Wandering Thoughts archives

2007-04-29

What matters about object oriented operating systems

Many years ago, I went to a talk about a new object oriented operating system (a research project, obviously). The presenter made a big deal about how everything in, eg, their filesystem was an object, and so things were very general and you could put anything in the directory objects, and as they went on I noticed something disturbing: while you could put all those different things into directories, none of them seemed to have the same set of methods; in fact, the methods were often significantly different.

This talk led me to a conclusion: what matters in OS object orientation is not that things are objects, but what the common operations are.

If you have no common operations, it doesn't matter that everything is an object and you have theoretical generality. Your object orientation is getting you nothing in practice, because real programs have to know about the types of objects that they are dealing with so that they know what operations they can do with them.

Correspondingly, the genius of Unix is in the common operations. These make it look 'object oriented' from the outside perspective, regardless of how it is implemented internally, because almost every 'object' responds to a set of common operations.

(Current implementations of Unix kernels are almost certainly heavily object oriented internally, despite being written in C. I know that the Linux kernel is.)

I suspect that this generalizes to many object oriented programs, although I have limited experience in OO programming (especially in traditional OO languages like C++ or Java; all my OO work has been in Python). Certainly almost all of the times I've constructed object hierarchies and the like, whether in C or in Python, the driving reason has been to be able to write common operations in a generic, object type independent way.

(This is not to say that generic containers are unimportant, especially in a language.)

programming/ObjectImportance written at 22:51:00;

Weekly spam summary on April 28th, 2007

This week, we:

  • got 11,321 messages from 292 different IP addresses.
  • handled 18,443 sessions from 1,247 different IP addresses.
  • received 176,017 connections from at least 61,753 different IP addresses.
  • hit a highwater of 7 connections being checked at once.

This is slightly up from last week, especially the number of different IP addresses hitting us. The drop in email messages may be because we're towards the end of university exams, when things tend to get a bit quiet.

Day Connections different IPs
Sunday 26,858 +9,992
Monday 26,131 +9,688
Tuesday 30,224 +10,405
Wednesday 33,942 +10,356
Thursday 26,933 +8,622
Friday 18,944 +7,395
Saturday 12,985 +5,295

The spammers seem to have jumped on us in the middle of the week, and then started to fall off later on. Probably this is not going to be a long-term trend.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
68.230.240.0/23       39449   1916K cox.net
68.168.78.0/24        19607    941K adelphia.net
213.29.7.0/24         15449    927K centrum.cz
213.4.149.12          13035    678K
205.152.59.0/24       12831    582K bellsouth.net
206.123.109.0/27       9250    508K
81.115.40.8            5319    284K
65.175.90.190          2877    158K
193.25.197.0/24        2619    157K
65.75.64.3             2619    126K

Volume is slightly down from last week, and has shuffled around quite a bit.

  • 213.4.149.12 is terra.es, and returns from last week and many times before.
  • 206.123.109.0/27 is a tendril of otcpicknews.com and returns from last week.
  • 81.115.40.8 is a telecomitalia.it generic host, and returns from late Feburary and a number of times before then.
  • 65.175.90.190 kept trying to send us stuff with an origin address that had tripped our spam traps. It's been doing this for some time, but this is the first week it's made our top ten.
  • 193.25.197.0/24 is celeonet.fr; it also kept trying to send us stuff that had already tripped our spamtraps, but it was sending from so many IP addresses that I just blocked the entire /24.
  • 65.75.64.3 kept trying with a bad HELO name.

Connection time rejection stats:

  41556 total
  22293 dynamic IP
  13326 bad or no reverse DNS
   4565 class bl-cbl
    234 qsnews.net
    222 class bl-njabl
    105 acceleratebiz.com
    110 class bl-dsbl
     95 class bl-pbl
     71 class bl-sdul
     70 class bl-sbl

The highest source of SBL rejections this week is SBL49395 at 25 rejections, which is labeled as 'swishmail.com' and appears to be a dirty /24 used by a spammer and was listed 23 December 2006. Following it is SBL45324 with 17 rejections, a /24 ROKSO listing for Brian Kramer aka Expedite Media Group, listed 26 December 2006.

Three of the top 30 most rejected IP addresses were rejected 100 times or more this week; 216.213.172.11 (156 times, qsnews.net), 200.62.58.67 (123 times, missing reverse DNS), and 87.51.151.182 (106 times, tele.dk ADSL). Ten of the top 30 are currently in the CBL, none are currently in bl.spamcop.net (somewhat to my surprise), eight are in the PBL, and a grand total of 14 are in zen.spamhaus.org.

(Locally, 13 were rejected for bad or missing reverse DNS, 9 as dynamic IPs, 3 as being from various places we don't want to talk to, 3 for being in the NJABL, and one each for being in the DSBL and the CBL.)

This week, Hotmail did:

  • no messages accepted.
  • no messages rejected because they came from non-Hotmail email addresses.
  • 24 messages sent to our spamtraps.
  • 16 messages refused because their sender addresses had already hit our spamtraps.
  • 4 messages refused due to their origin IP address (two in the CBL, one in SBL48677, an advance fee fraud spam source listing from December 1st 2006, and one from the Cote d'Ivoire).

And the final numbers:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 699 69 720 75
Bad bounces 125 57 68 22

Bad bounces have almost doubled from last week, and the number of sources has more than doubled. On the slightly bright side, at least the bad HELO count has dropped slightly. The leading bad HELO source is 70.16.191.87 (72 tries), followed by 216.212.61.226 (67 tries).

Bad bounces were sent to 36 different bad usernames this week. The leading target, with 84 attempts, was an old user. After that we saw attempts to old users, the ever-popular noreply, some random jumbles like xgosk02, and a variety of names like MyraRogers. This week the bounces seem to have come from all over; the leading source is chello.at, followed by a Polish ISP and Earthlink. Various places in Eastern Europe seem to be popular bounce sources in general.

spam/SpamSummary-2007-04-28 written at 00:09:46;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.