October 23, 2007

A few good minions...

We (CLA Student Services Office of Application Development) are hiring! I have an opening for three undergraduate web developers. You can read more (and apply) at http://minions.class.umn.edu/job.html. If you have any questions or wish to apply, e-mail me at eric0909@umn.edu.

Web Developer

The College of Liberal Arts Assistant Dean's Office is hiring for an undergraduate web developer position. Applicants should have experience in one or more of PHP, Perl, Python, Java, or Visual Basic. Experience using SQL (both MySQL and MSSQL) and programming database-driven applications is also required. Preference will be given to applicants with experience in XML technologies (i.e. XSL and XPath), server administration, and/or data mining.

Applicants must be a current University of Minnesota undergraduate student, able to work individually as well as collaboratively in small groups. Hours are flexible, anywhere from 8AM-6PM on weekdays. During the semester the position is 20 hours/week, but during the summer and winter breaks it increases to 40 hours/week. The job is paid at a rate of $10.75 per hour.

September 28, 2007

MacBooks are fun.

$ for laptop in $LAPTOPS; do ssh -f admin@$laptop "echo 'say \"rawful copter skates lemau\"' | osascript"; done;

July 24, 2007

Hockey + Will It Blend = Princess Diana?

YouTube sent me a friendly reminder this morning about new videos in my channel subscriptions. I only keep an eye on two channels. The NHL channel hasn't been all that active during the off-season, so that had to mean there was another BlendTec "Will It Blend?" episode. (My interest in Will It Blend? was recently reinvigorated after they tested the iPhone's blendability.)

videos_to_di_for.png

Alas, neither channel had new videos. Instead, YouTube wanted to let me know that there were newly posted videos in the "princessdianaislove" channel to which I had supposedly subscribed. We've been known to watch and link to some fairly random videos in the nerd room, but I'm fairly sure this was the first time I've ever seen that channel before.

Obviously something went awry in the code that generated the e-mail. Usually you can piece something together from stuff you've previously looked at. For example, when you've been recommended something completely oddball at Amazon you can usually find out what it used to generate the recommendation. But not this time. The least they could have done was default to something like the debate videos from last night rather than a random pull from the database.

July 23, 2007

I am allergic to spam.

One of my uncle's friends, Marc Breitsprecher, runs an internet business from his home selling ancient coins. Back in 2000, before I even started my undergrad, he approached me and asked if I could build a web site for him. Previously, he was just selling his coins on eBay.

Over the last seven years, Ancient Imports has grown beyond both of our expectations. He was able to quit his job at the postal service and work on the site full-time. We've outgrown two hosting providers, the most recent event happening a few weeks ago.

We moved from a poor shared hosting environment to a spiffy virtual private server. It's the closest thing to having full control over a physical machine as we can get right now. It's fun for me because I essentially have full control over the virtual machine, which means I'm pretty much free to do whatever I need to do to implement new functionality. The cost, however, was that I also have to maintain the security, e-mail services, and DNS that were previously dealt with by the hosting provider. The classic blessing and curse.

We were under a somewhat tight deadline to switch over (long story short, they blamed us for the problems we had with their service--that did not sit well with either of us), so I just threw up the e-mail server and configured it to make sure the mail was still delivered. That meant no spam protection. After about two weeks, the deluge of spam started to bother me enough to do something about it.

I was pleasantly surprised at how effective just a few anti-spam measures were. The first counter-measure I added was to make the server a bit more strict as to what it will accept as a properly formatted message (e-mail originating from domains that actually exist, etc.) which I assume is not immediately recommended because of the extra DNS lookups it incurs. The second was to check a DNSBL to see if the originating IP address is a known spammer (also another DNS lookup). Both of these tweaks killed a bunch of spam with the small effort of adding four lines of code to the configuration file.

The second, more involved, counter-measure I added was greylisting. This is a really nifty technique that is mostly invisible to people sending or receiving mail. The e-mail server will feign unavailability to any sender and recipient pair that it hasn't seen before. Upon receiving the temporary error message, normal e-mail servers will attempt to redeliver the message in another 10-20 minutes, at which point the server will remember the previous attempt and accept the e-mail.

Most software used by spammers to send their advertisements, however, are not so well behaved. They're more interested in sending out as much mail as possible in the shortest amount of time. This means that the spammer is unlikely to attempt a redelivery (at least using the same source e-mail address) to the same person in a reasonable amount of time. Even if they do, they greatly increase their chances of appearing in the DNSBL the next time they attempt to connect. Greylisting essentially gives you a two-for-one special.

As for numbers, the server's been running with the new counter-measures since early Sunday morning. Since then, 611 attempts were blocked by the SpamHaus DNSBL, 163 attempts were greylisted, and only 40 e-mails were actually delivered to Marc and myself (and most of those originated from the website itself and not from outside sources). Of course, the default behavior of rejecting e-mail for unknown users (and domains) is the most effective "counter-measure." In the same period, the mail server rejected 3,957 attempts at sending mail to ghosts.

The central e-mail servers employ greylisting as one of their anti-spam techniques and make liberal use of DNSBL by default. They even let you control whether or not to use those blacklists for your e-mail (just go to https://www.umn.edu/dirtools and click on "Incoming E-mail Controls") as well as whether or not to scan incoming e-mail with SpamAssassin. OIT Data Security and Internet Services lists their mail server statistics in the UM Tech Brief.

There was no point to this entry. Just that anti-spam techniques actually work.

Darn spam.

Darn uThink.

It's been a while since I've played around with the uThink MovableType installation. The template stuff seems fairly new. It is one of the cool things that's been happening lately around the University: experimentation with less traditional forms of communication. Or something.

I really have nothing of substance to say. Just needed an entry for "Log Burning" (henceforth referred to as the "logb").


About Me

My name is Kendrick Erickson. I am the associate web manager for the Office of the Assistant Dean for Student Services at the College of Liberal Arts. Our small programming unit has its own web site at http://minions.class.umn.edu/. This blog exists for no apparent reason (and should not be construed in any way as being vetted or approved by the unit, college, or university).