gnegg - Field intentionally left blank

pilif.ch SPFed…

I’m quite proud to announce that as of now, pilif.ch (my personal webpage – in contrast to gnegg.ch, my blog) has a TXT record that follows the SPF specification. If you already use SPF on your mailserver, you can now be sure whether mail seemingly coming for pilif.ch is legit or not.</p

But there’s another thing. While I was quite impressed from the simplicity and the good protection from SPAM, SPF could provide, I had some thoughts about how to circumvent SPF based filters and I found that it’s disturbingly easy…

The problem lies in the fact that any SPAMMer can just buy himself a nice new domain, use it for this one session of SPAM, while adding a nice SPF record. It’s even possible to still use cracked zombie systems when the SPF-entry is “wisely” chosen (like adding 0.0.0.0 to the permitted senders).

But even if that’s going to happen, there are some drawbacks for the spammer:

Trackability: If I have to buy myself my very own domain, I become trackable. If SPAMMing is not allowed in my country, it’s possible that I’m facing some kind of punishment for my acts
Price: As the actual executor of the SPAMing action has to actually buy a domain, face legal problems and more, the price for each message will rise. Maybe siginificantly enough so that conventional marketing may get more worthwile.

Read this FAQ entry to get some thoughts about this problem from the creators of the standard. While I don’t like the solutions provided there, i hope my above points will solve the problem in time. And if not, someone else will have another idea to stop the flood once more… For the time being SPF is a nice solution to a big problem. Simple, nice and very pragamtic

Cashpoint software for Geeks

I’m currently working on a WinCE based POS-System for unexpirienced users in low-profile stores (I took the liberty to black-out the logo at the top as it’s not official).

The Screen on this shot shows you the manual price entry screen. The problem: It seems like the values seem to get interpreted as HEX values… (see arrow). This is the optimal piece of software for geeky hardware stores ;-)

PS: Of course I fixed this. Actually it never even was a bug as it was wrong on purpose to give me reason for another blog entry

.Python

This Paper was featured on Slashdot today. It’s about an implementation of Python based on Microsofts CLR. The following quote speaks for itself:

I wanted to pinpoint the fatal flaw in the design of the CLR that made it so bad at implementing dynamic languages. My plan was to write a short pithy article called, “Why .NET is a terrible platform for dynamic languages”.

Unfortunately, as I carried out my experiments I found the CLR to be a surprisingly good target for dynamic languages, or at least for the highly dynamic specific case of Python. This was unfortunate because it meant that instead of writing a short pithy paper I had to build a full Python implementation for this new platform […]

This is very interesting. Imagine having access to all the Tools, Components around .NET from a wonderful language like Python. But it does not end here: As your Python code in the end gets compiled to MSIL, you can even create libraries in Python and share them with users of languages like C#. This is nice!

Too bad I don’t speek Python. But then again: If it’s working with python: What about Perl? PHP? Unix Shell [;-)]?

Van Helsing

Van Helsing is maybe the worst movie I’ve ever seen. My girlfriend and I have some sort of qualification for movies. The really bad ones are sarcastically called BME (best movie ever) and for Van Helsing we had to create a new category “BME plus” (or BME+)…

The silliest thing about the movie are the stupid dialogs. I mean phrases like “I’ve never been to the sea…. it must be beautiful” – and such a thing completly out of context after being nearly killed by vampires. Really nice.

The worst thing is the pseudo-romantic ending. I will not lose any more words about that. It’s just bad.

And then there’s the soundtrack…

This is quite a different thing: It’s just great. When I heard it in the movie I took a mental note to get the CD and today I did. Great! If only it was longer than those 40 minutes…

MovableType

You may know that I’m using MovableType for this blog. Now they have announced the Version 3.0 and unlike the previous versions they put a hefty price tag on it: What once was available at no cost, now requires you to pay $70 and more. Not only that: Where you was quite free in adding users and blogs to your installation, this is now limited too – even the most expensive edition allows only for 15 Weblogs.

I have no problem with paying for (really good) software (I actually use) – I even donated $45 for this installation you are seing here, but $70 is much – even more so that you don’t get something you can thinker with, but some restricted proprietary piece of software that is quite against what blogging is about.

For now I’ll be staying with what I’m currently running, but I’m certainly looking for alternatives. Too bad that another company went from developer- and community-friendly to just making profits with it’s good name.

Update: Actually they do still have a free personal edition, but this green box at the right side is so badly layouted that I’ve just overlooked it. Additionally you still have to pay the full price if you want to see the “updated”-feature. And it’s much more than what was required previously

And now for something completly different

ok. actually it’s not completely different from what I’ve seen here, but its quite remarkable that a single error message can fall into two categories at once:

It’s a non-average delphi-crash (never seen that before)
It’s completly un-understandable and says nothing about the problem.
Very nice…

News

While not that much has happened in the world out there (at least not much of the stuff I usually write about), I have some news about what I’ve been doing the last few days:

I’ve devised quite a cool way to add article images to our Barcode Solution. It’s quite fast, space efficient and expandable. I’d love to see customers using it.
I played through Super Metroid on ZSNES very nice indeed. Much nicer than what you get on the Gameboy – especially because it’s so loooong.
Began playing Metroid Prime on my Gamecube. Now that I forced me not to play it like I’d be playing Unreal or so, it’s getting quite good. 3D-Shooter-Fans: Take your time, move slowly and explore. Don’t rush forward and shoot everything you see.
Added RSS-Feeds to linktrail it’s not linked for now. Use <trail-url>?rss to see it. As always: I’m going to explain later.
Had in my hands what is known as XDA, SPV, qTeck: A Windows Mobile based smartphone. We got one from Orange to do some tests with it. Feels nice, has a hell of a GUI but is still too large for me to use regularely
I’ve been quite depressed because of the weather here – it’s better now. Until tomorrow, at least.

Now that this roundup is complete, I’m looking forward to posting some more interesting stuff in the future ;-)

Changes…

… is the subject of the virus mails I had in my SPAM-Folder today. And Changes there are: It seems that the most current mutation of virus-what-ever-its-name-may-be now uses HTML to format the ZIP-Password I’m supposted to enter in green and bold typeface. *sight*

And It’s not about those Mails I’m unhappy about. I have a SpamAssassin based filter on the server and the SpamBayes Plugin in Outlook (and Mozillas own Spam-Filter in Thunderbird) which protect me quite well from actually seeing all those messages.

No. Its three different type of messages I’m getting that I’m concerned about:

Per day I’m getting about 20 messages telling me that I presumably sent a message containing a virus which has been eliminated by super-tool 2000 ™. Stupid, as my PC is completely virus free and everyone knows that those viruses and worms fake their sender adresses. Although not happy, I took the consequence and updated my filters to catch those things.
About 50 messages per day are out-of-office replies of people I never met. I hate those as they are completly unnecessary. After all Email is not a real time medium and if it’s really important that your customers get an immediate response, you can tell them in advance that you are not there or have someone else take over the communication. Filtering those messages proves difficult as I’d be generating the source for quite a lot false-positives
Finally I’m getting all those non delivery messages from MTA’s all over the world. Some because of integrated virus scanners (sometimes I’m getting even two messages per virus I’ve not sent: One commercial for a virus scanner and one non delivery report) and some because the destination users do not exist. Because the virus fakes the sender adress, I am getting those messages. And because I have the postmaster@<many domains>-Adress, I’m getting even more of those. Summed up, we’re talking of about 100 messages per day. Additionally, I must not filter those. I mean: There are about 1000 useful cases for non-delivery reports.

So, you see: The amount of messages I can filter with a good conscience is actually only a small percentage of junk mail I’m getting per day. Where does this lead to? How can it be fixed? I’ve no idea.

Debugging

Debugging can be so much fun if you just know how to entertain yourself while doing it. I’ve taken the screenshot below when I did some debugging on a stupid AV and finally found why it happens. Then I’ve added a Gexperts Debug-Statement to visualize whether I was right.

It seems, I was…. Talk about programs not knowing when it’s time to die. If only Delphi itself could tell me before it’s crashing…

(read the thing from bottom to top: 19:00 ’till 19:02 I was debugging and the app was crashing. Then I found the problem, added the debug-statement which checks for a NULL-Pointer and outputs the message if there’s indeed one of them and at 19:02:42 I ran the thing again and it warned me that it’s going to crash. At 19:05:46 it was fixed)

Just another feed

While experimenting around with FeedDaemon I came to the conclusion that an XML-Feed containing the whole entry (instead of just the [autogenerated … I know. I will probably change that sometime] excerpt) would be really nice as it makes FeedDaemon a very useful tool.

Other blogs, I’m currently reading (I definitely will update my templates to include links to them) also provide this service.

Now I’m not really sure about this whole RSS-Stuff, so I did some copying and pasting from asterisk* and then validated it using Feed Validator and I quite like the outcome.

For now I don’t link this new feed with the full postings from every page as it’s just a test for me. If you can and have more clue about RSS, try it out: RSS 2.0 Feed with full content

In another step, I told MovableType to create the excerpt from 50 instead of 20 words to put a little more value to trackback-pings and the old fashioned RDF 1.0 Feed

Slowly but steady I’m really getting into this blogging-stuff