Wandering Thoughts archives


Two approaches to Unix environments

There are two general approaches to coping with the various environments of Unix accounts that I've seen people adopt. The first is taking the default environment that each system comes with (perhaps with minimal and easy customization for stuff that really bugs you); the second is building a completely customized personal environment that you then drag everywhere.

(To stereotype, people who follow the first sort feel that life is too short to spend futzing with your environment when the one that someone else worries about works well enough, while the other side similarly feels that life is too short to live without something that fits your desires to a T. Note that this isn't to say that the first sort doesn't care about the environment they use, just that what they care about is probably indirect issues, like a more generally consistent GUI, instead of specific features that the second sort are solidly locked to.)

The split influences a lot of attitudes in relatively deep ways. For example, the first sort if much more likely to really like moving to Apples; for the second sort, the Apple GUI is at best neutral and often negative, since it is not their environment.

I am a very strong second sort of person, and I am currently wrestling with the true nemesis of my calling: moving my personal environment to a new system (in this case Fedora Core 5 on an x86_64). Because I have so strong particular opinions on things, even little changes are completely irritating; this makes dealing with things like font issues rather interesting.

The other annoying bit of moving my environment is trying to figure out how to make it do various useful things normally provided by the system environment. For example, FC5 will conveniently automount USB keys and DVDs and so on, if you use GNOME or KDE; now I get to figure out all the magic bits and daemons so I can add them to my own environment.

Oh well, at least I'll come out of this experience better informed about the inner workings of some of the black magic involved.

Sidebar: why font issues bug me and matter

Every OS upgrade seems to futz around with fonts so that things come out wrong for something. And don't get me started about Xft, apart from saying that there sure don't seem to be any good monospaced fonts for people who like their inter-line spacing relatively narrow.

Why do I care about fonts so much? Because the layout and spacing of a great many things on my screen, and how I organize space, is strongly tied to how much space things like 80x24 xterm windows take. Change the fonts, those sizes change, things don't fit together any more, and I grind my teeth in your general direction.

(Don't ask what I feel about the possibility of changing display resolutions.)

sysadmin/TwoEnvironmentsApproach written at 22:38:48; Add Comment

Weekly spam summary on September 23rd, 2006

This week, we:

  • got 15,623 messages from 253 different IP addresses.
  • handled 19,363 sessions from 969 different IP addresses.
  • received 166,319 connections from at least 46,095 different IP addresses.
  • hit a highwater of 8 connections being checked at once.

This makes volume a bit up from last week. Volume fluctuates a bit during the week:

Day Connections different IPs
Sunday 19,635 +5,249
Monday 26,483 +7,442
Tuesday 25,539 +6,591
Wednesday 24,684 +6,159
Thursday 29,565 +9,375
Friday 24,301 +6,778
Saturday 16,112 +4,501

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes          96915   5040K        6637    302K         4428    266K         4341    221K          4147    249K          3756    208K          2734    164K           2522    151K         2364    142K          2213    133K

Apart from the top IP, overall volume is down a bit from last week. Of course, that's a big 'apart from' qualification, considering that mailhost.terra.es outweighs the entire rest of the list combined.

  • may give up someday, but evidently not this week; it reappears from last week, this time due to permanent blocks.
  • is listed in SPEWS, plus it's a webmail source that we block. (It's made our lists before.)
  • and were blocked because of missing reverse DNS; their general network areas have annoyed us enough that we insist on good rDNS as a minimum standard from them.
  • and are freenet.de machines, blocked for trying to keep sending us spam that had hit our spamtraps. I suspect that they've fallen afoul of an advance fee fraud spam gang.
  • also kept trying to send us stuff that had tripped our spamtraps.
  • returns from earlier in September, still with a bad HELO greeting.

Connection time rejection stats:

  37577 total
  18701 dynamic IP
  14979 bad or no reverse DNS
   2252 class bl-cbl
    451 class bl-dsbl
    304 class bl-sdul
    167 class bl-njabl
    147 class bl-sbl
     92 class bl-spews
     75 cuttingedgemedia.com
     66 class bl-ordb

It's interesting that the SBL didn't drop compared to last week, even after I blocked Cutting Edge Media specifically so that they no longer added to the SBL stats. The SBL rejections source stats are highly skewed this week:

Count SBL Listing
80 SBL46744
41 SBL46750
9 SBL46698
7 SBL46020
4 SBL20671

Even better, according to Spamhaus, the first two SBL listings are for the same people (I think Spamhaus split them because they're two separate subnets). In a break with the usual pattern, none of these seem to be advance fee fraud spammers.

Only three out of the top 30 most rejected IP addresses were rejected 100 times or more; the leader was (153 times). 20 of the top 30 are currently in the CBL, 4 are currently in bl.spamcop.net, and two are currently in the SBL (, part of Cutting Edge Media's SBL45150, and, part of SBL29986).

(Because they were rejected for other reasons than being in the SBL, neither shows up in the SBL rejection source table. We tend to check DNS blocklists fairly late, mostly to reduce the load on the DNSbl operators.)

The Hotmail stats for this week are:

  • 4 messages accepted, at least three of which were completely legitimate.
  • no messages rejected because they came from non-Hotmail email addresses.
  • 16 messages sent to our spamtraps.
  • 1 message refused because its sender addresses had already hit our spamtraps.
  • 2 messages refused due to their origin IP address (one from Cote D'Ivoire, one from Burkina Faso).

This is at least better than last week. (The high volume of legitimate messages is from students mailing a contact address to report a problem with one of the systems we run. Why students like free webmail providers so much is another entry.)

And the final numbers:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 495 60 264 42
Bad bounces 60 52 57 51

Evidently the bad HELO people were more persistent this week than last week; there is no single really big source, at least by my standards. (The most active is, with 90 attempts, then with 57.)

The only unusual thing in the bad bounce usernames is a few rejections to things that could be very short hex strings; 3E4B, E7D6, and E07. But that's probably just spammer randomness in action.

spam/SpamSummary-2006-09-23 written at 02:01:32; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.