tools

ladysisyphus writes that Jesus has laser beams. As does Aslan, which makes sense if you think about it.

It turns out that Macs have speech synthesis built in. It’s not bad, and it’s easily accessible to programmers. So I’ve spent an entertaining evening making my MUD client talk. That way, if the window is hidden, I still find out when someone interesting logs in. I’ve ended up using MudWalker, a free, open source MUD client for Mac OS X. It’s scriptable in Lua, and helpfully provides a speak function to Lua scripts. The thing prospective programmers will want to know is that your regular expression match groups (the things Perl would call $1 and so on) are arg[n] to the Lua scripts you can use to write triggers. For console use, I’d still recommend Crystal as a good MUD client, but it turns out to be a bugger trying to get that to talk (Crystal is supposedly scriptable in Lua, but my attempts killed it).

Also been looking at Twisted, Python’s marvelous asynchronous mouse organ networked application framework thingy. It seems that as well as being very clever, it’s actually reasonably well documented these days. The Perspective Broker and Avatar stuff seems to be a good fit for games where the players can write code which is not trusted by the system, since the choice of which methods allow remote access imposes some sort of capability based access control. If I ever wrote a MUD in Python, something I’ve been threatening for some years now, Twisted would be the way forward (indeed, it was originally created to provide multiplayer interactive fiction in the form of Twisted Reality, another addition to fine the fine Internet tradition of hugely ambitious, but largely unfinished, MUD servers).

It’d probably be easier just to do this in Java. Python’s restricted execution stuff is not really there, so if you wanted to allow players to program (which I think is essential for holding people’s interest once they’ve finished the game proper) you’d probably end up running untrusted code in another process and using PB to talk back to the server. Still, it’s a nice dream. I saw that the author of MudWalker has got a prototype MUD written in E, the capability-based security language, which might well be worth a look too.

There is a confusing multitude of spam filters out there. I once wrote an article listing all the ways of filtering spam I could think of. If you’re confused by all this, here’s what I do, along with ways of doing the same thing on both Unix and Windows systems.

<lj-cut> My first line of defence is a bunch of blacklists. These don’t work on the From address of the spam, which is usually forged, but rather on the IP address of the machine sending the email. There are a multitude of blacklists available, too. They differ in their listing criteria from narrow listings of machines which have sent spam, to broad listings of entire networks, intended to help you boycott ISPs which support spam. Getting legitimate email is more important to me than filtering all the spam, so I choose narrowly focussed blacklists. I use:

  • The Spamhaus Blocklist, a manually edited list of the worst corners of the Internet. These days, spammers tend to host their websites in these places and exploit other people’s machines to actually send their spam. Which is why I also use…
  • The Spamhaus Exploits Blocklist, an automatically compiled list of machines which have been taken over by spammers, probably without their owners’ knowledge. Windows users with cable modems, usually.
  • The Open Relay Database, another list of machines which are exploitable in a different way (mostly not a way which is used by spammers these days, but it occasionally catches something).

If you want to filter your email using these blacklists, and you’re on Windows, you could try Spampal. It is completely free and very stable. It will work for you if you collect your mail using something like Thunderbird or Outlook Express (but don’t use OE unless you want to become one of the aforementioned exploited Windows owners). It works by sitting between your mail server and your mail program and marking suspect mail as it goes by. You then configure a filtering rule in your mail program to move the suspect mail into a separate folder. If you pare down the blacklists Spampal uses to just those listed above, it shouldn’t slow your mail downloads too much.

If you’re on Unix and you run your own mail server, receiving mail directly from the Internet, that server will probably have support for using these blacklists. If you pull mail from elsewhere, using fetchmail, say, so that your mail server doesn’t see the IP address of the machine which originated the mail, there’s a little Perl script called rblfilter which will help. It doesn’t seem to be maintained anymore, so I’ve put a copy here. You’ll need to work out how to tie it into your email system and edit the script according to the instructions in the comments.

The next line of defence is the Distributed Checksum Clearinghouse. The DCC works by sharing information about how many other copies of a particular email are floating around the Internet. If there are a lot of copies, it’s either something like a mailing list, or it’s spam. To use the DCC, you tell it where you expect to get legitimate bulk email from. Everything else you get which is bulk is therefore spam. The DCC is designed for Unix, so the web pages and Google will tell you how to get it set up there. There is a plugin for Spampal which will also let Windows people use the DCC. It’s beta software, that is, released to the public for testing, so it may contain some bugs: I’ve no idea how stable it is (despite getting a credit on that page, I didn’t actually write it).

If someone else manages your email for you, and you read it via a web interface, for example, then you should have a look a the spam filtering options you have available. I’ve just noticed that Pobox.com, who provide a forwarding address for me, now let people configure their service to reject mail based on those blacklists.

Fight the pink menace!

A couple of students in Another Place are in trouble for “hacking”. The news papers aren’t particularly specific about what they did, but it sounds like they installed a packet sniffer and listened in on traffic across their network.

Ethernet networks have everyone hanging off the same piece of wire. If you’re on an Ethernet network, your network card has a unique address. As the traffic for everyone on that piece of wire flows by, your computer picks up traffic addressed to it. It doesn’t listen to other people’s traffic because you usually don’t care about it. However, by running your network card in what is delightfully known as promiscuous mode, you can see other people’s traffic. Programs which do this and present the results to you are called packet sniffers. Ethereal is a popular free packet sniffer. Packet sniffers have legitimate uses, like diagnosing network problems or writing and debugging software which uses the network (I installed Ethereal the last time I was having problems with DNS lookups, for example). The remedies for undesired sniffing are encryption and restructuring the network so everyone’s packets don’t share the same piece of wire.

The Oxford students seem to have been disciplined for drawing attention to what they did, but none of what they found is news. A college network probably has everyone hanging off the same wire. There are encrypted versions of telnet, HTTP, IMAP and POP3 but not many people use them. There are a lot of clever people with time on their hands. You work it out.

People who know this have done some sort of risk calculation and come up with a solution that they’re happy with, which balances convenience against privacy. For example, I only permit encrypted logins to my machines and don’t send my password itself when fetching email (although the mail itself comes across the wire as plain text). Now you know what’s possible, you can do that calculation too.

Mozex is an extension to the Mozilla/Netscape browser. It works on both Windows and Linux. Among the useful things it does is enable you to edit textareas in forms (such as, say, the LJ “post comment” form) using an external editor. I’ve been looking for something which like this for a while. While my client lets me use an editor to compose journal entries, it doesn’t work for comments. I like being able to use my own favourite editor, where I can use Google tricks like the ghref script.

Very much so to you all. I’ve had a good weekend. Watched Pirates of the Carribean and thought it was a good silly film. Explored Milton Country Park and took some photos. Links to follow.

The dancing is back in full swing. GD on Friday was packed, but packed largely with nice people who it was good to see again. I also tried Clive’s lessons last night, which were hard but fun.

Had tea with Safi beforehand. The subject turned to Old Testament prophecy and how the prophets predicted JC, hence the Bible is miraculous in predicting stuff before it occurred and I should reconvert at once (I exaggerate a little). I said I thought that things like Isaiah passages referred to by Matthew show that Matthew thought Jesus was the Messiah, but they don’t constitute “prediction”. There’s another opportunity to ask my Jewish readers here: what do you think Isaiah 8 and Isaiah 53 are about? (I need a Vim macro to link to gospelcom’s site for references under the cursor, to go with the Google one).

I would like to big up (and also give mad propz to) the combined Spamhaus SBL+XBL blacklist, which is catching stuff which slips by the Distributed Checksum Clearinghouse (this does mean I miss out on my daily dose of poetry, but it’s a small price to pay). Windows people who collect email using POP3 or IMAP can use the list via Spampal. I’m passing stuff through rblfilter as well as dccproc.

Now that, as a paid user, I have the full power of LiveJournal’s S2 style system at my disposal, it might be time for a revamp round here. I’ve not yet decided whether to change the format to dark blue text on a black background (and go on about how goth I am, naturally) or merely to have a sodding huge picture of Sarah Michelle Gellar occupying most of the screen with the text in a small strip down the right hand side (I’d need to increase the font size, too). Vote now.

Cogito Ergo Sumana linked to me. Blimey, somebody’s actually reading this stuff? I have arrived, I tell you. Must finish that losing my religion article.

In other news, there’s a new version of URLBody out, which undoes more of the bad stuff those pesky spammers to do hide the real host names in their URLs. And the people causing the excitement on the Spampal board want me to collaborate on a DCC plugin. Have to see whether I’ve got time.