Archives for category: Rants

Paid per email and why it won’t work

August 22, 09 //
2

A while back, people in IT kicked the tires on paying per email sent. Nothing ever came of it but the idea is coming back in the form of Yahoo sponsored CentMail. I initially heard of this thanks to a well written article by MacGregor Campbell over at the New Scientist. According to the article Yahoo is experimenting with Pay per email system, but with the cost of an email be only one US cent ($.01US) and that money going the sender’s charity of choice. The eliminates the original complaint of Pay per Email; different ISPs charging different rates. It also gets more money into charities which is always a good idea.

Problem is, it won’t work.

Simple Mail Transport Protocol, or SMTP, is the mechanism by which is email is sent. It’s simple and it works. There really isn’t a lot to it. You send a plain text stream that contains your message header and the email body to your domain’s SMTP server and it sends it out to the recipient’s mail server. I’m simplifying it a bit, but not by much. And due to its relatively straightforward design, SMTP is subject to abuse. We’ve all gotten the viagra and porn spam in our inbox. And there are methods to deal with spam like Domain Keys, SPF records, RBLs and server side spam filter software. And that all works, but it adds unnecessary levels of complexity to the email process. The CentMail idea will add just another layer to that.

I don’t work with that aspect of email much anymore, but my coworkers who work the phones do. Each of them is helping one of our customers get out of email purgatory. A customer will send some email that one of the ISP doesn’t like and it’ll get put on the ISPs blacklist.  The customer then calls us and one of the guys in Support has to fight with the ISP to get the customer’s Domain removed from the blacklist. The problems lay in that there is no standard on what classifies spam and how to handle it. Each email provider, be it an ISP like Charter or Comcast, or a webmail provider like Google and Yahoo have different requirements and have different levels of pain involved with getting a domain whitelisted.

And that’s not including the RBLs, or Remote Blacklists. These RBLs are another level of spam prevention and another level of complexity. They work by keeping a list of spam related IP address and Domains. Your mail client checks each incoming email against each RBL and drops mail that is on the list. Getting off the RBLs can be even more painful, ranging from paying a fee to clearing out an entire C-block of IPs.

The CentMail website, which is a horrible pun by the way, states “Anyone you email can automatically verify your donation and confirm you’re not a spammer. Since spammers send millions of emails every day, it is prohibitively expensive for them to donate even just 1¢ per email.” That won’t stop the spammers. I’m guessing that Yahoo is assuming that there will be checks on both ends of the email sending process. But unless they intentionally modifiy SMTP to be non standard compliant, all a spammer has to do is use an MTA that doesn’t check for the Cyberstamp to get their mail out.

From the process described on the New Scientist article, it sounds like there will be an addition to the email’s header that will contain the Cyberstamp signature, and a link will be embedded that will allow the sender to verify that your did donate that penny to the Humane Society. That’s great until the Spammers figure out a way to spoof the headers and make that link redirect the user to a phish site. There are enough people out there using unpatched versions of Windows XP that this would be presenting another vector for hackers to compromise new systems.

On that same vein, what is to prevent a receiver from filtering email that contains a cyberstamp to a charity that they find objectionable? Lets say I send you an email and I donate that penny to AIDS research or Planned Parenthood. Now lets say you work for a conservative company that finds both of objectionable. What is stopping them from just dropping those emails? This adds another layer of potential problems for CentMail.

And what’s keeping companies from creating their own systems or not even adopting it? This system would only work if everyone, and I mean everyone was on board with it. And the disturbing trend of ISPs hijacking DNS indicates that the ISPsa at least have no desire for adopting a standard that someone else created.

All in all, I don’t see Cyberstamps stopping the spam problem with the way email is currently setup. The RBLs and the spam filters work well. I’ve gotten maybe on 1 spam in the past 3 months on one of my email accounts, which is a lot less then what i get in my physical mailbox. In order for Centmail to work, you’d need a major upheval in the status quo and I don’t see it happening. Cyberstamps version 2 is doomed to fail even before its released.

Naming Variables Sanely

August 2, 09 //
0

I had a simple goal. Well, someone else had a simple goal, but it was my task to fulfill it: raise the maximum number of files that could be listed in a directory in an ftp client. Pure FTP by default limits this to 2000, a reasonable limit in my opinion. But no, them what pays the bills needed it higher.

It took me fifteen minutes to find the variable that needs to be set in Pure FTP’s config file (and not because of a deficiency in my google-fu):

LimitRecursion

Oh, the things that I googled! The terms that I grepped! Things like “max” and “num” and “files”. I finally stumbled upon “limit” and found the bugger. Yet fifteen minutes! Far too much time for such a simple task.

Naming that variable LimitRecursion makes sense when you’re programming. You’re writing an ftp server, and suddenly you realize “hey, this directory with a crapton of files is nomming my resources, thanks to recursion. Let’s limit the amount of recursion that can occur and keep the server happy in the process. Let’s see, I’m trying to limit recursion… hmm… what should I name my variable…”

But when you answer LimitRecursion you are wrong sir. Because this program will be used by people who don’t give a fig how you keep the server up (limiting recursion) but do give a fig about the maximum number of files they can display.

When you name a variable, or create an API, please, for the love of Pete and end users and sysadmins everywhere, NAME IT LIKE YOU’RE AN END USER. By doing so, you GREATLY lessen your chances of being injured by an end user with a voodoo doll.

The importance of documentation

July 16, 09 //
0

A few jobs ago I was a Work Study in college, and I was the head of IT’s assistant. He was in charge of the PBX phone system along with the network and workstations.

We had to do some desk juggling and rather than change assignments in the PBX we decided to just move the cables that connected the patch panel from the desk sto the PBX. Easy right? Nope. My boss’s predecessor when he set up the PBX system, along with all of the other patch panels to labs and offices didn’t document anything. He also used 15 foot cables when a 1 foot cable would have worked, but that’s a rant for another day.

My boss and I spent 20 hours over the course of a weekend documenting which ports on the patch panel matched which port in which office. 40 man-hours wasted because my boss’s predescor didn’t take a few minutes to document as he set everything up.

This kind of behavior is hard for me to wrap my head around. And my PBX example above isn’t an isolated experience. It seems that non-documentation like this occurs in IT departments across the country. It appears to be a mixture of pure laziness this and a “If I know everything, I’m irreplaceable” mentality.

SPOILERS: Everyone is replaceable.

The replacement may not be better, but everyone is replaceable. Case in point, Michael Jordan, the greatest basketball player of all time, retired from the Bulls twice. After both times, the Bulls had to find another guy to start at Shooting Guard. Were either of them as good as Jordan? No, not at all, but they were his replacement.

My advice is this: You’re not going to be at your current job forever, so do yourself and everyone else a favor and document everything. I use a mediawiki install for personal stuff, but even if its just a collection of Word docs in a network share, find something that works for you and run with it.