A New Spam Trick

September 2, 2007 | etbe

One item on my todo list is to set up a bunch of email addresses on sub-domains of domains that I am responsible for (with the consent of all people involved of course) and perform various actions to get the addresses noticed by spammers and measure how effective the various anti-spam measures are. As part of such tests I would click on every URL in every message sent to some accounts and see what difference it makes. My plan is to run a set of Xen virtual machines with different configurations of some common anti-spam measures used in MTAs and see how they fare with sets of accounts with similar publicity. I am not aware of any work having been done in this area (a quick Google search turned up nothing). There are many honeypots for tracking spam sources, matching email address harvesting to spamming, etc. But I’m not aware of any research into the effectiveness of various methods of combatting spam by setting up multiple honeypots. Please inform me via comments if I have missed something!

The most common advice about spam is to NEVER click on the URL that supposedly removes you from a list. By clicking on such a URL the spammer can recognise that you actually read the email and therefore know that it’s a live address and a good target for more spam. I am not aware of any good studies proving this, which is why it’s one of the things I’d like to investigate. A counter theory (for which there is also a lack of evidence AFAIK) is that spammers used to measure delivery etc but now that bot-nets are large and cheap it’s easier to just send mail to all possible addresses.

Even though I am not aware of any great evidence to support the idea I avoid clicking on URLs in spam messages. Refraining from hitting the spam web-sites can’t do any harm (it’s not as if the meager contribution to their system load caused by my web browser will cause them a problem).

But today I was tricked. A spammer subscribed me to a mailman mailing list, as I am subscribed to many lists (about half of which use mailman) the fact that I didn’t recognise the list name didn’t necessarily mean that I hadn’t signed up to it. After signing in I saw the list archives which had only one post concerning spam. I unsubscribed (there was no other reasonable option open to me) and sent the mailman message to SpamCop.

This technique will probably be effective for a while. People will think that they subscribes to a list and forgot about it and that it’s just another list that doesn’t have strong anti-spam measures. That should greatly increase the amount of time taken to black-list the spam server.

So from now on if I receive a spam via a mailing list that I am not familiar with then I’ll send it to SpamCop immediately. Also this is yet another good reason for not subscribing people to mailing lists without their consent (a practice that is far too common – it’s really not difficult to send someone an email asking whether they would like to join the list). If you subscribe me to a list without prior discussion and the first post I receive on the list is a spam then it will be sent to SpamCop and this might result in you being black-listed.

Hot-swap Storage

September 1, 2007 | etbe

I recently had to decommission an old Linux server and replace it with a new machine. When I was about to turn it off I noticed a power cable of the type used for IDE hard drives leaving the Linux server and entering an NT server that was in the same rack! It turned out that a DAT tape drive used for backup had been shipped without a power cable and they had been forced to take power from another machine. Incidentally is this likely to risk hardware damage?

So I had to take the NT machine down to fix it. The new cable had arrived so all I had to do was install it. One thing that wasn’t mentioned on the documentation was that the cable was designed to operate as a double-adapter and replace an existing cable. Once the phone support people had explained this (IBM support is really good – they solved the problem well within the SLA) I was able to correctly wire it.

However correct wiring in this case meant having a power cable go through the side of the storage bay and a SCSI cable came from the back of the case underneath the cooling fan assembly (something like 16 separate hot-swap fans in one assembly that can be removed for maintenance). The DAT drive took up space that could otherwise have been used for three hot-swap SCSI hard drives.

What I would like to know is, why can’t they make hot-swap DAT drives that use the same power and SCSI connectors as the hard drives? I don’t expect a DAT drive to be any more reliable than a hard drive, and when the system backup is mission-critical then down-time is required for a replacement. Not to mention the effort involved in the installation, my fingers are significantly longer than average, I can’t imagine how anyone with average size hands could complete the job!

So IBM, congratulations on the great phone support. But please try and make everything hot-swap when designing servers. Also while on the topic, I think that servers should be designed with external DVD drives connected via USB. I really hate it when I’ve got 10 * 2U servers in a rack, my system performance is limited by the number of disks and every single server has space that could be used for at least one disk sitting idle because there is a DVD drive gathering dust. For the IBM 2U servers in question, they could design them with space for 12 disks or 9 disks and one DAT drive which were all hot-swappable if they were smart about it, the current design supports 6 disks or 3 disks and a DAT.

Carbon Geo-Sequestration

September 1, 2007 | etbe

My post about Why Hydrogen Powered Cars Will Never Work has received a record number of comments. Some of them suggested that carbon geo-sequestration (storing carbon-dioxide at high pressure under-ground) is the solution to the climate change problem. The idea is that you can mix natural gas or coal gas with steam at high temperature to give carbon-dioxide and hydrogen. Then the carbon dioxide gets stored under-ground while the hydrogen is used for relatively clean fuel.

Beyond Zero Emissions has produced a media release about the fallacies expressed in the FutureGen document promoting so-called “clean-coal”, the best content is in their PDF document titled FutureGen Conceptual Design Retort. Note that I did some research to support the preparation of the retort, I am not referencing them to support my arguments but as background information.

One overwhealming problem with geo-sequestration for coal based power plants is that it is significantly more expensive than the current coal-fired power plant design. Currently the price difference between coal power and wind power is quite small and there are several technologies that are almost ready for production which will decrease the cost of wind power, it is expected that before so-called “clean coal” becomes viable (they are planning for the first production plants to go live in 2022) the cost of renewable energy will be lower than the current cost of coal power. There is no reasonable possibility of “clean coal” being cheaper than renewable energy.

The underground reservoirs that could be used for storing CO2 currently contain brine, which can contain toxic metals and radioactive substances (according to the Bureau of Land and Water Quality in the US). If toxic and radioactive substances need to be pumped out to make room for CO2 then it’s hardly a clean process!

The US Geological Survey has an interesting page about volcanic gas. Apparently it’s not uncommon for small animals to be killed when CO2 forms pools in low lying areas. If (when?) CO2 escapes from geo-sequestration the same might happen with humans. They also have a page about CO2 killing trees at Mammoth Mountain! Before I read this I never realised that plants could be killed by excessive CO2. Apparently tree roots need oxygen and CO2 in the ground will kill them. The release of 300 tons of CO2 per day killed 100 acres of trees. The FutureGen trial power plant is designed to support sequestration of over 1,000,000 tons of CO2 per year (that is over 2,700 tons per day). If it leaked at 1/9 that rate then damage comparable to Mammoth Mountain would be the result. Note that the FutureGen trial plant will be a fraction of the size of a real coal power station so an escape of significantly less than 1/9 of the CO2 from a real sequestration plant would have such a bad result. It’s interesting to note that tents and basements are documented as CO2 risks, so I guess we have to avoid camping in areas near power plants!

What would happen if a large geo-sequestration project had a sudden failure? IE if the reservoir broke and all the CO2 erupted suddenly? We already have an answer to this question because such things have happened in the past. In 1986 in Cameroon 1.2 cubic kilometers of CO2 gas was released from a volcanic lake, that is 2,400,000 tons (or just over two years of output from the proposed FutureGen plant). It killed over 2000 people. What might happen if 10 years of output from a commercial scale coal power plant was suddenly released into the atmosphere?

As far as I know there has been no research on de-sequestration of CO2. If a reservoir is discovered to be unstable after 20,000,000 tons of CO2 have been stored in it, what will we do?

Geo-sequestration of CO2 makes nuclear power plants seem safe by comparison.

etbe – Russell Coker

Linux, politics, and other interesting things

Monthly Archives: September 2007

A New Spam Trick

Hot-swap Storage

Carbon Geo-Sequestration