Thu Jun 22 13:08:17 PDT 2006
Steer Clear of ClearWire
I know I usually rip on Charter when
I post about rotten ISPs, but I thought I'd give things a change of
pace by ripping on ClearWire for a while instead.
After my latest round of problems at Charter, I thought I'd give ClearWire a try. It turns out that they're even worse; they won't tell you which ports they block, but my experience is that they are at least blocking all service ports below 1025. When I spoke to customer disservice about it, it turns out that they do this even with their "business" class of service. In other words, your idea of business use of the Internet must be pretty much confined to surfing the web in order for you to find ClearWire useful--and I use the word "useful" advisedly.
I have to admit that their Orwellian insistence on saying "Yes, we manage those ports for our customers" every time I used the word "blocked" was an interesting use of new-speak, but not interesting enough to use them as an ISP. I suppose they think that if they say "managed" instead of "blocked" often enough, people will start to think of it as a value-added service instead of a bowdlerization of the Internet.
Anyway, I wanted to save some of my fellow geeks the trouble I went through. YMMV...but in this case, I rather doubt it.
After my latest round of problems at Charter, I thought I'd give ClearWire a try. It turns out that they're even worse; they won't tell you which ports they block, but my experience is that they are at least blocking all service ports below 1025. When I spoke to customer disservice about it, it turns out that they do this even with their "business" class of service. In other words, your idea of business use of the Internet must be pretty much confined to surfing the web in order for you to find ClearWire useful--and I use the word "useful" advisedly.
I have to admit that their Orwellian insistence on saying "Yes, we manage those ports for our customers" every time I used the word "blocked" was an interesting use of new-speak, but not interesting enough to use them as an ISP. I suppose they think that if they say "managed" instead of "blocked" often enough, people will start to think of it as a value-added service instead of a bowdlerization of the Internet.
Anyway, I wanted to save some of my fellow geeks the trouble I went through. YMMV...but in this case, I rather doubt it.
Thu Jun 22 12:53:31 PDT 2006
Say HELO to Less Spam
I haven't updated this blog in a
while, but it's not because there aren't geektastic things going on
in my life. There are only so many hours in the day, after all, and
sometimes blogging is the first thing that has to go when things
get hectic.
I've recently beefed up the anti-spam tactics of my codegnome.org domain. As I may or may not have mentioned before, I take a pretty strong defense-in-depth strategy to spam. My toolbox includes various blocking techniques at the SMTP server level, as well as revocable email addresses, a challenge-response system, and Bayesian filters at the individual account level.
I was recently noticing that my mail server was still accepting way too much obvious spam, so I took a look at my Postfix configuration. The first thing I noticed was that I hadn't updated any of my blacklists in a while, so I added the Exploits Block List to my existing Spamhaus SBL queries to get better coverage.
It's a little hard to quantify, but my off-the-cuff estimate is that the HELO restrictions have reduced the amount of spam allowed in the front door by almost 80% all by themselves. Blocking spam sources before accepting the message for further processing is not only more resource-efficient for the server itself, but it also uses less network bandwidth, which is a good thing for smaller pipes like mine, leaving more of the network available for the fun stuff.
I've recently beefed up the anti-spam tactics of my codegnome.org domain. As I may or may not have mentioned before, I take a pretty strong defense-in-depth strategy to spam. My toolbox includes various blocking techniques at the SMTP server level, as well as revocable email addresses, a challenge-response system, and Bayesian filters at the individual account level.
I was recently noticing that my mail server was still accepting way too much obvious spam, so I took a look at my Postfix configuration. The first thing I noticed was that I hadn't updated any of my blacklists in a while, so I added the Exploits Block List to my existing Spamhaus SBL queries to get better coverage.
smtpd_client_restrictions =
reject_rbl_client relays.ordb.org
reject_rbl_client sbl-xbl.spamhaus.org
I also noticed that a lot of spam comes from non-existent hosts, or
hosts that provide incorrect HELO/EHLO messages when connecting. I
tightened that up, too.
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_hostname
So far, I've had only one legitimate mail source caught up by the
new HELO restrictions, but Postfix allows me to make exceptions in
such cases by using a check_helo_access hash table
lookup as the first item inside the
smtpd_helo_restrictions context.It's a little hard to quantify, but my off-the-cuff estimate is that the HELO restrictions have reduced the amount of spam allowed in the front door by almost 80% all by themselves. Blocking spam sources before accepting the message for further processing is not only more resource-efficient for the server itself, but it also uses less network bandwidth, which is a good thing for smaller pipes like mine, leaving more of the network available for the fun stuff.
Mon Mar 13 16:44:56 PST 2006
Essential Windows Tools
I admit it: I'm a Linux guy. I hate
running Windows, as I find the environment restrictive, overly
commercialized, and creatively limiting. However, there are times
when one simply has to run it. Luckily, there are some great GPL'd
utilities that make using it bearable:
- Cygwin: a POSIX compatibility suite that provides a Linux-like environment under Windows
- GNU Privacy Guard: Public key encryption tools
- Windows Privacy Tray: a GUI front-end for GNU Privacy Guard
- ClamWin Anti-Virus: An open-source virus scanner
- TortoiseSVN: Integrates Subversion revision control into the Windows Explorer
- SVNService: runs the Subversion server as a Windows system service
- PuTTY: A suite of SSH client utilities, including a GUI
Sun Mar 5 22:19:36 PST 2006
Knoppix Reloaded
I'm once again trying to travel
lighter by leaving my personal laptop at home while flying. In
order to accomplish this, I am trying to customize the latest
Knoppix release (version 4.0.2) for use with my company-issued
laptop. I couldn't find my old Knoppix customizations; those pesky
USB thumb drives have a tendency to get lost over time. As a
result, I'm having to re-solve some old problems with only vague
memories of my previous solutions to guide me.
For example, Knoppix doesn't have a screensaver enabled by default, and it's pretty non-obvious how to get one working. While there are other solutions, here's my current one.
For example, Knoppix doesn't have a screensaver enabled by default, and it's pretty non-obvious how to get one working. While there are other solutions, here's my current one.
- Set a password for the knoppix account.
- Copy vlock from an existing Debian box, or build it from source.
- Create ~knoppix/bin/vlock.sh as a wrapper for
vlock itself:
#!/bin/bash sudo passwd -u knoppix >&- sudo openvt -ws -- \ sudo -u knoppix bash -c \ '/home/knoppix/bin/vlock -a \ /usr/bin/clear' sudo passwd -l knoppix >&- - Add an alias to ~knoppix/.bashrc such as:
alias lock='~/bin/vlock.sh'
to avoid confusion. - Run lock in any terminal, and enjoy the screen-locking goodness that follows.
Sat Feb 25 12:21:12 PST 2006
Doctor Who Comes to SciFi Channel
The SciFi Channel begins
broadcasting the first season of the new Doctor Who series on
Friday, March 17 with a two-hour, back-to-back broadcast of the
first two episodes: "Rose" and "The End of the World." I think this
is a very smart programming decision, for a couple of
reasons.
Firstly, while I liked "Rose," it doesn't really do enough to introduce all the major characters and plot devices on its own. It's only when paired with the second episode that the scope and characterization, as well as the nature of the Doctor Who universe, really begin to come together for the non-Whovian.
I plan to record the entire run on my ReplayTV 5500 so that I can watch them over and over--and perhaps even do a little cavorting to the theme music.
Now that brings back memories better left repressed. :)
Firstly, while I liked "Rose," it doesn't really do enough to introduce all the major characters and plot devices on its own. It's only when paired with the second episode that the scope and characterization, as well as the nature of the Doctor Who universe, really begin to come together for the non-Whovian.
I plan to record the entire run on my ReplayTV 5500 so that I can watch them over and over--and perhaps even do a little cavorting to the theme music.
Now that brings back memories better left repressed. :)