[9fans] Re: new release?

[9fans] Re: new release?

[chris niewiarowski]

will thgere be a new release of plan9 any time soon? and if so what new
features will it have over the old release?>

_________________________________________________________________
Stay informed on Election 2004 and the race to Super Tuesday.
http://special.msn.com/msn/election2004.armx

Re: [9fans] Re: new release?

[matt]

ah, the fascination of the new

m

Re: [9fans] Re: new release?

[ron minnich]

On Wed, 25 Feb 2004, chris niewiarowski wrote:

> will thgere be a new release of plan9 any time soon? and if so what new
> features will it have over the old release?>

I understand there will be a lisp interpreter in acme, to allow for C and
Java modes.

ron

Re: [9fans] Re: new release?

[David Tolpin]

> > will thgere be a new release of plan9 any time soon? and if so what new
> > features will it have over the old release?>
>
> I understand there will be a lisp interpreter in acme, to allow for C and
> Java modes.

You must be joking. What dialect? ArrowLISP or what?

Re: [9fans] Re: new release?

[ron minnich]

On Thu, 26 Feb 2004, David Tolpin wrote:

> You must be joking. What dialect? ArrowLISP or what?


actually, I'm joking. Sorry, could not resist.

I see these version request things from time to time, and I think it's
kind of remarkable that we talk about 'r4' of plan 9. Think about how
often the various unix-like systems rotate versions and system calls. It's
quite impressive that plan 9 is so stable year to year.

ron

Re: [9fans] Re: new release?

[David Tolpin]

> kind of remarkable that we talk about 'r4' of plan 9. Think about how
> often the various unix-like systems rotate versions and system calls. It's
> quite impressive that plan 9 is so stable year to year.

While I agree that flickering version numbers of some other systems
are just indications of shaky designs, 'stable' differs from 'stalled'
by just two letters. I've read a lot about Plan9, I've played with
it and used it to port a couple of programs (not of general interest);
but I am now trying to understand is it live, or just elegant?

David Tolpin

Re: [9fans] Re: new release?

[Christopher Nielsen]

On Thu, Feb 26, 2004 at 12:59:05AM +0400, David Tolpin wrote:
>
> While I agree that flickering version numbers of some other systems
> are just indications of shaky designs, 'stable' differs from 'stalled'
> by just two letters. I've read a lot about Plan9, I've played with
> it and used it to port a couple of programs (not of general interest);
> but I am now trying to understand is it live, or just elegant?

it's as alive as you want it to be. there are a number
of people that use it daily, and a few that use it for
development and develop for it. i don't see the
relevance of the question, really. people are frequently
quick to announce the demise of this or that piece of
software. who cares. if you like the system, and you
want to contribute, then use it and contribute.
otherwise, go use another system.

personally, i like the simplicity and elegance of
plan9, so i use it and develop for it when i have time.

just my $0.02.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] Re: new release?

[David Tolpin]

> personally, i like the simplicity and elegance of
> plan9, so i use it and develop for it when i have time.
>

OK, are there development efforts of general interest closely
related to plan9? Is there a list anywhere? Many, if not most,
projects mentioned on Wiki I sleeping.

David

Re: [9fans] Re: new release?

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 555 bytes --]

Haven't been any huge changes in the recent past.  Factotum
and a lot of the security stuff happened 2 years ago. The earliest
deadline first scheduler has recently stabilized enough to depend
on.  Tools keep changing as people add features to them.  We base
the install on a new file system, fossil, last year.

We don't number releases at all since stuff changes everyday and
we cut a new installation image daily.  The latter is done
automaticly if anything has changed on the sources machine.
That machine is mountable by anyone using plan 9.

[-- Attachment #2: Type: message/rfc822, Size: 3124 bytes --]

From: Christopher Nielsen <cnielsen@pobox.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Re: new release?
Date: Wed, 25 Feb 2004 13:10:39 -0800
Message-ID: <20040225211039.GC83490@cassie.foobarbaz.net>

On Thu, Feb 26, 2004 at 12:59:05AM +0400, David Tolpin wrote:
>
> While I agree that flickering version numbers of some other systems
> are just indications of shaky designs, 'stable' differs from 'stalled'
> by just two letters. I've read a lot about Plan9, I've played with
> it and used it to port a couple of programs (not of general interest);
> but I am now trying to understand is it live, or just elegant?

it's as alive as you want it to be. there are a number
of people that use it daily, and a few that use it for
development and develop for it. i don't see the
relevance of the question, really. people are frequently
quick to announce the demise of this or that piece of
software. who cares. if you like the system, and you
want to contribute, then use it and contribute.
otherwise, go use another system.

personally, i like the simplicity and elegance of
plan9, so i use it and develop for it when i have time.

just my $0.02.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] Re: new release?

[matt]

when I am asked "is plan9 being developed?" in irc I usually answer "nah, it's finished"

Re: [9fans] Re: new release?

[Christopher Nielsen]

On Thu, Feb 26, 2004 at 01:13:27AM +0400, David Tolpin wrote:
>
> OK, are there development efforts of general interest closely
> related to plan9? Is there a list anywhere? Many, if not most,
> projects mentioned on Wiki I sleeping.

if there are lists besides 9fans and 9grid, i don't
know about them (doesn't mean they don't exist). any
development i was doing is currently halted as my
living situation doesn't permit it, and (as is probably
the case for a lot of people here) my schedule doesn't
really allow it.

what exactly are you looking for? a project to which
you can contribute? some sign of activity other than
this list? just curious...

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: [9fans] Re: new release?

[David Tolpin]

> >
> > OK, are there development efforts of general interest closely
> > related to plan9? Is there a list anywhere? Many, if not most,
> > projects mentioned on Wiki I sleeping.
>
> if there are lists besides 9fans and 9grid,

thank you for the pointer to the other list, I've just subscribed
to see what is happening there.

>
> what exactly are you looking for? a project to which
> you can contribute? some sign of activity other than
> this list? just curious...

I'm trying to learn.

Re: [9fans] Re: new release?

[Scott Schwartz]

| I understand there will be a lisp interpreter in acme, to allow for C and
| Java modes.

Ron is pulling your tail, but seriously, the cool thing about acme is
that the extension language can be external.  More likely python than
lisp, though.

Re: [9fans] Re: new release?

[David Tolpin]

> | I understand there will be a lisp interpreter in acme, to allow for C and
> | Java modes.
>
> but seriously, the cool thing about acme is that
> the extension language can be external.

Yes, I understand it. And I like it in general; however,
I have difficulty implementing things I want with the
way acme lets it do. This may be something to do with
my desires; but still.

> More likely python than lisp, though.

Why?

Re: [9fans] Re: new release?

[ron minnich]

On Thu, 26 Feb 2004, David Tolpin wrote:

> thank you for the pointer to the other list, I've just subscribed
> to see what is happening there.

to be honest, very little. There are some hard problems to figure out, and
while Plan 9 is the difference between hard and impossible, they're still
hard. So it is taking time. But Andrey will work it all out for us.

ron

Re: [9fans] Re: new release?

[Scott Schwartz]

| Why?

Someone ported python already, I thought.

Re: [9fans] Re: new release?

[9nut]

> I am now trying to understand is it live, or just elegant?
Both.

Re: [9fans] Re: new release?

[9nut]

> OK, are there development efforts of general interest closely
> related to plan9? Is there a list anywhere?
Yes and No, respectively.

Re: [9fans] Re: new release?

[David Tolpin]

> > OK, are there development efforts of general interest closely
> > related to plan9? Is there a list anywhere?
> Yes and No, respectively.

Why are they kept secret?

Re: [9fans] Re: new release?

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 420 bytes --]

Little things appear every very frequently and get stuck in the
distribution.  Big things like CIFS support arrive a lot less
frequently and are rarely preceded by lots of fanfare, they
just appear, a man page gets stuck in, and life continues
like nothing happened.

There are no collaborative projects going on other than the
9grid stuff that I know of.

Noone's keeping anything secret, they're just low key.

[-- Attachment #2: Type: message/rfc822, Size: 2245 bytes --]

From: David Tolpin <dvd@davidashen.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Re: new release?
Date: Thu, 26 Feb 2004 02:47:06 +0400 (AMT)
Message-ID: <200402252247.i1PMl6ld089354@adat.davidashen.net>

> > OK, are there development efforts of general interest closely
> > related to plan9? Is there a list anywhere?
> Yes and No, respectively.

Why are they kept secret?

Re: [9fans] Re: new release?

[Dave Lukes]

What's that black helicopter doing hovering overhead?

Why are the Maoist-Stalinist Communist sympathisers hidden in the walls
eating my socks?

On Wed, 2004-02-25 at 22:47, David Tolpin wrote:
> > > OK, are there development efforts of general interest closely
> > > related to plan9? Is there a list anywhere?
> > Yes and No, respectively.
>
> Why are they kept secret?

Re: [9fans] Re: new release?

[Geoff Collyer]

I've been contributing anti-spam machinery for smtpd, and have some
other code and ideas stalled by lack of time and not-quite-complete
IPv6 support in Plan 9.  So far none of the strongly-hyped anti-spam
ideas keep the spam from reaching one's machine in the first place,
and I know how to do that, it's just going to take some time to do it.

Re: [9fans] Re: new release?

[9nut]

>> > OK, are there development efforts of general interest closely
>> > related to plan9? Is there a list anywhere?
>> Yes and No, respectively.
>
> Why are they kept secret?

They are not; Some 9fans have mentioned projects they are working on
but they are not far enough along to be shared (yet).  In that sense it
is like D.H.  Rumsfeld said: "There are known knowns, and there are
known unknowns".  It is the second part, I think.

SMTP+SPF (was: [9fans] Re: new release?)

[Joel Salomon]

Geoff Collyer said:
> I've been contributing anti-spam machinery for smtpd, and have some
> other code and ideas stalled by lack of time and not-quite-complete
> IPv6 support in Plan 9.  So far none of the strongly-hyped anti-spam
> ideas keep the spam from reaching one's machine in the first place,
> and I know how to do that, it's just going to take some time to do it.
>

Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?
http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
ensure that the sender of an email is a real person from a responsible
ISP.

--Joel

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

> Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?

Yes:
1) it's complicated
2) no-one I trust has yet said
   "it probably works for the following reasons".

Therefore, until this changes, as far as I'm concerned,
it doesn't work.

Also, as an aside, the SMTP standards contain varioushave these vague
admonitions
> http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
> ensure that the sender of an email is a real person from a responsible
> ISP.
>
> --Joel

Re: [9fans] Re: new release?

[Brantley Coile]

Does the concept of release still mean anything when you
can pull new stuff daily?

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

Sorry: sloppy keyboarding (what's new?).

I meant to say ...

> Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?

Yes, we all have opinions, in fact,
our opinions all have their own opinions too.

FWIW: it's too messy for me to comprehend in a sensible timeframe,
and no-one I trust has yet said
"it probably works for the following reasons",
therefore, until this changes, as far as I'm concerned,
it Doesn't Work.

Also, as an aside, the SMTP standards contain various
vague admonitions about maxima, which spf will probably blow ...

(Y'see on the carton, where it says:
"This sendmail is not warranted against buffer overflow"?).

> http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
> ensure that the sender of an email is a real person from a responsible
> ISP.

... sometimes, depending on whether the sender uses SPF,
and what decisions your SMTP receiver wants to make ...

In and of itself it does nothing:
when a sufficient number of senders are under it's auspices,
_then_ it may be useful (modulo above concerns).

	Dave.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

I'm currently building support for it into Plan 9.  I think its a
good idea.  It doesn't prevent spam but it makes white lists better.

[-- Attachment #2: Type: message/rfc822, Size: 2992 bytes --]

From: "Joel Salomon" <salomo3@cooper.edu>
To: 9fans@cse.psu.edu
Subject: SMTP+SPF (was: [9fans] Re: new release?)
Date: Wed, 25 Feb 2004 19:14:15 -0500 (EST)
Message-ID: <3281.199.98.20.107.1077754455.squirrel@wish.cooper.edu>

Geoff Collyer said:
> I've been contributing anti-spam machinery for smtpd, and have some
> other code and ideas stalled by lack of time and not-quite-complete
> IPv6 support in Plan 9.  So far none of the strongly-hyped anti-spam
> ideas keep the spam from reaching one's machine in the first place,
> and I know how to do that, it's just going to take some time to do it.
>

Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?
http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
ensure that the sender of an email is a real person from a responsible
ISP.

--Joel

Re: [9fans] Re: new release?

[Derek Fawcus]

On Wed, Feb 25, 2004 at 03:50:18PM -0800, Geoff Collyer wrote:
> not-quite-complete IPv6 support in Plan 9.

I've not checked,  but what's missing?

DF

Re: [9fans] Re: new release?

[David Presotto]

we've got an ipv6config that we should stick out there.  there's also
some dhcpv6 support.  mostly me dragging my heels because we aren't using
it yet.  i'll have ynl (he did everything) to stick things onto sources for
people to play with.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[andrey mirtchovski]

> It thus forces you to always go through a server that is authorized to send
> mail from your domain.  Therefore, when you're off visiting somewhere, you
> still have to use your own domain's smtp server.  That might not be possible
> if you're behind a firewall.  For example, at Lucent one cannot make smtp
> connections out of the company.  One must use internal servers.  Therefore,
> russ couldn't send messages from here as rscatswtch.com or I as
> presottoatclosedmind.org since we'ld have to do through lucent servers.

Of course, with Plan 9 this particular problem doesn't exist -- just
import /net from the allowed machine...

For example, my home IP (from which I'm composing this email right
now) is banned from MAPS, probably due to the previous owner,
cpsc.ucalgary.ca's mail servers thus reject any mail I send to myself
from home.  To overcome this obstacle I simply run a script binding
the network stack of my main cpu server making every mail (including
this one) appear to be sent from plan9.ucalgary.ca...

	home% cat '/env/fn#mimport'
	fn mimport {import plan9 /net /net}
	home%

This isn't news to hardcore 9fans, but others not familiar with the
system may find it an interesting example of 9p's versatility.

andrey

Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 1789 bytes --]

I should be more complete.  SPF isn't a panacea.  There are a lot of options
but the basic function of SPF is to stick into DNS the IP addresses of the
mail servers that can send mail from a particular domain.  If you see mail
from my home machine that says its from aol.com, you dump it into the bit
bucket.  ALL of the spam that makes it through my filter has faked From:
addresses since I use a white list.  Most of my spam that gets rejected also
has faked From: addresses.

It thus forces you to always go through a server that is authorized to send
mail from your domain.  Therefore, when you're off visiting somewhere, you
still have to use your own domain's smtp server.  That might not be possible
if you're behind a firewall.  For example, at Lucent one cannot make smtp
connections out of the company.  One must use internal servers.  Therefore,
russ couldn't send messages from here as rsc@swtch.com or I as
presotto@closedmind.org since we'ld have to do through lucent servers.

It does have the advantage that the current viruses would have a hard time.  They
normally look into your Outlook address file and send mail from your machine as
a myriad of different people that you have contacted.  If most domains used SPF
then the best they could do would be to send mail through their dedicated servers
as themselves (or at worst someone in their home domain).  This really reduces the
distributed spreading power of viruses that use email.  The dedicated servers usually
find out about viruses early and filter hard.  In essence, a virus would stop
spreading as soon as aol, comcase, yahoo, etc figured out it existed.

Of course, that will just select for sneakier viruses, but the sneakier, in general,
the more complex and hence the more fragile.

[-- Attachment #2: Type: message/rfc822, Size: 5200 bytes --]

[-- Attachment #2.1.1: Type: text/plain, Size: 135 bytes --]

I'm currently building support for it into Plan 9.  I think its a
good idea.  It doesn't prevent spam but it makes white lists better.

[-- Attachment #2.1.2: Type: message/rfc822, Size: 2992 bytes --]

From: "Joel Salomon" <salomo3@cooper.edu>
To: 9fans@cse.psu.edu
Subject: SMTP+SPF (was: [9fans] Re: new release?)
Date: Wed, 25 Feb 2004 19:14:15 -0500 (EST)
Message-ID: <3281.199.98.20.107.1077754455.squirrel@wish.cooper.edu>

Geoff Collyer said:
> I've been contributing anti-spam machinery for smtpd, and have some
> other code and ideas stalled by lack of time and not-quite-complete
> IPv6 support in Plan 9.  So far none of the strongly-hyped anti-spam
> ideas keep the spam from reaching one's machine in the first place,
> and I know how to do that, it's just going to take some time to do it.
>

Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?
http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
ensure that the sender of an email is a real person from a responsible
ISP.

--Joel

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

SPF shares the same central fallacy as most anti-spam methods and as
the Department of Homeland Security: if we can just identify the
weasels, then they'll be in big trouble, oh boy, you just watch!  I'd
prefer that carry-on luggage be scanned and that spam be held at the
sender.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

I don't see that SPF will help much with hijacked machines.  It can
verify that someone or something is sending mail from the claimed
domain, but if the sending machine is a spam engine taken over by a
virus and is working its way through a list of addresses taken from a
CD-ROM of mail addresses, all SPF will do is assure you that the spam
you're getting really came from the hijacked machine it claims to be
from.

I'm spending my energy on solutions that really attack the problem.

Re: [9fans] Re: new release?

[Geoff Collyer]

I think all the v6 machinery is there except for a way to configure it
correctly (I've managed to configure it almost-correctly by hand),
dhcp support for V6 addresses, dns & dhcp cooperation when assigning
addresses (dynamic DNS updates), and of course IPSEC.  I have some
sympathy for omitting IPSEC, nice though it would be to have.  An
in-kernel implementation would be pretty ugly and there's still the
need for automatic key negotiation (the stuff that racoon does on
systems using the KAME V6 stack).

Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 1644 bytes --]

But that's exactly what I want of SPF, to tell me what machine its
coming from.  ISP's are already starting to require smtp clients to
authenticate to their mail relays.  If in addition, an smtp receiver
will only accept mail from a domain from a relay allowed to send
to that domain, that means that viruses are pretty much stuck with
sending only through their infected machine's relay.  The ISPs
I've talked to don't like viruses.  They very actively shut down
customers that look like they're sending way too much mail.
All of this would put a considerable damper on viruses since, by
trying to spread, they would become obvious.

There's already talk of doing this detection without SPF, i.e.,
to just filter the ISP clients and shut them off if they try
too many SMTP connections to anywhere in a fixed period.  Then
we'll have viruses trying to probe that limit and stay below it
but the result is a similar damping effect.

While I like your greylist hack, it's easily learnable by spammers
and incredibly easily worked around.  They can just as easily keep
a list of everyone that told them to go away and then come back
at an appropriate time.  It's only 8 bytes for every attempt.
The only reason it works now is that you're only stemming your little
corner of the tide and not bothering the spammers at all.  If
everyone did it, it would become utterly useless.  If you want to
stop spam at the door without filtering on content, then you either
need spammers to be genuinely identifiable or people you want to
send you mail identifiable.  Otherwise you're going to have to
accept the mail and look at it.

[-- Attachment #2: Type: message/rfc822, Size: 2226 bytes --]

From: Geoff Collyer <geoff@collyer.net>
To: 9fans@cse.psu.edu
Subject: Re: SMTP+SPF (was: [9fans] Re: new release?)
Date: Wed, 25 Feb 2004 19:42:12 -0800
Message-ID: <e3ee3ace76b65cc3610de64acc24408a@collyer.net>

I don't see that SPF will help much with hijacked machines.  It can
verify that someone or something is sending mail from the claimed
domain, but if the sending machine is a spam engine taken over by a
virus and is working its way through a list of addresses taken from a
CD-ROM of mail addresses, all SPF will do is assure you that the spam
you're getting really came from the hijacked machine it claims to be
from.

I'm spending my energy on solutions that really attack the problem.

Re: [9fans] Re: new release?

[Christopher Nielsen]

On Thu, Feb 26, 2004 at 01:55:22AM +0400, David Tolpin wrote:
>
> thank you for the pointer to the other list, I've just subscribed
> to see what is happening there.

you're welcome

> I'm trying to learn.

the best way to learn, imo, is to start using the system
and reading/writing code.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

The greylist hack was an interim measure, but it's been an effective
one, at least here.  Though the spammers could get smarter, they
mostly haven't, or they call back within 30 seconds, and I now reject
those too.

I think one wants a less binary mechanism, where known correspondents
and their sending systems are identified and let through, but where
unknown correspondents can be permitted or rejected by the recipient
at first contact based on several criteria.  In addition, the mail
should be held by the sender until the recipient accepts or rejects
the mail.

Re: [9fans] Re: new release?

[boyd, rounin]

meet the new release (sic)
same as the old release (sic)

Re: [9fans] Re: new release?

[boyd, rounin]

> Someone ported python already, I thought.

russ did & iirc i hacked in 9p support.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> This isn't news to hardcore 9fans, but others not familiar with the
> system may find it an interesting example of 9p's versatility.

no, neither is the RBL/MAPS' use of EBGP.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

it's an arms race.

as discussed months ago, we need a new SOP or protocol.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Charles Forsyth]

>>For example, my home IP (from which I'm composing this email right
>>now) is banned from MAPS, probably due to the previous owner,

it's probably looking at a list maintained by yet another group of
self-appointed officious self-righteous characters, that blocks
all dynamically-assigned addresses without realising that there
is a big practical difference between those addresses (like mine)
that are dynamically allocated once and then remain attached to the same
location as long as they aren't unused for ages, and those addresses
that are dynamically allocated on each call (which are probably
more attractive to spammers).  i call them officious and self-righteous
because there's no reasonable way to get a block of addresses
removed from the list unless (in my case) i am ntl:
which i am not.  i call them self-appointed, because they are.
of course, no one makes the receiving mail systems look at those
lists, so the fault is spread somewhat.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[George Michaelson]

On Thu, 26 Feb 2004 08:06:04 0000 Charles Forsyth <forsyth@terzarima.net> wrote:

>>>For example, my home IP (from which I'm composing this email right
>>>now) is banned from MAPS, probably due to the previous owner,
>
>it's probably looking at a list maintained by yet another group of
>self-appointed officious self-righteous characters, that blocks
>all dynamically-assigned addresses without realising that there
>is a big practical difference between those addresses (like mine)
>that are dynamically allocated once and then remain attached to the same
>location as long as they aren't unused for ages, and those addresses
>that are dynamically allocated on each call (which are probably
>more attractive to spammers).  i call them officious and self-righteous
>because there's no reasonable way to get a block of addresses
>removed from the list unless (in my case) i am ntl:
>which i am not.  i call them self-appointed, because they are.
>of course, no one makes the receiving mail systems look at those
>lists, so the fault is spread somewhat.


--
George Michaelson       |  APNIC
Email: ggm@apnic.net    |  PO Box 2131 Milton QLD 4064
Phone: +61 7 3858 3150  |  Australia
  Fax: +61 7 3858 3199  |  http://www.apnic.net

Re: SMTP+SPF (was: [9fans] Re: new release?)

[George Michaelson]

Sorry about that. keystroke error.

for my sins, I work for a regional Internet registry (RIR) and I can
assure you we cop as much flak about these bastards as you do. we
administer network address space up at the top, and unfortunately see entire
/8 of network cut off, because of faulty record keeping by one /24 down at
the bottom.

the RBL people are scum sucking bottom feeders, only one level up from
virus scanner authors (who themselves spam us into heat-death) -nasty,
brutish, short little squirts who think legalistic bombast about RFC
compliance legitimates what they do. they don't give a flying fart about end users
who rarely if ever have an ability to 'fix' the RBL ops perceived problems.

(sometimes, the problems vest with bodies like the one I work for. for that, I
 am of course sorry. we need to improve our record keeping and try to improve
 on compliance issues with holders of address space.)

various people perpetuate filters in their routers 'to cut off Chinese
spam' despite the address block they filter also being used in NZ, or AU,
or JP.

I recommend you to think about using SSH/SSL secured tunnels to get out of
home space, dynamic or static, and send via other paths. Its what I do, and
while I hate the double-hop cost, and the delay, it means I'm not exposed to
this stupidity.

if you work for somebody with fat lawyer chequebooks, go and sue the RBL ops.
it worked for ORBS.

-George

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

From: "George Michaelson" <ggm@apnic.net>
> Sorry about that. keystroke error.

sentence: 1 bottle of JD.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> Therefore, until this changes, as far as I'm concerned,
> it doesn't work.

i second the motion.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

bit like datakit really: not known to work reliably [at any speed], but the
code is huge.

;)

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

i'm thinking about protocols 'cos the current ones are a nightmare.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Christopher Nielsen]

On Thu, Feb 26, 2004 at 01:09:13AM +0000, Dave Lukes wrote:
>
> FWIW: it's too messy for me to comprehend in a sensible timeframe,

spam is hard. let's go shopping.

> and no-one I trust has yet said
> "it probably works for the following reasons",
> therefore, until this changes, as far as I'm concerned,
> it Doesn't Work.

that said, i agree that spf seems a bit of a hack. but
i don't disagree with presotto trying to add support.
why? because it provides more options. i know that can
be more of a quagmire, but we should provide tools, not
dictate policy. policy should be left up to the admin.
i am definitely interested to see what geoff has in
store; it'd be great to put the work of authentication
and verification on the sender. until then, let's provide
as many options as folks writing the code are willing
to support.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> `nightmare' is a politer term than I'd use.

it was a (bad) pun.

this is what i meant:

    Merovingian: I love French wine, like I the French language.
    I have sampled every language, French is my favorite.
    Fantastic language. Especially to curse with.
    Nom de dieu de putain de bordel de merde de saloperie de connard
d'enculé de ta mère. It's like wiping your arse with silk. I love it.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> To quote Doug McIroy (quoted in The Hideous Name) in a related
> context:

he must have predicted GSM :(

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

[-- Attachment #1: Type: text/plain, Size: 27 bytes --]

I'm working on protocols.

[-- Attachment #2: Type: message/rfc822, Size: 2092 bytes --]

From: "boyd, rounin" <boyd@insultant.net>
To: <9fans@cse.psu.edu>
Subject: Re: SMTP+SPF (was: [9fans] Re: new release?)
Date: Thu, 26 Feb 2004 07:51:40 +0100
Message-ID: <030601c3fc34$fd6835f0$0b00a8c0@SOMA>

it's an arms race.

as discussed months ago, we need a new SOP or protocol.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

`nightmare' is a politer term than I'd use.  `hideous botch' comes to
mind.  To quote Doug McIroy (quoted in The Hideous Name) in a related
context:

	Some standards are sound and indispensable; some simply celebrate
	bureaucratic littleness of mind.  A harvest of gimmicks to save
	appearances within the standard has grown up, then gimmicks to save
	the appearances within the appearances.  You know how each one got
	there: an overnight hack to paste another tumor onto a wild cancerous
	growth.  [...] But now that it all ``works'' — at least for the strong
	of stomach — the tumors themselves are being standardized.

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Charles Forsyth]

>>I recommend you to think about using SSH/SSL secured tunnels to get out of
>>home space, dynamic or static, and send via other paths. Its what I do, and
>>while I hate the double-hop cost, and the delay, it means I'm not exposed to
>>this stupidity.

i don't know what other paths those would be.  i want my home address
to be my address at home, not my work address.  as the SPF discussion shows,
it will probably become true that i can't add an arbitrary From: to outgoing mail
from work to have replies go back to the right address.  i'm not sure that
i want home mail going through the work system anyway, on principle.

use an ISP?  i've only just regained control of DNS and mail at work and home from
several ISPs.  what a relief!  one was increasingly unreliable and incompetent, the other
only supported POP3 (oh come on, well at least it wasn't IMAP).
my home address was previously tied to the old home ISP (which i haven't
used for my connection for years) and my new connection-ISP would
have forced a different e-mail address.  confused?  you would be.  i'm now free of that rubbish.

(just to authenticate SMTP relay to an ISP,
given the current obsession with `proof of identity' i'd probably have to fill in five forms,
present my passport and a signed photograph of my network,
and buy a so-called identity certificate from Veribad.
ugh.  it won't stop the serious spammers any more
than `identity cards', biometric or not, stops crime or terrorism.)

anyhow, i think the end-to-end aspect of the Internet is easily one of
its best features (i broadly agreed with that article Jim Chaote
pointed to a few weeks ago).  i don't particularly want to go back.

perhaps the only advantage of SPF for me is that it might be one way
to discourage self-appointed etc. people from putting my domains
and/or IP addresses on duff dns lists

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Charles Forsyth]

>>I recommend you to think about using SSH/SSL secured tunnels to get out of
>>home space, dynamic or static, and send via other paths. Its what I do, and

on a more constructive Plan 9 note, if i had to, it's easy:
	import my-work-cpu-server /net

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

<wax type="philosophical">
>   To quote Doug McIroy (quoted in The Hideous Name) in a related
> context:

In an age of relativism and expediency: an absolute truth!

Funnily enough,
I just saw another memorable quote that I had
forgotten from a certain Mr. Ritchie:
	What we wanted to preserve was just not a good environment
	in which to do programming, but a system around which a
	fellowship could form.

http://www.bell-labs.com/history/unix/somethingelse.html

(Note the (possibly Freudian) slip in the first phrase.)

I suspect that even some of the younger 9fans probably intuitively
understand some of that sentiment ...

Cheers,
	Dave.
</wax>

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> the recommendation was about avoiding RBL sickness.

wrongo.  vix built the rbl.  then i built my own -- trivial.

best idea of  '96

2 bottles of JD, now.

boy, yer running up quite a tab ...

Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 261 bytes --]

What exactly is complicated about it?  It's easier to implement than any
spam filter I've ever seen.  I do a dns query, get the ip addresses out of
it and match them to the caller's IP address.  If they match I accept the
mail, if not I drop it on the floor.

[-- Attachment #2: Type: message/rfc822, Size: 2877 bytes --]

From: Dave Lukes <davel@anvil.com>
To: 9fans <9fans@cse.psu.edu>
Subject: Re: SMTP+SPF (was: [9fans] Re: new release?)
Date: Thu, 26 Feb 2004 00:42:59 +0000
Message-ID: <1077756179.1991.85.camel@rea>

> Does anyone here have an opinion (yes ;-) ) on SMTP+SPF?

Yes:
1) it's complicated
2) no-one I trust has yet said
   "it probably works for the following reasons".

Therefore, until this changes, as far as I'm concerned,
it doesn't work.

Also, as an aside, the SMTP standards contain varioushave these vague
admonitions
> http://spf.pobox.com/ It *claims* to be a sufficient patch on SMTP to
> ensure that the sender of an email is a real person from a responsible
> ISP.
>
> --Joel

Re: SMTP+SPF (was: [9fans] Re: new release?)

[George Michaelson]

the recommendation was about avoiding RBL sickness. of course if you self host
and are not being route-blocked by people, doing the real thing e2e is best.

I'm in KL right now at a conference, and while I know the address pool is sane
(its from APNIC!) its proven so unreliable  to depend on this in the past that
I have an SSH tunnel and do 8025 -> 25 outbound from my work.

if some provider could give me that as my ggm@pobox.com, I'd use it. I have
a rackshack host (linux alas) and would use that, but the delay to the USA
gets in the way.

in Australia, the cable companies are blocking 25 as a source and dest port
into the cable space @home. it sucks.

-George

Re: SMTP+SPF (was: [9fans] Re: new release?)

[ron minnich]

On Thu, 26 Feb 2004, Charles Forsyth wrote:

> on a more constructive Plan 9 note, if i had to, it's easy:
> 	import my-work-cpu-server /net


that's how I do it now, save my work is plan9.calgary.ca :-)

ron

Re: SMTP+SPF (was: [9fans] Re: new release?)

[George Michaelson]

On Thu, 26 Feb 2004 14:21:31 +0100 "boyd, rounin" <boyd@insultant.net> wrote:

>> the recommendation was about avoiding RBL sickness.
>
>wrongo.  vix built the rbl.  then i built my own -- trivial.
>
>best idea of  '96
>
>2 bottles of JD, now.
>
>boy, yer running up quite a tab ...

Hell no, go lay the bill on Chaz. he's the one suffering from somebody's
collateral damage. RBLs are about as much use as Iron Bar Mackin hacking to
prove a point: the patient is dead by the time the lesson is learned.

You can prize the malt out of my dead hands.

-George

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

> You can prize the malt out of my dead hands.

"Your terms are acceptable". :-)

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

> that said, i agree that spf seems a bit of a hack. but
> i don't disagree with presotto trying to add support.
> why?

>  because it provides more options.

Oh, goody!  Just what the world needs: more non-working options.

> policy should be left up to the admin.

I _am_ the admin, in this case (I'm an SA in the Real World),
and my policy is: I don't want crap that doesn't help me.

I can kill most spam with spamassassin,
so unless spf kills _all_ spam, who cares?

> i am definitely interested to see what geoff has in
> store; it'd be great to put the work of authentication
> and verification on the sender.

Amen.

>  until then, let's provide
> as many options as folks writing the code are willing
> to support.

... and as many buffer overflows as you don't want.

:-(
	Dave (who's battling sendmail and named at the moment).

Re: [9fans] Re: new release?

[rog]

> the cool thing about acme is
> that the extension language can be external.

depends what you want to extend.

there are lots of acme things you can't do through the acme(4)
interface (execute an arbitrary acme middle-button command, for
example)

i'm fairly sure that's deliberate, to ensure that everyone
doesn't have an acme interface that's different from
everyone else's...

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Christopher Nielsen]

On Thu, Feb 26, 2004 at 05:43:36PM +0000, Dave Lukes wrote:
>
> Oh, goody!  Just what the world needs: more non-working options.

spf works for a specific sub-class of the problem.
nothing currently available solves the whole problem.

> I _am_ the admin, in this case (I'm an SA in the Real World),
> and my policy is: I don't want crap that doesn't help me.

you're not the only admin. i am also an sa in the real
world. you choose your policy, and i'll choose mine.

> I can kill most spam with spamassassin,
> so unless spf kills _all_ spam, who cares?

and spamassasin is horribly inefficient and soaks up
tons of resources, which is why i don't use it. just
personal preference.

--
Christopher Nielsen
"They who can give up essential liberty for temporary
safety, deserve neither liberty nor safety." --Benjamin Franklin

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

From: "George Michaelson" <ggm@apnic.net>
> ... Iron Bar Mackin

he was one of best coders i've ever seen.

john, piers and i ported 8th ed to an 11/780.

did you get a 8th ed licence, "George Michaelson" <ggm@apnic.net>

Re: SMTP+SPF (was: [9fans] Re: new release?)

[boyd, rounin]

> and spamassasin is horribly inefficient and soaks up
> tons of resources, which is why i don't use it. just
> personal preference.

i'm with you, captain ...

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Geoff Collyer]

Dave, my dns is reporting a delegation loop for anvil.com, so I can't
get mail to you.

cpu Feb 26 13:52:01 delegation loop anvil.com ns	pri2.dns.uk.psi.net ->  ns	f.root-servers.net from 154.32.107.30
cpud Feb 26 13:52:03 delegation loop anvil.com ns	wonderwall.anvil.com ->  ns	f.root-servers.net from 154.32.107.30

You have my sympathies; sendmail and named should be taken out back
and shot; that would eliminate most of the buffer overflows on (l)unix
systems.  Buffer overflows are not inevitable, they are the product of
careless programming.  Let me once again plug Dave Presotto's
string(2) library:

	string(2): avoiding buffer overruns in upas since 1984

Re: SMTP+SPF (was: [9fans] Re: new release?)

[Dave Lukes]

Thanks, Geoff.

I'm with you on buffer overflows.

named here died with an assertion failure
and PSInet obviously don't have sensible fallback arranged.
Yawn. YA job for the morning!

Thanks again,
        Dave.

On Thu, 2004-02-26 at 22:01, Geoff Collyer wrote:
> Dave, my dns is reporting a delegation loop for anvil.com, so I can't
> get mail to you.
>
> cpu Feb 26 13:52:01 delegation loop anvil.com
ns      pri2.dns.uk.psi.net ->  ns      f.root-servers.net from
154.32.107.30
> cpud Feb 26 13:52:03 delegation loop anvil.com
ns     wonderwall.anvil.com ->  ns     f.root-servers.net from
154.32.107.30
>
> You have my sympathies; sendmail and named should be taken out back
> and shot; that would eliminate most of the buffer overflows on (l)unix
> systems.  Buffer overflows are not inevitable, they are the product of
> careless programming.  Let me once again plug Dave Presotto's
> string(2) library:
>
>       string(2): avoiding buffer overruns in upas since 1984
>

Re: SMTP+SPF (was: [9fans] Re: new release?)

[David Tolpin]

> by coincidence, tonight on another list's security alert:
>
> >>When fetching a remote resource via FTP or HTTP, libxml2 uses special
> >>parsing routines.  These routines can overflow a buffer if passed a very
> >>long URL.  If an attacker is able to find an application using libxml2 that

Do you attribute it to the number of digits in the version number?

Re: SMTP+SPF (was: [9fans] Re: new release?)

[C H Forsyth]

by coincidence, tonight on another list's security alert:

>>libxml2 is a library for manipulating XML files.
>>Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
>>When fetching a remote resource via FTP or HTTP, libxml2 uses special
>>parsing routines.  These routines can overflow a buffer if passed a very
>>long URL.  If an attacker is able to find an application using libxml2 that
>> ...

Re: SMTP+SPF (was: [9fans] Re: new release?)

[vdharani]

i just saw this in cnn.com:

"E-mail identity system proposed to combat spam"

http://www.cnn.com/2004/TECH/internet/02/27/email.origins.ap/index.html

thanks
dharani