Compiling on Windows, and a question of policy

Paul Wright paul.wright@pobox.com
Tue Dec 3 00:15:35 UTC 2002


On Mon, 2 Dec 2002, Vernon Schryver wrote:

[Paul Wright wrote that Cygwin's in6_addr]
> > does not have the union which enables the same data to be accessed
> > as an array of larger types. 
...
> I don't see a good solution.  The Cygwin definition pollutes
> the name space with a definition of in6_addr that is unusable and
> that cannot easily be evaded.

To undo the pollution, I commented out the broken definitions at the
bottom of /usr/include/cygwin/in.h. dccproc then builds and successfully
talks to the public DCC servers under Windows.

...
> I don't know how to compare DCC and DNS servers handling millions of
> transactions per day, but I do know that a 1,000,000 ops/day DCC
> server wants more hardware than most of the public DCC servers.  I
> think recent talk in news.admin.net-abuse.email from those who should
> know puts the SPEWS DNS load at 250 ops/second.

Joe Jared seems to think it's about 2500 queries/s:
<http://groups.google.com/groups?selm=3DE2F698.37D560D4%40osirusoft.com>
Typo?

[on people who freely provide secondary DNS to DNSBLs]
> >                     if the load is not too great, it's possible that
> > people might provide similar help with a DCC network.
> 
> But don't you need to ask first?

Yes, which is what I'm doing, in a roundabout sort of way :-) John Payne
seems to say that he'd take up some extra load. However, if you feel
strongly that I shouldn't, I won't go ahead and do it (even assuming
it's possible. I've not looked at the equivalent of pipes under Windows
yet, which is what it'd take to meet the Cygwin GPL).

> Again, the current SpamPal load of 10-20K users would not be noticed,
> and so doesn't count.

Yep. It almost seems hubristic of me to think that if I were to produce
a DCC client plugin for Spampal, it would be popular enough for the
public DCC network to notice. In the worst case, I could always put some
kind of rate limiter into the plugin, on the basis that anyone
intelligent enough to read the code is probably OK.

> >                                                       I think it is less
> > politically and legally risky to provide a DCC server than to provide a
> > mirror of a DNSBL.
> 
> As long as your DNS blacklist data is objective and based on truth, my
> ignorant legal guess is DCC and DNS blacklist cases are equally winable.
> However, in the U.S. without "loser pays," that's not very comforting.

My reading of the law here in the UK (where the loser usually does pay)
is that while truth is a defence, if you do not use very precise
language and the some of the *implications* of your, arguably true,
vague statement are untrue and defamatory, you can still lose (see the
"Radio City in Liverpool" example and others under
<http://www.newsdesk-uk.com/law/libelcheck.shtml>).

The sort of remarks that you find in an evidence file for a DNSBL which
is not entirely automatic seem risky from that point of view (some seem
more risky than others). A DCC entry simply records bulkiness without
impugning the morals and parentage of the sender (even better, many
legitimate mailing lists will also have high DCC counts, so a high count
cannot be a bad thing in itself).  ISTM this is much more precise, and
it's easier to show that what you're saying is true.

I am not a lawyer, of course.

> > AFAIK Razor has not yet had this problem despite a Windows client being
> > available, which might mean that overload is unlikely to happen in
> > practice. That said, Razor is not tracking every message.
> 
> What do you mean?

I was forgetting that Razor sees every message checksum on hosts using
the system (my forgetfulness was because the servers don't use that
information, although I suppose they could: you could make an
unsatisfactory DCC clone out of the current Razor client protocol).

[Razor has speed problems, probably due to the design of the system]

Razor's pretty responsive (sub-second times) from here right now, but I
don't use it to filter so I've no idea how representative that is. From
what you say, it probably isn't meaningful to compare it to the DCC, so
I chose a bad example.

> >             None of this is affecting me, since I'm running Linux and
> > can use dccproc, but it'd give me a warm feeling to see Windows users
> > able to effectively filter spam.
> 
> What about the necessary user training and support?  How do you teach
> the typical Windows user about whitelists?  You'd have to have far
> prettier GUI support than the CGI scripts in the DCC source and far
> better documentation than I can imagine.
> 
> Brightmail doesn't seem to be selling to end-users.  I bet that's
> not an oversight.

Possibly they know they can make vastly more money out of consultancy
for companies, however, I bet you're right.

Spampal has a whitelist built in (with a Windows interface), so the idea
would be to only have anything to do with the DCC if the mail was not
already whitelisted. The education needed would be to ensure that people
whitelisted mailing lists (and possibly places like Amazon and so on).
Spampal also has an auto-whitelist feature which will list people who
email you repeatedly over a period of days.  While it's easy to see how
this might be abused, it's also a boon for the Windows users.

In any case, Spampal is not deleting mail, but enabling the client to
move it to a separate folder. I suppose somone could configure their
client to delete whatever Spampal marked as spam, but they'd be pretty
foolhardy given what it's doing.

I suspect that people using Spampal are probably the "power users",
since it requires a bit of fiddling with dialog boxes to set it up.
While I agree that ultimately it makes most sense to do this on the Unix
end of things, the Windows tinkerers can probably make good use of
it in the meantime.

-- 
Paul Wright | http://pobox.com/~pw201 |




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.