Older blog entries for dwmw2 (starting at number 121)

Sanity prevails in some parts of the world, thankfully. Earthlink have dropped the horribly broken snake oil which is SPF.

For the benefit of all those who wanted to know where I got the T-shirt I was wearing yesterday but weren't amongst the 20-odd who actually asked: http://www.cafepress.com/leuksman.7112875

After closing a bug in bugzilla, I found it re-opened. The original reporter says "How can you tell me my specific DVB bug is fixed, when I haven't told you what the DVB bug was yet?"

Now, I can understand that some people are incompetent enough that they file bug reports without enough information to do anything useful about it -- but to complain when I guess that it's a duplicate of a more coherent bug that I actually fixed last week, and explicitly point out that he hadn't actually told me what his problem was.... that's just _weird_.

Looks like certain parts of the world are coming to their senses. Amazon.com no longer publish a '-all' SPF record; instead they've reverted to '~all' which doesn't ask people to throw away forwarded mail, and which of course renders SPF useless for its most commonly stated purpose.

Hopefully Amazon will roll out one of the various alternative anti-forgery schemes which doesn't have such significant problems, rather than just being discouraged by the whole thing and leaving it as it is. The brokenness of SPF has potential to be actively detrimental to the fight against spam, because people are being tricked into implementing it without fully understanding the consequences of the way that SPF tries to simplify the way that email works. Those people could be put off trying other, saner, schemes.

I've been keeping the dual G4 under my stairs busy. This weekend it built Livna packages to complement the Fedora Extras repo for Fedora/PPC.

name=Livna.org Fedora Compatible Packages (stable)
name=Livna.org Fedora Compatible Packages (unstable)
name=Livna.org Fedora Compatible Packages (testing)

We also got autopartitioning on the Mac working in anaconda, and we're making progress on fixing the X autoconfiguration. I managed a graphical install on the G3 PowerBook for the first time.

It's looking good for a real Fedora Core 4 release on PPC.

Finally built a Fedora Core 3 tree for PPC which should install on the Mac G5. It's at ftp://ftp.uk.linux.org/pub/linux/fedora-ppc/fc3-ppc/ (also rsync://ftp.uk.linux.org/ftp/pub/linux/fedora-ppc/fc3-ppc/)

Aside from FC3 and the current errata, it has an updated kernel which boots on the G5 and sleeps on the G4 laptops, a patched kudzu which can handle detection of BMAC Ethernet, and of course a version of anaconda which actually generates images/mac64/boot.iso. It also has a kernel-smp package for PPC32. All these changes have been submitted to relevant package maintainers and should hopefully turn up in rawhide soon, if they aren't already there.

This tree doesn't contain any of the other anaconda fixes from rawhide/FC4, so you still need to run yabootconfig for yourself before letting it reboot after installation -- see Colin's install instructions for details.

Wheee. The majority of Fedora Extras packages are now built for Fedora/PPC.

Most of it built without trouble, the significant exception being CVSup. But now we have the Modula-3 compiler running on PPC and building binaries which run with glibc-2.3.4, so that's built too. Very reminiscent of my undergraduate days, trying to bootstrap M3 for the LINUXLIBC6 target.

If we can just fix the remaining installer problems, hopefully Fedora Core 4 can have an official PPC release. FC3 and FC2 both ran well on 32-bit and 64-bit hardware once you managed to get them installed, but it'll be nice to get it properly supported.

Havoc, I'm sure the demonstration to which you refer is very wonderful -- I already installed the Eclipse packages on my Fedora/PPC machine the other day to play with it.

Unfortunately I can't see it. That MIME type doesn't seem to be supported by my Fedora installation. Isn't SVG capable of doing the same things? Or is there a chance of improving swfdec to the point where it's shippable?

I was vaguely confused by this NewsForge article on 'Retail Geeks', as referenced by LWN.

None of it seems particularly specific to Linux. It's widely accepted that front line support is going to be absolutely appalling. In general, they employ complete fuckwits because they're cheap. Not only can they not help you with Linux problems, but they often can't even help with anything competently.

Here's some recent examples of non-Linux-related technical support. First from Yahoo! Groups -- I was kicked off one of their groups because my mail servers apparently rejected a few messages. I assumed it was due to SpamAssassin, but clicked on the helpful link which purported to give the actual error which "my ISP's" mail servers had given. It said:

550 Most messages without it are spam, so your mail has been rejected.

I happen to know that's bollocks. My servers wouldn't say that. In fact the rejection message will have been two lines, and said:

550-RFC2822 says you SHOULD have a Message-ID.
550 Most messages without it are spam, so your mail has been rejected.

So I filled in their support form, reported the above and said that their system should report the whole message instead of just the final line. And I also suggested that if they aren't going to reject RFC2822-ignorant messages lacking a Message-Id: header then they should at least add a Message-Id: of their own before resending the message to their subscribers.

The response seemed to completely miss the point...

We have checked your Yahoo! Groups account "dwmw2@infradead.org" and it appears to be in full working order. Our servers are running normally at this time, so you should not be experiencing any problems.

Your Yahoo! Groups account was labeled "Bouncing" because your Internet Service Provider (ISP) returned messages sent to your account as undeliverable. These are called "bounced messages". Accounts are automatically labeled "Bouncing" after three consecutive days of undeliverable mail.

Creative Labs did almost as well, too. She Who Must Be Obeyed bought a Muvo² MP3 player. I filled in a support form asking if there is a firmware upgrade with Ogg support, and if not, when one will be available. In the case that there were no plans to support Ogg, I asked for the reasons why this was the case. The form required ancillary information, including the operating system which was being used. Obviously I selected 'Linux'.

The response to the question "can the Muvo² play Ogg files?" was "I'm sorry, but we don;t[sic] support muvo in Linux.". I know I said non-Linux-related examples, but IMHO that doesn't count as a Linux-related support question, because the actual question I asked had nothing to do with Linux.

I responded, asking precisely why the operating system was relevant and asking for a more coherent answer to my questions. The answer came back "I'm sorry, but any of our mp3 players support OGG.".

That's a good thing, right? If any of their mp3 players can support ogg, then that means ours does. But still they didn't tell me how. I suspect they meant to say that none of their mp3 players support ogg, but in that case they failed to answer the questions about future support.

Then of course there's the idiot in my employer's IS department who responded to a report that the VPN link from the Cambridge office was losing all packets above 1408 bytes with a comment that it wouldn't matter if I were using the correct SMTP smarthost. But that wasn't frontline support -- scarily, that was actually someone who was expected to have some clue; but I've come to the conclusion that a large part of his behaviour can be attributed to a deliberate attempt to be obstructive.

It does cut both ways sometimes, though. I was in a retail outlet a while ago and bought three items, including a toner cartridge. The monkey managed to scan only two of them, and I didn't get charged for the toner. Normally I'm quite an honest person, and I would have pointed it out -- but in a place like that I consider it perfectly reasonable not to. They employ monkeys who can't help their customers, to whom they have a duty of care. So I consider their loss to be entirely their own responsibility.

Ankh, you seem a little confused. Are you speaking of my own article when you say that it " reappears every now and again "? That was written from scratch only a day or two before it was posted on Advogato; the original is here.

I suspect you're confusing it with someone else's work. Although I hadn't seen anything which was particularly similar, it wouldn't surprise me if such articles do exist elsewhere -- many people do have the same opinion of SPF, of course. Please could you provide a reference to the article with which you were confusing mine? I'd provided links to the only ones I knew about.

I'm not sure why you think the arguments are unsound and unsubstantiated. For the sake of conciseness I assumed the reader would have a reasonable understanding of how email works in theory and in the real world. So I didn't go into mind-numbing detail for the benefit of those who lack such knowledge; providing an 'email 101' course wasn't my intention. However, I don't see that I ask the reader to take any great leaps of faith without pointing at the reasoning.

If there's anything in particular which you don't understand, please don't hesitate to ask for clarification -- either in fora like this if you think it'll help with general education of the peanut gallery, or in private email if you prefer. You'll need to be far more specific about your queries though.

You say that "neither a whitelist nor a blacklist seems to solve all use cases". That's true; each performs an entirely different function and cannot sensibly be abused as if it were the other. That is my point, in fact. SPF offers a whitelist and not a blacklist, and using it as if it offers a blacklist is wrong. Yet that is the usage which is being advocated, and the usage which I'm warning against.

What most people need is a blacklist-style answer. You want to be able to know that you can reject a given mail. A whitelist is a more esoteric thing, which just allows you to bypass certain other checks for trusted incoming mail. Using SPF as a whitelist isn't what I was talking about, and isn't what most of its users are doing with it. See my response to elanthis on a similar topic -- as with many technologies, of course you can find something to do with the information in SPF records which isn't utterly broken. That was beside the point; I was speaking of the way it's advertised, as a way to reject mail.

Your comments about prevention of IP spoofing seem strange. Mail forgery isn't done by IP spoofing. A lot of ISPs do prevent subscribers from forging their source IP address, and certainly you don't get packets back which are destined for the IP address which you're spoofing. It's fairly much impossible to conduct a TCP session using a spoofed IP address from a trojan dialup or broadband machine.

Disallowing dialup clients from making outgoing connections to port 25 of anything but the ISP's mail server is a good idea, already practised in by FreeServe in the UK, for example. But it doesn't entirely block trojaned systems. Those domains offering SMTP AUTH to their users in order to use SPF/DomainKeys/SES/etc. will need to use MSA on port 587, and trojaned systems can use that route to deliver their unwanted mail.

You also seem entirely confused when you refer to "problems with forwarding services that don't themselves publish [SPF] records". Whether the forwarding site publishes an SPF record is entirely irrelevant. In the SPF world, every server which forwards mail would have to perform some arcane mangling of the reverse-path in transit; a process which even the inventor of SPF admits is unworkable. But if you'd actually read my article before commenting on it, you would have known most of that.

112 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!