Category Archives: Open Source

Open Source, Free Software, and similar

Mail, Open Source

My Antispam Measures

2 Comments

I get a fair share of spam. I have something like 10 working private email addresses, I’m listed as recipient in numerous email aliases and they all end up in the same physical mailbox where I read them. I’ve also had my existing emails for many years and I’ve shown and used them publicly on the internet all the time. I’m a major spam email target now. A good day I get just 2000 spams, but bad days I’ve been well over 13000 spam emails.A can with spam

My biggest friends in this combat are: spamassassin and procmail.

I’ll describe how I have things setup, not as much as to inspire others but more to be able to get feedback from you on how I can or perhaps should improve my setup to get an even better email life.

  • I consider all mails with spam points >= 3 to be spam. I’ve also tweaked my spamassassin user_prefs to be harsher on (pure) HTML mail and a few other rules, and I’ve added a couple of my own rules to catch spams that previously did slip through a little too easy.
  • First, I filter out mail from trusted mailing lists that have their own antispam measures.
  • I catch what appears to be bounces (I have a huge regex) and if it looks like a bounce to an address I don’t send email from I nuke it immediately (and those could be a true bounce are saved in a dedicated mbox)
  • I have a white-list system that marks all incoming mails from previously marked friends as coming from a friend.
  • Mails from non-friends are passed through spamassassin. Those with spam points higher than N are put in the ‘hispam’ folder – of course with the intention that these are very very very unlikely to every have any false positives and can almost surely be deleted without check. N is currently 10 but I ponder on lowering it somewhat. Spams with less points than N are put in the ‘spam’ folder, and I need to check that before I kill it because it happens that I get occasional false positives that end up there.
  • So, mails that aren’t from friends (or from a trusted mailing list) and aren’t marked as spam are then stored in the ‘suspicious’ mailbox
  • Mails from friends or from trusted lists go directly into my mailbox, or into a dedicated mailbox (for lists with somewhat high traffic volumes).
  • Oh, a little additional detail: I “mark” my own outgoing mails with an additional custom header with no point whatsoever but to be able to detect when someone/something sends me mail using my own address…

My weakest point in all this right now is the fact that I don’t spam-check white-listed mails at all, so spams that are sent to me using my friends’ email addresses go through and annoy me.

BTW, I did use bogofilter in the past and for a while I actually ran both in parallel (both trained with rougly the same spam/ham boxes for the Bayes stuff) but quite heavily testing I performed at that time (a few years ago) showed that spamassissin caught a lot more spams than bogofilter, while bogofilter only caught a few extra so I dropped it then.

cURL and libcurl, Linux

curl with NSS and Fedora

3 Comments

Dave Jones blogged about his recent problems with curl on Fedora 8. It seems to be a problem somewhere in or related to the NSS library, that Fedora links curl to for SSL/TLS these days.cURL

What I find a bit annoying with this situation, is that I’m using Debian unstable and I’m dist-upgrading fairly frequently to be able to run on the bleeding edge and yet I don’t have the equivalent NSS version Fedora has and what’s perhaps worse is: I don’t even know how to get it and build my own local version! Is Fedora using their own patched version of this (rhetorical question as I’m quite sure they are)? Is it possible to get that version or patch so that I can build it and test on my non- Fedora development machine(s) ?

So, even though it really isn’t my problem or my issue to deal with, I couldn’t even try out his problem on my own!

Linux

uclinux is weird

I do a lot of work on various types of embedded systems. Professionally I’ve been working more or less exclusively with embedded development since 1996 (pSOS, VxWorks, OS9000, etc) and privately I hack a lot on Rockbox. The embedded work of mine has grown to become pure Linux-based since around the year 2000.

I’ve worked with (embedded) Linux on more than 10 different chip families, using cores such as x86, AMD64, ARM9, StrongARM, XScale, PPC, MIPS, SH4, m68k, MicroBlaze, Nios II etc.

And this is what I’ve learned: uClinux is weird.

I’ll of course admit that the fact that uclinux is currently more or less integrated into the regular kernel development is a good thing and all, and even though I haven’t done much uclinux hacking with older kernels I bet things were worse before.

The problem with uClinux that I think is the major obstacle is their build system. Oh wait, perhaps the problem is actually two: the first being that they ship as an entire distribution with kernel and tools and stuff all lumped together instead of doing it like all the other embedded (real) Linuxes do: assume that people fix their kernel in one go and the entire rest of the user-land universe in a separate tree.

Anyway, what’s the actual problem is the build system. There’s no scattered Kconfig files that you’d expect if you based a build on that concept, and it is really hard to figure out where to poke to change a build to do what you want. Then, there’s a top-level make that take ages and runs through all sorts of hoops even when there’s nothing at all changed. Not to mention that it alerts about make -j “sometimes not working”. In a recent project of mine I learned that I usually had to run make twice(!) in the uclinux-dist directory to be really sure that the output image was correctly made!

Unfortunately, I’ve not been able to dig into this issue properly to work on or suggest proper fixes but I hope that I will one day. Of course a factor in all this is that many people (like the entire embedded Linux universe) use very old versions of the packages so fixes can have been made in the recent years(!) without them having yet get absorbed at many companies.

So the truth is: I do recommend customers to go “full”, “real” Linux not only for the powers a real MMU gives but also for the more mature and nicer build environments.

cURL and libcurl, Rockbox

When Worlds Collide

SanDisk Sansa ConnectReaders of my blog or my site or almost whatever on the internet where my name would appear should know that two of my primary open source involvements are in the curl and the Rockbox projects.

Therefore I felt great pleasure yesterday when both of these worlds collided!

While investigating the internals of the SanDisk Sansa Connect mp3 player for the Rockbox project, fellow Robert Keevil discovered that it actually includes… libcurl! (actually, he discovered this before but I only realized it yesterday)

Of course I updated the companies that use curl page with this news…

Rockbox

What Can I do for Rockbox when not Programming?

1 Comment

As in every open source project, people who don’t program but who use and like Rockbox a lot tend to think and sometimes utter the words “I can’t code so I can’t help” when talking about what they can do for the project. But there are of course still endless amount of things we need help with. For example

Rockbox tinyFile good bug reports for bugs. Make an effort to really double-check the details, write up repeat recipes, try to repeat others’ reported bugs, fill in more details on the sparsely reported ones. Tell us when you can’t repeat already reported ones. We have so many bug reports and new ones come at a very high pace, that we need all the help we can get with sorting them out. Killing the bad ones as early as possible and getting the rest as detailed and accurate as possible.

Rockbox tinyHelp out with the manual. The manual covers a lot of functionality for a wide range of targets, and we constantly find bugs and missing stuff in the manual that you can help us out to both find and correct. The manual is what we constantly point newbies to and it needs to remain accurate and well phrased.

Rockbox tinyHelp out with the “support”. People pop in on the IRC channel all the time, we have >14,000 registered users in the forums, we have almost 1,000 subscribers on the mailing lists. You can help out by responding to questions, offer advice etc.

Rockbox tinyDonate money. As blunt as it sounds, we need money at times. The money we receive by donations are primarily used for buying new and more hardware to developers, but we’ve also used it for developer-related activities such as pizza at devcon!

Rockbox tinyDonate server resources and bandwidth. Our sophisticated build-on-commit system requires a fair amount of speedy and available (Linux) servers that can rebuild Rockbox on demand from the build master server. We can always use a few more of these, and we only need 2GHz+ machines with a few gigabyte of storage to spare and a reasonable bandwidth.

Rockbox tinyHelp test patches. We get a lot of patches, and learning how to build your own build and apply your own set of patches is quite easily done and really takes just a little effort. In fact, very often people also post binaries and make pre-built patched Rockbox packages available so many patches can even be tested without having to build anything on your own!

So as you see there’s no reason to be shy any more. Step forward and help us improve!

cURL and libcurl

Axis2/C going libcurl?

2 Comments

Axis2/CApache’s Axis2/C project, said to be “the only complete SOAP engine” is considering to move over to use libcurl for HTTP transport by default. At least Axis2/C developer Dinesh Premalal thinks they should, and he lists multiple reasons in his blog and I can of course do nothing but agree.libcurl

One reason he failed to mention is that we all (Axis2/C users and libcurl users) benefit from them switching to libcurl since then we’ll have a larger combined potential developer base and we’ll get more eyes on the code, more testing done and thus in the end we will get a better transport library all over.

I’m slightly puzzled by Dinesh’s blog entry since this bug tracker entry submitted to Axis2/C mentions their failure to include curl’s copyright/license text in the distribution, which seems to imply that they already use (parts of) curl. Or?

cURL and libcurl

curl 7.18.0 feature freeze

2 Comments

Feature freeze!I just mailed the curl-library list about us entering feature freeze for the upcoming 7.18.0 release. The plan is to have two weeks of bug fixing and time to allow people to find bugs, before we release it to the public. Please get a daily snapshot and give it a spin!

Here’s the changes that’ll be coming:

… and there are 26 bug fixes mentioned in the RELEASE-NOTES in progress so far!

Development, Open Source

I don’t like Java

8 Comments

I don’t like Java. I have a hard time to explain exactly why I feel this way, but when facing a Java program or just thinking about doing something in Java I feel nothing but panic and dislike. Why is this? I have to admit that due to my general dislike I’ve never done any major Java developments so my feelings are based on occasional hacks and works and not years of punishment.

Java in itself isn’t terrible as a language I think. It is basically C++ with some of the worst parts removed. It is in fact made so simple that nowadays when all people learn Java at school and not much else, we see people getting out lacking clues about much in how computers and low-level stuff actually works.No java thanks

What I find annoying is that there’s hardly ever any Java-related problem or program that isn’t on top of 22 layers of existing packages – giving me the feeling I’m building a house of cards.

Running a program with the help of a humongous run-time environment isn’t exactly what I like either. It makes the startup-time terrible and it makes the system/memory requirements far bigger than I like. Also, whatever Java-people try to throw at us, everyone that runs Java-based apps on their PCs or in their phones or wherever knows that Java is slow when used in real-life. Period. (Cute quote from Steve Jobs: “Nobody uses Java anymore. It’s this big heavyweight ball and chain.” – not that I believe he’s right in the first part.)

I dislike how everything in Java seems to always be depending on this and that version and this and that doesn’t work in this and that version etc and it’ll all be fixed in the next release. I don’t like how Java programs can’t be built normally with make, I hate the XML-mess called ant, I’m not friends with using GC-only for memory handling and I don’t like how Java is the run-time, the class-library and the language itself all together.

The fact that Java wasn’t at all possible to do completely open source until very recently of course has always kept me reluctant as well, and even if this situation now has changed the marks still live in me.

Of course, I’m never really much of a friend of OO in general as it is commonly used either, as some of the primary premises of OO is quite the opposite of my own beliefs: I don’t believe in hiding what’s is actually done, and most of the OO works, interfaces and inheritance etc are designed and implemented exactly to hide what is actually being done underneath from the users. I want interfaces and APIs that are clear and that makes the user of them understand what the functions do, and I want the actual source code for the functions and libraries to be easy to read and the flow of the code to be easy to follow. OO actually makes following code flow harder.

This of course shows my “on the metal” state of mind and the fact that I never do very high level application development or similar, but the few times I’ve for example looked around in and worked with the Qt source code (C++) it has made me go completely bonkers. I’ll remain working near the hardware and the OS and mostly on resource-restrained systems. I remain with and I really prefer plain C. For scripting situations, I like perl. This way I won’t have to do any Java.