Brian's Blog

This week I finally got a chance to put Microsoft AntiSpyware to the test in the real world on a very spyware infected laptop. This one had among more benign things a variation of CoolWebSearch that just would not go away. Adaware and CWShredder both wouldn't even find it yet alone remove it.

I thought I'd give Microsoft's (well actually GIANT's) software a crack at it. So I headed over to the Microsoft AntiSpyware Beta site to download it. I was promptly nagged to prove the validity of my installed version of Windows. This sort of annoyed me a little but I eventually got it downloaded and installed. The install was no brainer and runs you through a wizard to setup auto updates and things like that. One thing it points out though that is actually a nice idea is a thing called SpyNet. SpyNet is a database where you can report your found spyware to. I assume the idea is supposed to be like Vipul's Razor but I'm just guessing.

So after doing all the updates I ran a full system scan which actually found the CoolWebSearch hijack and offered to remove it for me. I was really impressed at this point and used the Browser Hijack Restore feature to put back all of IE's default setting and opened IE to make sure MSN was the home page. Still feeling impressed I did a system reboot as a final test and got to witness MS AntiSpyware fall flat on it's face like every other program. The hijack returned and reinstalled itself. MS AntiSpyware did get farther than Adaware by just finding it and restoring defaults but it didn't finish the job. It did get rid of all the other bits of nastiness on the system though.

Over all I guess it performed as well as any other Spyware/Adware killer I've worked with like Adaware, Spybot S&D, and Spywareblaster so I can't really hold it against it that it failed on the CoolWebSearch. And I do think it is good that Microsoft is finally acknowledging the fact that Spyware is a large problem with their OS. But that being said why don't they put their energy into making Windows less vulnerable to the junk and crap and prevent it from getting in rather than using add on software to do the job? The only thing that I think stands out as having potential to make MS AntiSpyware better than what is already available is SpyNet. Also, the fact that it did as well as other products that are released while it is still in beta bodes well for it.

We'll see what the final product is like but I still say Linux and MacOS are the best AntiSpyware software you can use.

I just thought I'd take a moment to create a shameless plug for a Firefox extension with some major potential for usefulness. The other night while hanging out with my friend Rik he pointed out Wikalong which is literally a wiki that is embedded in the sidebar of your browser. What it does is it shows you the wiki associated with the URL you are currently viewing. I think this could be a majorly useful thing. On their site there are a few possible uses given like note taking or sharing adblock settings but it seems to me that the uses are limited only to the imagination.

The only thing I've noticed is that there really isn't much info in the Wikalong sidebar yet for any of the sites I go to. Now, I figure this is simply because this project just started out and hasn't reached critical mass yet. Basically, the more people who use it the more info that will get into it.

I hope Wikalong does well, I'd like to see the creative ways people come up with to use it.

At BBC News they are running an article about deploying robot troops to fight against insurgents in Irag. These things are based on the same robot that is used to disarm mines and is equipped with a camera and machine gun. They aren't automatic though being remote controlled by a human which is good. Just what we need is Johny-5 going crazy and blowing the heck out of people.

The advantages mentioned over humans are the robot doesn't require food, clothing, training, motivation or a pension. Notice how keeping a living human being out of harms way is not mentioned as an advantage? My gut reaction is that the mentioned points equate to saving money. But for who? I'm sure there won't be any for us, the regular people.

On a more fun note though, it's mentioned that there are plans to replace the joystick and screen currently used on the remote control unit with a Gameboy like controller and virtual-reality goggles. Now that would be fun to play with!

Oh, I just hope this thing doesn't run Windows!

Yesterday I woke up to find my home "server" system dead. It looked like it was turned off so I tried to turn it on. Nothing happened, no drives spinning up, no display, no beep from the POST, nothing except the power supply fan and the hard drive LED on solid. Oh boy, what fun. I hate it when this happens even when it is a secondary system that my daughter plays Dora the Explorer and Tux Paint on. So I grabbed an extra hard drive I had thinking it was one of the drives bringing it down. I disconnected all of the drives, including the CD-Roms and floppy and this darn thing still refused to reboot! What the heck... So, I simplified even more, by striping it down to the power supply, CPU, motherboard, and memory but still no life could be breathed into this thing. I even tried an extra power supply just in case. You'd think that it would give the BIOS beeps about not having a video card but it didn't. Time to simply even more so out came the memory and BOOM now I get BIOS beeps about missing memory. I don't have any PC2100 memory laying around so I guess I'll have to put Newegg's return policy to the test and start ordering parts to trouble shoot with. 512MB of memory is on the way, if this works then I'll have a nice memory upgrade in the name of troubleshooting. I just hope it isn't the CPU or motherboard.

To continue the technology theme so far I finally decided to check out the M$ AntiSpyware Beta. It looks to have promise but let us not give M$ all the credit. In the normal Microsoft fashion they simply acquired the technology when they bought out GIANT Company Software Inc and stuck their name on it then called it an innovation. We'll see what they turn it into though. I'm always on the lookout for good Spyware/Adware removal tools since the majority of my job seems to boil down to cleaning up the PCs of hapless users. I think I spend a good 70% or more of my time dealing with Spyware/Adware, browser hijacks, and viruses. I'm glad I use Linux at home so I can actually use my time to do something useful or fun with my system instead of endlessly defending it. I've only played with Microsoft AntiSpyware for all of 15 minutes but it did find and remove several bits of nastiness and looks like it can help you remove browser hijacks. I'll know more after I get a chance to see how it stands up against a badly overrun client PC.

That being said though on Monday I had a chance to actually use some of my MCSE skills! This is a rare thing since most of our customers are so small that they don't bother using most of what I was used to doing at IQE. I got to help a couple of internal IT guys who needed an "expert" to help them adjust from NT to Windows 2003 SBS. So I got to be teacher at the same time as helping them use Group Policy to reach their goals. One of these days my Linux skills will be sufficient enough to actually use them in a work environment but not yet. Speaking of increasing skill I need to actually get back into some reading and experimentation. I just haven't been in the mood lately for some reason.

Now for a total subject change. Tonight was a fine night spent with the family. We had a really nice warm fire in the fireplace since the weather is so darn cold and we watched The Sound of Music (again) while Cindy and I played with the kids. We all really like having a fire but the only problem with the open face style of fireplace we have is when the fire goes below a certain level the amount of heat sucked up the chimney is more than the fire is giving off. A fully enclosed stove like my parent have is more efficient but it doesn't look nearly as nice. It's a worthwhile trade off though.

Oh, I checked the status of the fermenting beer and it's well underway. There is a thick foam on the surface and you can see the yeast has grown significantly. The beer itself is cloudy but should clear up when fermentation stops. The cool thing is if you sniff at the pressure release lid it smells just like beer! So I guess we are on the right track.

I spent the majority of my youth in arcades in the mall. And I could probably buy a car with all the money I spent there. I have fond memories of the 80's and the technology of the time. Between the arcades, my Atari 2600, and my Commodore 64 I'm surprised I had time for anything else. Anyway, with this in mind I bought my wife a retro Atari 2600 game controller that comes with things like Adventure, Circus Atari, Yars Revenge, Break out, and Missile Command. I thought maybe I'd be bored with these old games but both of us have been playing and enjoying most of these. Well, except for Gravitar which is just hard to play. Circus Atari was Cindy's favorite, but the joystick isn't the best way to control it, but there is a paddle retro game controller out there that my buddy Bob brought over for us to try. Much better controls for Pong and Circus Atari, plus the paddle has other retro classics like Night Driver, Warlords, and Breakout. He's lucky she let him take it home.

Then there is also the Namco one that I acquired over the holidays. This one is full of some run games from the early 80's that look 100% the same. I've read that there are some subtle differences, but it's a heck of a lot cheaper than buying an actually arcade game and much smaller. Games I've been killing time on are Pacman, Dig Dug, Rally-X, and my favorite one on the controller, Bosconian.

Some other game's I may buy are the Activision 10 in 1 and maybe the Commodore 64 30 in 1 .

I have to be careful though or I may never sleep again because I'll be up all night reliving my childhood.

I don't see articles on the goodness that is Slackware very often. Usually they are talking about Fedora, Suse, Mandrake, or some other "cutting edge and user friendly" distro. But this article pretty much sums up why I like Slackware. I think Slack would be use more often if it was put in the forefront a bit more. Even so, I know Slack isn't for everyone, that's why there are the other distributions to choose from. But, due to lack of mainstream publicity, I think it gets overlooked by most new Linux users. I admit, I didn't know of Slackware until a coworker pointed it out to me. Before that time I was only considering Mandrake and Redhat and found my self having some similar frustrations to using Windows. But, now that I've been using Slackware for over a year or so I can't see myself using any other distro. Like the article says, "It just works".

It was pointed out to me from B10m that you can use Show Old Extensions to get mozex to work in Firefox 1.0. I just installed it and it works great. While I'm proud of my little script to handle the mailto links mozex is much better and lets you handle ftp, news, irc, and telnet links in addition to mailto links.

I just realized that mailto_helper relies on the URL being all lowercase, so I changed it to work with both cases. It sure looks ugly now.

#!/bin/bash
MAILTO_URL="$1" 

#Strip off the protocol
MAIL_DATA=$(echo "$MAILTO_URL" | /bin/sed -s 's/^[Mm][Aa][Ii][Ll][Tt][Oo]://') 

#Get Recipient and strip it off
RECIPIENT=$(echo "$MAIL_DATA" | cut -d? -f1 -)
MAIL_DATA=$(echo "$MAIL_DATA" | /bin/sed -s s/^$RECIPIENT//) 

#Get Subject,BCC, and CC
SUBJECT=$(echo "$MAIL_DATA" | \
/bin/sed -s 's/.*?[Ss][Uu][Bb][Jj][Ee][Cc][Tt]=//' | /bin/sed -s 's/?.*//')
BCC=$(echo "$MAIL_DATA" | /bin/sed -s 's/.*?[Bb][Cc][Cc]=//' | \
/bin/sed -s 's/?.*//')
CC=$(echo "$MAIL_DATA" | /bin/sed -s 's/.*?[Cc][Cc]=//' | \
/bin/sed -s 's/?.*//') 

#Call mutt in an aterm
aterm -fg white -bg black -geometry 80x50 -fn 9x15 -e \
mutt "$RECIPIENT" -b "$BCC" -c "$CC" -s "$SUBJECT"

I love Firefox but one thing that has been bugging me is getting it to handle mailto URL's in Linux. For some reason there is no actual way to configure this easy in the preferences. So, I Googled about figuring someone has to have done it already but I could only find references to getting Thunderbird and Firefox working together. I like mutt, so I decided to try my hand for the first time ever at actually writing up something that was kind of useful. Well, useful for me anyway.

Inspired by the example helper scripts I saw for Thunderbird I came up with this:

#!/bin/bash
MAILTO_URL="$1"

#Strip off the protocol
MAIL_DATA=$(echo "$MAILTO_URL" | /bin/sed -s 's/^mailto://')

#Get Recipient and strip it off
RECIPIENT=$(echo "$MAIL_DATA" | cut -d? -f1 -)
MAIL_DATA=$(echo "$MAIL_DATA" | /bin/sed -s s/^$RECIPIENT//)

#Get Subject,BCC, and CC
SUBJECT=$(echo "$MAIL_DATA" | /bin/sed -s 's/.*?subject=//' \
| /bin/sed -s 's/?.*//')
BCC=$(echo "$MAIL_DATA" | /bin/sed -s 's/.*?bcc=//' | /bin/sed -s 's/?.*//')
CC=$(echo "$MAIL_DATA" | /bin/sed -s 's/.*?cc=//' | /bin/sed -s 's/?.*//')

# Call mutt in an aterm
aterm -fg white -bg black -geometry 80x50 -fn 9x15 \
-e mutt "$RECIPIENT" -b "$BCC" -c "$CC" -s "$SUBJECT"

I named this script mailto_helper, made it executable, and stuck it in a logical place for me. Then I opened the URL "about:config" in Firefox. In there I right clicked and created a new string called "network.protocol-handler.app.mailto" with a value of the path to where I put mailto_helper and to my surprise it worked. I'm sure a real programmer/scripter could do something better but I don't think it's all to bad for a novice like me.

This article at the Seattle Times and mentioned on Slashdot where I found it is about how technology and the fast paced world it has caused is stressing us out. Personally, I've thought similar things in the past and it's nice to see that someone is actually studying the subject beyond the hunch that I've had for years. Specifically it mentions multitasking and task-switching as not really thing humans are good at. And that doing multiple things at once actually reduces how well we could do any one of those things if we just concentrated on one thing at a time. I don't know about anyone else but this seems like an obvious thing to me. The problem is that we are pushed to multitask and it's having negative effects on us.

This makes me think of a time when I worked at IQE. Our SMS server went nutty and was causing a handful of the workstations to bog down with 100% CPU time taken by the SMS client. I was the designated SMS "expert" so it fell to me to fix. This wasn't an easy fix, and I eventually had to open a case with Microsoft to work it out which took most of the day. During this time my boss decided it would be good to check on my progress every 10 to 15 minutes, probably because his system was one of the ones affected. I noticed that every single time he interrupted me it took a good 10 minutes for me to get my mind back into the troubleshooting mode. Eventually I snapped at him and told him to leave me alone. The point being that all these interruptions, the multitasking of troubleshooting and explaining progress, increased my stress and reduced my efficiency.

One particular quote in the article from a Roman philosopher named Publilius Syrus that applies well is, "To do two things at once is to do neither." Supposedly he said this in 100 B.C. And I thought we've made progress since then!

I've often thought that we let this happen to ourselves. We let the companies we work for use technology to make us work from home, and even while on vacation. The problem is, to say no to any of this looks bad for you because you'd be the only one doing it. Even so, I don't care about how I look, I'll work form home occasionally but only during hours I'd normally work. And when on vacation my laptop stays at home and the mobile phone is off. I like to think that I'm the one with my priorities in order, not some corporation.

Anyway, the article is a good read and provides food for thought.

You know, every time I go over to my bud Chris's he points out something of a conspiracy type of nature that is somewhat disturbing. Tonight, he pointed one out that disturbed me in a major way.

What he showed me was this article in which a children's toy was discovered as saying "I hate you." between the soothing sounds it makes to lull your child to sleep.

What really upsets me is I think my oldest daughter had one of these. I can't verify though since it stopped working and was tossed in the garbage long ago but to think of my daughter being exposed to that kind of negative message makes me furious.

I just overheard on the radio this morning on the way into work that telemarketers are going to be allowed to call cell phone numbers starting January 1st. That's really a crappy thing since most people pay for their minutes. At the very least telemarketing calls will chew up your free minutes which will end up cost you anyway.

They said that we can get on the National Do Not Call list to stop the annoyance but the deadline is Dec 15Th. I just called and registered my number, it took about 2 minutes and supposedly you'll be on the do not call list for 5 years.

I called their number (1-888-382-1222) but they have a website too at donotcall.gov.

Last night I got DAV working with the help of Sams Teach Yourself Apache 2 . I was up till about 1 am till it was working but I'd say the problems were more related to Apache itself than the book being bad. The long and short of it is that some of the modules for Apache, in this case mod_dav and mod_dav_fs just would not load up properly. So I ended up recompiling Apache with the DAV modules compiled in statically.

So, now it's working and Sunbird connects to it and updates things as it should along with authentication to keep out the bad guys. I've tested it from work by making a change. Then checked that the change on the calendar showed up here at home. So now I have no excuses to miss anything. I even made the terrible mistake of telling my wife about this. Now I won't be able to get away with as much.

This is my first try at the Sams series of books and so far it's pretty good. The cover has on it, "When you only have time for the answers" and they mean it. Which can be a good thing. Sometimes other books go into such overkill for what I want.

Anyway, time to go shopping with the family and get ready for deer hunting.

For no really good reason other than to see if I could I added a "Now Listening To" section off to the right. The idea was that I wanted something relatively real time that showed just the title of the song I was playing in xmms at any given moment and to show Nothing when I wasn't. Anyway, I searched high and low for some simple pre-made code or service that would do it and ran up dry. So, I decided to do it myself with my limited knowledge of Linux and bash.

During my adventures I found a general plugin for xmms called xmms-infopipe. The sole purpose of this plugin is to output some stats about the song that is played at the moment into a file with the idea that you can process it in some way. It created a file in /tmp that contains something like this:

MMS protocol version: 2467
InfoPipe Plugin version: 1.3
Status: Playing
Tunes in playlist: 409
Currently playing: 397
uSecPosition: 50606
Position: 0:50
uSecTime: 208692
Time: 3:28
Current bitrate: 192000
Samping Frequency: 44100
Channels: 2
Title: John Williams - 09. Dobby The House Elf
File:
/mnt/music/Music/mp3/complete_cds/Soundtrack/ \
harry_potter_and_the_chamber_of_secrets/ \
harry_potter_and_the_chamber_of_secrets-john_williams/ \
09-dobby_the_house_elf.mp3

There's tons of stuff there but I only wanted the title, so I wrote a single one line script for bash that would get just the title and stick it into a file on my web server. Just put echo $(grep Title /tmp/xmms-info | cut -d: -f2) > /mnt/www/nowplaying.txt into a file called currentsong.sh and chmod u+x it. Then modify as needed.

After that I used the general plugin called Song Change that comes with xmms and set it to run my currentsong.sh at every track change. Now, what this did was created a nowplaying.txt file in my web server that contains just the title of the song based on the ID tags in the MP3 or ogg I'm playing at the moment.

So, then in my blog template I did a server side include like so where I wanted the info to appear.

<!--#include file="nowplaying.txt"-->

The one thing that I noticed was that, if I close xmms it just keeps the song that it was last playing in the nowplaying.txt file. Since I'm nearly 100% of the time playing music on my system when I use it I just decided to have bash put the word "Nothing" into the nowplaying.txt file on logout creating a file called .bash_logout in my home and placed echo "Nothing" > /mnt/www/nowplaying.txt. Now, when I log out my site says nothing is playing, which is true.

I know, it's kind of a hack and I'm sure there are many many different ways to do this that are much better. But for my skill level this is good enough and it gets the job done.

I'm not sure how you'd get that file sent up to an ftp server but I'm sure you could put a line after the echo to automate an ftp upload if your site is hosted by someone other than you.

I've only been using Linux as my main OS for about a year or so. When I made the change from Windows one of my requirements was to have spam filtering that was at least as good as what I had working under Windows. When I started looking into meeting this goal I found there wasn't one all encompassing source to get what I wanted done so I spent many hours Googleing about the Net and asking questions on mailing lists. Doing this was kind of an annoyance and, if I wasn't such a stubborn guy and stuck it out, I may have never switched to Linux at all.

The purpose of this entry is two-fold, one is to consolidate all this info into one place in case I need to look it up in the future. The other is maybe someone who is new to this will stumble on my page and be saved a bunch of time and effort.

I'm not going to write anything new or profound here. No sense re-inventing the wheel since the other sites I'll reference are better written than I think I could do.

Here are the tools I use for spam control:

• Mutt - An E-mail client.
• Procmail - A rules based mail processor that sorts inbound mails into mailboxes.
• SpamAssassin - A score based spam detection program.
• Vipul's Razor - A collaborative database of spam, used by SpamAssassin to better detect spam.

Filtering spam

First, before I could even think about killing spam I had to get my E-mail working with mutt. One thing that screwed me up for a while was trying to send mail from mutt until I was told that, unlike Outlook, mutt didn't have it's own built in SMTP server. Most Linux distributions come with the sendmail MTA (Mail Transfer Agent) and I think it will "just work" but I chose to install qmail as my MTA. If you want to go to that extent you can use Life With qmail to get it all setup.

OK, once the MTA is working all you need to do is configure mutt to work. That sounds simple enough when you read it but it was actually the hardest part for me. To get E-mail flowing takes multiple programs, and it can get very confusing. The sources I used for getting mutt to work are here and here. The second reference there is just a list of someone's working config files which doesn't sound like much but I found it useful to see what working settings looked like. And don't forget mutt's site for FAQ's and links to other documentation. There's plenty there.

In a nutshell, without making this longer than it needs to be, I use fetchmail to actually get the mail, which passes it to procmail, which sorts it into mailboxes, then mutt views it. Spammassassin gets called from procmail.

As far as procmail goes, I fully admit I don't know enough to say much about it, so I used The Procmail Quick Start to get me going. This is not a short read by far, but it's well written and has a section geared specifically toward using Procmail with SpamAssassin. It'll tell you just what to do with great explanations and examples. First I'd just read the quick start to learn about procmail, then go into setting up SpamAssassin.

Once you are familiar with procmail read the Top-Level Install File at www.spamassassin.org. The easiest is to install using the CPAN instructions at the top. It's pretty detailed, but once I got it installed, I pretty much just followed The Procmail Quick Start to get me going. In a nutshell, what happens is procmail passes the message to SpamAssassin which analyzes it and adds some new header info such as the number of hits (hits are the number of "spammy" things it find) and whether it considers it spam or not. You use these new headers in your procmail recipes to filter out your spam.

Once procmail and SpamAssassin are happy, that is tested and working, it's time to install Vipul's Razor. To quote their site:

Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

The Razor simply adds more tests and increases the accuracy of your spam detection. There's no need to modify any procmail rules. SpamAssassin should use Razor automatically. If it doesn't you may need to recompile it. The instructions are very clear and nice. Follow them exactly and it will work fine.

As a side note, you may want to look into using clamassassin along with clamav to sort out any viruses you may get. Even though 99.999% of them will not work on any *nix system I think it's just a good idea to be able to tell someone you know they have a virus. Think of it as being a good netizen.

Also, if you are forced to use Windows thus ruling out any of the stuff I've been talking about you can look into Cloudmark which is essentially SpamAssassin+Razor for Windows. The only down side is Cloudmark requires a subscription. If you don't want to pay an annual subscription then you may want to check out Mailwasher. Mailwasher is rules based, meaning it only knows what you tell it so it's not as effective as SpamAssassin+procmail but once you get it trained it's pretty good. Before I switched to Linux Mailwasher was my spam control of choice.

Well, that's it. All of the info I've gathered and personally used to get this stuff going having no experience with any of it before starting. I can say that well over 90% of the spams I get are filtered into my spam directory with precious few false positives. This entire process was a lot of work for me to figure out, especially being totally green. But, now that it's all done, I can't see doing it any other way.

I've tried to be as accurate as I can. If you find anything wrong please let me know.