Monday, December 13th, 2004
I hate spamfilters.
For years now I’ve run my own server at home without problems. Suddenly my provider, C-hell-o, decides that I need some sort of semi-dynamic IP. I don’t understand why, but anyway. So guess what..
It turns out that those spamfilters have the whole UPC range blocked as ‘Spam senders’. Ooh, nice. NOT. So now I won’t be able to send any mail from my server and instead will have to relay everything to Chello’s crappy mailservers. And those don’t work half of the time.
The problem with these spamfilters is that they simply don’t work.
Filtering for keywords and assigning scores doesn’t work.. I’ve seen mails with subjects like “V 1 A G R @ – Buy it now for only $0.99 a pill”, and the score was still far below spam. While on the other hand I’ve also sent emails to people with subjects like “Re: application” and gotten in back because it was supposedly spam.. yeah, right. Spammers will always find a way around these kinds of filters.
The other filters – the origin-based ones – also don’t work. Why not, you ask? Because spammer will keep finding new places from where to send their spam, until we’ve blocked every goddamn IP in the whole world.
I’ll even go as far as too say that it is not spam that is screwing up e-mail, it’s the spamfilters!.
I give e-mail another year or two before it’s either completely unused or we just accept spam as a day-to-day nuisance and move on with our lives instead of thinking up sollutions that are even worse than the problem itself.
I’d rather receive 20 spam emails and 1 normal one than recieve 2 spam emails and miss the real one I was supposed to get.
Friday, December 10th, 2004
gExec v0.2 was released
Changes include:
- Duplicate history entries are now removed
- Various bug / memory leak fixes
- Tabcompletion of arguments as well as program names
- Settings
- Better command launching and error reporting
Release overview here.
Thursday, December 9th, 2004
Various news sources are reporting that Dimebag Darrel and another undisclosed band member were shot dead during a concert in Ohio.
I’ve been a long time fan of Pantera. You can, in fact, say that I’ve grown up with their music, and it has always been a great influence to me. It was one of the first bands where I could really find myself in their music.
The break-up of Pantera in 2001(?) was already a shock to me. The mudslinging by the various members of the band also was depressing. Pantera broke up and essentially fell apart into two different bands: Damageplan and Superjoint Ritual. Both of these bands are somewhat promising, but neither of them are Pantera.
Somehow I’ve got a feeling that perhaps the gunman was a Philip Anselmo fan who couldn’t take the mudslinging anymore and so he deciced to kill the opposing party (Dimebag darrel and Co).
This is really sad news.
Update: More rumours at Oor.nl.
Highlights:
“then i saw
the guy jump out of the crwod onto the stage… he was yelling something
about how “you broke up pantera…. you ruined my life…. what about
phil??? he needs heroin money…” or something like that then i saw the gun
and he shot DBD right in the head…”
“1) Daryl is dead. We all know this.
2) Vinnie is fine (I have confirmed this)”
Please note that these are rumours.
Thursday, December 9th, 2004
After the problems of the server being dead due to a failure in hardware, it was now time for the internet connection to perish. All electricmonk.nl domains are in working order once again. The nihilist.nl domainnames aren’t, and I’m not sure if I’m going to resurrect them.
Hopefully this will be the last of the problems with this server.
Wednesday, November 10th, 2004
Well, since my server was dead as a brick anyway, I decided to put Linux 2.6 on the new machine during the reinstall, mostly for the ext3 support (yes, I know they also backported it to 2.4)
Being used to ipchains, I was always too lazy too find out how the new netfilter stuff worked. But now the server had been down for three weeks anyway, so I thought it wouldn’t matter if it took me two more days to get NAT and my firewall running again.
Configuring the kernel
Turns out of was a real cinch. Just had to compile in support for CONFIG_NETFILTER, CONFIG_IP_NF_CONNTRACK, CONFIG_IP_NF_IPTABLES and then select some NetFilter matching modules (I chose a couple, but you only really need CONFIG_IP_NF_MATCH_IPRANGE, CONFIG_IP_NF_MATCH_PKTTYPE for the firewall I believe).
Setting up masquerading
After booting the new kernel, all I had to do to get masquerading to work was run this:
iptables -t nat -A POSTROUTING -i eth1 -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
and masquerading worked.
Setting up the firewall
At first, IPtables seemed to work the same as IPChains. Turns out though that there are some subtle differences. For instance, the chain names (INPUT) are case-sensitive with iptables. I also had to manually insert some modules to get the various targets (REJECT) for the rules to work. Another caveat was the fact that iptables works on a first-rule-matches bases. My old setup (ipchains) closed all ports < 1024 and then opened up things like HTTP and SMTP. For iptables, I had to first open up a couple of ports and then close everything below 1024. Quite counter intuitive, but anyway.
Ultimately, I ended up with these modules loaded:
ipt_iprange
ipt_REJECT
iptable_filter
ipt_MASQUERADE
and a whole bunch if lines similar to these for the firewall:
iptables -A INPUT -i eth0 -p tcp --destination-port 20:22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 110 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port 443 -j ACCEPT
# Deny all this shit below 1026
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1025 -j REJECT
iptables -A INPUT -i eth0 -p udp --destination-port 1:1025 -j REJECT
More information
More information on setting up masquerading with iptables can be found here.
Tuesday, November 9th, 2004
It’s finally here. Firefox v1.0.
Changes for this release include better tabbed based browsing, more languages and lots of bugfixes.
Spread the word.
Press release
Unfortunatelly, the fix for this bug didn’t make the cut for FF1.0 :(
Friday, November 5th, 2004
All server problems seem to be fixed. I may run into some problems along the way, but they will be fixed as soon as I find them. For now I believe everything is up and running again. On the good side, this server is now about 3 times as fast and has around 10 times as much memory as before.
Wemail en web FTP are running again. PHP has been fixed and all backups have been placed back. Everybody’s webpages are available again. Unfortunatally, all stored e-mails are gone, since I didn’t make any backups of those out of privacy concerns. All stored webmail preferences and addressbook entries are restored.
If you run into any problems, do not hesitate to contact me.
Thank you for your patience.
Tuesday, November 2nd, 2004
Hello folks,
Sorry for the extremely long delay in fixing the problems with this server. FYI: This server, along with all the webpages and all the other crap on it, has been down for almost two weeks now. It’ll take too long too explain, but all I can tell you is that it’s been nasty and I’m very sorry about the long delay. I’ve experienced some unforseen technical and personal problems which needed to be resolved before I could start fixing the problems with this server.
For now, all webpages are working again. Mail should be working too, but no access to the webmail is possible at this time. I will continue to work on the problem every hour of my sparetime. Please bare with me.
More information will follow. Watch this space.
Sunday, September 26th, 2004
Thanks to my uncle Guus, who found a small bug in WTP. The bug was caused by quotes and some other non-common characters in path or filenames. It has been fixed in WTP v1.1.
The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.
