Posted in October 2008

Oct 31 2008
Leave a comment
General

How to launch an open source project…help…

We all can cite many open source and even some “closed” source projects that we use and interact with daily.  How did they start?  Most of them started out of the passions of a single individual, but how did that spread?  How did people find out about the projects, how did others start building on these projects?

I ask, because I’ve just put out my CMS for Google App Engine (it’s pre-alpha) and looking for people who are interested in playing with it, giving me feedback, helping it improve.    The challenge is out side of nagging on my friends — amost feels like nagging on them to change jobs — I’m uncertain where to start.

I’m going to continue plugging away, but if anybody know how to evangelise or create community that would help.

For those interested (please) the project is here:

http://code.google.com/p/notewavecms/

http://code.google.com/p/notewavecms/wiki/Installation

Oct 27 2008
Leave a comment
General

Fighting spam – greylisting take 2

You don’t really want to know, but I’ve spent my morning fighting spam.  It’s a periodic activity, makes me almost want to go back to the MailFrontier days when I could focus on these topics as a full time thing.  Though on the advantage side I can use a lot more off the shelf components in my battles.

If you recall I’ve been running sqlgrey on my box for a while, but over time more and more spam is getting through.  It’s primary objective is to slow down enough “unknown” email that other distributed sources will report on it’s true quality.  The problem is that looking at my logs that the spammers have worked out reasonable courses to get things routed onto white lists.

While I can’t say I’ve totally automated the process I’ve made one primary enhancement to sql grey which is adding a “BAD_IP” table which allows for either fully qualified IP addresses or /24 (Class C) versions of IP addresses to be added.   If an inbound message sources from one of these IP addresses then it’ll be “special”.  Two things happen with special IP addresses -  Longer greylisting cycle and they’re not allowed to be whitelisted.

The second part — which isn’t automated, today — is that my postfix log is chock full of all of the address probing going around.  So, all I need to look at is the IP addresses that are sourcing in lots and lots of probes.  If I see a lot of probes from your IP address you get added to the BAD_IP table.

Though as a feature request… I have a 60% solution in place, which is a python version of sqlgrey!  Not that I’m a big python person (ok, maybe converting slowly).  But, I’ve gotten to be a big OO person and procedural programming wrapped in a object wrapper is a bit “ugly”.

Tagged ,
Oct 21 2008
Leave a comment
General

Performance Reviews … WSJ and Me

RThe WSJ just did an article about the pointlessness of performance reviews it’s interesting to see that the posting I wronge a long time ago about Performance Reviews. Shared many of the same points:

  • Performance doesn’t determine pay
  • Objectivity is subjective
  • It disrupts team work

Managers should go coach some kids sports and really understand what teamwork is about…  It’s both useful to the community and teaches you many leasons about how to interact with people who might not have the same focus as you.

Oct 15 2008
Leave a comment
General

Alternative to OpenID

I’ve never been a big fan of OpenID, it feels like an interesting solution to a problem, but not the solution that makes sense.  For starters it requires me to learn something new, which as an “average” user I don’t want to do.

Quick education for those not familiar with OpenID.  OpenID allows you to have a single digital identity that enables you to log into multiple websites using one ID and password.  This means that when I find myself at a signin/signup form I can enter koblas.example.com (it could be as nasty as https://me.yahoo.com/a/nDvVG6521ORdniQiNkMGjNXR3g–) as my identity.

From a practical standpoint it doesn’t make sense to have a second ID (or third, fourth, etc.) in the universe.  I’ve started “enjoying” websites which have given up on the USERNAME concept and just let me use an email address and password to signup/signin.   Now we’re drifting into an interesting world.

What I would like to see is my email address being my unique identifier, after all you’re going to send the account confirmation message there, I’m going to have to confirm it, etc. etc.  Product like Facebook Connect are starting to show up and claim ownership of my identity.  Why not use email and DNS to take over for OpenID.

Here’s a proposed flow:

  • User is at the signin page
  • Enters koblas@example.com
  • DNS query is sent to lookup the “AUTH” record for ‘example.com’
  • result is authhost.example.com
  • Two choices at this point – either handshake ala OpenID or Facebook Connect — OR — have a DNS based auth lookup [the bias is to OpenID]
  • Now pop the user over to authhost.example.com with some arguments to authenticate
  • Return to mysite with cookies and tokens for their continued session.

Best part is that I don’t have to remember a new identifier, DNS handed out the identifier to complete the transaction.  You’re now going, but this will put the control of all identities into the hands of a few.  Sort of, but you can also think about it from the stance that if facebook were to have “public” email then you could use example@facebook.com as an identity for use on other sites.  They get the benefit that part of the authentication contract is that example@facebook.com is a deliverable email address to communicate with you at.

Tagged , ,