This blog is now hosted at

Tuesday, October 30, 2007

Ron Paul Spam an attempt to block campaign email?

After writing my previous article about the email spam advertising the 2008 Ron Paul presidential campaign, I was left wondering: why?

Why would someone use a method so polarizing as spam in a popularity contest? The tinfoil beanie wearer in me came up with a very insidious reason.

So let's say that you are an opponent of Ron Paul, and you want to limit his reach. Where is his campaign most effective? That's right, online. You can't block his campaigners on digg, et al., but maybe you can prevent email.

No really, and here's how it works:

Send out all of Ron Paul's campaign ideas, use his bumper sticker phrases: "Ron Paul has never voted for a tax increase", and make double sure that the email will get caught as spam.

About Bayesian Filters
Now, most people who have used anti-spam tools have probably heard of a Bayesian Filter, but what you may not realize is that Bayesian Filters are subject to poisoning. You've seen this before, in spam that seems to have unusual strings of semantically incoherent words, or direct quotes from the news or literary sources. This is an attempt to "trick" a bayesian filter.

What you may or may not remember is that most of this was preceded by mail that looked similar, but contained no actual advertisement. This was an attempt at pre-training the bayesian filter to accept the later spam.

How does this effect legitimate mail?
Now back to the Ron Paul spam: if these mails are caught as spam (and they are a very obvious form of spam-- any spam filter should catch it, and MessageGate certainly nails the headers), then the phrases contained in the email get added to the bayesian spam bucket" and are henceforth used as indicators of spam. Then, when the Ron Paul campaign sends out a legitimate mail (say, one that you actually asked for), it will be categorized as spam by the bayesian filter.

That would be particularly devastating to a campaign that seems to be almost entirely dependent on the Internet.

I'm not saying that this is actually what happened, but it's interesting to think about.

Monday, October 29, 2007

Ron Paul Spam

I wrote about the Ron Paul fan club earlier.

I've been around since Canter and Siegel offered me a chance at the green card lottery, but this is novel:

Message-ID: <000701c81a53$0156f27e$3360289e@yeibw>
From: --obscured--
To: byoung
Subject: ***SPAM*** Ron Paul Eliminates The IRS! XqvMlJY
Date: Mon, 29 Oct 2007 15:56:37 +0000
MIME-Version: 1.0

Hello Scott,

Ron Paul is for the people, unless you want your children to
have human implant RFID chips, a National ID card and create
a North American Union and see an economic collapse far worse
than the great depression. Vote for Ron Paul he speaks the
truth and the media and government is afraid of him. This is
the last honest politican left to bring this country out of
this rut from the War Profiteers and bush Administration has
created. Get motivated America, don't believe the lies of the
media he has also WON the GOP Debate On Sunday! Value Freedom
and Liberty instead of corporate lies and corruption. Bypass
this media blackout they are doing to Ron Paul, tell your family
and friends and get involved in a local group at make
your voice heard! He will end the War In Iraq immediately,
He will eliminate the IRS and wasteful government spending, and
eliminate the Federal Reserve and restore power to the people
and the only person not a member on the CFR. Can any other runner
make these claims or give Americans the true freedom we were all
raised to believe? We are all economic slaves to the banks and the
illegal federal Reserve. This is why our currency is worth nothing
because of Hidden Inflation Tax and the IRS taking everything
you make!


He has NEVER voted:
* to raise taxes
* for an unbalanced budget
* to raise congressional pay
* for a federal restriction on gun ownership
* to increase the power of the executive branch

He HAS voted:
* against the Iraq war
* against the inappropriately named USA PATRIOT act
* against regulating the internet
* against the Military Commissions Act

He will eliminate the IRS, Wasteful Government Spending &
Stop The Iraq War Immediately!

Most importantly, he voted NO on anything in Congress that
is not allowed by the Constitution. And he Despises any
politican that does not do their job for the people and lives
up to the constitution! & Search: "Ron Paul"
Join The Revolution!

We Need A Real President That Will Restore And Protect
Americans! Stop The War! Protect Our Borders!
*********VOTE RON PAUL 2008************

Editors note: I work at a company that produces anti-spam solutions.

Now from the purely technical point of view, this is a rather obvious spam-- there are definite telltales in the received lines (which is why I didn't get this message at my work account-- we screen for false headers). This came in on my "canary in the coal mine" account, which isn't listed anywhere, and I never use, except to receive spam.

Dr. Paul's supporters are well known at this point for being very active on digg and the like (to the point that many have accused them of spamming), but this is really a new low.

I hope that these political spams get a little more sophisticated (since we all know they will continue, now that they've started), starting with: please don't send mail with 500 words in one paragraph.

Concert last weekend

This weekend, my wife attended an event, leaving me as sole provider to the kids. Always looking to expand their horizons (and lacking adult supervision!), I decided to take them to see some live music.

Kimberly Lynn is a bass soloist, who has an interesting methodology: she uses a looper (which is pretty much de rigueur for soloists), but also has a MIDI pickup. Anyhow, she's very talented, and the music is interesting (the kids definitely liked it). I'll even forgive her for a rendition of White Christmas before Halloween.

She is currently playing Saturday nights in Poulsbo, WA at Casa Luna. Check her out if you have the chance.

On the way back, we took the Bainbridge Island ferry (see picture above). I loaded the little ones with hot chocolate and made them stand out on the freezing cold prow with me. It brought back the magic of childhood-- they were so excited to be on the ferry, asking about sharks, "we drive onto the ferry?!?!", etc.

I wish I had thought to bring a kite. Read more...

Friday, October 26, 2007

More troubling breathalyzer news

I have written previously about the Minnesota case where the company that manufactures breathalyzers is being required to produce the source code for the device in a drunk driving case (here and here).

By way of disclaimer, I do not condone the practice of drunk driving, and believe that current penalties are at least 1-2 orders of magnitude too light. Additionally, I'm focused on US law.

An article in the Seattle Post Intelligencer has, in my mind, clarified quite succinctly why we should require open availability of specifications, design documents, and source code for any software or hardware device that is used as evidence in a court of law. From the article:

In a widely anticipated decision, the Skagit County District Court judges found examples of careless or potentially flawed work done by state scientists and evidence that three people -- including state toxicologist Barry Logan -- committed misconduct.
Here's why we should have access to the designs, specifications, and implementation information:

In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defense. (emphasis mine)

That's the sixth amendment to the U.S. Constitution.

How do you cross-examine a device? How do you confront this "witness"?

You look at three things:
  1. Its design. The design may be flawed, intentionally or unintentionally.
  2. Its implementation. This is where the hardware and software (firmware) can be tested to verify correct function.
  3. The device itself. Is the device used for the test operating correctly?
Now, before you accuse me of being paranoid, read this article from the DUIBlog. The source code would not pass muster for any public safety requirement, but can be used to reliably convict you of a crime.

Imagine that there's this magical box that can decide your innocence or guilt. Whether you go to prison or not. Whether you are branded criminal.

It is truly amazing to me that we are willing to trust a device without truly verifying it. As though it has some magical power to discern. Maybe we're just too willing to trust that a commercial entity is going to produce a perfect device, or that they are "experts".

The reality of the industry is that there are a lot of mediocre developers, managers, testers and processes. The reality is that deadline pressures cause inadequate testing. The reality is that th "expert" implementer may have taken 6 weeks of Java training before starting work on the software in question.

I know that seems harsh, but it is a reality in the software industry.

Hence the need for openness.

Wednesday, October 24, 2007

Microsoft to push functional programming

The .NET Common Language Runtime has indeed shown its flexibility (I'd like to see a JVM do this!) in supporting a "real" functional language, F#. F# is closely related to OCaml.

Ars Technica has coverage.

The most interesting part of this announcement is that it will be fully supported in Visual Studio. In case you haven't worked in enough development organizations, this means that a large percentage of current .NET shops will, over the next several years, evaluate and begin to accept F# as a first tier programming language.

This can only bode well for those of us who were left feeling a little flat with Java and C# (although C# is a markedly better programming language than Java). The part that excites me is that if this catches on, it will generate new modes of thought in programmers, as we saw years ago when noun-oriented (oh, sorry, I meant object-oriented) programming became fashionable.

Kudos to Microsoft for continuing to push forward and take risks with the .NET platform. Read more...

Google Analytics

I love reading the reports from Google Analytics. There is a section in the reports that outlines what query terms were used to find your site, and some of them are interesting (makes you wonder what they're really looking for), and some that are just sort of funny.

Here's one:

how do you address an acting first sergeant

Just for reference, I'll submit that you'd address them formally as First Sergeant:
Yes, First Sergeant, I'll clean the latrines right now.

and informally as Top:
On my way, Top.

I don't know the particular etymology of the "Top" moniker, but I suspect it has to do with being the senior (i.e. top) enlisted position at the company level. Read more...

Monday, October 22, 2007

Apple to release iPhone Development Kit

In a somewhat interesting turn, Apple, Inc. have decided to release a development kit for the iPhone and iPod Touch. BusinessWeek has some coverage of this.

I'm happy about this, because I think that the more open a device is, the more attractive it is. I don't think this will help with Apple's not-quite-complete Bluetooth stack (as I said earlier-- it doesn't have HID (keyboard) voice activated dialing support), and that's probably a deal killer for me.

So I'll likely be sticking with BlackBerry, but seriously considering upgrading to the 8800 series. Read more...

Monday, October 15, 2007

Gold plated, oxygen-free interconnects... for your dryer?!

I was tasked with being the "care provider" the other night, so I decided to make a family pilgrimage to Fry's. Two things stood out:

1) The line for the cashiers was absolutely obscene.
2) Monster Cable is now making power cables for dryers.

Now, maybe it's just human nature, but what would bring you to pay 2-3 times as much for a power cord for your dryer? Are you concerned that you're not getting all the frequencies that you should? Already spent $20,000 on cables for your stereo, and you've run out of things to "hand-wire with point-to-point architecture"?

Of course, the cables were only like $50, no true audiophile would consider that- they can't possibly have bright open highs and singing bass at that price point. Or be hand routed. Of course, I'm not sure how you'd measure something like that on a dryer.

In Monster Cable's defense, it did look like a well built cable, and I do use their instrument cables (they have a no-questions-asked, bring it to any dealer exchange warranty, and cables always go bad over time). Read more...

Thursday, October 11, 2007

Apple Class Action Suit over iPhone

Looks like Apple is going to get sued over their bricking of modified iPhones.

AppleInsider has the goods.

I think that apple has been getting progressively more control freak-ish, what with controls on the iPod, and the hardcore lockdown on the iPhone. Maybe a lawsuit will mellow them out some.

Wednesday, October 10, 2007

Mobile Firefox on its way

Mike Schroepfer has an interesting article
on his blog about creating a mobile version of Firefox.

I, for one, am very excited about the prospect-- I've gradually gotten hooked on having a web browser with me all the time, and it would be very helpful to have a full featured browser available (e.g. AJAX support). I'm hopeful that the development cycle and hardware advances will intersect, producing a decent iPhone competitor.

The perfect partner for this would be the smartphone vendors, like RIM or Danger. I've already expressed my fanboy love for Blackberries, but it would really help to have a better browser included (I will admit that Opera Mini is pretty decent, but the idea of proxying everything through their servers is disconcerting).

Here's my ultimate device:

great email support (BB gets the nod, here, but rendering HTML mail is dodgy, and needs improving)
Great bluetooth support (keyboards, stereo headphones, etc)
high resolution screen
full featured web browser
Must take third party applications

Notice that this looks a lot like the Blackberry 8820, which I might just buy in the interim (while the mobile firefox guys get ramped up).

What do you think? Comment below.

Tuesday, October 9, 2007

Email, the miscommunication optimizer.

There is a good article about the potential for miscommunication in email over at The New York Times (registration required, don't you have BugMeNot yet?).

It puts a bit of a new spin on an old dilemma-- the fact that emotional content is difficult to properly convey in email. This should be obvious to any long term email user-- you've likely had your email grossly misinterpreted. The interesting bit is that they are bringing "social neuroscience" into the equation, and actually analyzing the brain patterns of people interacting.

The rule of thumb I have used for years:

An in-person conversation has 100% communication bandwidth (body language, tone, words).

An on-phone conversation has 50% communication bandwidth (tone, words).

An email conversation has 20% communication bandwidth (words).

Monday, October 1, 2007

Receiver Initiated Authentication

Over the weekend, I read a proposal for a new method to combat spam, called receiver initiated authentication.

Read on to learn the pitfalls that the author missed.

First, it depends on changing client code. The author suggests that three companies control 70% of the email clients, which is basically true. What he does not account for is that users also have some choice in this-- they don't have to (or may not be allowed to by IT policy) upgrade to the latest version of Microsoft Outlook, for example.

Second, it assumes that "legitimate" companies would implement it. The spammers implemented SPF faster than any of the "legitimate" companies.

Third, it assumes a database of "authorized" domains. This is a popular anti-pattern to many integration problems, so I got a good laugh. (The anti-pattern is, "Let's build a big database!", and is fraught with scalability issues.)

Fourth, it uses captcha. This is supposed to block spammers, but creates a pain for legitimate users.

Anti-spam solutions are about two things:

  1. Convenience for the user (put another way: productivity for the user increases when they don't have to delete 100+ spam messages a day)
  2. Security (preventing phishing scams, viruses, etc.)

When the solution puts burden on the end user, it can never be successful.

Editor's note: I work for a company which is in the Email Governance space (including anti-spam).

Full article here.