Blog

33: Larry Leg-Breaker’s Betting Parlor and Emergency Financial Services

I’m no longer dreading writing Run Your Own Mail Server, because I have moved on to dreading the first time I spellcheck it. Fortunately, I’m still looking forward to dreading the kill-passive-voice pass through the manuscript.

If enough Gmail or Microsoft users flag your legitimate messages as “spam,” their algorithms decide that your domain sends low quality messages that should always go straight into the spam bucket. Some people who signed up for mailing lists and later want to unsubscribe do so by routing the messages to the spam folder. Bloggers cold-mailing possible sources often suffer from this.

I find myself wanting to do the same. I need the business notices Stripe and PayPal send me, but they use our business relationship to legally stuff advertisements for their loans into my inbox. Before approaching PayPal for a business loan, I would go to the alley by the lead paint factory’s toxic waste heap and apply at Larry Leg-Breaker’s Betting Parlor and Emergency Financial Services. As much as I loathe those announcements, if I start teaching my spam filter that messages from PayPal and Stripe are spam, it will probably misfile critical emails.

Soon, spellcheck. Soon.

Posted on

Mail Software Projects for You

Working through the tail of Run Your Own Mail Server has led me to a couple things I’d like to see. Maybe some reader would like to hack on one of them.

1) The best way to generate a list of hosts that should bypass Postfix’s intrusive protocol checks, or anything that resembling greylisting, is the postwhite. Postwhite has been abandoned for years, though. This isn’t exactly a problem, as it’s feature-complete and does the job. The configuration is clunky, though. It supports a long-obsolete list of Yahoo mailer addresses. The list of domains it generates lists for is hard-coded in the script, and artificially broken up into categories like “legit bulk mailers,” “social media,” and so on. You should not have to edit the script to remove a domain, because who accepts mail from LinkedIn these days? You shouldn’t have to edit the script for anything. The last edit to this was six years ago, so I suspect it’s basically abandoned.

Moving the domains to an external file and dropping the defunct Yahoo page would be good. If you have to fork it, using a meaningful name like “greyskip” or somesuch would be nice.

2) Postfix on FreeBSD supports blacklistd. That’s grand. Log parsers are inherently fragile, and libblacklist is the smart way for an application to declare that an IP address is misbehaving. The Postfix support only applies to authentication attempts on smtpd, however. I’m in favor of that, but I’d also like to see postscreen grow libblacklistd support. A host on a trusted DNSBL pokes our mail port? Block it.

I could do #1, but I lack the time and refuse to recommend my fault-oblivious code for production. I lack both skills and time for #2.

The truth is, we’ve limped along like this for years. We could limp for many more years. But hey, someone out there might want to make the world suck slighly less.

Posted on

Block list vs black list in my books

Open source software has been adjusting its language. In a world without systemic racism, technologists could use words like “master” and “slave” without worries. While the Internet’s primordial developers chose those words without malice1, we don’t live in that world. Much of the software in Run Your Own Mail Server is older, however. Many people who don’t speak English natively don’t fully understand the implications of “black list” and “white list” and don’t want to go through the annoyance of changing them in large code bases.

Part of my job is to be easily approachable to all readers who connect with my voice.2 That means using language correctly. block list.

Another part of my job is to tell the truth. The software calls it black list. No matter how hard you search, you will not find rspamd’s block list.

I’m not going to reject rspamd or postwhite because of their language. To do so would inflict extra pain on my readers. So I’m putting this (raw, unedited) text in Chapter 0.

Today, we use the term “allow list” for entities that are permitted to skip a layer of protections, and “block list” for entities that are categorically refused. Many older programs and some software developed by non-native English speakers, still use the older blacklist and whitelist. This book uses modern language except when configuring those programs. Do please encourage your favorite developers to update their language to the 21st century, however.

This is the same approach I used in the latest Absolute FreeBSD with my beloved blacklistd, but made explicit. Also, blacklistd has been renamed. Even we greybeards can do better.

I much prefer using consistent language throughout, but reality has its own opinions.

Comments defending the old language will be summarily deleted. You also acted without malice? Fine. Now you know better. Do better.

Posted on

January’s Jalousie Sausage

(This post went to Patronizers at the beginning of January, and to the public at the beginning of February.)

The beginning of the year. Time to not only contemplate last year’s failures, but to select next year’s failures. Not that I’m cynical. Truly, what’s the point of setting goals you know you will accomplish? The trick is to pick goals that are fail-forward. If you decide to lose a hundred pounds but only lose thirty–you still lost thirty!

In that spirit, I’m planning to publish eight books next year: two nonfiction, six fiction. Chunks of five are already written, I just have to clean them up. If I fail, I will have published something. It will require stability and certainty, however. In 2024, I will focus not on making words, but on maintaining the conditions needed to make words. That means taking the time for exercising regularly, preparing large meals that leave lots of leftovers, and stepping back from things I can’t change. It’s an election year here in the US, but we already know which candidates we get to choose between and I’ve already decided who I’m voting against. I don’t need to know about the latest stupidity there. I need to work on things only I can do, because ain’t nobody else in the world mad enough to write a book on email or the novels I’ve had in-progress since 2019. I need to settle back into the writing pattern I know works well: write fiction for two hours in the morning, write nonfiction all afternoon, relax on weekends. The pandemic made all of this difficult, especially as my wife is a nurse practitioner and is regularly exposed to idiots.

I just did the annual accounting, and: despite all that, I managed to keep my 2023 income flat with 2022 and 2019. 2021 and 2022 were “fever years,” where my income spiked for reasons beyond my control. Having everyone locked inside with nothing to do but read is great for my business, but not so much for civilization. I achieved Enough, so I’m good. All I have to do is keep publishing.

Speaking of publishing: I’m debating how to publish Run Your Own Mail Server.

For OpenBSD Mastery: Filesystems, I did direct pre-orders from my web store. It worked. People were happy. I could do that again, or I could run it through Kickstarter. Kickstarter gave me great results for my wildly niche nonfiction. I don’t want to do both, however. Many of y’all will get the ebook free3 through your Patronizer benefits or through sponsorships, or even print copies, so I don’t expect you to take either route. If I do direct sales, I control the whole process. That’s nice. Kickstarter is not a sales platform, though. It is a discovery platform, the Sixth Circle of the nine-circle Customer Acquisition Funnel. You know, the outermost district of Dis, on the banks of the River Styx. Okay, fine, if I ever write “How I Make a Living Writing” I’ll use a “Dante’s Inferno” theme. Where was I? Oh, right. Discovery platform. Every time I run a Kickstarter, a few folks sign up for my mailing lists and buy other books. On the other hand, RYOMS is my best-sponsored book ever. How much crowdfunding do I really want to drag people through?

So, do I want solid money now, or less money and the chance of a broader readership?

Put that way, the answer’s obvious. Kickstarter it is. I’ll start to assemble that once I get the book to tech edit. The book is written with a Star Wars motif, so it’s tempting to try to do a promo video with actual production values. I need to resist that temptation, however. Mind you, if I ever do a book with a John Carpenter theme, I might revisit that decision. “This is not a dream. We are warning you of this book in hope that you can prevent it from being published” seems on-brand.

I guess that’s the secret to “How I Make A Living Writing.” I beg for money, but in a slightly entertaining manner.

So in 2024 that’s one Kickstarter for RYOMS, one for the giant fiction thing, perhaps a second edition of Networking for Systems Administrators if I can identify out a reasonable cross-platform netcat-alike with a consistent command line and TLS support, another nonfiction Secret Project, plus some classic art with mushrooms that could be parodied with Beastie and Tux, a small Kickstarter for the new Letters to ed(1). The FreeBSD Journal column will hit six years old this summer, so I’ll probably pull the years 1-3 book from print and replace it with years 1-6. I’ll probably keep that up for four more years, and let it die at ten. I can’t see the gag lasting much longer than that. Maybe the ten-year omnibus Kickstarter will feature a back-exclusive edition where I restore all the obscenity. Don’t worry, Patronizers are always considered backers, you’ll get the appropriate edition for your tier. I’m not going to offer a special edition of N4SA bound in Cisco salesman spleen and not send copies to my print-level Patronizers!

If all works out well, in 2024 I’ll be slamming out a big non-BSD book for a trad publisher. I’ve said before that I love win-win deals, and I think we’ve negotiated one. More details as events warrant.

This is the plan. Reality has its own plans. Those plans involve phrases like “monomolecular tripwires” and “release the hounds.” We’ll see who wins. I put $20 on reality.

But this month, I plan to finish the first draft of RYOMS. All that’s left is DMARC, webmail, touching on rspamd, and detritus like nolisting. I have the greatest of all gifts, which is hope!

Which means I’m gonna quit writing this now. Take care, y’all.

32: Only Mildly Suspicious

Rspamd is the best solution we have for managing spam, and that’s… kind of terrifying.

Consider the first symbol, URI_COUNT_ODD. The description reads “Odd number of URIs in multipart/alternative message.” The message has an odd number of pieces. Why is that important, though? Rspamd does not say. You must derive the deeper meaning from your understanding of the protocols and tools. In this case, this is an HTML message. HTML messages should have one MIME part for the text version, and another part for the HTML version. This particular message also has an attachment, so that’s a third part. A virus might also send a message with a plain version, an HTML version, and an executable attachment. The URI_COUNT_ODD test can’t tell the difference between my message and a virus payload. This is only mildly suspicious, and is worth one point.

I’m still pushing to get a first draft of Run Your Own Mail Server done in the next couple weeks. You sponsoring the book will not make me finish it any more quickly, but it will get your name in the back of the book.

Posted on

At long last: the MWL Title Index

I try to hold down the amount of information on this site. I truly do. I also try to keep the menus at the top no more than one layer deep. But finding individual titles on my web site has become increasingly difficult. People complain that they can’t find titles. Everything is filed logically, but logic is limited. Is “PAM Mastery” a sysadmin tool or an operating system reference? Should “$ git commit murder” be filed under crime novels or software crimes?

I maintain the official title list in my OID, accessible to the world via a trivial SNMP query. That MIB doesn’t have links, though. It never will. I’m not rewriting my OID if I need to reorganize my web site.

Here’s the brand-new comprehensive title index. Tech books, short stories and novels, the Canadian Version of ZFS Mastery, TTRPGs, it’s all there. Sort by title or release date or length or genre, you can find it all and a link to the book’s entry.

Most short stories that were released as standalones were pulled into collections, so those entries link to the collection. The point of the index is so that you can acquire a Thing, whatever the Thing is. Or learn that the Thing is utterly unavailable.

This also served as a double-check of my web site. To my shock, everything I know about has an entry. I’m not saying this is everything–I have no idea what I’ve forgotten. But what I know about, I have claimed.

Why do this now? I had to hire help to accomplish it. No way I was dredging through all this crap.

31: Bringing All These Failures Together

I’m writing about rspamd for Run Your Own Mail Server.

Have you ever looked at a JSON configuration and thought, That could be a regular Unix text file? YAML and JSON and Unix text all represent similar data in different formats. Each has strengths and weaknesses, and each has syntactical idiosyncracies that earn them devotees. JSON might be the most complete configuration store, but it’s not designed to be written by hand and very few people advocate doing so. YAML looks writable, until it fails to validate. Even plain text can go wrong. Every format is full of failure.

Universal Configuration Language (UCL) brings all these failures together. UCL-aware tools can read Unix-style text configurations as well as various JSONs, YAML, and messagepack. They can output configurations in any of these formats. If it makes sense for you to configure an application in YAML, do that. If someone else needs the same application to use Unix-style text configuration, that’s fine. UCL also simplifies programmatic configuration changes.

I have to finish the rspamd chapter and write two more chapters, tentatively titles “Detritus” and “Other Detritus,” and the first draft will be complete. Sponsor it while you can. Or not. Whatever.

Posted on

Las Vegas NV Gelato Meetup, 17 February 2024

Been a while since I’ve done this.

Family events are taking me to Las Vegas. The schedule’s pretty booked, but about 7PM on Saturday, 17 February, I’ll be getting gelato somewhere around the Paris hotel on the Strip. I won’t have books or anything, I’m just hanging out.

I haven’t picked a spot. I’ll be looking for somewhere sheltered but airy, with good gelato. Choosing a location will require extensive hands-on evaluation of the many available options.

More details when I find a place.

You want to meet me, this is your chance. Otherwise, consider yourself warned.

30: The Expected Heat Death of the Universe

Grinding hard on Run Your Own Mail Server.

Modern DKIM uses 2048-bit keys. With current mathematical understanding, they are not brute-force breakable before the expected heat death of the universe. Modern cryptographic algorithms don’t fall to brute force, however. Mathematicians nibble at them, discovering weak point after weak point until, eventually, someone figures out how to break them in a reasonable time. Computer speed might not be accelerating the way it did a couple decades ago, but processing power is far more accessible than ever. Every year, any definition of “reasonable time” encompasses more and more processing power.

Will your key be broken? Probably not.

Is your organization a target for intruders? Does you handle money or personally identifiable information? Are legal stormtroopers likely to loom over your world and blast it into a billion shreds? If so, rotating your key every year or so is a respectable item on the list of things you do to convince auditors that you’re taking sensible precautions.

You still have time to sponsor this. Some time. The start of a book is slow, but the end is often an explosive implosion.

Posted on

Terry Pratchett Discworld Bundle vs DRM

Terry Pratchett was one of the most brilliant writers of the last hundred years. I own everything he ever published, in print, a worthy investment of several feet of precious shelf space. Tattered SFBC hardcovers from the 1980s with feebly-glued pages covered in faded dust jackets, battered paperbacks smuggled from Canada, spiffy hardcovers from when the world realized his work was amazing. I have it all. (If you’ve never read Pratchett, Wikipedia has a handy flowchart to help you decide where to start.)

HarperCollins launched a Terry Pratchett Discworld ebook Humble Bundle. You can get all the Discworld novels for $18, minus the oddities like “The Science of Discworld.” I’ve been waiting for an ebook bundle like this. I naturally grabbed it.

BUT–getting the actual ebook files is a right pain.

HarperCollins is one of those big publishers that think everything needs DRM, and they came up with a convoluted dance to comply with it. Sort of.

The books are delivered via Kobo. You don’t need a Kobo account, although if you have one that’s dandy. You can download the books, except what you download isn’t the book. You download an Adobe DRM file, usable by Adobe Digital Editions. Open that file in ADE, and Adobe sends you an unencumbered epub.

I had to switch to the Windows machine to do this. ADE is so clunky, halfway through downloading these 38 books I had to reboot the whole computer. Then I passed them through Calibre’s DeDRM_tools plugin to get the actual files.

Pratchett is worth it, of course. But he deserves better. And so do we.

If HC wants to compete with stolen ebooks, they need a better system.

My web store does not do everything I would hope. Ideally, you would give me money and the epub would appear on your device automagically. But at the moment, “give me money and get a link to the epub” is looking pretty dang good.