Domain: crazysquirrel.com
Stories and comments across the archive that link to crazysquirrel.com.
Comments · 10
-
Re:spamassassin
There's a lot to do to SA to make it "good". I shared your opinion a year ago. I run a relatively low volume personal mail server for a few domains and a few users. I had SA, but it didn't do much, and I had bigger fish to fry dealing with much larger mail sites than my stupid personal nonsense. I typically get about 300-500 spams a day, and very few legit mails. I was getting false positives, so I'd just never see the mail, and tons of false negatives. About 20% of the daily spam was hitting my inbox, making it unlikely that I'd ever even check my personal mail. If you mailed me, and I didn't have an existing filter from you, there was maybe a 60% chance I would notice your mail in time for it to matter.
I decided one day to fix all this, regardless of what that entailed. I lowered the threshold for SA to a score of 4 (which they bark at you not to do, but fuck 'em, I've seen maybe 6 legit mails with a score higher than 4.5, in my world anyway). The key components were: enabling remote checks, RAZOR and DCC, and having SA train its filters off of my false negatives. I use the Train SA script, so I drop any false negatives in a Train Spam folder, and this picks them up and runs them through SA's filters to train it.
My false negative rate dropped pretty much immediately from 20% to ~3% to 5% on weekdays, and zero to 1% on weekends, which I can live with. In the year or so since I actually put my back into fixing this, I've gotten maybe 2 false positives.
I don't see long processing times, mail comes through pretty much as I send it in my tests on my VPS, but again, I only get a few hundred mails/day. If I had volume over a few dozen thousand/day, I'd probably just bite the bullet and pay Google (Postini) to make it go away. -
Re:If you don't know, you can't do it
That's fairly naive in web terms. For example, the application may carefully check an incoming string is valid for what it expects, but fail to correctly encode it on output and create a cross-site-scripting attack vulnerability (for example if the input contained a element). There's also a lot to check; for a number, it's not too hard, you check that the input is an integer/decimal as appropriate, and do range check if relevant. For a string it gets harder; length check is obvious, but what about checking character set? It turns out just finding out what the character set of an incoming string _is_, is difficult (blame IE): http://www.crazysquirrel.com/computing/general/form-encoding.jspx
Then you get cases such as CSRF (cross-site request forgery) attacks ( http://en.wikipedia.org/wiki/Cross-site_request_forgery ), where the user is fooled into clicking a link that sends a request to the web site, If they're logged in, the browser will typically send appropriate cookies, meaning from the server point of view the user has sent an entirely valid request.
OTOH, to say "If you don't know, you can't do it", is hopelessly defeatist. I would not start with a security-critical web application any more than I would start with any other security-critical application, but you can learn this stuff. Alas, it does take time...
-
Better than what they currently do.
A friend of mine from Australia lived in Cambridge for five years. She never once had a TV nor a TV licence. However, every six months she got a letter from the TV Licencing buffoons telling her that she was on a list and that it was a criminal offence to watch TV without having a TV licence. The letters finished with a suggestion that this was probably due to moving house recently and if she just paid up then there would be no prison for her. Suffice it to say that at no point did anyone knock on the door even though the house was a Victorian terrace and there were at least three TVs in neighbouring houses.
It is all a load of rubbish that they have vans roaming the streets trying to find the licence-less houses. They just have a mailmerge routine set to print letter to The Occupier, $HOUSE_NO, $ROAD_NAME trying to imply that the Police will be round if you don't pay now.
Sadly it isn't restricted to picking on foreigners as there are a number of sites with similar stories to tell. I could go on but I won't. -
Re:hey don't leave out qemu
Blatant advert alert! I recently put together a page about running XP under Qemu. It's a bit tricky to get working (due to a bug in XP) and dog slow but if you must have XP under Linux this is a solution that works. I use it to test websites in IE.
-
Re:I don't like this ruling.
My site has Google ads but I don't see that that as a conflict of interest as they are part of the page just like ads from, say, double click would be. Some of the Google ads do display so Google isn't going out its way to block Google ads - I just don't think the cached page is linked enough / viewed enough to get a full complement of ads.
Anyway, cached version and the real version.
The cached version of the content I'm seeing has two ads above the main content and a search for ads box above the menu. The main site has a fair few more as you can see.
-
Re:Before anyone asks..
It could be argued (although it's quite tenuous) that the film financiers take a gamble, with the risk of losing their money vs the chance of making a profit. The license fee payers take no such gamble, so don't get such a great reward.
The licence payers do take a gamble. They put money into the pot and trust the people running the BBC (and oddly enough the people have no say over who runs the BBC) to produce quality programming that they want to watch and can be sold abroad. Sometimes it doesn't workout and a huge amount of money is wasted. Do you remember Eldorado?
We get the seriously short end of the stick when you consider that you aren't allowed to own a TV without paying the license fee even if you don't watch any BBC content. In that respect you are guilty till proven innocent.
I'm particularly against the license fee as a way for paying for content as I have had the BBC threaten to break my front door down and search the house for contraband TVs. Many people who own a TV don't understand the hassle you get for not owning one. The TVLA have a special exception (or at least and understanding) when it comes to getting search warrents - they are never refused. Have a read about some of my dealings here.
-
Re:Take a step back and re-evaluate CSS
Here you go I put together a page about it CSS layout. I'm no CSS expert but I investigated this in quite some depth. All the ways that I could find to do it stank of a hack so I just used a table (which also stinks of a hack but it felt like the least worst option).
-
Re:F*ck the license fee!
I believe that the BBC off good value for money. They produce some excellent shows (although I think they have been slipping some what in recent years) and because of they way they are funded they can offer programs that would otherwise probably not get made.
My personal axe that I grind at every possible oportunity is to do with the way the license fee is collected. I haven't had a TV for many years but they won't leave me alone. Nothing I say or do will make them believe that I don't own a TV. I am truely in the guilty till proven innocent club. I have detailed my story here for those that are interested to see what the BBC do to people who don't pay.
-
I want to earn money...
...but I don't want to do anything that really upsets Google. So, if everyone here could simply visit my site, find a link to something are interested in and click it I would be very grateful. Does this count as automation?
Thanks
:oDYes, I have sold my soul to Satan and I didn't get much for it
-
Re:TV License in the UK
If you want to know quite how bad it can get I have briefly detailed my dealings with the tv licencing people. It's quite frankly amazing what they can get away with. Some of the later letters talk about search warrents and local court summons. This for the crime of not owning a TV and wanting to have nothing to do with tv licencing. In the end I attacked them with and old woman from the citizens advice bureau. That sorted them out
;o)