Random Developments

Someone in a mailing list mentioned that 2005 will have a leap second on 31 December, just before the year ends (ABC has a nice report about this). This means that the minute starting at 23:59:00 on that day will have 61 seconds (23:59:57, 23:59:58, 23:59:59, 23:59:60, 00:00:00).

This is caused by the rotation of Earth slowing down, and is not that uncommon; the last time we had a leap second was in 1998.

In any event, this gives geeks an amusing little thing to do on new year’s parties: try to convince as many people as you can to count “…4, 3, 2, 1, 1, happy new year!”.

It may not work, but you will get lots of geek points by trying.

I almost forgot to put this up this week… and the results were not that bad. “Home” had its best week so far, with 7 hits, and “money” had 6; “ladder” got only 4, however.

With only five weeks left until the end of the “home and away” season, it is pretty clear that (a) no strategy is a clear money-winner, and (b) the performance of all strategies doesn’t seem to change that much as the season advances. I’ll do a more detailed analysis after the end of the season, though.

The numbers for this week:

Links:

• Round 16 (previous)
• Round 18 (next)

For those who thought Microsoft was still living in the past (Win95 = Mac89 etc.), guess what? It’s true!

Lifehacker notes that, not only Microsoft’s Virtual Earth does not show the Apple headquarters because their images are too old, they still show the World Trade Center’s twin towers in New York.

That does explain a lot.

This is SPF as in Sender Policy Framework, an antispam method that is becoming more and more popular. I liked it at first but, after thinking a little more about it, I realized that I don’t.

For those that are not familiar with it, read their How It Works page, there’s a fairly good explanation there. The basic principle is that a domain owner (usually not a regular user) will nominate a set of servers that are allowed to send messages that claim to have a sender from his/her domain. Compliant recipients (servers, not users) will check this nomination and reject (or mark) messages that come from “unauthorised” servers. The idea is to eliminate spam coming from forged addresses.

The reason I don’t like it is that it tries to fix the problem in the wrong way. It tries to authenticate servers, not people; and, in trying to do so, it enforces rules that don’t really exist and that most users don’t know about (and wouldn’t understand, anyway). Servers don’t send e-mail, people do, and unless you can authenticate the person sending a message, by whatever method, you can’t be sure the message is invalid.

Let’s see one scenario where legitimate e-mail will be dropped. Take an hypothetical ISP, which we will call T, where SPF is enabled. Also, take an hypothetical web site that we will call U. Now say that a user, W, who has an e-mail account with T, goes to the web site U and sees a news report that he thinks might interest another user, X, who happens to also have an account with T. There are a few ways for W to send the news item to X, but the easiest one is to click on the “send this news item to a friend” link on the web page. He does that, fills in the form with his e-mail address as the sender and C’s address as the recipient, and off the message goes.

And back the message comes with this error:

Now, I know what this message means. Would a regular user know? I think not. And, even if we get past this user-friendliness issue (one could always give a better explanation in the returned message), was this message properly blocked? Again, I think not. It was a legitimate message, initiated by the person listed in the envelope From: (thus ensuring that eventual errors are directed to the message initiator, and not to the web site owner) and sent to a person with whom the user had a previous relationship.

Granted, the message wasn’t sent from one of T’s e-mail servers, but why should it? That’s not a contractual obligation between T and its users, is definitely not an RFC requirement, and may not even be a technical possibility: many, many access providers block SMTP access out of their networks, or silently redirect it to their own servers. Yes, I know about port 587; do regular users know? Once again, I guess not.

This error is not hypothetical, in case you didn’t guess. And it’s just one of the failure modes: one other is the issue I mentioned above of access providers silently redirecting port 25; e-mail forwarding sounds like another, but I haven’t tested it.

As I said above, the problem here is that servers are being authenticated in an attempt to verify that messages are valid, but server authentication says nothing about this. Unless you have a way to actually validate the person who initiated the message (and I don’t really see how you can do that in all cases), you can’t guarantee messages are valid or not. And, if you drop messages that fail the SPF test, you will drop valid messages without your users even knowing that they are missing messages.

I would be a little more sympathetic to using SPF as a means to score messages in order to possibly mark them as spam, or to allow end users the option of rejecting/quarantining them. Rejecting the message in a way that does not allow the recipient the option to accept it (and, by the way, generating backscatter when forged addresses are used for real spam) is really bad.

No spoilers, you can keep reading.

This is something that’s been bugging me for a while… the Hogwarts students (and, possibly, all other wizards and witches) could really use a Wikipedia-like resource! Or at least their own version of Google. How many times have they had to spend countless hours looking for some obscure piece of information in dusty old books? They need a search engine and a better repository of information.

Yes, I know, they can’t use electronic devices inside the walls of Hogwarts. But surely they would be able to do something like that by, hmmm, magic. Really, guys, it’s the 21st century, get on with the times. There are good galleons to be made by providing a service like this to your fellow wizards.

As the end of the season approaches, it becomes clearer and clearer that simple strategies such as the one used here are not good enough to make any serious money with (or to win any tipping competitions…).

This week brought average results: nothing particularly good (6 for “random” and “money”), nothing terribly bad (3 for “home”). It’s interesting to point out that no strategy has ever got all results for one week right; our best performance was 7 correct hits, which happened three times for “money” and once for “random”.

The numbers for this week:

Links:

• Round 15 (previous)
• Round 17 (next)

Last Saturday I went out relatively early (10:30am; that’s early for me, at least on weekends) to, among other things, get my copy of the new Harry Potter book.

I must admit I was expecting more of a “commotion” at the bookstore. Maybe I was just late for the party (the books were released at 9:01am here in Melbourne), maybe I accidentally selected a quieter store; I did see a few people dressed as Dumbledore in front of some stores, and there were people with TV cameras coming out of the Angus and Robertson store on Bourke St. Also, lots of kids were dressed as wizards/witches around Melbourne Central, presumably because of the party at the State Library (or at Borders). But the parties seemed to be over.

I had pre-ordered (and pre-paid) my book from Dymocks some three months ago for $29.95, which turned out to be a decent price: A&R was selling it for $29.99, and Book City for $39.95 (but it was only $22.43 at Big W, and $15 at Borders if you bought $75 worth of books — which I wasn’t going to).

Having read some 150 pages (out of 604) over the weekend, and trying not to give anything away, I can say that this book is already “darker” than the others. The general mood is not happy as it was at the beginning of the other books, and there is a sense of impending doom all around. It is also a little hard to remember that the kids are already 16 years old; they don’t seem to have changed all that much since the first book. Except for the, hmm, “electricity” between Harry and Hermione (were it not a children’s book I’d have called it “sexual tension”).

Of course, I bet lots of fans have already read the whole book and are happily discussing the ending. I’m actively trying to avoid reading anything about the book for precisely that reason…

All strategies did well this week, at least in correct guesses; not so much in financial results. “Money” repeated once again its best result so far, with 7 hits; “home” got 6 and “ladder”, once more, got 5.

Round 15 is an interesting one because is the last of the “first round” of matches, so to speak: all teams have already played each other once, and the next seven weeks will have “repeat” games. It will be interesting to look at how the teams go when repeating previous matches.

The numbers for this week:

Links:

• Round 14 (previous)
• Round 16 (next)

Remember webcards? Those cute e-mail messages that direct you to a website where someone, presumably a friend, selected a nice image or animation and wrote you a few lines to celebrate something, congratulate you or just because he/she thought of you? You know, instead of going out and buying a real, paper greeting card? Sorry to tell you, but they’re dead.

The first time I saw a website that sent webcards — then a new phenomenon in the Internet — was probably around 1997; it was cool, and there was a brief boom with new types of cards showing up everywhere. The boom subsided, but they are still somewhat popular in certain circles (despite being, as mentioned above, dead).

Nowadays, in my most “spam afflicted” mailbox, I receive on every single day several messages with subjects like “A special message from your friend”, “XXX sent you a webcard”, “Online greetings from XXX” etc. etc., where XXX is usually not the name of anyone I know. And it’s not because I’m that popular: in all of them, the link to the supposed webcard points to malware, usually in the form of a .scr or .exe file.

The end result, of course, is that I no longer open webcards. Not one. From anyone. They will be silently filtered to my spam folder and deleted unread; I do check my spam folder almost daily and look into any message that looks like it might be legitimate (a few times a month I end up rescuing the occasional incorrectly-classified message from it), but I never check messages that claim to be webcards.

And that is why webcards are dead. They are still out there, but, for most people, scammers, phishers and spammers have effectively killed them. And, if you happen to be a friend of mine, be aware that I almost certainly will not read any webcard you decide to send me.

Update: ITnews.com.au has noticed this as well

Just a shameless plug… I have started writing for the Melbourne Metroblog, joining a very cool team of locals. There, I will be posting random (and hopefully interesting) stuff about Melbourne; usually, whatever I post there will not be replicated here.

So, enjoy it. And make sure you check the other cities in the Metroblogging network.

Very similar results for all strategies this week: 5 hits for each of ladder, money and home. Random got only three. In fact, random performed so badly that it lost its lead and is no longer the best performing strategy, financially-speaking: home, the only one to record a net profit this week, has that honour now.

The numbers:

Links:

• Round 13 (previous)
• Round 15 (next)