool, relaydb , to build a database of all hosts that send me mail. This is done after the classification by the spam detectors, so I can tell the database whether the sender was sending spam or legitimate mail.
I add the following parts to my procmail configuration:
:0fw | /usr/local/bin/bmf -m maildir -p :0c * ^X-Spam-Status: Yes | /home/dhartmei/bin/relaydb -b :0: * ^X-Spam-Status: Yes in-x-spam
:0fw | /usr/local/bin/spamc :0c * ^X-Spam-Status: Yes | /home/dhartmei/bin/relaydb -b :0: * ^X-Spam-Status: Yes in-x-spam :0c | /home/dhartmei/bin/relaydb -w
So, detected spam gets piped through relaydb -b (blacklist), and legitimate mail through relaydb -w (whitelist). Note that only copies of mails get piped through relaydb, the program never modifies or drops a mail. All it does is build a database of hosts that sent me mail, counting spam and legitimate mail from each one.
relaydb traverses all Received: headers in a mail from top (nearest relay) to bottom. It only acts on valid numerical IP addresses in [] brackets, which is the only reliable part. And it’s only reliable when I trust the previous relay in the chain, as spammers often add fake Received: headers. So relaydb starts with the top-most relay in the header and consults its database to see whether it is a known host, and if so, whether it sent me legitimate mail before. If that’s the case, it increases the respective counter (spam or legitimate, as told through the -b/-w option) for that host and continues with the next relay found in the header. If the relay is a known spammer, traversal ends, as further headers cannot be trusted.
After I run this setup for a while, relaydb has built both a blacklist and a whitelist. One important detail is that a legitimate mail has more weight than than a spam mail. I regularly receive spam through mailing lists. Of course, I don’t consider the mailing list server a spamming host. Yet, each spam I receive through it will increase the spam counter for that server. Therefore, relaydb only reports hosts as blacklisted when their spam counter is at least three times as high as the counter for legitimate mail (and the factor can be adjusted, of course). So a relay doesn’t get blacklisted as long as it sends me legitimate mail to compensate for spam it sends, which covers mailing list servers. But if I get a spam from a host that never sent me anything before, that will cause it to get blacklisted immediately (1 >= 0*3).
Completing the puzzle
Now I’m building my own blacklist, based on the evidence I’ve seen myself, classified by my own spam detector configuration. The only politics involved in someone getting blacklisted are my own, I don’t have to trust a third party to make fair decisions.
And I use this blacklist to redirect hosts to the tarpit, using pf and some cronjobs:
$ pfctl -sn rdr inet proto tcp from to any port 25 -> 127.0.0.1 port 8025
$ relaydb -lb | pfctl -t spammers -T replace -f -
This requires a recent OpenBSD -current system.
Instead of just loading the relaydb blacklist to redirect to spamd, I could combine it with spews. Or I can use the whitelist to prevent hosts which have sent me legitimate mail before from getting redirected to spamd due to a spews listing, etc. There are many interesting combinations.
And how well does it work?
I’m getting several dozen connections redirected to the tarpit per hour, and most peers waste about ten minutes per connection, and retry several times, for multiple days. The impact on my own resources is minimal.
Best of all, I regularly get spam through a mailing list and the sender (not the mailing list server!) gets blacklisted. Then the same spammer connects to me directly, too, as it harvested my address like the one of the mailing list. And it gets stuck in the tarpit. For long. And many times.
Remember, I’m doing all of this not to reduce the amount of incoming spam. That gets detected and filed very reliably, anyway. The sole purpose is to hurt the spammers. And I’m thoroughly enjoying watching my spamd log now, as I’m perfectly sure that each of those connections comes from a spammer who has spammed me before.
“Spam me once, shame on you. Spam me twice, shame on me.” 🙂
If you have questions or comments, write to daniel@benzedrine.cx . And all you spammers harvesting email addresses from pages like this, please spam me. My trap is awaiting you.

Thanks to benzedrine and fif3. Also thannks to my mate Kieran for pointing me towards the original link. Cheers!

philosophy

Text v Speech

Following a recent conversation with some friends about how easily the written word can be misinterpreted I started thinking about the implications of this in world where increasingly communicate using emails, text messages and other forms of textual communication. Communication is a risky but worthwhile business! In Neuro-Linguistic Programming-based counselling the subjectivity of most communcation is demonstrated by the asking the client to think of some simple illustrative phrase like “the cat sat on the mat”. The therapist may then ask the client to describe cat, mat and their environment. It quickly becomes obvious that we appreciate to differing extents the biases within our interpretation of even a simple phrase. In person-to-person spoken communication we consciously and subconsciously ignore a whole range of possible interpretations by trying to focus on the emotional intent of the other person. Are they lying? Do they have my best interests at heart? Was that an insult? (if it was I don’t want to get them to repeat it and give them the chance to insult me again!). Several perceptive friends of mine have referred to a peculiar property of email we call “emotional amplification”. This is a property of email relating to:

Speed of communication. Many emails, particularly those used in professional communication are sent with the expectation that the subject matter will be understood and acted upon, upon receipt. Therefore there is pressure on the author to convey logical and emotional intent of the message immediately. Conveying emotional intent immediately (like “this is EXTREMELY urgent”) can lead to overstatement
Its half-duplex nature. You don’t get immediate feedback to each point so a long email that expresses many points can find itself in an emotional cul-de-sac where the reader becomes more and more irritated with each point.

With text messages this becomes exascerbated by the enforced brevity of a 160 character limit. The reader has first to decode txt spk or “text speak” and then must try to interpret what the intent of the message was. Chances are the writer has left much unsaid in an attempt at brevity. There are definitely many many conversations that should not be carried out over text messages. In general, anything where conveying emotional intent in a complex situation is vital shouldn’t be sent using text.
This problem was noticed at the inception of the internet and smilies were created to denote emotional intent. These appear fun to users of IRC and Instant Messaging but their purpose is quite serious. Preventing or defusing potentially damaging situations by conveying emotional intent symbolically. Other attempts to do this include Prosidic Font. Prosody is the ‘song or rhythm of everyday speech”. Prosidic font was an MIT project which encoded prosody (temporal, dynamic and emotional nature of speech) using a specially developed font. This is useful because
Research into emotion and speech has found that people can recognize affect with 60% reliability when context and meaning are obscured
I’ll leave you with a comment from the famous Canadian communications expert Marshall McLuhan:

When most words are written, they become, of course, a part of the visual world. Like most of the elements of the visual world, they become static things and lose, as such, the dynamism which is so characteristic of the auditory world in general, and of the spoken word in particular. They lose much of the personal element…They lose those emotional overtones and emphases…Thus, in general, words, by becoming visible, join a world of relative indifference to the viewer – a word from which the magic ‘power’ of the word has been abstracted.
Marshall McLuhan in The Gutenberg Galaxy (1962), quoting J.C. Carothers, writing in Psychiatry, November 1959.

films

Holding out for Hero

The chinese martial arts movie “Hero” has just been released in Ireland. Entertainment Ireland have a brief review here
I must confess I thought it was a wonderful movie. I’ve read quite a few reviews that compare it unfavourably with “crouching tiger, hidden dragon” but I disagree. Also my immediate memory of “crouching tiger” doesn’t permit me to make a direct comparison but my first impression is of a movie that I liked far more. Overly worthy perhaps but satisfying all the same.
The plot goes a bit like this.

For over a decade the King of Qin has lived in fear of assassination from a trio of powerful warriors in the unconquered regions. This time has come to an end with the arrival of Nameless, a middle-ranking official in his kingdom, who brings news that he has defeated them all. As Nameless claims his rewards in the presence of the King he relates his story of how he defeated the assassin Sky and used the love between Broken Sword and Flying Snow to defeat them. However the King questions some of the things that he is being told

I won’t tell you any more about the plot, instead urging you to see the movie.
However I read quite a few reviews of the movie that would have dissuaded me from seeing it so I’ll use this opportunity to say why they’re all wrong, the critics misguided and why in my not-so-humble opinion it’s near perfect.
All the critcs agree that this film looks absolutely fantastic. The cinematography is inspired. A colourful cavalcade of sweeping shots, lithe balletic movements and bold, dramatic scenery. And that’s just the first 10 minutes. So many hollywood directors could learn from Yimou Zhang’s masterful integration of light and sound, colour and contrast to form a seamless whole. Indeed, such is the beauty of the spectacle that the dialogue may be superfluous. There are many scenes where the ‘connectedness’of actors and their surroundings is evident. All the elements (wind, water, earth and fire)articulate the characters emotions. Typical chinese martial arts movie then!
Ok so here’s what I think of the criticisms:

The plot is convoluted and doesn’t work. I found it interesting, not overly complex and the juxtaposition of the story, the unravelling of truths and the cinematic shifts in colour that accompanied this were a joy to behold
It doesn’t have the emotional resonance of crouching tiger Who the hell cares? In my opinion it’s a more accessible movie, more entertaining and it definitely has an emotional resonance. Perhaps not one that many western audiences will want to see because it expouses the sacrafice of the individual towards a greater good. (This ain’t a hollywood movie kids)
We never empathise with the characters, they’re not developed as human beings, more as stereotypes of their Fidelity, Love and Idealism This is a silly criticism. The movie is clearly supposed to be fable. It’s not some bloody soap opera or reality TV show. When expect the characters to be well rounded when the whole movie is about high morals, contrasts, archetypes and their portrayal with a rich tapestry of colour

For me this movie had two important lessons that we often ignore.

There are times when the good of the many outweigh the needs of the few. Human history has thought us this time and time again as painful as it is to learn.
Hatred infects all aspects of our lives and ultimately those we love suffer most because we choose to hate.

To summarise. Go see the movie, you may like it!

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30