Link: The Unix Heritage Society
The Unix Heritage Society has a nice statement of its aims on its front page, but let me skip straight to the neat bits: complete source code for early Unix versions, such as V7 and V6. You can browse things online, or get your own personal mirror. For a long time, having this sort of thing was a Unix geek dream, and now I have my own (legal!) copy of it all.
One of the neat things I like doing with TUHS
is browsing to see the original full versions of such famous Unix bits
as the 'you are not expected to understand this' kernel source comment.
Here it is in full, from the
swtch() routine in /usr/sys/ken/slp.c in the Sixth
/* * If the new process paused because it was * swapped out, set the stack level to the last call * to savu(u_ssav). This means that the return * which is executed immediately after the call to aretu * actually returns from the last routine which did * the savu. * * You are not expected to understand this. */
While I'm in the area, I'd be remiss if I didn't link to the Wikipedia entry on Lions' Commentary on UNIX 6th Edition, with Source Code. This is a famous work for old Unix geeks, and the Wikipedia entry even has links to a PDF version.
(TUHS also has links to PDP-11 simulators and disk images, so you can actually run V7 et al. Maybe even faster than it ran on a real PDP-11/70, back in the days.)
Weekly spam summary on June 10th, 2006
Our SMTP listener died on Tuesday evening and was restarted, so some of this week's statistics are incomplete. This week, we:
- got 12,614 messages from 245 different IP addresses.
- handled 17,611 sessions from 882 different IP addresses.
- received 95,812 connections from at least 38,234 different IP addresses since 21:10 Tuesday. (And about 43,000 connections from at least 16,000 different IP addresses up to Tuesday morning at 4am.)
- hit a highwater of 10 connections being checked at once since 21:10 Tuesday.
At a rough guess, this makes the volume about the same as last week, maybe up a bit. The per-day information is unfortunately completely useless, but seems more or less flat from what I can reconstruct.
(It's possible that a significant volume surge on Tuesday took down the SMTP listener; it generally dies on an internal error deep in the depths of the C library. I assume something is getting messed up between threading and other fun issues.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 220.127.116.11/10 7354 378K 18.104.22.168 5961 303K 22.214.171.124 5753 276K 126.96.36.199 5694 290K 188.8.131.52 5666 272K 184.108.40.206/11 5192 260K 220.127.116.11/11 4331 216K 18.104.22.168 4209 253K 22.214.171.124 4206 202K 126.96.36.199 4189 201K
This time, pride of place goes to a large aggregate bit of China. It was there last week, but not that high. Of the individual IP addresses:
- 188.8.131.52 and 184.108.40.206 return yet again from last week; at this rate they may earn themselves permanent blocks.
- 220.127.116.11 is part of a Taiwanese netblock, and can't be successfully resolved to a hostname. Since it claims to be something with 'adsl' in the name, we probably don't want to talk to it anyways. (It also appears to be 'dns.maze.com.tw'.)
- 18.104.22.168 is a generic Telus IP address that we reject as a 'dialup'; it's also listed in dsbl.org as an open relay.
- 22.214.171.124 mailed a spamtrap address and then kept trying to
send us more mail with the same
- 126.96.36.199 is a generic proxad.net IP address. Uh, no. It's
also on a pile of DNSbls, including
bl.spamcop.netat the moment.
- 188.8.131.52 is another server that mailed a spamtrap address and then kept trying to send; however, they stand out because they've been trying and trying since May 23rd.
Connection time rejection stats:
41600 total 19791 bad or no reverse DNS 16897 dynamic IP 2579 class bl-cbl 544 class bl-dsbl 244 class bl-sdul 216 class bl-ordb 179 class bl-njabl 133 class bl-sbl 113 class bl-spews
This is down a bit from last week, which may just be the effects of the Tuesday evening SMTP listener restart (since it restarts the greylisting process for everyone).
Out of the top 30 most rejected IP addresses, 18 had more than 100
rejections; the champion was our friend 184.108.40.206 (587 times), with
second place going to 220.127.116.11 (only 234, and rejected due to
being on the DSBL). 22 of the top 30 are currently
in the CBL, and only 7 are currently in
Hotmail stats are looking quite good:
- 3 messages accepted.
- 1 message rejected because it came from a non-Hotmail email address.
- no messages sent to our spamtraps.
- 1 message refused because its sender address had already hit our spamtraps.
- 1 message refused due to its origin IP address being in the CBL.
On the other hand, the one rejected non-Hotmail email address was from the domain 'mail2agent.net', with Microsoft DNS servers but registered with the contact email of 'firstname.lastname@example.org'. This looks alarmingly like Hotmail backsliding into the whole original problem.
And the final set of numbers:
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Surprisingly (to me) there is no single huge spike source of bad
HELO names; there's only four that had 50 or more rejections,
There were another four bounces to the 38-digit hex string, a bunch of bounces to plausible login names (many of which used to exist here), but only unlike last week, only one bounce to an all-digit username.