Fired from Yahoo!? Looks like the entire Yahoo Design Team is gone!

If that includes you and you have familiarity with jQuery and ExtJS I’d like to talk to you. Please let me know if you’re looking for a job in UI.

Check out the new stuff in AuthAnvil 1.5:

For starters, there are plenty of fixes and updates to the core system. There are over 50 usability bugs that have been fixed ranging for faster communication in the AuthAnvil DCOM Bridge to support for periods in AuthAnvil usernames.
 
We also include a few new things:
• The new AuthAnvil Web Logon Agent. You can now add strong authentication to web applications using Virtual Directories in IIS6. Look for an update that will also protect complete websites like Sharepoint in the first half of this year.
• The new AuthAnvil RADIUS Server. Microsoft’s Internet Authentication Server is toast… as is our IAS extension. With all the problems IAS posed for our premium customers who wished to use it along with MIcrosoft’s ISA server, we have found a better solution which also allows us to now support ful MSCHAP2 VPN,
• More documentation. You asked for it. So it’s now on the ISO.

Coolest of all – I saw AuthAnvil on a Windows Home Server today. We’re looking to use AuthAnvil as our main offering of securing the hosting side of hosted solutions since that happens to be the #1 part of paranoia when it comes to remote workers.. It’s always about differentiation.

But check out AuthAnvil, its BY FAR the most affordable thing out there when it comes to two factor authentication. If your projects fell through because you submitted an RSA quote with your pitch, you’re going to be a big fan of Dana’s.

Few years ago tar-pitting was a big deal among SBSers who tried to protect their systems from spammers, worms and directory harvesting. Microsoft’s Alex Nikolayev, the big daddy of Microsoft’s SMTP stack developed the tar pitting technology for Microsoft’s SMTP server on top of which Microsoft Exchange 2003 works.

What is tar pitting you ask? It is a process of throttling bad recipient responses in the SMTP channel that are meant to slow down the spammer or directory harvesting attack meant to figure out the valid (or prune invalid) email addresses on your mail server. It works in conjunction with recipient filtering, so if you’re being a good little Internet participant and issuing NDRs as per RFC requirement, tar pitting can help. What exactly does it do? Here is a visual example:

220 daisy.theofficeserver.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Sat, 9 Feb 2008 15:31:38 -0500
ehlo vlad.net
250-daisy.theofficeserver.com Hello [65.99.255.240]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250 OK
mail from: vlad@vlad.net
250 2.1.0 vlad@vlad.net….Sender OK
rcpt to: administrator@daisy.theofficeserver.com
250 2.1.5 administrator@daisy.theofficeserver.com
rcpt to: moo@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: cow@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: bee@daisy.theofficeserver.com
550 5.1.1 User unknown
rcpt to: sheep@daisy.theofficeserver.com
550 5.1.1 User unknown

What tar pitting enables you to do is specify the timeout interval in seconds between each rcpt to: command and the 550/511 rejection. Assuming that a regular spambot will issue thousands if not hundreds of thousands of commands in an attempt to filter out the valid recipients on the domain, tar pitting delays can significantly delay their connections.

Why SBSers shouldn’t use this!

First, if you wish to use this technology, here is a Microsoft KB842851 addressing this. If this is something you believe is worthwhile, you should outsource it to a service adequate of handling the volume of these connections, check out ExchangeDefender.

There are two reasons why you shouldn’t implement this technology on a small network:

First, if you are running SBS 2003 or 2003 R2 you have likely upgraded your server to ISA 2004. ISA 2004 establishes the max number of connections per server, per rule to 1000. Likewise, if you are using cheapie firewall solutions that also throttle down the connection limits as to not exhaust an internal server, you are likely going to run out of connections on your server. Remember that tar pitting does not close the connection, it keeps it open. So if you set a timeout of 30 seconds for example, you could run into hundreds of open connections during an attack which would result in service unavailable and connection drops for the valid SMTP connections that may be trying to reach you.

Second, tar pitting has proven itself effective enough that nobody uses DHA anymore. The malicious use of DHA has gone away to a large degree, the spambots are now either being launched with a raw write straight to the socket (ignoring any delays in the connection) or tend to disconnect if more than 5 seconds (depending on the spambot config) has passed between a rcpt to and 250/550 response.

So in effect, this would be worthless to you in stopping spammers and DHA but would backfire on you the first time a larger worm/virus outbreak starts slamming your server.

All in all, not a worthwhile practice for this day and age. Remember, spammers adapt much faster than the rest of the net does, what worked in 2005 won’t work in 2008.

One of the coolest things you can do once you’ve built a really, really large network is to look at the network patterns that emerge, hour to hour, day to day.

For example, every Monday at about 11 AM EST we deal with what has affectionately been themed “the royal mail server flush” – between 10 am and about noon, every Monday without fail, our network capacity drops by at least 30% – and for the longest time we thought it was just because most people got really busy on Monday mornings. But then we looked at the SPAM trends and something ridiculous like 99.3% of the messages relayed during this hour were SPAM messages. Now, when you correlate the IP reputations of the sending IP addresses with the volume of messages relayed over the past 24 hours from the same address and it becomes very clear what is going on. Corporate networks have so many internal systems that have been compromised that are sending dozens of messages (quite little) that over the weekend clog up these tiny servers. So, when the Internet connection or SMTP service or the fish appliance or whatever is in the way of this avalanche of SPAM gets repaired on the Monday morning…. the royal SPAM flush happens.

The other cool thing is, you are no longer succeptible to the ISP bull “Nothing out off the ordinary is going on” when you approach them with “Hi. We have 2 TB of email waiting to be delivered to your network and you’re unreachable from 22 of the largest networks. When do you expect things to be normal?” Fun, fun, fun.

Network ops… gotta love it.

iddqd

(click on the image to see at full resolution)

I wonder if I could bribe Nick’s staff to tape him reading this ticket and spewing the morning shot of Jameson.  

It’s true what they say, you just can’t get this kind of phenomenal support from India..

It’s after midnight, I’m on my way to Vegas and I can’t sleep. Bugfix time. So I IM “the coder” and ask if we can work on some bugs in ExchangeDefender SpamMon.

Then I dragged a zipped solution over to the IM window and got the following reply from the developer:

“This is a little slow since I’m downloading like 20GB of warez”

“thus the reason i still can’t see my start bar instead of restarting”

Classy, very classy. It goes even lower after that:

Coder: when i asked you how i should address it you said “fuck it, leave it alone”
Vlad: damn, good memory
Coder: shock
Coder: well i remember that one because i had like 4 addresses and it was huge
Vlad: haha
Vlad: take up the whole screen
Vlad: block UI biaaatch
Coder: lol
Coder: system modal dialog
Coder: with no close button
Vlad: bind ALT+F4
Coder: man we really are geeks that we think that’s funny

You gotta love what you do…. Read Scott Adams “The Joy of Work” novel.

P.S. Before this becomes exibit 3A in the BSA vs. OWN, he was downloading warez to his home PC for his mother in laws PC. While I do not condone the use of pirated software, nothing makes free inlaw PC support disappear faster than sending the feds over to their house.

Things are a little quiet on the ExchangeDefender front over the past few hours. A little too quiet if you get my drift. Normally, we can tell when a spammer takes a coffee break, so either someone is hiding and keeping quiet while the feds are mapping out the points of entry or we’ve delinked China and Russia from the Internet.

Whoever is the cause for the unusually quiet morning on the spam storm front, I hope they totally OSU the spammers.

I really hate having to eat my own words.. but SPAM Monitor has been a far bigger success than anyone ever expected. I am perhaps the most shocked at the popularity of this thing, the positive feedback, the adoption rate and today, in a mountain tombstone that is my cynicism for SPAM Annoyarizermaster 6000, three new MSP’s signed up for ExchangeDefender alone. Quote the SharePoint:

“The SPAM Agent is the single feature that won the client over the other proposals. I was able to win the clients total network management as well as antispam, provided by ExchangeDefender of course.”

FMR.. Global infrastructure.. yeah.. MSP tool integration, 14 data centers, 24/7 support.. yeah, yeah.. LiveArchive to keep the business up and running when their server or network are down… ok, maybe… Atomic tangerine icon in the corner of my screen popping up with the crap I don’t want to see? Now THAT we’ll pay for.

/me hangs his head in shame and goes back to programming.

Rich, what do I owe you buddy?

Oh, and we also released the SPAM Monitor tool today for ExchangeDefender. It sits on your taskbar and every hour pops up a bubble saying “You’ve got this much SPAM” allowing the user to click on the box and get right into the ExchangeDefender web portal.

Interesting background behind this software. It all started with a fight over semantics I had with Howard Cunningham (not the guy from Happy Days). I have this remarkable talent to choose just the right kind of a word to piss off someone to no end - for Howard that word was “courtesy” as in “Email reports are not a reliable way of reporting SPAM and are provided strictly as a courtesy”; Howard felt that if we didn’t use the word courtesy then staff would put more priority on fixing the issues as they came up with the email reports. The problem with the email reports is really a problem of bottlenecks, the mail log database is replicated from master servers to slave reporting servers that crunch through the mailog and report on the SPAM contents of ExchangeDefender quarantines. When something breaks there it always breaks on the database end and can at times take us a full day for the indexes to be rebuilt and service to restored to the customer. And since the reporting engine (driven by the database engine) has limitations beyond what we’re able to control, we decided to say that email reports are a “courtesy” and left it at that because nobody looks at their SPAM anyhow. Besides, you can drop a link on the desktop and let people access their SPAM in realtime/search/settings and all that so why should I drop six figures onto infrastructure benefiting nobody?

And then Howard explained the issue to me in a far better way that actually showed me where the money is pouring out of the pocket. It is not that people like seeing their SPAM reports or even that they look at them at all to begin with - it’s that when the customer reports a ticket the first step in troubleshooting is to ask them to look at their SPAM Report. Yes, the one in Junk Items. Click, right click, click, right click, Find..

So now we have the Annoyarizermaster 6000, also known as SPAM Monitor. It sits in the task bar and wakes up every hour to tell you just how much SPAM is waiting for you. It also lets you click on it and automatically login to the portal without providing your username and password. Problem solved.

There you go, the magic of software industry in the making - if you can’t solve the customers actual problem then at least create something annoying to distract them. If you gotta be a monkey… be a gorilla.

If you’re lucky enough to get friends in this business, from time to time they will pull you aside and tell you that you’re heading in the wrong direction. Since ExchangeDefender 3.0 (and consequently 3.1) launched my partners have noticed what would politely be referred to “lack of documentation” but in last months org-fix we really stepped up the documentation efforts and communications channels. It’s not perfect yet but at least Scott won’t be able to rag on me for having better documentation on my products than I do – I got videos now, biaaaatch!

During the spring we held a number of conference calls with partners and customers that brought together the current OWN offering and I slipped something about training videos that we use for internal training. That seemed to really excite people and I promised training videos. As one of my partners put it, “they watch enough YouTube so this will help. Check them out here:

http://www.exchangedefender.com/support.php

So far I’ve cut four videos for User Guide (19 minutes), Admin Guide (15 minutes), Service Provider Guide (13 minutes) and Troubleshooting ExchangeDefender Delivery guide (20 minutes).

Expect to see more, these have been very successful for us internally and partners seem to like them. Really, in under hour and a half you can have a completely trained ExchangeDefender employee pushed through the process by the dude that designed it. How cool is that?

I’d like to acknowledge that this didn’t just happen – the result has been molded, criticized, shaped and produced in thanks to Dave Sobel, Karl Palachuk, Howard Cunningham, Tim Barrett, Erick Simpson and designed by Stacy Johnson.

So, Scott, am I off the hook yet?