Re: Whitelists, not directly useful to spamassassin...
Warren Togami wrote: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247#c49 https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247#c51 It turns out that the ReturnPath and DNSWL whitelists have a statistically insignificant impact on spamassassin's ability to determine ham vs. spam. Meanwhile, both whitelists have high levels of accuracy. How can both of these statements be true? I suspect this is because the scores are balanced by the rescoring algorithm to be safe in the majority case where no whitelist rule has triggered. Thus whitelists are not needed or relied upon to prevent false positive classification. I concur, that is what my analysis of HABEAS hits over the last four months showed too. /Per Jessen, Zürich
Re: OT: Museum piece...
thus Charles Gregory spake: On Wed, 16 Dec 2009, Ted Mittelstaedt wrote: Those were the days. A few poke and peek commands, 15 minutes waiting for the cassette tape to load the pirated game... Biggest thrill for me was reverse-egineering the 'fast loader' code in one of the games so that I could create my own TSR that would allow me to load *any* game from the floppy drive using fast synchronous transfer. I remember to run some app on my C64 (there was a 1541-II atached to it, as well as a 1581 -- but the 1541-II is the device that came into play) that used the floppy's CPU and RAM as a second node. MPP for crunching fractals, in the 80s, at home! :D Sigh. (So, so seriously OT here. Better stop this now LOL) - C Timo
Re: Reminder:: 3.3.0 pre-release cut: December 17th
Warren Togami wrote on Wed, 16 Dec 2009 18:12:05 -0500: All bugs targeted for 3.3.0. When reviewing this list and playing around I found that there are 22 bugs for milestone 3.2.6. Shouldn't these get reviewed and promoted to 3.3.0 if still valid? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: OT: Museum piece...
On Wed, 2009-12-16 at 21:20 -0500, Gene Heskett wrote: No cpm here, but what was once os-9, now nitros-9 because we changed the cpu to a hitachi 6309, cmos smarter, then re-wrote os-9. Both levels. No CP/M here either, but I have a working Flex 09 relic - MC6809 with parallel connected ASCII keyboard (remember them?) and a stack of 4 floppy drives, with all drivers and boot strap in my own re-engineered ROM monitor. I still run OS-9/68K v2.4 on a 68020 (Peripheral Technology hardware). This is run almost daily with access over my LAN via ssh access to a copy of Kermit and a serial port on the physically nearest Linux box. Martin
Re: Reminder:: 3.3.0 pre-release cut: December 17th
On Thursday December 17 2009 12:49:25 Kai Schaetzl wrote: When reviewing this list and playing around I found that there are 22 bugs for milestone 3.2.6. Shouldn't these get reviewed and promoted to 3.3.0 if still valid? What usually happens is that a bug was fixed in trunk (3.3), but then (if it seemed important and not too difficult to mend) targeted for 3.2.6 just in case this release ever happens. If one can find any bugs targeted for 3.2.6 but not yet fixed in 3.3, please promote or copy them to a 3.3 target. Mark
Re: Museum piece...
On Wed, 2009-12-16 at 18:27 -0800, Marc Perkel wrote: jdow wrote: From: Charles Gregory cgreg...@hwcn.org Sent: Wednesday, 2009/December/16 07:49 On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. One year my daughter's school had a project to construct exhibits for a show called 'working class treasures' for the local Worker's Heritage Museum. The idea was to put on display 'precious' possesions from their parents' childhood. Baseballs, old toys, favorite tools, whatever. Well, the only thing I had of any 'meaning' to me was my C-64. So she put that in her exhibit. So yes, my Commodore 64 has actually been displayed in a museum. Not just figuratively, but *literally* a 'museum piece'. :) How many do you want? I believe Loren might still have several. {O.O} I don't know if anyone still remembers this but this is what I had for my first computer back on 1979. http://www.scotthodson.com/blog/wp-content/uploads/2007/08/imsai8080.jpg IMSAI 8080 - except I had a Z80 board for it. War Games anybody? I remember The Kid had an IMSAI 8080 and, judging by the flashing lights, it was faster than the SAC's supercomputer by several orders of magnitude. Martin
Re: Sharing and merging bayes data?
On 12/17/2009 2:50 AM, Rajkumar S wrote: Hello, I have 2 SA servers running for a single domain. Both were primed with a set of 200 spam and ham messages are are now auto learning. After about a day both have auto learned different numbers of ham and spam mails. Is it possible to merge the bayes data every night and update both servers with new merged data? I'm not sure about the merging, but why would you not be using a SQL server back-end database for storing the bayes information. Then both servers could reference and update the same data set.
Re: Sharing and merging bayes data?
On 12/17/2009 2:50 AM, Rajkumar S wrote: Hello, I have 2 SA servers running for a single domain. Both were primed with a set of 200 spam and ham messages are are now auto learning. After about a day both have auto learned different numbers of ham and spam mails. Is it possible to merge the bayes data every night and update both servers with new merged data? with regards, raj No.. If you're using file-based bayes, there's no good way to share updates between one DB and the other. The information needed to make such a merger successful isn't stored, because it is not needed for any reason within SpamAssassin. The database merely stores the token, it's spam count, it's nonspam count, and a last-seen timestamp. If you look at the same token in 2 different databases, you can't really merge these counts, because you don't know how many occurred since your last merge. If you really want common bayes data between two servers, you should configure bayes to use a SQL server (MySQL, etc) and point both SpamAssassin configurations to the same database. This also has the benefit that both servers are continuously in-sync.
OT Re: Museum piece...
On 12/17/09 8:56 AM, Kevin Golding wrote: I think I still have a Model B in the loft somewhere... Kevin I had an ASR 33 teletype with an Anderson Jacobs 110 baud coupler. We dialed into an 800 number owned by tymenet (an X.25 pad). had to hit the ^p on the keyboard after it stopped screaming into the coupler. it took ATT (in 1970) two months to engineer a phone line from the CO that would stand up to the rigors of 110 baud. (and I might have been the one to have written one of the original ST games. I still have the paper tape and printout of the source) It started its life on an SDS940 somewhere in Texas, running 'UBASIC' (university of maryland basic). Ended up on a Sperry Univac that was jointly owned by Florida Atlantic University and Florida International University. I used to skip class (11th grade in high school) to hang out in the basement of the FAU admin building and work on the program. new 'glass tubes' came in. we convinced the computer science majors that 'CRT' meant 'Computer Readout Tube'. and, yes, the two most popular programs that ran on the new 'calcom plotter' were a pinup of marilyn monroe and lucy (pregnant) yelling 'You blockhead charlie brown') -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: Sharing and merging bayes data?
On 12/17/09 2:50 AM, Rajkumar S wrote: Hello, I have 2 SA servers running for a single domain. Both were primed with a set of 200 spam and ham messages are are now auto learning. After about a day both have auto learned different numbers of ham and spam mails. Is it possible to merge the bayes data every night and update both servers with new merged data? with regards, raj One option, since 'mx2' version of bayes is heavily weighted towards 'spam', is, just nightly, stop spamd, backup bayes from mx1, and restore to mx2. (and its a lot easier if you use bayes). or, as one posted suggested, use one single mysql database. its faster and more stable. (mark: _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: Sharing and merging bayes data?
On Thu, Dec 17, 2009 at 7:44 PM, Michael Scheidell list-s...@secnap.com wrote: or, as one posted suggested, use one single mysql database. its faster and more stable. Thanks every one, mysql is the way to go. raj
Re: Sharing and merging bayes data?
On 12/17/2009 02:14 PM, Michael Scheidell wrote: On 12/17/09 2:50 AM, Rajkumar S wrote: Hello, I have 2 SA servers running for a single domain. Both were primed with a set of 200 spam and ham messages are are now auto learning. After about a day both have auto learned different numbers of ham and spam mails. Is it possible to merge the bayes data every night and update both servers with new merged data? with regards, raj One option, since 'mx2' version of bayes is heavily weighted towards 'spam', is, just nightly, stop spamd, backup bayes from mx1, and restore to mx2. (and its a lot easier if you use bayes). or, as one posted suggested, use one single mysql database. its faster and more stable. Or if you really don't want to use a single mysql database, yet another alternative might be to disable autolearning, and manually train both servers against shared folders for spam/ham run as a nightly cronjob.
Re: Site-wide Bayes
On Wed, 16 Dec 2009 09:36:12 -0500 Michael Scheidell scheid...@secnap.net wrote: On 12/16/09 9:27 AM, Thomas Harold wrote: I'm guessing that you'd also want to change the autolearn thresholds to be stricter? Like only auto-learning if it scores below -2 or above +10? (That might be an amavisd-new feature.) I still use 0, but have the high score at +15. The default is 0.1 IIRC, and I wouldn't recommend setting it lower without negative-scoring custom rules - it's set positive for good reasons. BAYES and userconf whitelisting rules don't count for autolearning, so if you set a negative threshold with the default rules, you rely on DNS whitelisting to define ham - the likes of HABEOUS. Setting it at exactly 0.0 is also problematical since the decision to learn is commonly going to be determined by nominally scored rules that score 0.001 and -0.001.
Re: Sharing and merging bayes data?
On Thu, 17 Dec 2009 09:04:18 -0500 Matt Kettler mkettler...@verizon.net wrote: No.. If you're using file-based bayes, there's no good way to share updates between one DB and the other. The information needed to make such a merger successful isn't stored, because it is not needed for any reason within SpamAssassin. The database merely stores the token, it's spam count, it's nonspam count, and a last-seen timestamp. If you look at the same token in 2 different databases, you can't really merge these counts, because you don't know how many occurred since your last merge. I'm not saying it's a good idea, but it is possible provided that you retained the result of the previous merge. It should be simple to script too.
Re: Whitelists, not directly useful to spamassassin...
Warren Togami wrote: While whitelists are not directly effective (statistically, when averaged across a large corpus), whitelists are powerful tools in indirect ways including: * Pushing the score beyond the auto-learn threshold for things like Bayes to function without manual intervention. This does not sound like a positive thing to me. E-mail from any sender that is malformed enough to skip auto-learning should not be forced into Bayes as ham simply because some 3rd party promises, for their own monetary benefit, that the sender is a nice guy. Why should any sender that I have not intentionally added to my local whitelist get a break? I've had enough problems with DNSWL, HABEAS, and JMF that they have all been disabled here. Unfortunately, that also means I have no recent data to add to the debate. Although I believe that whitelists should be included in the default install for those that want them, I also believe they should be disabled by default so that an admin must knowingly enable them after reading the manual and considering the consequences. The argument has also been made that whitelists should be included simply because blacklists are. I think that argument is flawed. Blacklists are part of the spam fighting community while whitelists are part of the bulk delivery community. Their goals and motives are completely different. For one, blacklists will normally have evidence of abuse to support their listing. Whitelists only have policies and promises. Second, the scoring of whitelists is currently favored over blacklists, and will continue to be at the proposed settings for 3.3.0. Why can a whitelist override the score of a blacklist when it is the blacklist that has evidence of abuse? After reading up on Bug6247, I found that ReturnPath included interesting stats on their lists: Certified Active: 4407 Suspended: 1300 Total: 5707 Safe Active: 6561 Suspended: 283 Total: 6844 The Certified list is supposedly difficult to get on so I'm not sure how to interpret these results. Is 1/5 of the list suspended because of due diligence on the part of ReturnPath? If so, how did they get certified in the first place? If whitelists are to be enabled by default, I believe their score should be moved considerably more toward zero. /Jason
OT Re: Museum piece...
I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. -- Steve Lindemann __ Network Administrator //\\ ASCII Ribbon Campaign Marmot Library Network, Inc. \\// against HTML/RTF email, http://www.marmot.org //\\ vCards M$ attachments +1.970.242.3331 x116
Re: Whitelists, not directly useful to spamassassin...
Thank you, Warren. That (finally) gives some real perspective to this mess, and gets some of the 'real' questions answered. - C On Wed, 16 Dec 2009, Warren Togami wrote: I made a discovery today that surprised even myself. Using the rescore masscheck and weekly masscheck logs while working on Bug #6247 I found some interesting details that throws a wrench into this lively debate. https: //issues.apache.org/SpamAssassin/show_bug.cgi?id=6247#c49 https: //issues.apache.org/SpamAssassin/show_bug.cgi?id=6247#c51 It turns out that the ReturnPath and DNSWL whitelists have a statistically insignificant impact on spamassassin's ability to determine ham vs. spam. Meanwhile, both whitelists have high levels of accuracy. How can both of these statements be true? I suspect this is because the scores are balanced by the rescoring algorithm to be safe in the majority case where no whitelist rule has triggered. Thus whitelists are not needed or relied upon to prevent false positive classification. While whitelists are not directly effective (statistically, when averaged across a large corpus), whitelists are powerful tools in indirect ways including: * Pushing the score beyond the auto-learn threshold for things like Bayes to function without manual intervention. * The albeit controversial method where some automated spam trap blacklists use whitelists to help determine if they really should list an IP address. https: //issues.apache.org/SpamAssassin/show_bug.cgi?id=6247 https: //issues.apache.org/SpamAssassin/show_bug.cgi?id=6251 spamassassin-3.3.0 has reduced the score impact of these whitelists to more modest levels, maxing out at -5 points. -5 is PLENTY for spamassassin, as 5 points is the level which the scoreset is tuned. Mail from a whitelisted host would need greater than 10 points to be blocked, which is statistically very rare for ham. I believe that we are striking the right balance with these modest whitelist scores in this release. That being said, whitelists should be constantly policed to maintain their reputation and trust levels. For example, while I currently am impressed by DNSWL's performance, I am not pleased that they seem to lack automated trap-based enforcement. Relying only on manual reports and manual intervention requires too much effort in the long-term for any organization, be it company or volunteer run. Warren Togami wtog...@redhat.com
Re: Cooperative data gathering project.
Jason Haar wrote: On 12/17/2009 03:30 PM, Marc Perkel wrote: Then the third filed is NONE. That's how I do it. But the idea is that any kind of daya can be collectively gathered and distributed. Instead of a TCP channel (which means software), what about using DNS? If the SA clients did RBL lookups that contained the details as part of the query, then if your end parses DNS logs (I'm thinking djbdns, don't know about BIND), then you could extract the data yourself. You could even introduce a token into the RBL to stop the bad guys corrupting your corpus (a problem you'll have to deal with anyway whatever the network mechanism). e.g. (token == 834ufg754) spam.1.2.3.4.834ufg754.newrbl.com ham.5.6.7.8.834ufg754.newrbl.com ie only the dns logs that contain valid tokens are legitimate In this case the idea is to gather data in real time. So those who gather data need to be able to send the data to a central place that receives the data and then makes it available to everyone.
Re: Whitelists, not directly useful to spamassassin...
On 12/17/2009 11:27 AM, Jason Bertoch wrote: If whitelists are to be enabled by default, I believe their score should be moved considerably more toward zero. /Jason I don't necessarily disagree with this desire, as now we know the whitelists actually are making almost zero difference to spamassassin's results. We did at least reduce the scores from their default values that were in spamassassin-3.2.x as a reasonable compromise. Warren
testing spamassassin,sa-learn not work
Hi, I created a sample message, then tell spamassassin to learn it as spam with the command #sa-learn --spam spamtest.txt then I tried the command #spamc spamtest.txt but spamassassin still scored it as non-spam. Am I doing something wrong? Please help! Here is my spamtest.txt (based on GTUBE): Subject: Test spam mail (GTOBE) Message-ID: gtobe2.2020...@example.net Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender sen...@example.net To: Recipient recipi...@example.net Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit rwo*moiseimfos.oiamf*ifomie*ioefs-fnoianee-fpqo-noi-afes-afesf*e.34rm http://www.cometomystore.com
Re: [sa] Re: emailreg.org - tainted white list
On Thu, 17 Dec 2009, Yet Another Ninja wrote: On 12/16/2009 6:16 PM, Charles Gregory wrote: On Wed, 16 Dec 2009, Yet Another Ninja wrote: blabber... checkout SVN - follow dev list... HABEAS is history... I believe the *point* here is that HABEAS is NOT 'history' for ordinary systems running ordinary sa-update on 3.2.5. they can adjust scores if they don't approve of what has been delivered... Agreed. But that does not make the statement HABEAS is history accurate in any way that is relevant to current sa-update.. My rules (in /var/lib/spamassassin) still include the strong negative scores for HABEAS, as discussed here. funny.. my rules show a 0 score for HABEAS stuff, same with all the other certification services oh wait!! I adjusted the scores myself coz I didn't want them in my way. Why don't you go one step further and just 'unsubscribe' from any spam you receive? If you want the ultimate in responsive after-the-spam-has-arrived customization, that's the way to go ;) Oh. Sorry. Someimes the sarcasm gets away from me. We are discussing the DEFAULT rules. The only way someone can tell me that HABEAS is history and have it apply to ME is if they have propogated a change through sa-update. They haven't. Your customizatino sounds a lot like mine. But just because you and I have solved our problems for *us* personally does not mean we can just forget about everyone else. You're a Ninja, judging by your From header. You *must* be in this to improve things for everyone. I'm certainly not posting here just to hear myself talk. I can customize my server far faster (it's actually a daily routine) than I can type suggestions here. But I want this to work for everyone. And everyone is not on this list. So changing SA defaults is the best way to help everyone. I don't have the 'budget' to just jump in and help code, so I make suggestions, with (I hope) the appropriate tone of respect for the people who *do* have the 'budget' to be working on improving SA. But this is NOT me whining about *my* problems. I don't have a problem with HABEAS. I occasionally notice their rule fire, but usually something else knocks out the spam anyways (shrug) - C
Re: emailreg.org - tainted white list
On Wed, 16 Dec 2009, LuKreme wrote: On 16-Dec-2009, at 16:11, Michael Hutchinson wrote: So far only 1 person on this list has claimed to have been hit by Spam that has been let through by the Habeas rules in SA. I'm the only one? Really? That doesn’t jibe with my memory, but I'm not scanning the entire list to prove you wrong. No, no! I'm the one! (smile) Though in fairness, I don't see a terrible problem with it. Just the occasional hit I would suspect a hacked server - C
Re: OT Re: Museum piece...
re: CP/M No S-100 bus systems mentioned yet? My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I decided it was time to upgrade when a computer store clerk was trying to tell me that there was no such thing as an 8 floppy disk... - Hoover Chanhc...@mail.ewind.com -or- hc...@well.com Eastwind Associates P.O. Box 16646 voice: 415-731-6019 -or- 415-565-8936 San Francisco, CA 94116
Re: testing spamassassin,sa-learn not work
On Thu, 17 Dec 2009, Khanh Truong wrote: I created a sample message, then tell spamassassin to learn it as spam with the command #sa-learn --spam spamtest.txt then I tried the command #spamc spamtest.txt but spamassassin still scored it as non-spam. Am I doing something wrong? Please help! Training a message as spam does not guarantee the next time the exact same message is seen that it will be scored as spam. It's not a poison pill tool. Training a message as spam tells SA that messages that look similar to the trained messages will be scored more spammy than they otherwise would be. This may push the overall score past a threshold. Three things you need to look at: (1) Have you trained enough spam _and_ ham messages to give the bayes database enough to work with to make decisions? Run sa-learn --dump magic and verify that you have at least 200 spam _and_ 200 ham tokens. (2) What was the bayes score on the message the first time you passed it through SA for scoring, _before_ using it for training? (3) What was the bayes score on the message when you passed it through SA for scoring _after_ training? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 8 days until Christmas
Re: OT Re: Museum piece...
On Thu, 17 Dec 2009, hc...@mail.ewind.com wrote: I decided it was time to upgrade when a computer store clerk was trying to tell me that there was no such thing as an 8 floppy disk... I wonder if IBM finally phased them out? I still have a couple as souvenirs :) - C
Re: OT Re: Museum piece...
From: Steve Lindemann st...@marmot.org Sent: Thursday, 2009/December/17 08:30 I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) Have one complete with the SASI hard disk. {^_^}
Re: [sa] Re: habeas - tainted white list
{side note} Has anyone noticed how the thread 'emailreg.org - tainted white list' has been left unchanged, despite the topic moving on to Habeas. Whilst this is side splittingly funny if you do a search on emailreg.org and see it in the archives, it's probably not fair to drag their name through the mud when the topic has moved on? I wonder how long the thread will be left at the new 're: habeas - tainted white list'? How many will post using it? Or if those black helicopters and MIB's will seek to put a stop to it? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: OT Re: Museum piece...
From: hc...@mail.ewind.com Sent: Thursday, 2009/December/17 09:06 re: CP/M No S-100 bus systems mentioned yet? Processor Technology SOL-PC boosted to a higher speed (had to reengineer timing on the board.) I also added a paddle board with S-100 slots on both sides. I was able to stick 5 S-100 cards into a remarkably odd profile compared to other S-100 systems. My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. I also have a Godbout chassis and some of their CPU cards. I used them as the basis for my paging hack. I decided it was time to upgrade when a computer store clerk was trying to tell me that there was no such thing as an 8 floppy disk... I decided to upgrade when Jay Miner's geniuses put together the Amiga computer. {^_^}
Re: OT Re: Museum piece...
On Thu, 17 Dec 2009, Charles Gregory wrote: On Thu, 17 Dec 2009, hc...@mail.ewind.com wrote: I decided it was time to upgrade when a computer store clerk was trying to tell me that there was no such thing as an 8 floppy disk... I wonder if IBM finally phased them out? I still have a couple as souvenirs :) They're running about $9 each on EBay... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Bother, said Pooh as he struggled with /etc/sendmail.cf, it never does quite what I want. I wish Christopher Robin was here. -- Peter da Silva in a.s.r --- 8 days until Christmas
Re: [sa] Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk Sent: Thursday, 2009/December/17 09:28 {side note} Has anyone noticed how the thread 'emailreg.org - tainted white list' has been left unchanged, despite the topic moving on to Habeas. Whilst this is side splittingly funny if you do a search on emailreg.org and see it in the archives, it's probably not fair to drag their name through the mud when the topic has moved on? I wonder how long the thread will be left at the new 're: habeas - tainted white list'? How many will post using it? Or if those black helicopters and MIB's will seek to put a stop to it? I believe on the whole Warren Togami's posting about a whitelist performance on a masscheck settles the affair. White lists are very reliable. They are also very unnecessary within SpamAssassin. So perhaps the whole topic can die. I also note that the people complaining about the white lists seem to leave out solid data. Were the spams really confirmed spams or were they merely scored as spams? What scores hit that made them score as spams? What kind of installation do you have? How many emails a day are processed? It's little details like that which prompt other people to look at assertions somewhat askance or ignore them outright. With my three personal accounts I have yet to see an email off this list containing HABEAS, spam or ham, since this discussion began. I guess I don't do business with HABEAS customers and no spammers have pushed through anything from a HABEAS site. The mail volume is fairly high (LKML and a couple other Linux lists). And the spam seems to be suddenly up from 60-80 a day to the 90s/day. For those spammers who are listening, I REALLY do not need Via-thingie-alis whether or not it is from he Pf people. If I REALLY need to get it up I do a sexy striptease or something like that. (The V thingie seems to be a new feature of my spam bucket - 10 or more of them a day.) {^_-}
Re: OT Re: Museum piece...
From: John Hardin jhar...@impsec.org Sent: Thursday, 2009/December/17 09:35 On Thu, 17 Dec 2009, Charles Gregory wrote: On Thu, 17 Dec 2009, hc...@mail.ewind.com wrote: I decided it was time to upgrade when a computer store clerk was trying to tell me that there was no such thing as an 8 floppy disk... I wonder if IBM finally phased them out? I still have a couple as souvenirs :) They're running about $9 each on EBay... Verified formatted or New Old Stock we don't have a way to check them? (They seem to have held their value compared to the last pack of Verbatims I bought. Alas, the oxide is probably flaking off.) {^_-}
sa-update 403 forbidden
Sometimes sa-update works, sometimes one gets http: GET http://daryl.dostech.ca/sa-update/asf/891585.tar.gz request failed: 403 Forbidden: You don't have permission to access /sa-update/asf/891585.tar.gz on this server. Apache/2.2.3 (Fedora) Server at daryl.dostech.ca Port 80 I recommend that http://daryl.dostech.ca/ have an email address for contact shown, so I can tell him directly the next time it happens.
Re: OT Re: Museum piece...
Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. Later, there were Wang digital calculators (http://www.oldcalculatormuseum.com/wang362e.html - that one's actually newer, smaller more feature rich) in the chem library with multiple keyboard/display units connected by serial cable so that several students could be using it at once. The thing is that all those extra digits were insignificant and had to be lopped off anyway. ;-) Computers often encourage innumeracy (http://www.amazon.com/Innumeracy-Mathematical-Illiteracy-Its-Consequences/dp/0809074478/ref=tmm_hrd_title_0), and make us think we know more than we actually do. (That's quite a good book, by the way. If you like numbers/math, get it for yourself for Christmas or whatever you celebrate at this time of year.) -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: sa-update 403 forbidden
On 17/12/2009 1:00 PM, jida...@jidanni.org wrote: Sometimes sa-update works, sometimes one gets http: GET http://daryl.dostech.ca/sa-update/asf/891585.tar.gz request failed: 403 Forbidden: You don't have permission to access /sa-update/asf/891585.tar.gz on this server. Apache/2.2.3 (Fedora) Server at daryl.dostech.ca Port 80 I recommend that http://daryl.dostech.ca/ have an email address for contact shown, so I can tell him directly the next time it happens. Fixed. Sorry. I missed perms on a symlink target when I moved things to a new server early early this morning. Daryl
Re: OT Re: Museum piece...
On Thursday 17 December 2009, hc...@mail.ewind.com wrote: re: CP/M No S-100 bus systems mentioned yet? Sorry, my omission. The first gizmo I ever built, in 1979, was a Quest Super Elf, which has an expansion connector on its board that allowed an s-100 buss backplane to be plugged into it. It had an RCA 1802 cpu, running at a whopping 1.79mhz, but its full machine cycle was 8 clocks. I wrote, in hex by looking it up in the excellent rca programmers manual, entering it into memory from a hex monitor using a 6 digit led display, a program to take a finished tv commercial tape from the production guys, run the tape deck to search for and mark the first frame of video to see air, tell it how long the commercial was in time with 6 presets from 10s to 2m. It would then back the machine up about 12 seconds, roll it fwd and enable the insert edit mode of the machine and lay a new, frame accurate 10 second academy countdown leader that I wrote the routine for and built the hardware to display it in 103 line high characters, disappearing at T-2.0 seconds, laying a trigger tone for the automatic station break machine at T-5.0 secs in the process, and continue to the end, laying another trigger tone on the 2nd audio channel 5 seconds from the last frame to air. In use for a decade+ at KRCR in Redding CA where I was the ACE at the time. I still have a paper copy of the program on one of the higher bookshelves above me. And given enough time access to graveyard electronics, I could rebuild the cg and interface boards yet. Simple stuff really, ran in about 1200 bytes of the $400 4k static ram board I bought and built for it. Lots of it was lookup tables, at least 40% of the ram used, was used as lookup. Self modifying code snippets scattered all thru it to conserve ram, designed in without ever having a clue as to how much ram it would take to do the job and I was surprised that it came in at the size it did. And dead stable despite the self-modifying as it effectively rebooted itself at the end of every job. It was a job humans were doing, and screwing up the timing of, and it saved a generation of dubbing loss, a very valuable feature in the days of u-matic tape machines being used in tv broadcasting. Biggest problem was in getting the production people to leave me 15 seconds of good black in front of the commercial itself I love to remember, but really, this is off topic... -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp The sooner you fall behind, the more time you have to catch up.
Re: sa-update 403 forbidden
OK, thanks. I'd put some contact info on top of http://daryl.dostech.ca/, above This blog is currently in a static state pending an upgrade of WordPress, in case something breaks next time.
Re: sa-update 403 forbidden
On 17/12/2009 1:36 PM, jida...@jidanni.org wrote: OK, thanks. I'd put some contact info on top of http://daryl.dostech.ca/, above This blog is currently in a static state pending an upgrade of WordPress, in case something breaks next time. I used to have that and I got about 100 messages a day asking for help setting up sa-update. Perhaps I'll try it again when I fix the website. Daryl
Re: Whitelists, not directly useful to spamassassin...
Very interesting data indeed -- and a testament to the accuracy of the SpamAssassin rules weighting process. On Dec 16, 2009, at 4:10 PM, Warren Togami wrote: While whitelists are not directly effective (statistically, when averaged across a large corpus), whitelists are powerful tools in indirect ways including: * Pushing the score beyond the auto-learn threshold for things like Bayes to function without manual intervention. * The albeit controversial method where some automated spam trap blacklists use whitelists to help determine if they really should list an IP address. Another indirect benefit (according to other users of our whitelists) is that when they implement a new spam-blocking method, the whitelists serve as kind of a safety valve to let legitimate mail through even when the new rule turns out to have false positives. Site-specific whitelists are important for this, too. That being said, whitelists should be constantly policed to maintain their reputation and trust levels. Agreed. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Cooperative data gathering project.
On 12/18/2009 05:31 AM, Marc Perkel wrote: In this case the idea is to gather data in real time. So those who gather data need to be able to send the data to a central place that receives the data and then makes it available to everyone. You've lost me there - DNS would allow you to do that. You run the DNS server, SA does the queries, they get routed through the standard DNS hierarchy, you get to see them (and respond), interpret and make that data available via any mechanism you want - probably also via (a different?) DNS. A short TTL would reduce lost data (in fact, the only possible cached-caused data loss would be for duplicate queries from the same SA instance) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
RE: [sa] Re: habeas - tainted white list
I believe on the whole Warren Togami's posting about a whitelist performance on a masscheck settles the affair. White lists are very reliable. They are also very unnecessary within SpamAssassin. So perhaps the whole topic can die. I also note that the people complaining about the white lists seem to leave out solid data. Were the spams really confirmed spams or were they merely scored as spams? What scores hit that made them score as spams? What kind of installation do you have? How many emails a day are processed? It's little details like that which prompt other people to look at assertions somewhat askance or ignore them outright. With my three personal accounts I have yet to see an email off this list containing HABEAS, spam or ham, since this discussion began. I guess I don't do business with HABEAS customers and no spammers have pushed through anything from a HABEAS site. The mail volume is fairly high (LKML and a couple other Linux lists). And the spam seems to be suddenly up from 60-80 a day to the 90s/day. For those spammers who are listening, I REALLY do not need Via-thingie-alis whether or not it is from he Pf people. If I REALLY need to get it up I do a sexy striptease or something like that. (The V thingie seems to be a new feature of my spam bucket - 10 or more of them a day.) {^_-} JDow et al, why do you say on the whole ? what is holding you back in your thinking there? ...based upon Togami's data processing, the biggest thing that comes to mind is this... *IF* these or similar rulesets are not truly not making a difference one way or the other, then why are they there? why do we really need them or the other similar rulesets? ...and why should any rules such as these have a default SA installation value other than zero and then educate admins in the documentation what to do in regards to enabling and suggested scoring? - rh
Re: Whitelists in SA
On Dec 16, 2009, at 8:35 AM, LuKreme wrote: The fact is I *AM* their customer. The people writing them checks are not, they're just their funders. Whitelist companies ha to convince admins to use their list. The only way to do that is to have really really really high quality lists that really do prevent spam delivery. If I don't use their whitelist, and others don't use their whitelist, then their model falls apart and they don't make money Exactly what Return path has been saying (and acting upon) for years. (We could debate whether Habeas followed that rule before we bought the company, but it's impolite to speak ill of the dead.) but no company is enlightened enough to realise this. Heh. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: emailreg.org - tainted white list
On Dec 16, 2009, at 8:11 AM, Christian Brel wrote: It's also fair to say any ESP such as Return Path taking money to deliver mail should be optimising it {or offering advice on optimisation) so it does *not* score high. Otherwise what are their customers paying them for? Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: habeas - tainted white list
On Thu, 17 Dec 2009 12:21:37 -0700 J.D. Falk jdfalk-li...@cybernothing.org wrote: On Dec 16, 2009, at 8:11 AM, Christian Brel wrote: It's also fair to say any ESP such as Return Path taking money to deliver mail should be optimising it {or offering advice on optimisation) so it does *not* score high. Otherwise what are their customers paying them for? Return Path is not an ESP by any of the common definitions. http://en.wikipedia.org/wiki/ESP (No wonder you're confused.) -- J.D. Falk jdf...@returnpath.net Return Path Inc Would it be rude of me to ask how you make your money? Is it from the provision and delivery of bulk commercial email or am I confused? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: OT Re: Museum piece...
From: Chris Hoogendyk hoogen...@bio.umass.edu Sent: Thursday, 2009/December/17 10:07 Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. I still have my KE Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. {^_^}
Re: [sa] Re: habeas - tainted white list
From: R-Elists list...@abbacomm.net Sent: Thursday, 2009/December/17 11:21 I believe on the whole Warren Togami's posting about a whitelist performance on a masscheck settles the affair. White lists are very reliable. They are also very unnecessary within SpamAssassin. So perhaps the whole topic can die. I also note that the people complaining about the white lists seem to leave out solid data. Were the spams really confirmed spams or were they merely scored as spams? What scores hit that made them score as spams? What kind of installation do you have? How many emails a day are processed? It's little details like that which prompt other people to look at assertions somewhat askance or ignore them outright. With my three personal accounts I have yet to see an email off this list containing HABEAS, spam or ham, since this discussion began. I guess I don't do business with HABEAS customers and no spammers have pushed through anything from a HABEAS site. The mail volume is fairly high (LKML and a couple other Linux lists). And the spam seems to be suddenly up from 60-80 a day to the 90s/day. For those spammers who are listening, I REALLY do not need Via-thingie-alis whether or not it is from he Pf people. If I REALLY need to get it up I do a sexy striptease or something like that. (The V thingie seems to be a new feature of my spam bucket - 10 or more of them a day.) {^_-} JDow et al, why do you say on the whole ? what is holding you back in your thinking there? ...based upon Togami's data processing, the biggest thing that comes to mind is this... *IF* these or similar rulesets are not truly not making a difference one way or the other, then why are they there? why do we really need them or the other similar rulesets? ...and why should any rules such as these have a default SA installation value other than zero and then educate admins in the documentation what to do in regards to enabling and suggested scoring? I read Warren's note to indicate their scores were being made sensible in line with what the masscheck indicates. If they are 100% effective and only 1% needed the score would be very low despite the accuracy. That makes sense as a starting point. Then it's up to the administrators to put in their custom rules to account for effects like one person's spam is another person's ham, and I don't want to bother to unsubscribe, I'll just declare this list spam. The tools might be good as an SMTP transaction time test, though. Use a positive hit as a gateway through the greylisting wall, perhaps. It might put a small fraction of a percent more load on SpamAssassin. But it might be worthwhile. Heck, I'm only administering a two person net here and I take the time to learn the tools I am using and write useful configurations for them. Somebody paid to do this should do no less. Otherwise, do something silly and purchase a Barracuda if the boss is too dumb to pay you to do it right. {^_^}
Re: Whitelists in SA
From: J.D. Falk jdfalk-li...@cybernothing.org Sent: Thursday, 2009/December/17 11:21 On Dec 16, 2009, at 8:35 AM, LuKreme wrote: The fact is I *AM* their customer. The people writing them checks are not, they're just their funders. Whitelist companies ha to convince admins to use their list. The only way to do that is to have really really really high quality lists that really do prevent spam delivery. If I don't use their whitelist, and others don't use their whitelist, then their model falls apart and they don't make money Exactly what Return path has been saying (and acting upon) for years. (We could debate whether Habeas followed that rule before we bought the company, but it's impolite to speak ill of the dead.) but no company is enlightened enough to realise this. Heh. jdowLukreme seems to not have much of an engineering education and zero experience with statistics. It is statistically impossible to remove all spam perfectly and let all ham through perfectly. Perfect is a goal you can never reach. If you obsess about it, you will find yourself round the bend before long. All you can do is adjust the ratio of missed ham to missed spam one way or the other. Where you slice is pretty much up to you. What is the cost, the real cost in lost customers or dollars spent, for a missed ham and for a missed spam. If you can hit that balance point for minimum overall cost you've done your job. If you sit and bitch about something not being perfect, then you're not doing your job. It is a good thing this issue was raised. It led to appropriate mass check runs. I expect that will lead to saner scoring within the SA framework. If not and it bites me, THEN I'll raise the issue again. Does that seem fair? {^_^}
Re: OT Re: Museum piece...
hc...@mail.ewind.com wrote: My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. You and Jerry Pournelle :-)
Re: OT Re: Museum piece...
jdow wrote: From: Chris Hoogendyk hoogen...@bio.umass.edu Sent: Thursday, 2009/December/17 10:07 Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. I still have my KE Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. bingo. I like the way you stated that. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: sa-update 403 forbidden
Daryl C. W. O'Shea wrote on Thu, 17 Dec 2009 13:28:48 -0500: early this morning. BTW, I was already getting this temporarily when trying to run the first sa-update for SA 3.3.0 beta1 a few days ago. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: sa-update 403 forbidden
On 17/12/2009 3:31 PM, Kai Schaetzl wrote: Daryl C. W. O'Shea wrote on Thu, 17 Dec 2009 13:28:48 -0500: early this morning. BTW, I was already getting this temporarily when trying to run the first sa-update for SA 3.3.0 beta1 a few days ago. Could you tell me, off-list, the public facing IP that this was happening to, the channel you were using, and approximately when this happened? I could potentially expect time-outs on the old host, but not 403s. Checking the logs I only see 403s for the 5 banned-for-abuse IPs (the list hasn't changed since Mar 2 2008). Daryl
RE: emailreg.org - tainted white list
-Original Message- From: LuKreme [mailto:krem...@kreme.com] Sent: Thursday, 17 December 2009 4:59 p.m. To: users@spamassassin.apache.org Subject: Re: emailreg.org - tainted white list On 16-Dec-2009, at 16:11, Michael Hutchinson wrote: So far only 1 person on this list has claimed to have been hit by Spam that has been let through by the Habeas rules in SA. I'm the only one? Really? That doesn’t jibe with my memory, but I'm not scanning the entire list to prove you wrong. Really? Yeah, sorry, not buying it. OK I am probably wrong, but the list certainly hasn't been inundated with people saying that they have that exact issue. Come on, how many people have been hit with Spam, to find that the only reason it has gotten through their Gateway is because of a Habeas rule? I only remember Richard complaining about this. Everyone else started carrying on about the Habeas rules being present at all, when it is more than within their power to disable those rules. Buy what you want, but I'm not selling anything. Cheers, Mike
Re: habeas - tainted white list
On 17/12/2009 2:21 PM, R-Elists wrote: ...based upon Togami's data processing, the biggest thing that comes to mind is this... *IF* these or similar rulesets are not truly not making a difference one way or the other, then why are they there? why do we really need them or the other similar rulesets? We can't and aren't really sure that they don't make a difference. Our ham corpus isn't really all that big. For the most part it's probably made up largely of types of mail that Return-Path wouldn't be dealing with on their lists. Clearly it's not containing much mail that Return-Path deals with. The corpus isn't big enough to say that most people (and most people aren't technical people, rather are just common Internet users) won't get mail that Return-Path doesn't deal with though. ...and why should any rules such as these have a default SA installation value other than zero and then educate admins in the documentation what to do in regards to enabling and suggested scoring? SA is designed to be safe for most users. Most as in general Internet users and safe as in it would rather not tag mail than tag it. IMO whitelists have a place in SA, even whitelists that we cannot determine due to a small corpus size whether or not they're actually making a difference... at least when based on our corpus there's no evidence that they're statistically and drastically causing a significant amount of spam to pass that otherwise wouldn't. We treat blacklists the same way. We include blacklists in the default install to stop spam. We include whitelists because of our core principle of being safe for most users in general. I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. BTW, I will not waste any cycles defending individual instances on spam getting by because of whitelists for the exact same reason that I do not do the same for ham that gets caught by whitelists. Daryl
Re: OT Re: Museum piece...
On Thu, 17 Dec 2009, jdow wrote: I still have my KE Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. Ah, you've got the newer cheaper model. I inherited mine from my father (40's vintage) and it has a rosewood core. In my freshman year of college, (1970) we had to take a slide-rulesmanship class, given pages of number problems were graded on speed and accuracy of working those problems (shades of grade school ;). Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. That's because the slide rule doesn't give you the exponent, only the mantissa. So part of that slide-rulesmanship class was learning to do the exponent calculations in your head rapidly and accurately. Great for looking at gobs of numbers and figuring out the OOM of the answer. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: OT Re: Museum piece...
On Thursday 17 December 2009, jdow wrote: From: Chris Hoogendyk hoogen...@bio.umass.edu Sent: Thursday, 2009/December/17 10:07 Steve Lindemann wrote: I think I still have a Model B in the loft somewhere... Kevin I've seen CP/M mentioned but no mention of the venerable Kaypro! Oh those were the days 8^) But my first digital computer (at work) was a Raytheon 703 with paper tape to load programs (after you fingered in the boot) and output was the lights on the front panel. I also worked on analog computers for a number of years, it wasn't so much programming as re-engineering. I actually do miss those days. A skilled practitioner could get 5 digits out of this baby: http://en.wikipedia.org/wiki/Slide_rule (I still have the yellow one). If you needed more rigorous but still relatively easy and quick, you would use this: http://ljkrakauer.com/CRC99ph/CRCbook.htm. I still have my KE Log Log Duplex Decitrig. It still works. And it's still aligned despite it's being bamboo. So do I, but mine is alu, and corrosion over about 50 years has taken its toll on how smoothly it operates. But like yours, it still worrks, just needs a shot of wd-40 occasionally. Learning to calculate with slide rules is an important step to being numerate. You can forget actually using the slide rule. But being able to hammer out answers on it for complex problems leads to a really good ability to estimate answers. That way when the nice digital CPU coughs up a digital hairball answer to a problem you can see the error at a glance. Yup, great teacher, for a kid with a grammer school education way back when the 50L6-gt was a brand new tube. {^_^} -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Q: How does a Unix guru have sex? A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep -- unknown source
Re: OT: Museum piece...
On 16.12.2009 18:15, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic (both compiler and interpreter), WordStar and Multiplan and the Basic game Keke (a Rosberg formula one simulation ;)) Still works. If it had a NIC and TCP/IP I would use it. Now it's useless. If it worked, I'd port Firefox for it ;) -- http://www.iki.fi/jarif/ You will pay for your sins. If you have already paid, please disregard this message. signature.asc Description: OpenPGP digital signature
Re: OT Re: Museum piece...
On Thursday 17 December 2009, Robert Ober wrote: hc...@mail.ewind.com wrote: My first home computer was a Godbout S-100 bus system running a dual 8085/8088 CPU board. At that time, the future in operating systems was going to be CP/M 86. You and Jerry Pournelle :-) Yeah, but Jerry is relatively new. I started out reading all of Doc Smiths stuff as soon as I could read, eagerly awaiting the next issue of whatever SF rag my uncle was subbed to in the early 40's, when they could find enough paper to publish it. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Maybe you can't buy happiness, but these days you can certainly charge it.
Re: OT: Museum piece...
On 17.12.2009 23:10, Jari Fredriksson wrote: On 16.12.2009 18:15, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic (both compiler and interpreter), WordStar and Multiplan and the Basic game Keke (a Rosberg formula one simulation ;)) Still works. If it had a NIC and TCP/IP I would use it. Now it's useless. If it worked, I'd port Firefox for it ;) I wrote my 'BAG' compression software for CP/M with it, using the LZH-algorithm, ported LZH uncompression named 'UnYoshi', and ported UNZIP, those from MS/DOS. It was not easy, as the BDS-C compiler did not have 'overlay' -technogy, had to implement my own. Also wrote a VT-100 emulator, but that did not succeed, no matter how much assembly I added to it, it was sluggish. Nokia's own VT-52 terminal was super fast, and I never could get there. There was no VT-100 for MikroMikko available :( The BBS-systems on MS-DOS era needed one, though. -- http://www.iki.fi/jarif/ You are only young once, but you can stay immature indefinitely. signature.asc Description: OpenPGP digital signature
Re: Reminder:: 3.3.0 pre-release cut: December 17th
Suggesting to postpone the wrapup date till tomorrow (December 18) to give us one more day to digest the latest changes and see where we stand. Mark
Re: Reminder:: 3.3.0 pre-release cut: December 17th
On 12/17/2009 04:24 PM, Mark Martinec wrote: Suggesting to postpone the wrapup date till tomorrow (December 18) to give us one more day to digest the latest changes and see where we stand. Mark Seconded. I guess I'm spinning the rc1 unless jm wants to do it. I'm reluctantly going to call the first cut rc1.proposed1 after the previous discussion. After the 3 day period has passed with no objections then it will be renamed to rc1 and released. Warren Togami wtog...@redhat.com
Re: OT: Museum piece...
On Thursday 17 December 2009, Jari Fredriksson wrote: On 17.12.2009 23:10, Jari Fredriksson wrote: On 16.12.2009 18:15, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic (both compiler and interpreter), WordStar and Multiplan and the Basic game Keke (a Rosberg formula one simulation ;)) Still works. If it had a NIC and TCP/IP I would use it. Now it's useless. If it worked, I'd port Firefox for it ;) I wrote my 'BAG' compression software for CP/M with it, using the LZH-algorithm, ported LZH uncompression named 'UnYoshi', and ported UNZIP, those from MS/DOS. It was not easy, as the BDS-C compiler did not have 'overlay' -technogy, had to implement my own. Also wrote a VT-100 emulator, but that did not succeed, no matter how much assembly I added to it, it was sluggish. Nokia's own VT-52 terminal was super fast, and I never could get there. There was no VT-100 for MikroMikko available :( The BBS-systems on MS-DOS era needed one, though. I took the os-9 version of VT-100 and with relatively little added code, made it into a VT-220 that the CBS programmed devices I was programming with it couldn't tell that it wasn't a real VT-220. But it was a coco3 on the end of the cable. I ran our network satellite system that way for several years. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Kiss a non-smoker; taste the difference.
Re: OT: Museum piece...
Jari Fredriksson wrote: On 16.12.2009 18:15, Benny Pedersen wrote: On ons 16 dec 2009 16:49:52 CET, Charles Gregory wrote On Tue, 15 Dec 2009, Chris Hoogendyk wrote: Marc Perkel wrote: http://www.vintage-computer.com/asr33.shtml There was actually a time when I had one of those in my house. For your amusement: I still have my old Commodore 64 and 1541 drive sitting in the basement. my commodore 128 have basic 7.0 copyrighted from microsoft, i bet bill gates have seen one of them with a reu 1750 and sayed the final words of 640k ram ougth to be enough for anyone :) i still have 8bit computers that works, and also cpm where i have pascal, fortran, autocad wordstar, you name it, best of all it works ! I still have my Nokia MikroMikko I with 64 kilos RAM and Intel 8085 processor (8-bit). CP/M 2.2 with Cobol, Fortran, Pascal, C, MS-Basic (both compiler and interpreter), WordStar and Multiplan and the Basic game Keke (a Rosberg formula one simulation ;)) Still works. If it had a NIC and TCP/IP I would use it. The oldest Ka9Q code for CP/M has a TCP/IP stack in it, you can get it from here: http://www.gaby.de/ecpmlink.htm More goodies on this issue here: http://www.retrotechnology.com/dri/cpm_tcpip.html It will talk out the serial port, but you can then setup an old Cisco 2501 as a router between it's serial aux port and it's ethernet port to get on the Internet. Ted Now it's useless. If it worked, I'd port Firefox for it ;)
RE: OT Re: Museum piece...
as far as museum pieces go, i submit that my first was an Apple 2E if i remember correctly.. BRUN BEERRUN was an interesting game, or something to that effect... ;-) ...and (snore) i also programmed a helicopter to fly across the top and drop a bomb on a space invader and go boom... wow huh? anyways, my FAVORITE was always the VAX !!! DEC VAX 11/785 to be more concise... although 11/780's and 11/750's and microVAXes were fun to play, errr work with too... set proc /priv=ALL eh? - rh
Re: OT Re: Museum piece...
On Thursday 17 December 2009, R-Elists wrote: as far as museum pieces go, i submit that my first was an Apple 2E if i remember correctly.. BRUN BEERRUN was an interesting game, or something to that effect... ;-) ...and (snore) i also programmed a helicopter to fly across the top and drop a bomb on a space invader and go boom... wow huh? anyways, my FAVORITE was always the VAX !!! DEC VAX 11/785 to be more concise... although 11/780's and 11/750's and microVAXes were fun to play, errr work with too... The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. When it started costing us money because we were selling tooth paste instead of dog food when a switch didn't get done, I blew up, and before I was off the phone, the head computer guy at CBS was packing up his test mule to send to me that he used to check stuff out with before sending it out to the affiliates. We got the legal dicks at DEC at accept that CBS and WDTV were trading seriel numbers so we still had a support contract. A contract which at the time I considered worthless, but at the time, the docs on that 11/23 were not for sale except possibly at gunpoint in the parking lot, so my hands were also rather effectively tied. Hugo's machine worked flawlessly, but because the machine I sent Hugo was a genuine lemon, he could no longer fix other stations problems CBS was forced into replacing the whole maryann at all affiliates with an industrial IBM, and an artic card. So Dec's ineptness at honoring a service contract at a single affiliate out in the WV mountains cost CBS at least $300K, and that, multiplied a few times no doubt contributed to the demise of DEC. Couldn't have happened to nicer folks. Field office was 30 miles away in Morgantown but they often didn't show up in the same week they were called. Funny thing, the the service contract said 4 hour response. They treated us like stray dogs AFAIAC. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Ad astra per aspera. [To the stars by aspiration.]
Re: HTML in Messages
On 12/16/2009 10:50 AM, Marc Perkel wrote: I had thought that at one time I already set it to text only on this list and I had. But that was before the list name changed many years ago. I'm been on this list since 2001. One of the (many) reasons why I've switched over to having a dedicated email account just for list subscriptions. I tell Thunderbird to only compose in plain-text on this account. Which then applies to all mailing lists, even if I forget to set their text type in the address book. It also nicely segregates the dozens of mailing lists away from my primary work account.
Re: Site-wide Bayes
On 12/17/2009 10:30 AM, RW wrote: On Wed, 16 Dec 2009 09:36:12 -0500 Michael Scheidellscheid...@secnap.net wrote: On 12/16/09 9:27 AM, Thomas Harold wrote: I'm guessing that you'd also want to change the autolearn thresholds to be stricter? Like only auto-learning if it scores below -2 or above +10? (That might be an amavisd-new feature.) I still use 0, but have the high score at +15. The default is 0.1 IIRC, and I wouldn't recommend setting it lower without negative-scoring custom rules - it's set positive for good reasons. BAYES and userconf whitelisting rules don't count for autolearning, so if you set a negative threshold with the default rules, you rely on DNS whitelisting to define ham - the likes of HABEOUS. Setting it at exactly 0.0 is also problematical since the decision to learn is commonly going to be determined by nominally scored rules that score 0.001 and -0.001. Looking at the wiki... http://wiki.apache.org/spamassassin/BasicConfiguration We're not using userconf whitelisting, our whitelisting is done by amavisd-new mappings (where we score specific domains/addresses with a small -2 to -5 score). The wiki, as it is currently, makes it sound like the +0.1 default for ham auto-learn is not conservative enough. And that the +6.0 default for auto-learning spam is too risky. (We run with -0.5 and +9.5 as our boundaries for auto-learning.)
RE: OT Re: Museum piece...
The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. snip -- Cheers, Gene wow, Gene, that is a bummer, sincerely sorry to hear about that episode... i was just a wee tiny lad when you (cough) more experienced folks were using tin cans string... ;- did 11/23 meant it was 23 months off the engineering board? i dont recall ever having an issue with DEC stuff yet maybe that was because they had pocket burns up to the elbow on their arms ? - rh
Re: Sharing and merging bayes data?
On 12/17/2009 11:17 AM, RW wrote: If you're using file-based bayes, there's no good way to share updates between one DB and the other. The information needed to make such a merger successful isn't stored, because it is not needed for any reason within SpamAssassin. The database merely stores the token, it's spam count, it's nonspam count, and a last-seen timestamp. If you look at the same token in 2 different databases, you can't really merge these counts, because you don't know how many occurred since your last merge. I'm not saying it's a good idea, but it is possible provided that you retained the result of the previous merge. It should be simple to script too. Agreed I didn't mean to say that a merge is impossible, it's just not with the tools that SA comes with, and you need more info than just what's in the current database. As you mentioned, you'd need a custom script (not wildly complicated for a good perl scripter, but beyond the bounds of someone with only crude scripting skills.) as well as historical copies of each database from the last merge. Setting up SQL would be much easier.
Re: OT Re: Museum piece...
On Thursday 17 December 2009, R-Elists wrote: The absolute, without a doubt, biggest POS I ever had to live with was an 11/23 that had more hdwe bugs than all issues of windows combined since DOS5.0. Dec field engineers changed every piece in that thing except the frame rail with the serial number and all they managed to do was convert a daily crash into an every 10 minute crash. snip -- Cheers, Gene wow, Gene, that is a bummer, sincerely sorry to hear about that episode... i was just a wee tiny lad when you (cough) more experienced folks were using tin cans string... We were just a slight more advanced than that. I went to Kalifornia to make my million and didn't, but that's another story. While there in '60 I got to work for several months as a bench tech for an outfit building the first pair of the then smallest tv cameras in the world. BW of course, 2.5 in diameter about a foot long out of the case. We had the breadboard working fairly well but it was ugly as sin with parts flying out of it nearly everywhere. About 10 minutes after I arrived one morning the front door opened up and a couple of civilians plus about 6 copies of some navy folks with silver gold on their shoulders walked in. Wanted to see it work. In the dark. So as it was showing a good pix of the shop area on a monitor, Joe picked it up, cleared one side of one of the benches drawers out, set it in gently and closed the drawer on the coax cable that was both video and power supply. 3 seconds later the auto target finally got there and a very nice pix of the wood grain of the drawers plywood back was showing on the monitor, slightly out of focus. Joe offered to trim the focus but the silvered gent said it won't be necessary, but do you have an office with a few chairs so we can talk. Later I found out that one of those civies was Jacques Cousteau, who was one of the 2 guys in that 6 foot pressure ball in Feb '61 when that dive was made. We did, and 3 hours later had a contract to put those two cameras on the Trieste as soon as we could get the pressure cases built. Those were headed for the bottom of the Challenger Deep, 37,000+ feet in the big pond. Short story, we did, and they worked. And don't let anyone tell you water is not compressible. The Trieste ran on big banks of sears die hard batteries and were not protected from the pressure. Each cell had a small extension neck screwed into it, and a small balloon with about a cup of battery acid in it was snapped on. A wire cage kept the balloons from being carried too far by the currents. One of the pix they brought back showed one rack of batteries, with the balloons either out of sight or only about 1/4 high above the neck, the squeeze of 17,000 psi was on. The batteries didn't care, they Just Worked(TM). ;- did 11/23 meant it was 23 months off the engineering board? At this late date, I haven't a clue exactly what the 11/23 meant. That was a weird beastie, the app was written in pascal, and it was recompiled at boot time. So they could call it up, upload a new version of the app, and reboot it as they were logging out. The reboot of course took several minutes, so they had to choose a time when the schedule was empty for an hour or more when they did that. We had a vt-220 that stayed logged in all the time so we could make emergency schedule changes, but that turned out to be no job at all, and when it was the vt-220 that failed, the HOT went up in smoke, was when I re-wrote the vt-100 proggy we had for the coco3, and turned it into a vt-220. That was fairly easy cuz the only real change in the protocol was the esc sequence, it became a full 8 bit byte but 99% of the rest of it was identical. i dont recall ever having an issue with DEC stuff yet maybe that was because they had pocket burns up to the elbow on their arms ? My impression of the field engineers knowledge was that it was nil, other than the rote stuff, DEC had taught him. And I suspect Joanne would back me up on that. Those guys couldn't replace a stuck output cuz it had an open collector in a 7406 with a gun to their head, no idea how to troubleshoot to the critters part level with a good scope, and little or no idea which end of a soldering iron got hot. He drug out a wood burning kit from ungar once to do something and I unplugged it 3 times before he got the message that he wasn't going to use that piece of blow every chip in the building crap on my watch. I went and got my bench iron, a fairly fancy, grounded tip, variable temp controlled iron and a roll of silver bearing solder and did it my self. And he was surprised as all get out when a pair of 5 curved nose suture clamps came off my T-shirt collar and grabbed that stuff about 10x tighter than he would ever get with his worn out radio shack special long noses. Ditto the pair of 4 flush cut diagonals I used to clean up the surplus leads on the other side of
Re: Sharing and merging bayes data?
On Fri, Dec 18, 2009 at 9:29 AM, Matt Kettler mkettler...@verizon.net wrote: As you mentioned, you'd need a custom script (not wildly complicated for a good perl scripter, but beyond the bounds of someone with only crude scripting skills.) as well as historical copies of each database from the last merge. Is the file format of bayes db available some where? google did not turn up any thing. It would be great if some more information about how to go about merging the db can be posted. thanks and regards, raj
Re: habeas - tainted white list
On Thu, 17 Dec 2009 15:51:35 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On Fri, 18 Dec 2009 09:46:03 +1300 Michael Hutchinson packetl...@ping.net.nz wrote: Everyone else started carrying on about the Habeas rules being present at all, when it is more than within their power to disable those rules. But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? The issues here are clear: *The inclusion of white list that pretty much favours a single commercial mail organisation. *The default score applied to that listed senders being hideously favourable(are there any other rules with such mad negative scores in the mix by default?) *The lack of any other commercial white lists from the competitors of Return Path being used in the product. I'm interested but equally suspicious as to why a small set of people involved in this anti-spam product are keen to try and move on from this and sweep it under the carpet. Could this be AssassinGate??? Lol. Buy what you want, but I'm not selling anything. Cheers, Mike -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: Cooperative data gathering project.
On Fri, Dec 18, 2009 at 08:20:47AM +1300, Jason Haar wrote: On 12/18/2009 05:31 AM, Marc Perkel wrote: In this case the idea is to gather data in real time. So those who gather data need to be able to send the data to a central place that receives the data and then makes it available to everyone. You've lost me there - DNS would allow you to do that. You run the DNS server, SA does the queries, they get routed through the standard DNS hierarchy, you get to see them (and respond), interpret and make that data available via any mechanism you want - probably also via (a different?) DNS. A short TTL would reduce lost data (in fact, the only possible cached-caused data loss would be for duplicate queries from the same SA instance) Ok, while DNS would allow that, it would be a real waste of a protocol. Why would you want to make the sending party wait for a response that only adds delays and has no purpose? Simply send a UDP packet and be done with it. No TCP or DNS overhead. One or two lines of perl.
Re: OT Re: Museum piece...
From: Gene Heskett gene.hesk...@verizon.net Sent: Thursday, 2009/December/17 21:21 My impression of the (DEC) field engineers knowledge was that it was nil, other than the rote stuff, DEC had taught him. And I suspect Joanne would back me up on that. Those guys couldn't replace a stuck output cuz it had an open collector in a 7406 with a gun to their head, no idea how to troubleshoot to the critters part level with a good scope, and little or no idea which end of a soldering iron got hot. He drug out a wood burning kit from ungar once to do something and I unplugged it 3 times before he got the message that he wasn't going to use that piece of blow every chip in the building crap on my watch. I went and got my bench iron, a fairly fancy, grounded tip, variable temp controlled iron and a roll of silver bearing solder and did it my self. And he was surprised as all get out when a pair of 5 curved nose suture clamps came off my T-shirt collar and grabbed that stuff about 10x tighter than he would ever get with his worn out radio shack special long noses. Ditto the pair of 4 flush cut diagonals I used to clean up the surplus leads on the other side of the board. Not to mention the alky and q-tips used to clean up after myself. He/they had just enough knowledge to be dangerous. Gene, it's HP 2100S computers that I know. And I was able to accurately diagnose at least one problem before the substitute tech figured it out. He looked at me with a strange expression on his face. The usual guy had not prepared him. The usual fellow and I had a good rapport. I learned to describe problems well enough he could diagnose them quickly and fix them. (Aside from the digital tape drives in those old 8500 consoles the basic setup was quite reliable. Even the Versatec wet printers did their job very well on simple routine maintenance.) I have experience on DEC PDP-11 machines and VAXen. But it's limited. Now, if you want to get me rolling about an incompetent computer company just mention GRiD and their Compass not really a laptop computer. Even the bugs were themselves buggy. (We had to own 6 of them to keep 5 running most of the time. The displays went out regularly. And the OS would lock up at peculiar times just because it felt like it when trying to talk to an HPIB device. (It had built in HPIB to talk to its disk drive etc.) Wikipiddle accuses it of being a laptop. All I can do is snicker about that assertion. Then they continue the phrase to call it a computer. Admittedly it was, on brief occasions, a computer. But it spent too much time emulating a doorstop to be worthy of its price. {^_^}
Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk Sent: Thursday, 2009/December/17 22:11 On Thu, 17 Dec 2009 15:51:35 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? Because we enjoy tweaking the nose of idiots? {O,o}- being wonked out silly, which is all you deserve.
Re: habeas - tainted white list
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk Sent: Thursday, 2009/December/17 22:22 On Fri, 18 Dec 2009 09:46:03 +1300 Michael Hutchinson packetl...@ping.net.nz wrote: Everyone else started carrying on about the Habeas rules being present at all, when it is more than within their power to disable those rules. But they should not have to disable a whitelist that assists with the delivery of bulk commercial mail in an anti-spam application! If the sender is relying on such rules to keep the mailout under the radar then clearly there is something very wrong with that? The issues here are clear: *The inclusion of white list that pretty much favours a single commercial mail organisation. *The default score applied to that listed senders being hideously favourable(are there any other rules with such mad negative scores in the mix by default?) *The lack of any other commercial white lists from the competitors of Return Path being used in the product. I'm interested but equally suspicious as to why a small set of people involved in this anti-spam product are keen to try and move on from this and sweep it under the carpet. Could this be AssassinGate??? Lol. Christian, you sound, for all the world, as sensible as the idiots who claim that 9/11 was organized by the White House or Israeli spies or both. Maybe it's time you retired to the more conspiracy theory friendly realm the Trufers maintain. You're for /dev/null here. {^_^}
Re: habeas - tainted white list
On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? -- This e-mail and any attachments may form pure opinion and may not have any factual foundation. Please check any details provided to satisfy yourself as to suitability or accuracy of any information provided. Data Protection: Unless otherwise requested we may pass the information you have provided to other partner organisations.
Re: habeas - tainted white list
On 18/12/2009 1:11 AM, Christian Brel wrote: On Thu, 17 Dec 2009 15:51:35 -0500 Daryl C. W. O'Shea spamassas...@dostech.ca wrote: I think the current score changes are a good step. Another step may be including in the release notes that there are whitelists and that people may want to disable them by score whatever rules (a list of them) 0. Why not default them to zero and include in the release notes/man that there are whitelists and they can *enable* them? I'm pretty sure I brought up the SA developers' *long* standing principle of being as safe as possible for the majority of users by erring on the side of missing spam rather than tagging ham while still putting out a useful product. From the data we have from mass-checks we are erring a very small amount on the side of caution by not disabling the whitelists by default. If we had more mass-check data from a wider number of mail recipients maybe it would change things, statistically, maybe it wouldn't. New mass-check contributors are always welcome. They take very little effort to manage once you've set it up (I ignore mine for years at a time). Daryl
Re: habeas - tainted white list
On 18/12/2009 1:22 AM, Christian Brel wrote: The issues here are clear: *The inclusion of white list that pretty much favours a single commercial mail organisation. At present, to my knowledge Return Path is the only organization which has approached us for inclusion in SpamAssassin. We would more than welcome other commercial vendors provided that their lists are free for use by the majority of our users (like any blacklists we include) and that they provide reasonable good results (the same criteria for blacklists but s/spam/ham/). *The default score applied to that listed senders being hideously favourable(are there any other rules with such mad negative scores in the mix by default?) Reputation type rules (such as DNSWLs) are probably the only (or certainly one of the very few) types of rules that you can weight heavily negatively. This is due to the nature of an open source product (or even given enough time to game a closed source product). Content based rules are very often easily beaten. If we could have a body rule that looks for this mail is good and assign a -20 score we would. Clearly that would not work. I think that the new scores are inline with what is needed to correct the high scores that some of the wanted commercial crap currently scores at. I see stuff at upwards of 8 or more regularly. *The lack of any other commercial white lists from the competitors of Return Path being used in the product. Again, find me a commercial white list that wants to be included in SpamAssassin on a free for use basis and I'll pay for the phone call to talk to them. Seriously. I'm interested but equally suspicious as to why a small set of people involved in this anti-spam product are keen to try and move on from this and sweep it under the carpet. Could this be AssassinGate??? Lol. You do realize that there's only a small set of active developers, right? Daryl
Re: habeas - tainted white list
On 18/12/2009 2:13 AM, Christian Brel wrote: On he subject of Spammy whitelists... * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low * trust * [212.159.7.100 listed in list.dnswl.org] Yet the same IP is on and off SORBS and part of an ongoing spam problem. Perhaps this can be reviewed and given a zero score by default? Forgot individual occurrences of FPs or FNs. They're statistically meaningless. In last week's net-enabled mass-check the -1.0 score for RCVD_IN_DNSWL_LOW RBL caused only 10 of 148025 (0.00675%) spams to fall below 5.0 (and that could have happened with as small as a -0.1 score, I don't have data, so at approx -0.5 the same thing could have happened). On the other hand, it moved 101 of 199558 (0.05061%) hams below the 5.0 mark. That's an S/O of 0.035 which is pretty good (we wouldn't be questioning a spam hitting rule with an S/O of 0.965, at least not at a score of 1). http://ruleqa.spamassassin.org/20091212-r889898-n/RCVD_IN_DNSWL_LOW/detail Again, to anyone, if our statistics are way off from the reality our users are seeing we need more mass-check contributors. Daryl