invisibill.net

I am Collected.

All in all, it was a good weekend.

I had big plans to do absolutely nothing for the holiday/birthday weekend. I failed miserably. I already biked this morning even. There is definitely something wrong…

To finish another of my great stories, we have another quote from Monkey Boy:

I can’t wait to have a midlife crisis.

This post is all new!

She’s an extraordinary girl
In an ordinary world
And she can’t seem to get away

He lacks the courage in his mind
Like a child left behind
Like a pet left in the rain

She’s all alone again
Wiping the tears from her eyes
Some days he feels like dying
She gets so sick of crying

She sees the mirror of herself
An image she wants to sell
To anyone willing to buy

He steals the image in her kiss
From her heart’s apocalypse
From the one called whatsername

She’s all alone again
Wiping the tears from her eyes
Some days he feels like dying
She gets so sick of crying

She’s all alone again
Wiping the tears from her eyes
Some days he feels like dying
Some days it’s not worth trying
Now that they both are finding
She gets so sick of crying

w.bloggar 4.00 has been released. It now supports XHTML tags, some new blog service features, and uses more XML for storing stuff. You can find the full changelog here. The Gecko-based version is still in beta. The IE Patcher tool seems to have problems with the new version, giving a connection error when I try to post.

As always, you can find w.bloggar’s main page linked from the image on the left.

Microsoft TechNet: 10 Immutable Laws of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

I know it seems quite drastic, but the only real way to completely fix your computer once it’s been compromised is to start over from a known good source. For most people, that means a reinstall from the original media. It’s much more important on servers and such where things need to be secure and there can’t be any uncertainties. Even if you don’t feel that your PC requires that much, sometimes it’s actually easier just to start over. Rather than trying to find and remove all the bad stuff, while at the same time not removing anything good, it can actually be faster and easier just to backup your data and reinstall. Malware just keeps getting more and more advanced - some programs now have redundant processes that will actually restart each other if you terminate them. While there are still ways to get past that, the old idea of just Ctrl+Alt+Delete-ing the bad programs won’t do much against those.

I’ve seen people spend hours upon hours trying to track down the cause of a problem, then find out exactly what to disable and what to delete to get rid of it. Add in some faulty information (which can be quite common on messageboards where people usually end up finding a “solution” for their problem), and you either don’t remove all of it or you remove something you weren’t supposed to.

On the other hand, I can format my Windows drive and have it reinstalled and running in about an hour. I know that I have my system setup in a way that makes this much easier, and I have more experience with it. But if you do backups on a regular basis, or at least arrange your data in a way that’s easy to backup, you can probably still get out with just a few hours invested. That way you’re 100% sure that you don’t have anything unwanted left on your system, and it will generally benefit from a fresh install (less junk means a faster PC).

Use a slipstreamed install CD along with a custom answer file and you can do a complete reinstall automatically, and get the exact install options you want. With the proper answer file, your install won’t require you to sit around hitting Next for an hour, and will basically only take as long as actually copying the files.

Here are some tips that should make things faster:

• Partition
  
  If you divide your drive into several volumes, it makes it much easier to save your stuff in one place, and have all your system stuff in another. That way, you can format the system drive without affecting the data drive at all.
• Customize Windows
  
  Tweaking your Windows install can also make it easier to separate the data from the system stuff you want to reinstall. Once you have your disk partitioned, you can use ProfilesDir to save all your user account data on a different drive. All of your per-user settings and desktop items will be placed there instead. I don’t think the old profiles will work once you’ve reinstalled (even with the same names, the accounts will have different IDs), but at least you’ve got them there for easy recovery. Likewise, ProgramFilesDir and CommonProgramFilesDir will let you put your “Program Files” directory elsewhere. Some programs save settings in the registry, so they won’t work on your fresh install of Windows until you rerun the program’s setup. However, some programs will still work fine without having to do anything. Plus you have the benefit of not losing anything that you saved in the program’s directory (My Documents has helped that, but stuff does still get saved in program’s install locations sometimes).
• Backup
  
  Nobody seems to make backups as often as they should. Many who have automated backup systems don’t test their backups to make sure they actually work. If you already have everything backed up until yesterday, it’s not a big deal when your system crashes today. You don’t need a tape library or fancy network device to do backups. Copying your needed stuff to another partition means you can wipe the first partition without a second thought. A second physical drive works basically the same as another partition, but it’s safe even if the first drive has a hardware failure. RAID 1 uses two drives to make a duplicate of everything you do. If the first drive fails, you have an exact duplicate of the drive as a backup. However, this doesn’t protect against system files getting messed up or accidental deletion and other user errors. The biggest downside is that it requires a second matching drive for a backup, so you’re basically paying twice as much to get the same amount of storage space.

Happy new year and stuff!

Everyone else is asleep because they all suck. I WIN!

And stuff.

Lately I’ve been getting a lot of spam/viruses bounced back to my email address. This means that spammers/viruses are using my address as the “from” address and sending them to bad email addresses. The server kindly bounces the message back to the “sender” saying that it couldn’t send “my” message to those addresses for some reason.

Here’s a copy of one email which was sent “from me” and bounced back:

Received: from bftaaijlh.net (sc210.172block.vegas.smartconnect.net [207.207.172.210]) by rly-yi02.mx.aol.com (v103.7) with ESMTP id MAILRELAYINYI21-7af41b06fb0258; Fri, 03 Dec 2004 08:52:52 -0500
From: _________@invisibill.net
To: ___@aol.com
Date: Fri, 03 Dec 2004 13:35:16 GMT
Subject: Mail Error
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <b03e3ad.adad6a042b@invisibill.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=”===f881ebb6094551″
Content-Transfer-Encoding: 7bit

You can find out more about interpreting all that header information at http://pctech.invisibill.net/emailsource.html. In this message, you can see that the mail was sent to an aol.com address. rly-yi02.mx.aol.com is the mail server that accepted the message. The message came from 207.207.172.210 which is calling itself sc210.172block.vegas.smartconnect.net. Sometimes that will be the actual DNS name linked to the IP address, sometimes it will be a name configured in the mail server.

Based on the subject and the fact that it has an attachment, I know that this email is not actually an error message, but an email virus pretending to be an error message in hopes that you’ll open the attachment. The mail server should have caught it as a virus and stopped it, or at least been smart enough to realize that it really didn’t come from me and therefore not “return” it to me.

I even have SPF set up for my domain. Basically, each domain can list all the servers allowed to send mail for that domain. Any server receiving mail with an invisibill.net “from” address can check against that list to see if the email is coming from a legitimate server. Apparently AOL isn’t doing that. It’s a bit late once you’ve already received the mail, but the SPF site has a script that sites can use so people can understand what’s happening and why. http://www.invisibill.net/spfcheck.php is a little script I made so people can check emails “from” invisibill.net against my SPF record. Just take the “Received: from” IP address of the email and enter it into that form. In this case, it’s 207.207.172.210. When you submit that in my form, you get this response:

InvisiBill rejected a message claiming to be from @invisibill.net.

InvisiBill saw a message coming from the IP address 207.207.172.210 which is sc210.172block.vegas.smartconnect.net; the sender claimed to be @invisibill.net.

However, invisibill.net has announced using SPF that it does not send mail out through 207.207.172.210. That is why the mail was rejected.

Since you got the email, you know it wasn’t actually rejected by any mail system. However, that tells you that my SPF record says this email should be rejected. If your ISP had been checking incoming mail against SPF records, this mail would have been rejected.

If you use Mozilla Thunderbird for email, you can use the SPF Extension to automate this. When you view an email, you’ll see just above the Subject whether or not it passes SPF checks. Assuming you have a pretty standard mail system, it should just work, without you having to figure out IP addresses or submit forms or anything. As soon as you opened the email, you’d know that it really wasn’t from invisibill.net. That is, if Thunderbird’s spam filter didn’t already catch the email. =) With Thunderbird, you’re also immune to all the email viruses that take advantage of bugs in Outlook and Outlook Express.

Once again, remember that SPF isn’t designed to stop spam. It’s designed to verify that the email actually came from who it claims to. The “from” address on an email is like the return address on the envelope of postal mail. It’s not exactly hard to put something other than your own address there. SPF is sort of like checking to make sure that the postmark on the letter matches up with the listed return address. It’s very possible for a spammer to setup a domain and use the related mail server, or even to set up the SPF record to allow mail from any source. However, this should stop all the spam claiming to come from hotmail.com, aol.com, etc. It should also stop virus emails with spoofed senders and spam sent from hijacked “zombie” PCs, since those dynamic IP addresses most likely wouldn’t be in anyone’s SPF records.

Here’s an interesting quote.

Don’t let anybody make you think that God chose America as his divine messianic force to be a sort of policeman for the whole world. God has a way of standing before the nations with judgment and it seems that I can hear God saying to America, ‘You are too arrogant. If you don’t change your ways, I will rise up and break the backbone of your power, and I will place it in the hands of a nation that doesn’t even know my name.’

Some may think this is a quote from Osama bin Laden or some other crazy terrorist. However, these words were spoken by Dr. Martin Luther King, Jr. at Ebenezer Baptist Church in Atlanta in 1967, regarding war in Vietnam.

I’m not some tree-hugging liberal who opposes all forms of conflict or anything, but just stop and think about that quote for a while…