CTO Tech Blog

Wouldn’t it be great if all unsolicited commercial email, or spam as it’s more commonly known, came with a tag in the subject line that identified it as spam?  Not surprisingly, the people who send spam don’t see the value in that idea.  The job of defending networks and users against spam is on the shoulders of network administrators and users.  Understanding what defences are available and how they work will help users and network administrators choose the best solution for their environment.

Spam filtering can be done in any of four points in the path of an email; as it is sent, before it reaches the destination server, on the destination server, or at the end client.  Checking for spam as it is sent seems, on the outside, to be futile since someone intending to broadcast spam would certainly not do it.  In fact, a large portion of spam is sent using malware that is unknowingly installed on end user hosts.  Checking for spam leaving a host would identify that there is a problem which could then be corrected using malware tools.  Companies that host their own mail servers, as well as many hosted servers check email for spam as it arrives or while it is being processed by the mail server.  Filtering spam before it arrives at the server reduces network traffic and isolates the server from malware that may be contained in spam, but often limits the ability for users to allow email that may appear to be spam from people or businesses that are known.  This is called white listing a sender or email domain.  Moving the spam filter to the mail server often adds simpler configuration tools to allow administrators or users to adjust the white list (desired) and blacklist (malicious) settings either on a global or per user basis.  Client based filtering allows users to individually decide how to identify spam and how to act on each message based on the rules that they configure.  Any or all of these types of filtering can be used depending on how much control a network administrator wants to retain or offload to users and most solutions are a hybrid mix.

Regardless of what stage on the email flow a filter is testing for spam, the same criteria can be used.  Most spam filters use a number of tests in a certain order with specific settings for action and logging for each test.  The best filter will allow all desirable mail through and block all spam, but since the spammers are constantly fighting the filters, new rules must constantly be implemented.  Having a subscription with the spam filter vendor allows the filter to be updated with defences against new spamming methods very soon after they are discovered.  Here are some of the more common methods included in spam filters to detect and protect against spam.

Heuristics/Bayesian analysis – These intelligent filters learn and use statistics to determine if a message is spam.

Reputation – Most anti-spam vendors keep databases of known spammers and tag any mail from their domain or IP address as spam.

Phishing – The scan engine looks for links in emails to known phishing sites and tags them.

RBL – Realtime or Relay blacklist – These are third party lists of reported spammers on the Internet.  These blacklists often list IPs and domains that have temporary issues with malware, or are part of a large range of addresses.

Header checking – The scan engine compares the SMTP and MIME email addresses in the message header to make sure they match as well as other header anomalies.  Email clients set the MIME address, while the server sets the SMTP address.  Spammers use this to mask the origin of an email.

Directory harvesting – Emails sent to multiple non-existent accounts in an email domain are marked as spam.  The term directory harvesting is used because by sending large lists of names to a mail server, most will bounce back as failed, but some may not.  Eventually the sender can, by process of elimination, build a list of valid email addresses on the domain.

SPF – Sender Policy Framework – A relatively new DNS record type that defines domain names and hosts that are authorized to send email on a given domain.  Although not widely used initially this method of protecting a domain has become more common.

rDNS – Reverse Domain Name Service – Where DNS takes a domain name and translates it to an IP address, rDNS looks at the IP address and ensures that the domain name in the email header matches the domain name that points to the IP.  This identifies servers that are relaying mail for other, typically unauthorized, domains.

Blacklist – A list on the anti-spam server that is generated automatically or by user intervention that identifies domains or IP addresses that users have reported as spam.

Keyword checking – A list generated automatically or by user intervention or words that are in undesirable emails.  These words could be profanity, pornographic, pharmaceutical, or any other s.

Regardless of which type of spam filtering is used and which tests are implemented, all but the most expensive appliances require configuration and some amount of learning.  Don’t expect a product to stop all spam right out of the box.  With some adjustments and ongoing updates they are great tools to keep users productive.

Printed documents are created by attaching ink to paper.  The process involved and the quality of the output varies widely depending on the type of printer used.  Historically there have been many methods of printing and duplicating, but I will only talk about computer printers in this blog.

Printers are classified in one of three categories based on how they produce output.  These categories are character printers, line printers and page printers.  As you might guess the output is transferred to paper one character at a time, one line at a time or one page at a time respectively.  The most popular early printers were dot matrix printers.  These could be either character or line printers.  Dot matrix line printers typically had a row of small wires lined up across the width of the paper with an ink saturated ribbon between.  The ribbon is fed horizontally across the row of wires while the paper is moved vertically.  For each vertical step of the paper a combination of wires would be pushed at the paper causing the ribbon to touch and leave an entire line of dots across the page.  As the paper continues to move up the characters of the output are formed.  These printers are very fast, but are usually limited to text or basic graphics.

Another type of dot matrix printer uses a moving print head with a small number of wires (typically 9 or 24) placed vertically.  The head is moved horizontally across the paper while an ink ribbon is fed horizontally across the head.  As the head moves across the wires are fired in a pattern to create each character of text one at a time.  The head may fire as it travels in one direction or both depending on the printer and the quality of output.  After a line of text has been completed the paper is fed vertically to position for the next line.  Higher quality text could be created using a printwheel or ball printer.  These printers used the same method as many typewriters spinning either a spoked wheel with embossed characters or a gimbled ball with embossed characters.  In the case of a printwheel, a single hammer would fire to push the character on to the paper with the ribbon between leaving the character impression.  Ball printers would lift the entire ball to the paper with the correct character positioned to push the ribbon against the paper.  Neither of these types of printer could usually print graphics, but different fonts were available by changing the wheel or ball.  These are also considered character printers and all of the technologies I’ve mentioned are able to print multi part forms because they use impact to transfer the image.

Newer technologies have replaced most dot matrix printers.  Ink jet printers are character printers that are very similar to dot matrix character printers except that they force ink directly onto the paper through tiny nozzles on a moving head.   The head is moved across the paper while small dots of ink are ejected using either bubbles created by heat or electrically induced constrictions of the nozzles.  As with the dot matrix printers the dots form the characters as the head moves.  Because there is no impact, multi-part forms are not able to be printed.  The small size of the dots used to form the images allow for very high quality text or graphics to be printed.  Most inkjet printers also use multiple print heads moving together to produce full colour output.  Although there are a number of printers that use six or more heads, it is more common to have only four; black, cyan, magenta and yellow.  The cyan, magenta and yellow can be placed on the paper in close groups of dots causing your eye to see the combined colour.  This allows for a full spectrum of colour reproduction.  Although these printers produce very high quality output, they are usually quite slow and expensive to operate due to the high cost of ink.

For better speed and lower cost of operation without too much sacrifice in image quality there are laser printers.  Laser printers are considered page printers because the entire page or text or graphics are produced within the machine, then transferred to the paper.  There are a number of laser technologies currently in use, but the most common uses a statically charged rotating drum.  As the drum rotates a laser beam is fired at the surface.  A spinning mirror directs the laser from side to side on the rotating drum as it is pulsed on and off.  Where the laser hits the surface of the drum the static charge is removed.  Farther along the rotation the surface of the drum is passed by a brush of charged ink particles called toner.  The toner is attracted to the drum surface where there is no charge laying an image.  Paper is then fed between the drum and another charge which attracts to toner to the paper.  The paper is then fed between a hot roller and a pressure roller to fuse the image to the page.  Colour images are made by rotating the drum four times past four different toner brushes, cyan, magenta, yellow and black, before feeding the paper past to receive the image.  Laser printers are usually more expensive to purchase than inkjet printers, but cost less to operate over time.   

At some point in our lives I think everyone faces this question in one form or another.  In many cases the answer is obvious and in others it is very complex.  With PCs and servers the answer tends more toward the complex end of the scale.  We need to first find the reason for asking the question.  Is the computer performing poorly?  Is it not working at all?  Does a new application call for higher specifications?  Many questions immediately come to mind when faced with a broken or poorly performing computer.   How old is the system?  Has something recently been added that may have caused the problem?  How is the system used?  Is it a home computer used for email or games or is it used to generate income?

Poor performance may not indicate that a system is ready for retirement.  Performance can be affected by a number of factors including malware, fragmentation, or even the number of icons on the desktop.  When you consider that replacing a computer will require reloading of all programs and restoring data, it makes sense to first attempt to do the same to your existing computer.  Most PCs now come with recovery disks that will wipe the system out and restore it to the original factory condition.  You may even find that when you start to reload your programs there are a number that you no longer use.  Restoring the system to factory condition will ensure that files are not fragmented and any malware that may have been present will be eliminated.  This is also a good time to make a copy of your data to store in a safe place.

If restoring the system to its original state does not make enough of a difference then it may be that current operating system and software demands are too high for your hardware.  This can happen because newer software and operating system updates are often more demanding on resources.  At this point you have reduced your system to only the bare necessities and have gathered and tested all of your applications by doing the earlier restoration.  Make a list of your applications to have available when you look at new PCs to make sure there are no compatibility issues.

In some cases a system is too old to even consider restoring to its original state.  If you are running an operating system earlier than Windows XP or Server 2003 then you are due for a replacement.  Systems this old are at risk of hardware failure and most are also very large power consumers.  CRT displays are also more power hungry than their flat panel equivalents, which also provide clearer and brighter images.

How a system is used is another factor to consider.  With malfunctioning hardware on a business PC or server, it would be wise to consult a technician to estimate the cost and time involved to repair a system compared to replacing and restoring it.  The reduced cost of down time combined with potential productivity gains can often outweigh the expense  of repairing a failed system.  Home PCs are usually not as critical although some would argue that point.  A home PC that is used for video games would benefit from newer and faster hardware, where a system that's used mainly for email and web browsing would not see as much.  I should also touch on the cost of data recovery when a hard disk fails.  If you don't have a current backup of your data you can expect to pay anywhere from $900.00 to $3000.00 to have data professionally recovered and even these services are not always successful.  Once again I can't stress enough how important it is to backup your data on a regular basis.

On a final note, some may have noticed that there was no blog posted last week.  Ironically my home computer failed half way through writing my blog (about computer failures) and I lost my current work.  Fortunately I was already preparing to replace my system and had the new one almost configured.  Of course I also had a current backup to restore my data from.

On January 1st the British Columbia government imposed a new law restricting drivers from using handheld devices such as cell phones and GPS units.  The need to create this law and the associated fines might seem a bit surprising considering that 15 years ago hardly anyone had a cell phone and only a very small percentage of those who did had any kind of electronic messaging on them.  It seems that there has been a change in people's expectations when they communicate because of the increased availability that cell phones create and tolerance for someone being "unavailable" is low.  So how does someone stay connected while still being a safe and legal driver?  In short we can't yet, but there are technologies to fill some of the gaps.

Bluetooth is probably the most well known and used hands free solution for cell phones.  Originally designed as a wireless replacement protocol for RS232 serial connections, it uses multiple frequencies to transmit data making it more resistant to interference.  Since voice data is time sensitive in that the listener can hear delays and retransmissions, Bluetooth is an excellent technology to carry voice to cell phones. Many other devices such as GPS units and computers are equipped to use Bluetooth as a unified standard for communication.  Unification is the main intention of the designers as noted on Wikipedia:

"The word Bluetooth is an anglicised version of Danish Blåtand, the epithet of the tenth-century king Harald I of Denmark and parts of Norway who united dissonant Danish tribes into a single kingdom. The implication is that Bluetooth does the same with communications protocols, uniting them into one universal standard.^[1][2][3] Although blå in modern Scandinavic languages means blue, during the Viking age it also could mean black. So a historically correct translation of Old Norse Harald Blátönn could rather be Harald Blacktooth than Harald Bluetooth.

The Bluetooth logo is a bind rune merging the Germanic runes  (Hagall) and   (Berkanan)."

Many cell phones and GPS devices use speech recognition to dial numbers and enter destination addresses.  Combined with Bluetooth earpieces or microphones built into cars, they can be used with very little manual interaction.  In fact, some devices such as the Apple iPhone and RIM BlackBerry also have available applications to read emails aloud.  Speech recognition for dictating emails and text messages is in limited use on some devices as well.

I personally find it difficult not to pull out my BlackBerry when a message comes in, but the new law has not only made me think about the possible fines associated with succumbing to this distraction, but also the danger to myself and others.  If society doesn't allow us to revert to being unavailable when we're driving, then hopefully technology will quickly come to our aid and keep us safe on the roads.

For more information on Bluetooth visit Wikipedia or the official Bluetooth site below.

http://en.wikipedia.org/wiki/Bluetooth

http://www.bluetooth.com/bluetooth/

Was it hype or just good planning?  Ten years ago I went to a New Year’s party armed with my cell phone and car keys ready to take off at midnight to help deal with whatever it was that was going to happen.  Nothing did.  It’s true that we had spent many months checking our clients’ PCs and servers to make sure that they would roll over the millennium properly and even tried tricking a few servers into thinking that it was the year 2000 a little early to see how they would react.  It’s also true that many computers and software packages were upgraded to thwart the potential bug that threatened to cripple business in the new year.  In the end, however, we still didn’t know if all of that work and money spent was really worth it.  I can only speculate why computer designers would not have factored in the year 2000 and how it would affect their designs.  Possibly they thought that technology would be so advanced by then that computers based on their algorithms would only be found in museums.  It might also have just been an oversight that grew into the proverbial elephant in the room.  Looking back I wonder what we as an industry learned from it.

If we roll forward a few years, you may remember a government inflicted change that seemed to have a bigger, albeit less publicised, effect on computers and software.  In 2007 a decision was made in much of North America to change the dates that daylight saving time starts and stops.  Various government agencies had been studying the potential energy savings since the mid 1970’s so this was also not a big surprise, but again the industry was not prepared.  In the case of the Y2K “bug”, it was fairly simple to test hardware, operating systems, and applications to see if they would work.  A number of testing tools were available and even when the tools were inconclusive, we could always force clocks ahead to see what happened.  With DST things became more complicated because of a number of factors.  In Microsoft Windows operating systems, users had the ability to manually turn DST on and off as well as change the time zone that a computer was in.  For travelling users the time zone might be changed on a regular basis.  With email and calendaring software becoming more prolific we also had to look at interaction between users who may be in different time zones some of whom may not use DST.  The email and calendar client and server software had to recognize the correct time zone and know whether DST was on or off.  To complicate things further still; with so many computers being used in homes as well as businesses and complicated methods to patch systems, many users would simply change the time on their PCs when they noticed that it was wrong.  This also happened on servers when IT staff did not know how to correct it or simply didn’t have the time.  I could continue describing the complexities and ongoing issues, but clearly the computer industry had not learned how to plan ahead or chose not to.

A decade has now passed since the Y2K “scare”.  The beginning of a new decade seems like a good time to look back at what our experiences have taught us.  My job and the main goal of our company is to make computers work.  That should mean that the people and companies that rely on them should not have worry about anything beyond using the applications that allow them to do their jobs more effectively.  I wonder what I will learn looking back over the next ten years.