We’ve got your Geek Squad right here

Posted: 9:37 pm
January 13, 2007
Gaypile
Comments Off on We’ve got your Geek Squad right here

IMAGE_00005Not to be outdone by Geek Squad, Firedog, Staples, Mac stores, Microsoft bCentral (UK) and every two indians with enough juice on a credit card to register a domain name….. CompUSA is entering Managed Services.

This is somewhat significant becuase CompUSA always relied on their local list of IT consultants to do on-site computer work referrals. I found this gem at the exit of the local CompUSA store today:

Need help? $30 will get you a single incident, $50 will get you unlimited help for about three months. That’s a bargain, don’t you think?

To the gaypile!

New Category: Gaypile

Posted: 9:32 pm
January 13, 2007
Gaypile
2 Comments

Southpark101-771689I was told by many of you that I needed to add this category.

The concept of the gay-pile is the genius of South Park creators Matt Stone and Trey Parker. South Park, for those of you not from US, is a popular adult cartoon that has made its staple on American society by calling out common hypocracies and stereotypes of our proud country.

Goobacks, episode 806 of South Park, addresses inability of large groups of people to handle change. The residents of South Park decide that the best way for them to combat change is to “go gay” and eliminate the possibility of future occuring because they would effectively end the human race.

Reaction to changes in the IT world are similar. At the first sign of things changing, people who have chosen a career that is on the very edge of revolutionizing communications as we know it have a hard time adapting. Instead, they come with the most ridiculous theories, empty threats and unlikely prognosis no sane person would ever make.

This category will be dedicated to posts on the topic of IT people having a hard time comprehending the reality of the IT business.

They Took ‘R Action Pack Rights

Posted: 12:15 am
January 13, 2007
IT Culture
4 Comments

Southpark101-771689Quick everyone, back to the ***pile!!!

I’ll make it quick, short and painless: You have no downgrade rights with MAPS (Action Pack) and MPAN (Accountant Network): Once you renew your subscription you must upgrade all the software licensed under MAPS to the current version. Suppose your MAPS renewal comes in March and you’re currently running SBS 2003 SP1 and Windows XP. You must upgrade all XP desktops to Vista and you must upgrade your server to R2. So once you receive media for Vista in the Action Pack and renew your subscription you will be obligated to remove XP from all your systems and deploy Vista.

I expect a very large pile as a result of this since it impacts virtually every Action Pack subscriber. All I ask (pile or no pile) is that you be very civil in your feedback to Microsoft and that you offer suggestions, recommendations and an estimation of your impact (on your business, on your hours, on your sales, on your very future with Microsoft as a partner) and not reduce yourself to threats that will be ignored. Susan and I have already contacted our friends at Microsoft to see what may be done on this front so stay tuned but please take a moment to write to Microsoft and voice your concern, assuming you have one.

P.S. You know who I feel for the most in this situation? Peter Gallagher. Poor guy just joined TS2 and he gets to deal with this his second day on the job. Ooof. I already wrote in to JJ and told him it was very nice knowing him.

Since when am I the authority on this?

Posted: 11:04 am
January 12, 2007
IT Culture
1 Comment

The Vladville folder was full this morning with requests for comment regarding the restrictions on content for Blu-ray. NSFW (not safe for work), you’ve been warned.

Now this is going to surprise some but I’m on Sony’s side on this one. As a private citizen they are trying to make sure their work reflects their values and if those values lead to not supporting what they find objectionable… more power to them. I’d do the same and under similar circumstances I do the same: we do not host adult oriented material at OwnWebNow.

Will HD DVD win solely because they are defacto distribution medium for adult entertainment? Can you imagine going into Best Buy and asking the rep to recommend a high definition format for your needs? Will they take you to their Magnolia room and play a select piece for you, just so you could see the difference? “I see your point Bob; Although I can almost make out the sweat beads on her, the hair follicle detail is just too Vivid; Oh, the HD DVD supports 8 angles whereas Blu-ray only supports 3? I see. Hold on, let me call my wife. Dear, I’m at Best Buy. Yeah, on OBT. Can you please bring my collection, I’m having a hell of a time picking a new player.”

So will HD DVD beat off Sony? If so, it will be a hard thing for them to swallow, seeing how they got nailed with their beta format. Regardless of who ends up on top, we’re more likely to stream this kind of media through our Xbox over a home server. (note to self: accessories! buy Belkin stock today)

Just how much detail do we need? I’ll leave the answer to that question to my honorable friend from UK. As always, if you’ve been offended by this post please write to my PR agent, Susanne Dansey.

PSS Assimilation

Posted: 9:48 am
January 11, 2007
Friends
2 Comments

Please join me in congratulating Peter Gallagher (b. Purushottam “Peter” Gangadikeyaharvahar) on his recent promotion. Peter is one of the good SBS Show friends and currently works as a PSS Escalation Engineer at Las Colinas, Texas.

On Monday, Peter will be assimilated to the Microsoft Sales collective and his current Team Leader, Mark Stanfill had the following comment:

We wish Purushottam the greatest success in his sales career. I am sure he will do the neccessary.

As you may imagine, the transition of an engineer to the sales force is not an easy task. With specific and direct answers to technical questions Microsoft sales employee could actually give the customer a correct answer, something that could have horrific consequences. Mr. Stanfill further explains:

De-technical-ization process is mandatory for every member leaving the team. There are two components: lab and panel Q&A.

During the panel Q&A the candidate is extensively tested on his knowledge of correctly implementing the transition pack. By doing so we eliminate any actual practical knowledge that the future sales person will be able to relay to his/her customers.

The lab is a grueling process during which the candidate:

  • Implements an SBS cluster
  • Performs an SBS migration
  • Uses the transition pack to upgrade to Windows 2000 Advanced Server, which he must obtain through p2p networks.

The lab instills the concept of belief in the candidate, it allows him to become comfortable selling solutions that can never be implemented. This becomes crucial for his sales career.

The final step in creating a perfect sales drone is throwing the engineer from the fourth story building until he lands on his head. At that point the engineer is ready for his sales career and is shipped to DFW with a one way ticket to Fargo, ND.

So again, please join me in congratulating Peter on his promotion.

* All names, places, people, events and processes are fictional. Any similarities to the real people, places, events and processes are purely coincidental. This post grossly overstates the technical competence of sales people, jumping off a four story building will not make you a good sales engineer – please seek out a taller building.

Day in a life of a spam killer: pre-greeting traffic

Posted: 9:08 am
January 11, 2007
ExchangeDefender, OwnWebNow
Comments Off on Day in a life of a spam killer: pre-greeting traffic

Yesterday we implemented some new magic against tar-pitting smashers and man does it make a difference: Since noon EST we have rejected an average of 46,128 messages per-node. We then ran a report – 100% of the IP addresses that had their email rejected had mail delivered to the SureSPAM Quarantine the day before.

The significance? System performance, employee efficiency.

System Performance – Any bit helps. By rejecting the messages at the perimeter (yes, even ExchangeDefender as a perimeter service has a perimeter network) we save network resources because we have less messages to process through bayesian filters, less statistics to calculate and ultimately less spam that we’ll have to store.

Employee Efficiency – Two fold: First and less important, the remote likelyhood that the mail produced by these spamming hosts does not get properly identified as SPAM and ends up in the users inbox. Second and most important: less mail for the employees to review. Since I can guarantee that no legitimate mail was sent by these systems I can save my customers time from having to browse through meaningless quarantine reports and let them look at the stuff that is actually likely to be SPAM.

That last part is where I and some of my partners have very vocal arguments:

My mission is to cut down and eliminate spammers and their impact to the customer, not create pretty graphs.

My partners need the graphs and the data to prove to their customers that the SPAM is really bad enough to justify ExchangeDefender.

I think pretty much anyone who would spend a day on IMF/Outlook-only protection would scream their lungs off and rip their hair out over the amount and volume of junk thats floating out there. And while I can understand that sometimes people need to be shown what they are paying for I am not a fan of selling the fear. People either have a problem with their email or they don’t. And I’ll tell you this much – we do not lose customers. Nobody that has ever become a paying ExchangeDefender customer has ever left (short of AUP violations and going out of business) so I’m doing the right thing here, I really don’t think that at the end of the day the customer is going to be concerned about the value if they see 0 junk in their mailbox – they all have multiple accounts and contacts that are being flooded, they know the impact.

The second and more techical reason for what I do — By rejecting a message on connection basis I am saving back-scatter. When I reject the message with an SMTP error code the remote mail server is left holding the bag. When I accept the message and then have to send it back due to the prohibited content or system policy I am doubling the amount of junk that is being sent over the Internet. “But Vlad, why don’t you just not send it at all, just junk it?” – supose the message was legit but did not meet the policy requirements, or had questionable content, or did not meet the security requirement (some customers only accept encrypted messages or only specific senders), or had a virus, or had an attachment that customer would not accept, or, or, or.. My whole technical point here is that there are many good reasons for sending back an NDR and we (ISPs) need to be good Internet citizens and not flood the network with the meaningless ones.

Shockey Monkey Update

Posted: 5:29 pm
January 10, 2007
Shockey Monkey
Comments Off on Shockey Monkey Update

Hope everyone has made it back from the holidays and back to their jobs.

To that end, I think that everyone that was interested in Shockey Monkey has already submitted their application. I’ve certainly given everyone more than enough time. So here we go. Keep an eye on this blog and your email for the developments over the next two weeks. You should have received an email from me, if you haven’t, check your mail.

Most announcements will be made via the blog/web either here or at Own Web Now blog.

Watch where you blog Vlad

Posted: 2:01 pm
January 10, 2007
Exchange, Vladville
3 Comments

Sorry about the previos post, it went to the wrong profile and ended up here instead of the Own Web Now Corp Blog.

For what its worth, we “innovated” that feature from Exchange 2007 and Sendmail. While Exchange 2007 does not do this type of protection at all, they do enforce a 5 second tar-pitting interval on all connections by default:

get-receiveconnector | select name,tarpitinterval

The second part we got from sendmail. I honestly expected a lot of mail servers not to respect the RFC but it turns out that everything out there does wait for the 200 greeting banner before issuing the HELO/EHLO statement. Go figure. We ran on our honeypot network and got 83% of hostnames trapped using this mechanism so its likely something in the latest botnet code that major spammers are using.

Does anyone care about this stuff? Obviously the OWN Blog is a business place so the language is different for the people that haven’t met me… but some of this technical stuff does help ITPRO folks that are trying to learn how the subsystems work. So would you like to see it here on Vladville? I stopped writing articles here because I became the “MVP Free Technical Support Force” practically overnight and I just don’t know how to turn people away that ask for help. Ideas, suggestions, etc… would you like to see me write about this stuff on here? 

Adjustments to Tarpitting for ExchangeDefender

Posted: 1:44 pm
January 10, 2007
ExchangeDefender, OwnWebNow
4 Comments

Earlier today we have made some significant changes to the tar-pitting mechanism under ExchangeDefender. The new mechanism is designed to reject messages from hosts that do not follow the proper RFC SMTP dialog and attempt to smash tar-pitting. More on the basic concept of tar-pitting is described here.

The Problem

While tar-pitting is great for throttling remote mail servers and reducing their ability to efficiently deliver a lot of messages, the concept only applies against botnet servers that are attempting to deliver mail in bulk. Anotherwords, tar-pitting is only effective against servers that are concerned about getting the message out as fast as possible. By delaying the SMTP greeting banner, in theory, the remote mail server would have to wait a pre-determined amount of time before starting to send mail. Many open connections at once would overload a single node.

However, spammers no longer exclusively use single nodes in a full force attack. They use the botnet concept by load balancing their broadcasts through multiple servers. As such, those servers connect every few minutes and only relay a single message. By doing so its hard to blacklist them immediately because their overall reputation does not have enough data to be determined. These botnets are designed to bypass tar-pitting by opening a connection and sending data as soon as the connection is opened.

The conversation looks somewhat like this:

Trying xx.xx.xx.xx.exchangedefender.com.

Escape character is ‘^]’.
ehlo spamming-idiot.org
mail from: spammer@spammer.org
rcpt to: vlad@ownwebnow.com
data
Subject: Get a college diploma.
Ohio State University may be a loser but they’ll give you a Ph.D in nuclear physics based on your life experience.
.

Now the (target) tar-pitting mail server has accepted the connection but it has never sent the SMTP greeting. However, it will process the message as soon as its tar-pitting interval passes, thus in part bypassing the tar-pitting and delivering the message. Not good.

Notice that the client above did not wait for the 200 greeting banner, did not wait for the 250 Hello, did not wait for the server to acknowledge the recipient and the sender. They just wrote to the socket and waited. Now even though this does diminish the spammers performance a little (by taking 5 seconds to deliver the message) the message still gets delivered. That’s a problem.

The Solution

The solution is fairly simple: Drop connections with mail servers that are not adhering to RFC. The second the mail server issues a command before the 2.2.0 hostname greeting banner it will get dropped, logged and its tar-pitting interval extended.

Instead of a tar-pitting process that delays the connection a few seconds, this process allows for a connection immediately but delays the SMTP greeting banner a few seconds. As such, it can eliminate server load caused by spammers that think they have found a way around tar-pitting.

We ran this in testing on our production systems and have found 0 false positives over the course of one week. All hosts that were rejected were also on multiple RBLs. The implementation is transparent to the user and administrator and introduces a random (less than 5) second pause on all connections that do not have a reputation rating with ExchangeDefender. Less spam, less stuff to review, less bandwidth and less stress for you.

iMeToo Announced

Posted: 5:26 pm
January 9, 2007
IT Business
1 Comment

The word “innovation” has a special definition in the Microsoft dictionary, but with today’s announcements Apple pretty much wins the 2007 Meeee Toooo! award for excellence in delivering four new groundbreaking products… that already exist.

Today Apple announced a cell phone, pda, portable media device and a Tivo. Of course Apple fanatics will buy anything shiny with an Apple logo on it. What else will Apple innovate next? A wheel? Fire? Don’t know, but if you it streams iTunes Apple will take credit for reinventing it.