Author: pgregg

Skype is panicing about being forced to offer 999 or 911 emergency telephony services. Skype responded to a demand in Norway by turning off links to the PSTN networks and their founder Niklas Zennstr�m said "When there is a burglar in my house, I don�t want to call the police; I want to email or IM them. The burglar may hear my voice!"

Utter tosh… if there’s a burglar in my house while I’m in it, I want to hit them with a baseball bat and then call the police.  Or other medical/fire emergency I’ll also want to SPEAK with the operator. The conversation is most definately going to be a two way thing – hopefully with the operator giving useful advice on the situation to manage it until the qualified people arrive.  Doing this while sitting and typing it out on a computer is just silly.

Source: http://www.theregister.co.uk/2005/05/26/skype_911/

Reminds me of, back in 1993ish, in an online "room" a girl asked people to call 911 because her violent ex-boyfriend was banging on her door. She couldn’t do it herself because her internet connection was using the phone line.   Well d’uh – you deserve a beating.

… well not quite, however, if the story at http://news.bbc.co.uk/1/hi/uk/4573507.stm is anything to go by, then the Law Lords clearly seem to say they are illegal.

Online sales of Age-Restricted material is thereby completely illegal in the UK.

If sales of R18 porn is illegal via online outlets because the retailer has to see the purchaser in-person to assess the purchasers age: Lord Justice Kay said: "We have no doubt that one of the main reasons for the restriction is to ensure that the customer comes face-to-face with the supplier so that there is an opportunity for the supplier to assess the age of the customer.", then surely there is an onus on companies such as Amazon and SendIt to ensure a face-to-face assessment of the purchasers age prior to purchase.

Also for that matter, in the UK it is illegal to sell alcohol to under 18s, so should the likes of Laithwaites or Tesco withdraw all online alcohol sales because they cannot have a face-to-face meeting?

Back to the specifics of this case, I know it isn’t purely age-related – there is specific law relating to adult/sex material: The relevant law Video Recordings Act, 1984 Section 12 deals with these Restricted R18 rated adult films, so the arguments in the case should come down to "licensed sex shops" and "supply" – the Judges stated age restrictions, intent and face-to-face reasons seem irrelevant to the law at hand.

In particular, I am surprised that if:

(2) It is a defence to a charge of committing an offence under subsection (1) above to prove … (b) that the accused believed on reasonable grounds that the concerned was a sex shop for which a licence was in force under the relevant enactment, or …

could a licensed sex shop on "reasonable grounds" believe that the online sale was legal? I would imagine so.

On the face of it – this is an absurd ruling by the law lords and one which should be quickly overturned.   If the judges arguments about age and face-to-face hold true, then by the same nature Section 11 of the law holds true for non-restricted but classified age material 12/15/18 classifications which would apply to the likes of Amazon.

So ever since I neglected buying the wife a birthday present this year and she said "Buy me a big American Style Fridge" I’ve been on the lookout for a quality model at a decent price.

Anyone that knows me will know that, prior to making such a life changing purchse, I will thoroughly research the available models, every possible feature and narrow the choice down to two or three models.  I will then spend hours googling for suppliers to find the best rate.  To cut a long story short I had narrowed my choice down to the Samsung range, and specifically the RS21DCNS model.  Many people were selling it priced from �650 up to �1,100, so I found the cheapest online retailer and placed an order.

Two weeks later I phone up said retailer to find they don’t deliver to Northern Ireland (hello Appliance City), that someone should have called me to tell me this, profuse apologies that no-one did, but that they could deliver to the nearest port. Like a 1 tonne Fridge at a UK mainland port is going to do me any good. So they thoughtfully cancelled my order.  Back to the drawing board.

More searching revealed that my local Currys were having a easter sale and that they had this model at �799, but with �100 off making it �699.  Well, not much difference between that and the failed online supplier, so off I trotted to Currys with credit card in hand.

Currys sales droid began the order process and somehow managed to place the order with shipping as a separate item at �999. After some quick assistance from someone more experienced got the right delivery code and announced delivery would be �49. What? �49 ? You have to be kidding right?  You are only dropping it 10 miles up the road. Last year I bought a normal fridge, cooker and washing machine with total delivery cost of �15.  I told said droid this and offered "If you can do delivery for �30, I’ll buy this right now".  Hmmm, he thought, and went off to ask his manager.  �Sorry no, we used t have discretion but we don’t any more�. Noted my disappointment, and after another failed managerial trip I said thanks, but no and left the store.

Now the missus being her normal self decided we weren’t going to get it any easier, and it was the last day of the �100 off deal so, under orders, went back to the Currys website and proceeded to place the order.  At the checkout with �699 fridge + �49 delivery Currys offered me a Promotion Code box.  Whato! Bit more googling and I have two promotion codes valid for the Easter weekend. One for free delivery (haha) and an added bonus of another code for 10% off all purchases over �199.

I now have said fridge, bought from Currys, delivered from Currys all for the grand sum of �629.  Currys your lack of droid discretion cost you �100 guaranteed sale.

Net result: Missus is happy. I’m �100 better of. Cheers to Currys and zero negotiation tolerance.

I don’t know how this happened, but for some reason the antispam community seem to have walked right into quicksand. Why?   Well, consider this: If you existed to come up with ways to stop spam, you would think that implementing a way to establish trust relationships with sender would guarantee* that they wouldn’t send you spam.

* – No there are no guarantees.

Well recently a configuration option within SpamAssassin caused me alarm since it was occurring more frequently in spams that were getting through to me. Looking into the RCVD_IN_BSP_TRUSTED score I found that spamassassin gave it a -4.3 weighting which unless the email is particularly spammy, it means the net score for that email will result it it being classified as non-spam.  Trouble is – this is spam, so why is spamassassin being so nice to it?

Looking it up, I ended up at The Bonded Sender Program .org (this is the Internet friendly face) which "turns the spam problem upside down by identifying legitimate email traffic".  Oh?  Further reading shows that the BSP has a corporate side that companies pay the BSP (read: IronPort, who also happen to own and run SpamCop) so their emails get positively flagged as non-spam.

Am I the only one spotting the delicious conflict of interest?
1. Spamassassin catches spam
2. Users report spam to SpamCop
3. SpamCop blocks spammer.
4. Spammer has less success because their servers are blacklisted

Now SpamCop, aka IronPort, aka BSP goes to spammer "Pay us a wodge of cash and we can make sure a) you don’t get flagged as spam, and b) your servers can’t get blacklisted". Sounds like a sweet deal.  Why wouldn’t any spammer go for it?

In any other industry this would be blackmail. e.g. Mafia: "Pay us your insurance so you can be sure you or your shop doesn’t meet with an unfortunate accident".

Now the BSP apparently takes abuse of their system very seriously.  I beg to differ.   I reported an instance of abuse, to which the initial reply sounded positive, but that same customer is still spamming away.  I shall post some example spams that BSP claim isn’t spam as comments.

So, anyone reading this.  If you use Spamassassin, add this to your user_prefs:
score RCVD_IN_BSP_OTHER 0
score RCVD_IN_BSP_TRUSTED 0

Companies or Email senders – if you hit this page whilst researching about using the BSP, then please don’t.  It is a dirty way to get your message across – if anything it will make people like myself even more vehemently outspoken against you and your products.

BSP/SpamCop/IronPort – if you want to regain some credibility, perhaps you will take your abuse reports seriously and actually kill off those customers who do use you as a ticket to get spam through.

This is my personal opinion based on my experience of spam emails I have received via the Bonded Sender Program.

Today is a sad day, and it is sadder still that I feel I should write this article.

Many years ago, when we were all much younger, the skys were cleaner and bluer, kids went outside to play in the street instead of staring at a flickering 14" tv and playstation, you could leave your door unlatched and we all used Sendmail as our MTAs. Life was good.

Then Bad Stuff[tm] started happening, we started getting spams, and sendmail was found wanting in the security dept many times.  There were alternatives popping up, but when you are hooked into also providing UUCP feeds, your options are extremely limited.

Then in 1997 I discovered Qmail, with the promise of security, modularisation and simpler administration. So I launched headlong into replacing our sendmail install with Qmail.  I ended up with a functional hybrid of installing Sendmail for UUCP and overlaying Qmail to do the SMTP/POP3. All in all this worked well for many years while we weaned everyone off UUCP.

So, why am I saying Qmail is dying, and who am I to make such an assertion?  Perhaps a few credentials are in order.  I was a reasonably early adopter of Qmail back in 1997 and when I started there were no documents or howtos on setting it up in an ISP type environment. All you had was DJB’s INSTALL file, which was a pretty basic set-up for system account users.  The man pages were pretty poor and involved a spot of trial and error to work out many things.   To this end, I wrote the first  published document on setting up Qmail, called the Qmail Single UID Howto which has been used by thousands (if emails are anything to go by) of sysadmins around the world.

Up until a couple of weeks ago, I continued in my die-hard attitude of Qmail can do anything, but increasingly of late, I have found it harder and harder to do what I need it to do.  Yes, we can all hook in spamassassin and antivirus scanners, but other more fringe issues just aren’t there yet.  Specifically a test install of greylisting using greylisting-spp and qmail-spp (which incidentally looks like a great system that needs greater buy in from the Qmail community) refused to let qmail processes exit and sucked cpu – solidly killing my colo server.  I had to drop the qmail-spp and greylisting idea.

Next up is SpamCop.  Now I’m no great fan of SpamCop’s arbitrary "we say it is bad so you must obey" style, but Qmail’s architecture falls fowl of one of SpamCop’s rules that says you should not accept email for a user that doesn’t exist.  With the deluge of spam (with forged smtp envelope sender addresses) the net result is Qmail will say ‘Sure send me the email’ but reject it at the local delivery stage causing a bounce to be sent back to the envelope sender address.  SpamCop deems this as "spamming" the poor unfortunate schmuck who’s email address was Joe-Jobbed to send you the spam.  Worse, Spamcop has several "traps" set up that will cause your mail server to be automatically placed onto their blacklist if a trap receives any such bounces.  Qmail simply doesn’t do recipient verification in qmail-smtpd (which is why qmail never supported VRFY, ever).

Added to this, again in my opinion, Qmail’s author Daniel J Bernstein has effectively signed Qmail’s own death warrant by (1) Not supporting qmail in the past several years, and (2) Refusing to donate the code out to the community under say a GPL or Apache style license.   I am not disputing his right to do so. Dan is perfectly within his rights to retain his code.  I am simply stating that the current position means anyone with plans on using Qmail will find themselves less and less supported to the point that maintaining Qmail systems (evolving with the times, e.g. adding IMAP, or the next big thing) becomes an untenable proposition.  That said, I have a lot of respect for Dan and his achievements and the quality of his work.

I also do not want to use this article to promote any alternatives to Qmail.  Not out of fear of being called a fan-boy (I believe, if anything I have proven I was big proponent of Qmail), I am simply mourning the passing of, what was, a great MTA. Suffice to say, there are now much better supported systems out there.

Qmail, R.I.P.  I shall miss you.

Edit:  If you came here from the qmail at eight criticism of this article, please read my response.

Ever been passed a url link to a news media site only to find it requires you to register or login to read it?   Usually I just switch off and deign it to not be worth the hassle and move on with life. 

Now I know there are sites such as BugMeNot.com and they create generic logins to share for the community and on the whole works very well.  I’ve used it in the past, and I’m not intending to promote this idea as a replacement or better than it.

However, tonight it occurred to me – if I pretend to be google, perhaps it’ll not ask. Now some 6 or so months ago, I switched to using the Firefox web browser from Internet Explorer (tired of popup and security hell) and I was undergoing some training that required the use of IE to login to the training site, and separately to interact with the product I was training on. Using IE for both at the same time was awkward, so I downloaded the User Agent Switcher Extension and used it to fool the training site into believing Firefox was really IE. It worked flawlessly.

Now back to the present day, so I add an entry in User Agent Switcher by clicking:
Tools -> User Agent Switcher -> Options -> Options, click User Agents and click Add.
Then for Description enter "GoogleBot" and under User Agent enter "Googlebot/2.1 (+http://www.google.com/bot.html)" all without the double-quotes.

Clicking back to the link I was given: http://www.kansascity.com/mld/kansascity/news/nation/11084410.htm and yeehaw! no login.

Also interestingly, Google doesnt serve up any AdWords if you tell it you are Googlebot.

Tonight I found out what a "meme" was.   I was prompted to look it up by reading Mark’s post over on his site.

Now with all the stuff in the news about Identity theft and how easy it is to assume someone else’s identity, is it really wise to be giving out information about the contents of your wallet?

No idea if this is true or not, I suspect not, but it is funny all the same, with a clever twist from the author that hasn’t been mentioned yet…   This arrived in my mailbox:

letter of complaint received by the B&Q customer services department.  B&Q were the major sponsors of Ellen MacArthur… Dear Sir/Madam My congratulations to you on getting a yacht to leave the UK on 28th November 2004, sail 27,354 miles around the world and arrive back 72 days later. Could you please let me know when the kitchen I ordered 96 days ago will be arriving from your warehouse 13 miles away? Yours Sincerely John Roberts

After a bit of googling I came up with google cached page (now gone, but here is a different link) that points out a John Roberts happens to be Facilities Manager at B&Q HQ

This morning I had a few hours to kill with the kids while the missus was getting her hair done so I headed down to Boucher thinking I could check out a few car showrooms, but the lure of the new-ish development with Matalan and TKMax proved more enticing.

I’ve never been into either of these stores (these ones in particular, or any others of the same name) so I thought it was worth checking out.

TKmax was fine, reminded me of Poundstretcher and nothing much to write home about so we went to Matalan which was a bit more of the same.  Except for some Spider Man underpants my son took a liking to, so off we trot to the checkout.

Assistant: Do you have a Matalan card?
Me: No, it’s ok (thinking pretty much every store these days offers you a store card)
Assistant: You can’t buy anything without one.

Now, paint me pink and call me princess, what the fuck?   This has to be a joke.  Now I’m concerned about privacy as much as the next Joe, I am aware of the data mining capability and that they’ll be able to tell when I’m likely to buy, and quantity of, and sizes, of every school uniform for the next 14+ years. Don’t get me wrong, I’m not a nut who refuses all these cards, I’ve got my tesco and boots cards, the boots card comes in very handy in buying my sandwich when I have no spare change saving me a trip to the ATM.   But when someone *requires* me to have one I draw the line… so

Me: Excuse me?
Assistant repeats: You can’t buy anything without one. (and proceeds to tear one off a paper card handing it to me to fill in)

Transaction complete, he hands me my receipt and the shiney new Matalan card which I promptly hand him back with a "Please bin that".   I’m even surprised that he looked shocked at my behaviour.

So, my one and only expercience in Matalan is likely to remain my one and only experience.  However, should the occassion arise again I think I’ll do the same thing, perhaps someday they’ll rethink stupid policies such as this.

Tis that time of year when my car tax disc is up for renewal, and it being so close after christmas means it is a hefty whack (�165) to find.

So, I’m thinking, I can pay my TV license, Council Rates and most other things via monthly Direct Debit, so why not my tax disc?

So I plan on finding out

I’ve sent a request to the DVLA under the new FOI rules to find out.
———————————————————————
To: foi.dvla@gtnet.gov.uk
Subject: Request documents pertaining to deliberations on VED payment methods

I write to request documentations from the dept on discussions, meetings, etc
specifically on the methods of payment available to the public when paying
for Vehicle Excise Duty (VED, Road fund License, Car Tax).

Specifically, any reference to monthly payment options discussed, rejected
or otherwise planned for the future along with any expected introduction dates.

Thank you for your attention in this regard,

Paul Gregg
———————————————————————

I’ll let you know what I find out.