2006-09-24
Two approaches to Unix environments
There are two general approaches to coping with the various environments of Unix accounts that I've seen people adopt. The first is taking the default environment that each system comes with (perhaps with minimal and easy customization for stuff that really bugs you); the second is building a completely customized personal environment that you then drag everywhere.
(To stereotype, people who follow the first sort feel that life is too short to spend futzing with your environment when the one that someone else worries about works well enough, while the other side similarly feels that life is too short to live without something that fits your desires to a T. Note that this isn't to say that the first sort doesn't care about the environment they use, just that what they care about is probably indirect issues, like a more generally consistent GUI, instead of specific features that the second sort are solidly locked to.)
The split influences a lot of attitudes in relatively deep ways. For example, the first sort if much more likely to really like moving to Apples; for the second sort, the Apple GUI is at best neutral and often negative, since it is not their environment.
I am a very strong second sort of person, and I am currently wrestling with the true nemesis of my calling: moving my personal environment to a new system (in this case Fedora Core 5 on an x86_64). Because I have so strong particular opinions on things, even little changes are completely irritating; this makes dealing with things like font issues rather interesting.
The other annoying bit of moving my environment is trying to figure out how to make it do various useful things normally provided by the system environment. For example, FC5 will conveniently automount USB keys and DVDs and so on, if you use GNOME or KDE; now I get to figure out all the magic bits and daemons so I can add them to my own environment.
Oh well, at least I'll come out of this experience better informed about the inner workings of some of the black magic involved.
Sidebar: why font issues bug me and matter
Every OS upgrade seems to futz around with fonts so that things come out wrong for something. And don't get me started about Xft, apart from saying that there sure don't seem to be any good monospaced fonts for people who like their inter-line spacing relatively narrow.
Why do I care about fonts so much? Because the layout and spacing of
a great many things on my screen, and how I organize space, is strongly
tied to how much space things like 80x24 xterm windows take. Change
the fonts, those sizes change, things don't fit together any more, and
I grind my teeth in your general direction.
(Don't ask what I feel about the possibility of changing display resolutions.)
Weekly spam summary on September 23rd, 2006
This week, we:
- got 15,623 messages from 253 different IP addresses.
- handled 19,363 sessions from 969 different IP addresses.
- received 166,319 connections from at least 46,095 different IP addresses.
- hit a highwater of 8 connections being checked at once.
This makes volume a bit up from last week. Volume fluctuates a bit during the week:
| Day | Connections | different IPs |
| Sunday | 19,635 | +5,249 |
| Monday | 26,483 | +7,442 |
| Tuesday | 25,539 | +6,591 |
| Wednesday | 24,684 | +6,159 |
| Thursday | 29,565 | +9,375 |
| Friday | 24,301 | +6,778 |
| Saturday | 16,112 | +4,501 |
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 213.4.149.12 96915 5040K 193.70.192.0/24 6637 302K 193.252.22.158 4428 266K 212.130.19.148 4341 221K 194.97.50.131 4147 249K 61.128.0.0/10 3756 208K 207.44.164.58 2734 164K 80.51.32.242 2522 151K 212.175.13.129 2364 142K 194.97.50.132 2213 133K
Apart from the top IP, overall volume is down a bit from last week. Of course, that's a big 'apart from' qualification, considering that mailhost.terra.es outweighs the entire rest of the list combined.
- 213.4.149.12 may give up someday, but evidently not this week; it reappears from last week, this time due to permanent blocks.
- 193.252.22.158 is listed in SPEWS, plus it's a webmail source that we block. (It's made our lists before.)
- 212.130.19.148 and 80.51.32.242 were blocked because of missing reverse DNS; their general network areas have annoyed us enough that we insist on good rDNS as a minimum standard from them.
- 194.97.50.131 and 194.97.50.132 are freenet.de machines, blocked for trying to keep sending us spam that had hit our spamtraps. I suspect that they've fallen afoul of an advance fee fraud spam gang.
- 207.44.164.58 also kept trying to send us stuff that had tripped our spamtraps.
- 212.175.13.129 returns from earlier in September,
still with a bad
HELOgreeting.
Connection time rejection stats:
37577 total
18701 dynamic IP
14979 bad or no reverse DNS
2252 class bl-cbl
451 class bl-dsbl
304 class bl-sdul
167 class bl-njabl
147 class bl-sbl
92 class bl-spews
75 cuttingedgemedia.com
66 class bl-ordb
It's interesting that the SBL didn't drop compared to last week, even after I blocked Cutting Edge Media specifically so that they no longer added to the SBL stats. The SBL rejections source stats are highly skewed this week:
| Count | SBL Listing |
| 80 | SBL46744 |
| 41 | SBL46750 |
| 9 | SBL46698 |
| 7 | SBL46020 |
| 4 | SBL20671 |
Even better, according to Spamhaus, the first two SBL listings are for the same people (I think Spamhaus split them because they're two separate subnets). In a break with the usual pattern, none of these seem to be advance fee fraud spammers.
Only three out of the top 30 most rejected IP addresses were
rejected 100 times or more; the leader was 65.71.178.17 (153
times). 20 of the top 30 are currently in the CBL, 4 are
currently in bl.spamcop.net, and two are currently in the
SBL (217.107.125.134, part of Cutting Edge Media's SBL45150,
and 217.107.125.134, part of SBL29986).
(Because they were rejected for other reasons than being in the SBL, neither shows up in the SBL rejection source table. We tend to check DNS blocklists fairly late, mostly to reduce the load on the DNSbl operators.)
The Hotmail stats for this week are:
- 4 messages accepted, at least three of which were completely legitimate.
- no messages rejected because they came from non-Hotmail email addresses.
- 16 messages sent to our spamtraps.
- 1 message refused because its sender addresses had already hit our spamtraps.
- 2 messages refused due to their origin IP address (one from Cote D'Ivoire, one from Burkina Faso).
This is at least better than last week. (The high volume of legitimate messages is from students mailing a contact address to report a problem with one of the systems we run. Why students like free webmail providers so much is another entry.)
And the final numbers:
| what | # this week | (distinct IPs) | # last week | (distinct IPs) |
Bad HELOs |
495 | 60 | 264 | 42 |
| Bad bounces | 60 | 52 | 57 | 51 |
Evidently the bad HELO people were more persistent this week than
last week; there is no single really big source, at least by my
standards. (The most active is 212.42.164.253, with 90 attempts,
then 64.65.197.32 with 57.)
The only unusual thing in the bad bounce usernames is a few rejections
to things that could be very short hex strings; 3E4B, E7D6, and
E07. But that's probably just spammer randomness in action.