Saturday, August 02, 2003

SkullDana

SkullDana - something for the head. After years of having short hair (really short hair) I'm letting my hair grow out - which means that I have to deal with hair in the eyes and all that fun stuff. Hence, I've been picking up various doo rags and seeing which I like the best. Currently, my hair is only about 5-6" long - but I forget when the last time I got it cut was (I think it was last fall). Beard is about 4" long too. But both have a good bit of growing to do (goal for the hair is pony tail in the back, so at least another 4-8 months for that, beard I'll probably start at 6").

Might get a picture up here sometime.

posted by Wuphon's Reach at 6:32 PM

Friday, August 01, 2003

Pigeon Ranking

Today's funny link: Google Technology: "The technology behind Google's great results"

posted by Wuphon's Reach at 2:27 PM

Spam and DNS

One of the simpler ideas that I've had for cutting down on SPAM is a solution to the forged domain problem. Right now, there's now way for a recipient to (easily) verify that a given IP address is authorized to send outbound mail on behalf of domain X. Some SMTP servers attempt to do reverse DNS lookups via PTR records (attempting to map the IP address back to the domain) - but this will not always work, and can't deal with outbound mail servers that are configured to allow multiple domains send from them.

What's needed is a surer way for an SMTP server, when it gets contacted over SMTP to determine whether the domain is being forged or not. It's then up to the destination SMTP server to decide whether to accept delivery for the message or not. (No external legislation please.) The basic scenario is as follows:

1. some-ip-address contacts my SMTP server to deliver a message on behalf of domain X
2. my SMTP server says, wait, let me verify your address
3. my SMTP server looks in domain X's DNS for the list of allowed outbound mail exchanges ("OX" records?)
4. if it finds the IP address to be a match, it allows the message to be delivered

Why create a new record type in DNS? Why not use A or MX records?

Well, MX records are for inbound mail routing only. In fact, a lot of places uses different machines for inbound vs outbound e-mail. So a change would have to be made to how MX records are used (which would break a lot of things). Advantage of MX records though is that there are usually only a few per domain, which makes it near-trivial to just grab all of the DNS records.

"A" records don't work well either, because AFAIK, there is no reverse DNS lookup that is efficient to say give me the record in domain X for IP address Y. A given domain might have hundreds or thousands of "A" records, which is too many for the SMTP server to look through quickly. Now, if there is an efficient search method in place, then it makes sense to just use "A" records. OTOH, by using records specifically tagged as "OX" or outbound exchange IP addresses, we cut off the problem where a virus/worm is able to e-mail itself to the entire world from an infected workstation without passing through our properly configured outbound SMTP server. (Where we can do things like check that the origin domain is not forged, or enforce other corporate policies.)

The big advantage is that it makes white lists more effective (white lists are lists of domains that are allowed to send e-mail without being flagged as spam) for the mail admins because they no longer have to worry about widespread domain forging. It doesn't solve the problem entirely (or even the spam problem in general), but it cuts down on the noise. It's really a non-issue with regards to anonymous mailings, because those can still happen - but the messages might not be deliverable if the destination SMTP server is strict about domain forging. Plus, there's also the option of sending through a trusted 3rd party, or web mail, or other transport options. It also doesn't require keys, or cryptography, or anything fancy on the DNS other then the ability to serve up one more record type.

Did some searching today on Google and found a similar proposal at the IETF for DNS RMX records (search for DNS and RMX or RMX and SMTP). Looks like the first draft went online back in Dec 2002, and they're working on the 3rd draft currently. Downside is that I think the IETF's anti-spam group will hem and haw rather then buckling down and implementing the darn thing. Latest copy of the draft has a section towards the end which lists some of the anticipated difficulties getting this into place.

posted by Wuphon's Reach at 9:36 AM

Wednesday, July 30, 2003

Web Rebuild

Well, the hosting provider wiped the server clean today, so things might be a little busted around here until I finish re-uploading all of the files.

posted by Wuphon's Reach at 9:15 PM

Monday, July 28, 2003

Crackle and Pop

Still trying to track down the problems that I'm having capturing video with the ATI card. The system now likes to insert pops and crackles into the audio stream during capture mode. If I record audio using Cool Edit 2000 (no video capture), I get clean audio from the Line In jack. Turn around and attempt to capture video and I get crackles and pops in the audio stream of the captured file.

However, I have noticed that MSINFO32 shows that there is a bunch of stuff using IRQ9 (ATI card, the Santa Cruz sound card, my USB2 PCI card, the FastTrak100 Lite controller, and even the ethernet card... wonder if I can shove the ATI and Santa Cruz sound card onto their own IRQs.

Hmmm, no go, Win2000 seems to ignore the setting that I made in the BIOS where I specifically told PCI slot 2 to be IRQ 10. Looking at 3.7.2 of my Asus A7V266-E motherboard manual, I do see a chart that seems to indicate that slot 2 and the AGP slot share a resource. So I'm going to try moving the audio card to slot 4, which seems to have the least amount of sharing with other devices.

posted by Wuphon's Reach at 5:43 PM