SnertSoft is happy to announce Private Wimp, a simple light weight mailing list manager, that is free to download. Private Wimp has been used to manage several mailing lists for past few months now.

It avoids the bloat of Major Domo, Mailman, and Ecartis . Completely written in C and so avoids the overhead of Perl or Python. Installation and configuration is short and simple; all list management can be done remotely by email; always confirms subscribe/unsubscribe requests and admin. commands; handles bounce messages (discard, forward, or removal of unknown users); provides support for four list types (announcement, trusted, closed moderated, open moderated); keeps track of users that unsubscribe; and provides a simple archive structure (similar to Ecartis).

The online documentation can be found here:

http://www.snertsoft.com/sendmail/wimp/

I even wrote Javascript classes that implemented them. I thought it would be kind of neat in an odd ball off the wall sense, like expressing the speed of light in furlong per fortnight, to display them here on the blog (see sidebar right). I’ve even had an idea for a new RFC

However, I have two issues with this:

First, to achieve this data gathering, a web site is required to load on each web page of interest a Javascript file called urchin.js from Google or the more advanced ga.js file. Essentially a web site is telling your browser to execute some remote 3rd party script on your system. This is a BAD idea in terms of security, since it might be possible to hijack that script in transit and replace it with attack / hack code. Also the script is not loaded securely via HTTPS, so no certificate authentication or validation of any kind is done; just blind trust that google-analytics.com has not been hijack by DNS cache poisioning or that some intermediate web proxy hasn’t been compromised.

Second, I am interested in protecting my privacy online as much as possible these days. I already have a pretty big online foot print dating as far back as 1986; regardless I see it as my right to restrict data collected about me. So whenever a web site asks for HTTP cookies, Flash Cookies (How to Manage Flash Settings), tries to load advertising, or track my movements through scripts and/or cookies, I’ll go out of my way to block that from happening.

So when a web site loads urchin.js or ga.js, it is going to communicate information about visitors back to Google. I find this an invasion of my online privacy. What I do online is my business, not Google’s. Google already has enough data about what search terms I look for (this can be controlled through Google, though who knows if it is honoured or not). Frankly I don’t think Google or any other 3rd party advertiser needs to know where and what the frack I’m doing.

Simple solution: use a URL blocker, like Bork Bork Bork! or Adblock Plus, to block urchin.js, ga.js, and/or anything from google-analytics.com from being accessed. If you don’t want to use a URL block, this can also be achieved by adding to the Unix or Mac OS X /etc/hosts file (Windows has an equivalent C:\WINDOWS\system32\drivers\etc\hosts) and add an entry like:

127.0.0.1  www.google-analytics.com

Most webs sites where google-analytics.com has been blocked are designed well enough to continue functioning. However, there are a small handful of web sites the refuse to do anything when the tracking code is not loaded. Typical bad design on the web sites part. In the end I see Google Anal-Tics as evil and chose not to do business with web sites that expect me to put up with that shit.

My Muzeella Fureffux & Thoonderburd ixtenseeun Bork Bork Bork! hes beee updeted fur Muzeella Fureffux 3.5. Bork Bork Bork! is a Svedeesh Cheff trefesty feelter und URL blucker. Feeoo veb peges oor (joonk) meeel es spukee by zee Svedeesh Cheff leeke-a thees.

It is available directly from:

• my snert.com page for Bork Bork Bork! 1.8
• the official Mozilla Add-On page for Bork Bork Bork! 1.8
  (if they ever get around to approving it)

Sites like PHP.net and Flickr have already added support for many of the ideas discussed. But what is really required is that there be more adoption by blogs, social network sites like twitter and identi.ca, and applications like twhirl and tweetdeck.

To that end there is already a WordPress plugin called Shorter Links, which having installed it here works very nicely and I assume the author will continue to track the developments in this space. There is also a tool to test self-published shortened URLs.

One can also follow the twitter discussion thread about #revcanonical.

• Malwarebytes Anti-Malware – the best malware detection tool I’ve used to date that works! Will catch things that an up to date AV, adware, and spyware scanners fail to find. If you suspect you have a problem, get this tool, update it, and do a quick scan. Odds are this tool will save you from a tedious system wipe and rebuild.
• Avast! Home Edition – free for private and personal use. This has been the one I’ve been using for a couple of years now. See AV Comparitives.
• NOD32 – commercial AV with free trial, not yet tried this, but I’m told by a fellow sys.admin. friend that swears it is the fastest, least resource consuming. See AV Comparitives.
• Vipre – another colleague suggested last night this AV scanner, but it appears to be completely unknown underdog. But I trust the source of the suggestion.
• ClamAV for Windows – free open source anti-virus scanner; however it lacks an on-access scanner, which is essential for being alerted to problems quickly. Have tried to find add-on on-access scanners for ClamWin, but not yet found a suitable one. ClamWin is great for whole disk scanning though, but with modern disk being so big, how often do you bother to scan a whole disk or individual files.
• System Internals Tools – bought out by Microsoft, they have a superior Process Explorer, and many many other neat power user / admin. tools.
• Tweak UI – part of the Microsoft Power Toys suite and essential for customising Windows behaviour, like turning off the annoying “Ballon Tips” or disabling CD/DVD autorun to prevent installation of the evil PC Friendly (causes nothing but grief) or other potential nasties the studios try to slip onto a machine, like DRM root kits.
• Registry Guide – formerly regedit.com and winguides.com, they used to provide a Windows helpfile download showing many many handy registry keys, but now it’s only available online (grrr). Documents much of what you can change using TweakUI or regedit.exe. Handy information for locking down a Windows computer. Here’s an out of date copy of the last free Registry Guide downloadable.
• SiSoftware Sandra Lite – everything you wanted to know about your computer hardware.
• Memory Testing – A comprehensive free memory testing tool.
• SpeedTest – a handy bandwidth testing web site. BTW it helps if you know where your network provider’s “peering” is done in order to compute favourable results.
• Ranish Partition Manager – a free tool for resizing and managing primary & extendied disk partitions. Handy if you want to setup dual boot systems.
• Admin. Password Reset Tool – have you ever forgotten the admin. password for your Windows system or have you ever had to service someone’s machine to remove virii and needed admin. access.
• Treesize Free – handy tool for seeing what the size of directories are and where you might be wasting disk space. Also handy for estimating CD/DVD backup sizes. I have a copy of the older TreeSize Pro 2.4 which is just brill.

When it comes to AV tools, I’ve given up on Symantec and McAfee. I think they’re past their heyday. Symantec Norton Anti-Virus is a resource pig that can slow a Windows machine down at least (I estimate) 20%, certainly noticeable; the user interface is slow; and frankly it misses catching virus, trojans, spyware, etc. In my humble opinion its rubbish. As for McAfee, I stopped using it some where around Windows 98, when it just stopped being as affective in identifying malware. At the time I switched to Norton AV and was happy for a long time until Windows XP and performance problems started appearing. I’ve not revisited McAfee since, but frankly if I’m going to pay for an AV, I’m going to trying something different, like NOD32.

Forget about installing adware or spyware detection tools; remove them if you have. Frankly I do not trust these tools to not be the actual source of adware and spyware themselves. This should be the job of a good and well known anti-virus scanner. The only tool I’ve come to trust that I’ve seen catch stuff that an AV scanner have missed has been Malwarebytes. I recommend running this even if you have an AV scanner.

The above are just some of the handy tools I’ve kept booked marked for emergencies or use on a daily basis. I have others I could probably mention, but for Windows sys.admin. and field support the above is a good place to start and should keep you calm enough to get the job done. You’ll still curse Windows as rubbish, but at least it you might be able to fix it enough to tolerate it longer.

Update 2009-10-07:

• Avira AntiVir Personal – free for personal use. I’ve been using this for the past 10 months as I’ve found it to be less resource intensive (aka faster) than Avast! and just as good. It lacks many of the extra features of Avast!, such as SMTP, POP, IMAP, P2P, IM, and web scanning, but then for power users who are aware of the pitfalls, use secure channels, and use tools already adapted to their situation, like Firefox web browser, then Avira’s light weight nature compared to Avast! will be better. Still for the average joe unfamiliar with internet security, Avast! Home Edition will probably be a more comprehensive solution.

Along with the usual plethora of speed, accuracy, and bug fixes that are part of any major release, are several new features and enhancements:

Enhanced Message-ID for Email Watermark (EMEW) Version 2

Improved outbound message “water-marking” reduces the threat of Denial of Service due to “bounce message” floods. With EMEW it is now possible to selectively apply different secrets by individual sender, sender domain, or sender account for outbound tagging and validation of of inbound non-delivery reports or content white listing of replies. This allows an ISP to apply EMEW only for those domains known to use the ISP outbound mail servers exclusively and exclude those domains that might use a mixed mail server model.

Attachment Reject Policies

Using simple file name patterns, deny attachments based on attachment
name, content-type, and/or file names found in .zip and .rar compressed
archives.

Time limited recipient addresses

Easily generate safe and disposable time limited email addresses as part of user’s regular mail address. Intended for use by users who want to supply short lived addresses to questionable web sites registration forms or mailing lists.

Digest DNS Blacklist Support

Originally intended for use with the Malware Hash Registry, it can be used with other similar blacklists. Support for other distributed hashes, such as Vipul’s Razor, Pyzor, and DCC is being considered.

Sophos AV Support

Sophos AV has been added to the already supported AV engines: Avast, ClamAV, F-Prot.

More RFC Supprot

RFC 1652 8BITMIME simple pass-through support now advertised with EHLO capabilities list.

RFC 1870 SMTP SIZE parameter extension supported and can be used in conjunction with the existing access-map size limitation tags length-connect:, length-from:, and length-to: for rejections based on SIZE at RCPT TO: command instead of end of message.

DNS, URI, and NS BL Additions

Now possible to check IP addresses and URI found within selected headers against blacklists. Also experimental options to check URI name servers against specialised NS blacklists now available.

Technical questions concerning the software or documentation, please contact me via SnertSoft directly. Otherwise to arrange for demos, discuss pricing, speciality needs, or other POSIX based platforms please contact my partners FSL.

I have a theory if you anticipate the worst, things typically work first go, but you waste lots of time and energy being paranoid; of course that one time you’re not paranoid or too complacent about installing an upgrade happens to be that one time when the shit hits the fan. The same is true with computer hardware; when you install a new interface card or memory and carefully close up the box, before testing the new hardware, you always end up having to reopen the box because: the card / memory wasn’t seated properly; you unseated a cable by accident that just happened to get caught on your sleeve cuff button; forget to reconnect a cable you disconnected so you get your hands inside, etc. Sometimes I think Murphy was the court jester to God.

I’m Canadian and live in France. I speak and read both English and French, but English is my first and preferred language, especially for all things technical. I’ve configured my web browser Firefox (Opera and IE have this facility too) as to which language variants I want. The HTTP/1.1 web protocol as described by RFC 2616 supports the Accept-Language header that the web client software specifies in HTTP requests as to which language the user wants to receive in order of preference.

So !WHY! is it that web sites like Google, YouTube, and many others select a web page language based on the user’s geographical location (determined by country assignments of IP addresses) rather than my personal preferences!?! Especially when there is a protocol mechanism to facilitate language choice! Why should I then have to change the web site preferences and store a language cookie (RFC 2965) to remember that choice, when my web browser keeps telling the web site my preferences as part of each request I make where ever I go!?

Why do web sites insist on pissing users off by making broad assumptions about as simple a thing as preferred language? “Oh! You live in France, you must speak French by choice. We’ll give you the French version of the site.” Bzzzzt! WRONG! Game over! Thanks for playing! Bloody wankers! (I can make similar comments about language selection when installing software, my region is set to France, but I have a UK QWERTY keyboard! What does tell you about me? Grrr.)

My second peeve concerns Contact Us links on web sites, either the lack there of, that they are often buried deep deep in the web site in some obscure corner of a page, the poor choice of options such as no means to make general comments, suggestions, or ideas, or that the page is inaccessible or won’t display at all. I wanted to comment on my language selection peeve to YouTube, but there was no link for comments, just how to complain about copyright, abuse, security, get API information, and the like. Trying some of the alternative choices, like Help Centre, would not even display at all in the browser – as though the web page request was stuck in some sort of redirection loop.

One thing YouTube/Google have done is publish their postal address and phone numbers, so I’ll probably print a hard copy of this rant and mail it to them. If I had a fax (OK, I could use the computer’s fax service I suppose), I might do it that way, but I’d probably find their fax machine connected to an automated telephone system menu that I’d have to navigate first before I could get a carrier tone. Hmm. Maybe if I press zero for an operator and blast the modem tones in their ear. That might give me some small measure of pleasure and assuage my need use a clue bat on someone.

There is an old Internet saying my server, my rules or more precisely with respect to the topic at hand my blog, my rules. If I own, operate, and pay for the hosting of a web site or blog, then any content generated on that web site belongs me, thus comments left on my blog would belong to me, with proper attribution to the commenter of course (otherwise why bother having comments at all). If someone wants to save and/or protect their comments, then they should use their own blog and link back to the source article or comment to form the thread of discussion for readers.

My blog, my rules is a question of simplicity and easy of management of content. To do otherwise would be chaos.

What about issues of liable? The Internet has already seen cases where blog owners linking back to defamatory articles have been held liable, even though they did not write the original article. As a person running a blog, I need to be able to manage the content, especially when someone else contributes commentary, in order to protect myself legally. I do not think blog owners will have the same protection as an ISP or social network site (ie. America’s “safe habour” provisions). What happens when the blog owner and the commenter live in different countries, each with different laws with respect to freedom of speech and copyright?

Consider too comment spam. If commenters had rights to their utterances on blogs and you delete or edit a comment that is spam, would you be liable in some manner? A blogger has more risk in terms of hosting costs, what they publish, and general reputation, such that they must have ownership and control of what is said on their sites, especially when it is an opposing opinion. Commenters are more like hecklers in a comedy club audience.

Probably the best solution is to disallow blog comments altogether. Force people to remain silent or use they’re own blogs or web sites to voice their views in response to articles. At least then each blogger takes equal responsibility for what is said in public.

For example Reason 13 “lack of tools” I disagree with. My design tool of choice is a good text editor like TextPad or nvi. I never use an IDE as I find they get in the way of “how I think” about a problem and often hide the language preventing a programmer from learning a language properly. Outside of an editor, compiler, interpreter, and debugger all the additional tools that serve as programming aids can often be a crutch that impede a developer from actually thinking about design and logic; sure they can help, but I don’t see this as the reason behind a language not being adopted.

Reason 10 “hanging about” I disagree with. Java evolved out of C, C++, and Smalltalk. Algol inspired Pascal which begot Modula2 & 3 which in turn inspired Ada, which was sponsored by US military needs. Lisp inspired Scheme and Lisp is still the favourite of the Emacs crowd. Python draws some of its roots from ABC and Fortran in terms of using indentation / column position for code blocks. Forth, a stack based language, was probably the inspiration for Postscript, which are both popular in their respective domains (embedded systems, printing). The point here is that the older languages had merit in their time, but go on to inspire a newer variant, and some languages have a certain niche domain or problem space that they were design for, rather than being general purpose.

Reason 9 “lack of sponsor” I disagree with. Perl became popular because it provided superior regular expression handling as syntactical objects, instead of a set of functions or methods. In addition Perl brought together all the elements of AWK, sed, and grep (regular expression based tools) and the shell into one kitchen sink type language at a time when shell script programming was painful due to the multitude of shells (Bournce, Korn, Csh, …) and their assorted quirks. Don’t recall there being any particular big name sponsor behind it. I’ve read some where that Larry Wall would not have written Perl had Ruby existed at that time to solve his needs. This would imply that the adoption of a language by programmers is also a matter of timing in addressing a need.

Also I see the creation of huge collections of libraries that are distributed as part of the core support more of a discouragement to learning a language like Java, Perl, or Python. I dislike “everything and the kitchen sink” approaches. I learnt Java several years ago before the sudden influx of APIs where added. It was appealing then because one could see and understand the whole of it. Now I seldom program in Java, because I just see it as bloated mess; the language is ok, but all the additional libraries that are bundled with it now make me want to run screaming into the hills.

Reason 8 “no killer application” I strongly disagree with. A killer application is a new and novel idea or concept, which is separate from the implementation language. The choice of language used to develop a killer application might simplify parts of the implementation, but do not inspire the actual ideas behind the application. What a killer application does for a programming language is give it exposure. However, this can lead to programmers “worshipping the messenger more than the message”, which is why some languages like Perl, Python, Tcl, or Ruby on Rails will gain sudden followings. What people do after with their language(s) of choice will be more interesting to history.

• memory corruption
• memory leak
• double-free
• thread race conditions
• mutex dead-locks

Lots of younger programmers often say why don’t you write in another language with built-in garbage collection? This would resolve the first three types of bugs by making it the language’s problem to solve. My usual response is speed, portability, and “how I think“. That last one is important.

Also many of the recent languages like Java, Perl, PHP, Python, and Ruby are huge beasts; their standard class and support APIs having swelled to hundreds of classes and thousands of methods. And you still have to port and/or install the language engine to the system before your applications built on that engine becomes portable to that system. For the most part that has already been done for all the common systems in use. Still something about huge interpreted systems bothers me. For me small is beautiful and I think many programmers have lost touch with that.

I find C already portable to a large degree and any portability differences between unix like operating systems are generally well known and solved problems now. In the case of Windows, it will always be a pain in the arse, but it is for that reason I have my own portability and support library that hides much of the differences between systems. As a result, these days, I can probably code just as fast in C as most people do in a scripting language of their choice, and I’ll have a smaller, faster, more efficient program in the end.

Modern languages that support threading are still subject to dead-lock and race condition type problems, though in Java they are fewer and far between. Perl (last time I looked) and PHP do not have thread support, so they avoid these types of bugs through lack of support. Thread support for certain types of programs, like server applications, is very important especially if you want the software to be ported to Windows at a later date, since Windows has nothing like the unix fork and exec system calls.

Not to say I don’t like scripting languages. I very much like Ruby for its clean design and smaller size compared to the other choices and PHP for web sites and command line scripting is neat. Of course if you want to avoid the overhead of either of those, AWK and/or a good old Bourne shell script work well enough. Old school tools still work.

While C does provide you enough rope to hang yourself, it also allows you to create software with the intricacies and beauty of a Celtic knot.