Another Wednesday, Another Joe-Job

2008-09-25 by mjr

Yesterday, another of our mailboxes got joe-jobbed, just like last week. Again, it was one of our Exim servers (yes, one got done along with a qmail last week). Again, it was an address that should never appear as the SMTP sender. Again, I put something like

        deny
          message = 553 That address is not used for outgoing email so should never get errors - please telephone us if in error
          senders = :
          recipients = !/etc/exim4/permitted-envelopes

into /etc/exim4/local-rcpt.acl, added CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/local-rcpt.acl to /etc/exim4/conf.d/main/02_local_options, put all permitted envelope addresses into /etc/exim4/permitted-envelopes, then ran update-exim4.conf and /etc/init.d/exim4 reload and the flood stopped.

So far, it seems to be working like it should. Is there a drawback I haven’t spotted yet, apart from the obvious problem of needing to list all outgoing envelope addresses?

Posted in Education, Training and Information, GNU/Linux, ThePhoneCoop, Web Development | Tagged , , , , , , | 1 Comment

Stop Software Patents

2008-09-24 by mjr

Today is the World Day Against Software Patents – 24 September. If you’ve not already signed the petition, go do it now, please. Especially if you’re in Europe, but also if you’re in the US or other swpat-suffering nation.

Programs are protected by copyright and the underlying harmonies should no more be protectable by patents than music, or other natural matters.

Posted in Koha, SPI | Tagged , , , , , | 1 Comment

Report on Shape the future of social enterprise in the South West 4 Sep 2008

2008-09-22 by mjr

I went to this event a few weeks ago. The immediate outcome is the call for expressions of interest in RISE-SW’s projects. The deadline is next Monday (29th September) at 12 noon, so get emailing if you’re interested in them. After that, shortlisted EoIs will get two weeks to write a full bid. I’ve asked for a non-Microsoft copy to be posted. Microsoft is a social problem, not a social enterprise.

The consultation event was a pretty straightforward introduction and discussion in small groups, followed by feedback to the whole group, with lunch to finish. The host was Gareth Hart of Perfect Moment (yet another non-SE hired by RISE instead of SE providers?).

First, the introduction covered the CapacityBuilders Social Enterprise Programme, the context of the programme and RISE’s suggested themes for support: accessibility of SE support, better opportunity for the Voluntary and Community Sectors to be more enterprising, improving SE quality standards and organisations, making SE infrastructure sustainable, and developing more peer-to-peer SE support and mentoring.

In the discussion that followed, I think the standards and sustainability themes were largely kicked into touch as unachievable with the available budget, while we felt peer-to-peer support was better as part of the more general accessibility and opportunities themes. My personal pet points were that if the Social Enterprise Mark is funded, it should benefit small SEs rather than RISE, and that if another database or directory is funded, it should be Open in licence and maintenance, like ODP and unlike previous directories which have wasted government money.

I’ll be interested to see how that’s reflected in the Call for Expressions when I get to reading it this week.

Posted in Cooperatives | Tagged , , , , | Leave a comment

Lots of Days: Software Freedom, British Food and World Peace

2008-09-20 by mjr

Today is Software Freedom Day.

It is also the start of British Food Fortnight. (Tip to total coverage cooperative.) There is an open day 11-3 at Thatchers Cider, near here in Sandford. (To get there from Worle by bike, leave through St Georges to Bourton, then Hewish, Puxton, Nye, over the Strawberry Line and you’ll arrive on Nye Road in Sandford – turn right for the cider. I’m not sure of the best way from Locking direction…)

Tomorrow is the second equinox and International Day of Peace. (Tip to New Internationalist cooperative.)

What are you doing this weekend?

Posted in Drupal, Education, Training and Information, GNU/Linux, Koha, OSCommerce, SPI, Web Development, Wordpress and Blogs | Tagged , , , , , | Leave a comment

Spam Revenge: Stopping Joe-job Floods in qmail

2008-09-18 by mjr

Myself and a colleague were both getting Joe-jobbed yesterday. I had an easy time telling Exim to reject mine at SMTP time, but the colleague receives mail on our only Plesk server, so it’s using qmail. I’ve noticed before that qmail admin tools are primitive and incomplete, so I looked for the appropriate rocks to bang together to put this fire out. (I think I just sprained a metaphor.)

My best attempt so far is to edit the user’s .qmail file to start with a pipe to a command that exit 100s if it detects an error for an email which the user obviously didn’t send (wrong email client or whatever). qmail understands code 100 as a hard error, so I think that should generate an SMTP error, but I didn’t figure out from the logs whether it was SMTP-time or later and my testing was inconclusive. I suspect Plesk will remove my pipe when the user next edits their email account, too. How do qmail/Plesk users not drown in spam?

In related news, I’ve started getting “Challenge Response” emails from users of Merak Mail Server Software for emails I never sent. I’m answering the challenges so that challenge-response users get spam if their server spams me. Challenge-response is evil – I don’t want spam from your mailserver just because you accepted spam that said it was from me. If you are using Merak Mail Server Software, change away now!

One of my current anti-spam tactics is to read my email in batches (which Suw suggests is a good idea) and group messages which look “similar”. Very similar messages appear for very few reasons: people resending messages, mailing list threads, stuff from spam-nets and a few others. Apart from spam-nets, most of the others match one of a few keywords. My current method of doing this is part-automatic and part-human. Are there automated anti-spam tools which exploit this local similarity? I think DCC used to include this idea, but then there were software patents and hoo-ha and I stopped paying so much attention.

Finally, a small discussion has broken out in the comments of Is Yahoo Now Even Worse On Spam? about whitelisting and business-critical uses of free webmails.

Posted in GNU/Linux | Tagged , , , , , , , | 8 Comments

Software in the Public Interest

2008-09-17 by mjr

There should be a board meeting at 1900 UTC in #spi on irc.oftc.net, according to the last meeting. There’s no announcement or agenda online at the time of writing. (If only you’d elected me…)

Hopefully, a meeting will decide on issuing a statement in support of the campaign against Software Patents and supporting FACIL taking on the Quebec proprietary software problem.

Update: The agenda appeared between the time of writing and the time of posting.

Posted in SPI | Tagged , , , , , , , , , | 4 Comments

Software Freedom Day: Sat 20 Sep 2008

2008-09-17 by mjr

Lucy Bridges writes:

“Saturday 20th September is Software Freedom Day [1]. As many of you will know, this is a worldwide event designed to promote software freedom. I am proud to announce that Manchester Free Software (like many other groups across the country and the world) will be hosting an event to celebrate.” (original)

I don’t know of any events in the Bristol or Somerset areas, but I wish the Manchester event all the best.

Posted in Education, Training and Information, GNU/Linux, SPI | Tagged , , | 3 Comments

Web Foundation and While I Was Out

2008-09-16 by mjr

I concentrated on work after my return to the keyboard last week and then spent much of the weekend reroofing a shed, so today was my first day catching up with the news. Here’s what I noticed:-

Posted in GNU/Linux, Koha, ThePhoneCoop, Web Development | Tagged , , , , , , , , , , | 5 Comments

BT raise phone call connection charge

2008-09-15 by mjr

The biggest competitor to our telephone service, BT, increase their connection charge to 7p per call tomorrow (16 September 2008) for many customers (thanks to MSE for the news).

However, our telephone service’s basic prices remain 4.7p per call for up to 1 hour (then 1.175p/minute) for Evening & Weekend Local and National calls and 2.94p/minute Daytime Local and National Calls, with no set-up charge.

BT’s prices for 1471, 1571, ringback, alarm calls and 3-way calling are also increasing. What are they playing at? It says these price rises are “in order to stay competitive”. Huh? Increased competition but still raising prices – it’s almost like they want to stay competitive by not having any customers who read their bills! I guess then they’ll be able to charge what they like, pretty much. £5 per call, anyone? And Phorm would get through pretty easy if they only have negligent customers…

Posted in Education, Training and Information, ThePhoneCoop, Web Development | Tagged , , , , , , | Leave a comment

Away From Keyboard

2008-09-11 by mjr

I’ve been away from the blogging keyboard for a few more days than I expected. For some reason, my WordPress doesn’t work in lynx so I couldn’t post from the mobile phone when I had chance. I was at:-

I’ll write up the remaining events over the next few days and they should appear linked from below this article – please leave me a comment if you want to influence the order I write them. First I need to attend to some business matters, though.

Other recent random things: upgrading my kernel (to enable an rt2500 wireless card instead of the nasty bcm4301 I was using) seems to have fixed an X/GNUstep copy-paste problem I was having; why does http://identi.ca say “OpenID authentication failed: Not in requested trust domain” to my OpenID?

Posted in Education, Training and Information, GNU/Linux, Koha, SPI, Web Development, Wordpress and Blogs | Tagged , , , , , | 4 Comments