Blog

36: The Thirty Ton Replacement

As sort-of expected, the last chapter of Run Your Own Mail Server is getting split into tech detritus and social detritus. I’ll probably split this into two chapters.

Spambots all choose shortcuts. Postscreen catches many of them. Greylisting plays against others. A popular shortcut many spambots choose is to ignore backup MX records. These spambots attempt to contact the target’s primary MX, but if that fails they proceed to the next victim.

Remember, the SMTP protocol comes from an age when “high availability” meant buying expensive machines and “virtualization” meant hosting more than one domain on a machine. When hardware failed, it might remain offline for several days before the thirty-ton replacement got shipped in on an 18-wheel tractor-trailer from a couple states away. Legitimate mail servers had to communicate with the backup MX.
If most spammers ignore the backup MX, but legitimate senders respect it… what if you turn off the MTA listed in your primary MX?

I might even finish this book tomorrow.

35: The Day’s Third Hogshead

Here’s a snippet from my forthcoming Letters column for the FreeBSD Journal.

While “no” is sufficient answer to your question, the Journal editors insist that I respond in more depth so that they’re not left with blank pages. I don’t understand why they don’t simply cover that space with advertising, especially as I was not officially informed that the sales department is on a week-long gelato cruise that I was not invited to, but I suppose amateurs and hobbyists have a right to develop their meager skills without my presence highlighting their inferiority. (The trick is to eat through the dairy coma until your pancreas transcurses its fleshly limits, and understanding that water breaks are not only for cleansing the palate. If your undisciplined palate can still differentiate flavors after the day’s third hogshead, that is.)

Your problem distills to finances. Once you involve business, everything distills to finances. Those cozy leaders you worked for? Their kindness was either a ploy or weakness.

I’ll be Kickstarting a six year collection of these columns this summer.

Posted on

The end of the Findaway Voices saga (hopefully?)

See part 1 and part 2 for context.

Last night Findaway changed their terms of service last night to something mundane, but it doesn’t matter.

I’ve worked with developers for decades. Developers do extra work, but only certain kinds of extra work. They will rearchitect your entire front end in Rust and Pascal for the sheer joy of it. What they won’t do is change the terms of service for the fun of it. That’s boring.

I know several lawyers who have fun drafting proposed contracts. This isn’t that.

Someone came to the Findaway web site developers and said “Add a popup with these new terms of service.”

Were those ToS an error? If they were identical to the Spotify ToS, then I’d accept a copy-and-paste goof. They were not. Someone wrote them.

Additionally, it was pointed out that opting out had a 30 day lag, and the announcement was made 30 days before it would take effect. If you didn’t catch it immediately, Spotify would assimilate your work.

Lawyers are accustomed to negotiating with other lawyers. Everybody starts by asking for everything, they bat it back and forth, either meet in the middle or amicably end negotiations. The initial ask includes things that they know they won’t get, and things that they can discard so they can show they’re being reasonable. It’s a dance.

These online terms of service from tech companies? They start the same way, but they’re negotiating with the public. They wait to see what gets pushback.

They’ve shown us what they want to achieve, and it’s antithetical to our art and our craft.

Spotify has no pointy-clicky way to delete books from their inventory or your account. You can go in and delete the individual MP3s, however. You can change the cover art and description to Removed Because Spotify’s Business Practices are Unacceptable. You can then email support@findawayvoices.com and ask them to delete your account.

Hopefully, I am now done blogging about this.

I hear that Author’s Republic, which imperfect, has viable options. I haven’t read their ToS, though. You should read them for yourself, and ask how they’ll be used against you.

Posted on

Findaway Voices followup

Yesterday I posted about Findaway Voice’s rights grab. Last night I received this email from Findaway Voices.

Earlier today, we shared planned updates to our Findaway Voices by Spotify. Terms of Use that are set to take effect on March 15, 2024. Our goal was to introduce language that would allow us to offer authors innovative features, improve discovery, and provide promotional tools such as share cards while assuring authors that you “retain ownership of your User Content when you post it to the Service.”

In the hours since, we’ve received valuable feedback, and we understand that there is confusion and concern about some aspects of this language. We want you to know that we hear you and are actively working to make clarifying updates to alleviate your concerns.

We are deeply committed to your success on Spotify. In the meantime, please stay tuned for more details.

I’m not going to bother ripping this apart line-by-line, but I will comment on “confusion and concern about some aspects of this language.” We are concerned because there is no confusion. I am not a lawyer, but I am accustomed to reading rights agreements. They haven’t even agreed to delay the implementation of these license terms. Those terms were reviewed by a lawyer and were not mistakenly uploaded by some overworked developer. A press release does not override a legal agreement.

It’s been suggested that this was an example of a lazy lawyer copying from an existing agreement. A person’s motives don’t matter. Only the harm they inflict matter. And if Spotify has this boilerplate lying around to copy from, that’s a really bad indicator.

I have no doubt that they will follow up with something less objectionable, but the problem is: they’ve shown their goals. They have written down and showed us what they want to achieve, and it is hostile to writers making a living.

Many musicians dislike Spotify. I can’t say all of them hate it, because there’s always an exception. Multiple musicians have removed their music from Spotify. Taylor Swift pulled her music from it. It reappeared without explanation, which is business-speak for “after years of discussion we negotiated an acceptable deal that included an NDA.” Good for her.

My first book came out in 1992. I’ve been through the business wringer. When I have a business question these days, I ask myself “what would Taylor Swift do?” (Or WW James Patterson D, depending on the problem).

Corey Doctorow made a splash with his neologism enshittification. It’s short, punchy, and has great emotional impact, but the concept is not new. Every public corporation in the Western world has the goal of permanently binding customers to them. They want to be the sole customer for their suppliers. Every company has tried this, for decades if not centuries. Ubiquitous computing and digital distribution of art has given them a huge new tool.

Remember that you don’t write books. You create and license intellectual property. Read the Copyright Handbook. The new edition is on top of my TBR pile.

My strenuous advice to everyone is: do not become dependent upon any one business partner. Be able to pivot at any time. Do not take bad deals that lock you into a single customer or allow others to pillage your intellectual property. Those Spotify terms? They allow any use of your audiobook. Run it through text-to-speech and then through text-to-video AI. Poof, there’s the movie. It’ll be a bad movie, because film is a distinct art from books, but its mere existence will hurt the value of your film rights.

I set up my own bookstore a decade ago, and spent ten years refining it. I turn down bad deals from publishers.

Writing is a long-term game. A career in creativity is the greatest life I can imagine, but it takes decades. If you need money now, rob a billionaire. My goal is to spend the rest of my life doing work that I enjoy. That means telling the exploiters “no.”

Posted on

Dear writers: Delete your Findaway Voices account NOW

[update in next post]

When Findaway Voices first appeared, it made it comparatively easy for independent authors to do audiobooks. Audio was still hard, mind you, but it was possible.

Spotify bought Findaway. They began playing with payments, refunds, and returns. And now, the licensing terms have changed.

Accordingly, you hereby grant Spotify a non-exclusive, transferable, sublicensable, royalty-free, fully paid, irrevocable, worldwide license to reproduce, make available, perform and display, translate, modify, create derivative works from (such as transcripts of User Content), distribute, and otherwise use any such User Content through any medium, whether alone or in combination with other Content or materials, in any manner and by any means, method or technology, whether now known or hereafter created, in connection with the Service, the promotion, advertising or marketing of the Service, and the operation of Spotify’s (and its successors’ and affiliates’) business, including for systems and products management, improvement and development, testing, training, modeling and implementation in connection with the Spotify Service. Where applicable and to the extent permitted under applicable law, you also agree to waive, and not to enforce, any “moral rights” or equivalent rights, such as your right to object to derogatory treatment of such User Content. Nothing in these Terms prohibits any use of User Content by Spotify that may be taken without a license.

Spotify may now do anything they want with your audiobook. They will–not can, will–feed it to their AI system and use it to rip off your work. They specifically declare you can’t complain about derogatory uses. They can mix your book with work you find abhorrent and release it as a new product. They can use a speech recognition system and create a printed version of your book.

I have one audiobook. I pulled it from distribution when the royalties problems started and I stopped getting paid. That audiobook became exclusive to my store on 17 January 2023. It has fewer sales, but I’ve made more than I did in all the years before. (“But exposure,” some folks will say. People die of exposure.)

It’s not enough to stop distributing your work via Findaway. If you use them to store your audio files and nothing else, the new terms apply. They have no automatic option to delete titles from their site. I just sent this email to their technical support.

Hello,

Findaway’s new terms of service are unacceptable. Please delete my
book and my entire account.

Thank you.

No need to be rude. It’s not the tech support flunky’s fault.

Also, I’m super happy with how my one lone audiobook came out. If it sold more, I’d do more.

34: My Magnificent Sponsors

I have finished the rspamd chapter, and am what I think will be the last chapter. Unless I break it into two pieces, one social and one technical. Haven’t decided yet.

Sometimes you legitimately need to contact two hundred people with mail run by Microsoft or Google, but suddenly spewing lots of email is a leading indicator of spambot infection. I mail people in the Email Empire every day, but one at a time. When I finish writing this book, however, I’ll have to notify my magnificent sponsors via email. About a third of my sponsors have email addresses backed by Gmail or Microsoft. If I suddenly drop dozens of messages on both of them, they’ll perk up and take a good hard look at my host. Avoiding notice is the best defense.

Postfix normally sends email as fast as the system supports it, but you can deliberately throttle how quickly it sends to select sites. Perhaps sending identical messages to thirty recipients simultaneously will awaken Gmail’s spam guardians, but those same messages one at a time, several seconds or even a minute apart, will pass unnoticed.

The pieces that remain are neither technically innovative, nor do they require extensive research, so I expect to finish soon. If you want to sponsor, now is the time.

Posted on

Las Vegas NV Gelato Meetup, 17 February 2024 at Cocolini

A few weeks ago I posted that I’d been sentenced to a week on the desolate Lost Vegas Strip.

There’s an outdoor gelato place near my cell: Cocolini. Apologies for the Meta link, but that’s what they got. It’s at 3717 S Las Vegas Blvd, Las Vegas, NV 89109.

You see that corner in the lee of the sidewalk? Right under the NO TRESPASSING NO LOITERING sign, in between the ads? I’ll be hanging out there at 7pm this Saturday night, 17 February. If you want to meet me, that’s your chance.

In the event there’s a crowd there for some daft reason, I’ll be hanging out on the other side of the walkway by the other NO LOITERING sign. Signs forbidding loitering are great places to hang out, because very few people hang out by them.

I leave Vegas early the next day, so it won’t be late. I have no idea what the crowd will be like. I’ll only meet people outdoors, though, and that’s the best spot I found in my busy two hours of walking around.

Posted on

Everything, With Banana

A decade ago I looked at everything I’d written and said “How tall is a stack of one copy of everything? Waist high? I wonder… if I include one copy of every edition of everything I’ve published, can I publish a stack tall enough to drown in?” I achieved that in 2022.

Today I would like to say: if I had not quit putting my short stories in print, today’s stack would be safely wedged against the ceiling and I wouldn’t be stuck holding it.

Every time I publish one of these people ask me questions like, “how tall is that?” I don’t know, I’m too busy holding the damn thing up to measure it. “Well, how tall are you?” Tall enough that my feet reach the ground. “How tall is that bookcase, then?” Dude, ask freaking IKEA, I have no clue. In an effort to forestall these and all related questions, here’s the same shot but with a banana, for scale.

I’m not going back to put last year’s stories into print just so I can achieve Load Bearing Heap. I need to write new things.

33: Larry Leg-Breaker’s Betting Parlor and Emergency Financial Services

I’m no longer dreading writing Run Your Own Mail Server, because I have moved on to dreading the first time I spellcheck it. Fortunately, I’m still looking forward to dreading the kill-passive-voice pass through the manuscript.

If enough Gmail or Microsoft users flag your legitimate messages as “spam,” their algorithms decide that your domain sends low quality messages that should always go straight into the spam bucket. Some people who signed up for mailing lists and later want to unsubscribe do so by routing the messages to the spam folder. Bloggers cold-mailing possible sources often suffer from this.

I find myself wanting to do the same. I need the business notices Stripe and PayPal send me, but they use our business relationship to legally stuff advertisements for their loans into my inbox. Before approaching PayPal for a business loan, I would go to the alley by the lead paint factory’s toxic waste heap and apply at Larry Leg-Breaker’s Betting Parlor and Emergency Financial Services. As much as I loathe those announcements, if I start teaching my spam filter that messages from PayPal and Stripe are spam, it will probably misfile critical emails.

Soon, spellcheck. Soon.

Posted on

Mail Software Projects for You

Working through the tail of Run Your Own Mail Server has led me to a couple things I’d like to see. Maybe some reader would like to hack on one of them.

1) The best way to generate a list of hosts that should bypass Postfix’s intrusive protocol checks, or anything that resembling greylisting, is the postwhite. Postwhite has been abandoned for years, though. This isn’t exactly a problem, as it’s feature-complete and does the job. The configuration is clunky, though. It supports a long-obsolete list of Yahoo mailer addresses. The list of domains it generates lists for is hard-coded in the script, and artificially broken up into categories like “legit bulk mailers,” “social media,” and so on. You should not have to edit the script to remove a domain, because who accepts mail from LinkedIn these days? You shouldn’t have to edit the script for anything. The last edit to this was six years ago, so I suspect it’s basically abandoned.

Moving the domains to an external file and dropping the defunct Yahoo page would be good. If you have to fork it, using a meaningful name like “greyskip” or somesuch would be nice.

2) Postfix on FreeBSD supports blacklistd. That’s grand. Log parsers are inherently fragile, and libblacklist is the smart way for an application to declare that an IP address is misbehaving. The Postfix support only applies to authentication attempts on smtpd, however. I’m in favor of that, but I’d also like to see postscreen grow libblacklistd support. A host on a trusted DNSBL pokes our mail port? Block it.

I could do #1, but I lack the time and refuse to recommend my fault-oblivious code for production. I lack both skills and time for #2.

The truth is, we’ve limped along like this for years. We could limp for many more years. But hey, someone out there might want to make the world suck slighly less.