The BFC Computing Weblog: Category Internet

Fedora 10 GPG Key

Bill McGonigle — Thu, 04 Dec 2008 03:21:00 -0500

To verify the Fedora 10 package downloads, you need the new key they're signing the Fedora 10 packages with, but it's only included in the -release rpm which you don't want to install on some other machines, say your repository mirror.

This works:

rpm --import 'http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xBF226FCC4EBFC273'

I wonder why this is different than the -newkey key. Anyway, don't take my word for it, check the signatures to prove it for yourself.

Anybody Heard of CISSE 2008?

Bill McGonigle — Mon, 13 Oct 2008 22:16:00 -0400

I got a spam today advertising a 'virtual conference' called CISSE 2008. Apparently they compiled at least part of their spam list by harvesting the Mozilla Bugzilla database. Their address harvester had trouble with basic e-mail parsing but got enough of my address there to positively identify the source. It's apparently organized by:

Tarek Sobh, Ph.D., P.E. 
CISSE 2008 General Chair 
Vice President for Graduate Studies and Research
and Dean of the School of Engineering 
University of Bridgeport                 
Bridgeport, CT 06604, U.S.A.

I don't know the school, but it got a .edu and the credentials above look real.

I'm curious if anybody reading here has heard of this. I'm sending an e-mail to find out if the credentials assigned are real and if so what theory of rights they have for harvesting the Mozilla database.

Update: I received a response saying that the e-mail list is built from the advisory committees' members personal contact lists. I replied that my address that was targeted exists only in relation to BMO, I don't use the address anywhere else (the words 'bugzilla' and 'mozilla' are in the address). I'll update again when I hear more.

Fedora, Cobbler & Newkey

Bill McGonigle — Thu, 18 Sep 2008 22:11:00 -0400

Folks running their own local yum repositories using cobbler will have to add new repos to get continued updates, the ones signed with the new signing key.

This isn’t hard, simply pick your mirror for f8 or f9 and add it to cobbler like the following:

cobbler repo add --mirror=http://mirror.anl.gov/pub/fedora/linux/updates/8/i386.newkey/ --name=f8-i386-updates.newkey
cobbler repo add --mirror=http://mirror.anl.gov/pub/fedora/linux/updates/9/i386.newkey/ --name=f9-i386-updates.newkey

and then edit your fedora-updates-newkey.repo file to point to your local software distribution host. Assuming you have a cron job installed cobbler will start your downloads when it next syncs.

Remember, this will get you 8-ish GB of updates per release, so make sure you need to do this. Assuming you do, the Fedora Project will be updating removal of the old signing key automatically, so get this done before they do that or your nightly security updates may stop coming in.

I'm Not E-mailing You

Bill McGonigle — Mon, 15 Sep 2008 23:10:00 -0400

Some e-mail systems, notably Earthlink, employ a challenge-response system whereby when you send a user an e-mail you get a response asking you to fill out a form to allow your e-mail to go through.

This is improper behavior because spam filtering is your problem (just like I filter my spam) and you’re pushing your work back on me.

It becomes an n^2 problem if everybody employes this kind of system, so it’s not a scalable behavior. Supporting this kind of system creates a moral hazard, so, if you’re using one of these systems you’re not going to get mail from me.

NH Broadband Action Plan

Bill McGonigle — Tue, 02 Sep 2008 08:57:00 -0400

DRED has published its ’Broadband Action Plan’ with recommendations on how to improve the penetration of high speed Internet service in NH. I attended a session in Plymouth last year to provide input on the plan.

Overall it’s a good report. I’m especially impressed with its recommendations to get State out of the way for access to land and towers, permitting, etc. Also, predictable, uniform, and competitive access to utility poles is a very important issue. They recommend the creation of a government office to oversee this work, but don’t set a recommendation for when that would would be finished. It may be necessary but this issue ought not be used to grow government in a permanent manner. This kind of communications infrastructure has the potential to really streamline government, so it’s probably a net-win to have the office. They’re asking for $100,000 for each of the next two years to fund the office, so it’s necessarily limited as currently proposed. A citizen of NH might expect to pay a dollar over the next few years to fund it.

I’ve noticed that Burlington Telecomm has been having revenue shortfalls and the ECFiberNet project, which I had high hopes for, has apparently abandoned the core attribute that made it exciting - that it would be self-funded, and has gone asking for bond money instead. That was always the uncreative option, but the private model made ECFiberNet free of coercion. That is to say, government-run models don’t appear to be very healthy, but where the government can act to get out of industry’s way or improve its monopoly grants we should welcome its action.

FCC Rules on Conflict of Interest at Comcast

Bill McGonigle — Fri, 22 Aug 2008 01:53:00 -0400

Following up on my March 2007 article Conflict of Interest at Comcast, in excerpt:

Odds are those high-traffic users are downloading video. … This is directly in competition with Comcast’s other, main, business, providing video services. The amount of traffic they’re killing at (~250GB/mo) is probably just about what you need to replace a Comcast video service.

the FCC yesterday ruled:

Comcast had an “anticompetitive motive” because it delayed and blocked peer-to-peer files through applications such as BitTorrent. Such files often are high-quality video that might otherwise be watched and paid for on cable television.

and ordered Comcast to behave. As I noted earlier, this mirrors a previous decision about DSL companies monkeying with VOIP traffic.

Twittervision

Bill McGonigle — Thu, 10 Jul 2008 11:19:00 -0400

Twittervision is combines Tweets and geo coding to show a realtime display of what people are Twittering. It’s quite a beautiful thing to watch, especially the 3D view.

I guess I wasn’t aware that Twitter fed all updates to third parties, so that’s something important to be aware of - it’s not just your followers who are seeing your updates.

I’m not sure it’s actually useful, but it certainly is neat, so probably it is useful to somebody.

I wonder if Twitter will be coming up with a trademark licensing program to allow apps like this to live peacefully.

Barracuda Moves Against Trend Micro Bogus Patent

Bill McGonigle — Tue, 24 Jun 2008 18:44:00 -0400

After reading about Barracuda moving to invalidate a bogus patent Trend Micro filed for on virus-scanning at an e-mail gateway (many of my clients depend on this technology) in January, I sent Barracuda the following note:

-----Original Message-----
From: Bill McGonigle [mailto:bill@bfccomputing.com] 
Sent: Tuesday, January 29, 2008 12:24 PM
To: legal@barracuda.com
Subject: possible SMTP prior art - TFS

From:

http://groups.google.com/group/comp.mail.sendmail/
browse_frm/thread/3cee3dc93ea81690/a8cd75d669fbd6b7?lnk=st&q=smtp+virus+scan#a8cd75d669fbd6b7

Its pretty functional - gateways between any/all MS/MAIL,
WP-OFFICE, CC:MAIL, SMTP, UUCP, MCI-MAIL. It does uuencode
and MIME attachments (configurable per address or domain
wildcard) and international characters. It can also virus
scan attachments on the way through the gateway, and access
can be controlled on a user by user basis!

(message dated July 25th, 1995).

It looks like it's still around in some form from foxT:
   http://www.tfstech.com/

Good luck,
-Bill

I never heard back more than a quick “thanks!” from Dean Drako, CEO of Barracuda, but today, I read they’ve moved ahead with this strategy and Goran Fransson, developer on TFS, is a new open source ally.

Dean writes of Goran, “We greatly appreciate the time that Goran Fransson took in coming forward to share this very important piece of prior art,” Drako says. “We believe that his testimony is instrumental in our case against what we believe is an unjust patent claim by Trend Micro against Barracuda Networks and the open source ClamAV project. In our view, Goran is an open source hero.”

Full disclosure: I’ve sold completely open solutions, based on postfix/MailScanner/clamav/sqlgrey against Barracuda’a blackbox appliances, but I’m glad they’re fighting against Trend Micro’s abuse of the system.

The Great Geek Takeover

Bill McGonigle — Thu, 19 Jun 2008 17:33:00 -0400

The geeks are taking over society, re-making it in their own image.

“How’s this then?” you may ask.

Consider that reality is what you perceive. What you perceive is based on what you know.

So then, what is it that we know? It’s either what we’ve derived ourselves or what we’ve been told or read. Most of us learn far more from others than we figure out on our own.

These days, if an average person wants to know something, where do they turn? Some people go to the library, but most go to Google, or someplace more specific, like Wikipedia.

Now, to add to Wikipedia, you need to learn MediaWiki markup. Most people don’t want to learn this. Geeks have no problem diving in, so they do it. They build an encyclopedia based on their perceptions and biases. Consumers of Wikipedia believe it to be true. Not that Wikipedia is usually incorrect, but perceptions are formed based on what is included or not included.

How about Google? Google tells you what’s out there, and it’s ranked primarily by how many links are pointing to a particular article. Who makes links? The geeks do. Google is a ranking of what geeks think is important, to a large degree.

And, again, users of Google generally accept its rankings to be ‘good enough’ for their needs. They don’t usually ask, “but what else is true that Google hasn’t told me?”

From the blogosphere to major media, to presidential campaigns, much of what “true” is based on what is found online. And what is found online is what the geeks feel like putting there.

If the industrialists shaped the last century, the geeks are going to shape this one. Sit back, enjoy, and go have a look at what’s popular on YouTube today.

Google, Target Me!

Bill McGonigle — Thu, 29 May 2008 17:47:00 -0400

There’s some grumbling about that Google is going to start targeting media ads to people based on their search preferences.

There’s only one thing to say about that: bring it on!

Having just sat through a Clairol hair coloring commercial to view a short news clip, I can’t think of any less efficient use of anybody’s resources. I don’t have enough hair to even think about coloring, CNN’s paying for the bandwidth, Clairol is paying per impression - everybody’s time and money just got wasted, and some would say the planet just got a bit warmer.

At least if it were an ad for Just for Men I’d at least be in the target market, but they’d do much better to try to sell me a Netflix Roku box, because I don’t think I can hold out much longer.