Embargos and tongue biting

On Tuesday, I posted to the Ferris blog about Exchange's strange lack of support for SPF/SenderID. At the end, I made an offhand comment about how "The Lotus community's scorn over the Exchange roadmap isn't entirely justified, but it seems to be getting louder by the day."

Boy, how to enrage a passionate community! See here, here, here, and here. And I thought I'd get away with it, 'cos Ed's on vacation? Nah...

The thing is, I knew more than I was letting on about the Edge Services roadmap (or lack thereof). But I had to be careful what I said, 'cos Ferris Research had agreed to an "embargo" (a kind of informal NDA). David Via also weighed in with a nice post, also during the embargo. The news wasn't announced until Wednesday 6pm my time. Chris Williams had written up a great post about it, which was all queued up to go once the embargo was lifted.

What's the blogging equivalent of biting one's tongue? Whatever it is, I was doing a lot of that all day.

How secure is Chip&PIN, anyway?

Please, no. Tell me it's not true. Could the Chip&PIN folks have been so dumb as use the same PIN for ATMs and the new smartcard readers? El Reg thinks so. So does The Torygraph.

The obvious security problem here is that an unscrupulous employee can steal the PIN, skim the magstripe, and clean out your account at an ATM. Admittedly, they might have to (gasp!) go abroad to do it. Even easier, they could just use email to send the PIN and magstripe data to an overseas accomplice.

Dumb. Dumb, dumb, dumb, dumb.

Stupidest text message ever

Ever read a news report about what somebody did and said to yourself, "That's really dumb"?

How about the Italian dude who texted his wife in mid-air, telling her that his plane was being hijacked? Stoopid enuff for ya? Naturally, the police weren't too impressed.

Yeah, he probably looked a bit like this guy, albeit with more clothes. And Italian (this guy's probably Belgian). Oh, and jammed into a tiny aircraft seat. What seat pitch does Lauda Air use on long-haul anyway? SeatGuru doesn't know. Wait, what was I talking about again..?

Is this the best we can do to fight spam?

In InformationWeek, Bob Evans polled for ideas to stop spam. Also noted in Sarah's blog.

Can't say I'm too impressed with the answers he got. (Reading between the lines, I don't think he is, either.)

The best contribution turned out to be Tempfailing. In case you've not come across this before, the idea is that if a receiving MTA "tempfails" an incoming connection, spammers will give up and go somewhere else. An example of a tempfail is, "4451 4.7.1 Please try again later." Legitimate MTAs will just pause and resend, so the theory goes. (Note that many people call this "Greylisting," however other people use that term to describe other anti-spam techniques.)

Nice idea in theory, but as I've said before, it doesn't work any more. These days, most spam is sent by botnets (armies of virus-infected PCs, remote-controlled by spammers). The spamming software running on these "zombie" PCs is quite capable of queueing and retrying, just like any regular MTA is.

I can't help thinking that greylisting advocates have an exaggerated sense of spammers' technical stupidity.