News from PANUG/BizNix - October 30, 2003 http://panug.org - http://biznix.org LINUX BOOT CAMP Weve moved the venue for the Linux Boot Camp so there's now space for more people. Details are here: http://alcpress.com/training/ Click on Current Schedule of Classes. MAPPING IP ADDRESSES TO COUNTRIES by Steve Coan The following Web site provides a service to locate the country an IP is assigned to. http://ip-to-country.directi.com/ The PERILS OF CLOSED SOURCE SOFTWARE Submitted by Rich Sheppard. Here's an article about Appgen going belly-up, stranding users and customers. http://panug.org/53 MIGRATING TO OPEN SOURCE by Robert L. Brown Network Manager U.S. District Court The IDA Open Source Migration Guidelines provide practical and detailed recommendations on how to migrate to Open Source Software (OSS)-based office applications, calendaring, e-mail and other standard applications. These guidelines have been designed to help public administrators decide whether a migration to OSS should be undertaken and describe, in broad technical terms, how such a migration could be carried out. They are based on practical experience of a limited number of publicly available case studies, and cover a wide range of management and technical concerns. See: http://panug.org/54 Why Open Source Software/Free Software (OSS/FS)? Look at the Numbers! This paper provides quantitative data that, in many cases, using open source software / free software is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper's goal is to show that you should consider using OSS/FS when acquiring software. This paper examines market share, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non-quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html HEAD START RAFFLE by Keith Rosen I work for Early Head Start Family Center of Portland, a social service agency that provides free and low-cost day care for low-income families. I am running an on-line raffle in which entrants can win an eMac computer. Donate just $3 for one chance or $7 for 3 chances to win a brand new eMac. All donations are tax deductible and benefit Early Head Start Family Center of Portland. For more information or to Enter Raffle: http://www.ehspdx.org/Get_Involved/Sub-Pages/Donate_Raffle.html Visa and Mastercard accepted. Questions or to verify validity: raffle@ehspdx.org or call 503-236-9389. FEEDBACK Jeremy Grand responds to the October 21 Coordinated Spam Attacks article by Ed Sawicki: SpamBayes (and other client-based spam detectors) use the technique of scoring each email based on past experience. That is, they learn from the user what is spam and what is not. This is highly accurate and effective in my brief experience, and I think the principle could be applied to scoring sources for inclusion in black lists and white lists both. If an ISP would collect identified spam from individual users it could build a database useful for training a spam filter. The whole thing could be automatic. I believe the technique works best when there is a database of good email too, but that is something of a privacy issue. Ed responds: The techniques that you describe - often called Bayesian filtering - certainly do appear to work well - for now. However, they just offer temporary relief from spam. Spammers are already compensating by mangling the text of messages so the filter can't pick out text. One such technique embeds legal HTML tags and HTML character entities in the text. This mangling increases the size of the message many times. Sure, the anti-spam folks have developed techniques to decode the HTML before applying the filters and this will work - for a time. The spammers will compensate by further mangling the messages using techniques that we can only guess at now. Suppose, for example, spammers send their messages as images - further increasing the overall size of spam messages. Do we then try to retrieve the text using OCR? If we do, our mail servers will need quite a bit more horsepower. Maybe we'll be back to mainframes just so we can fight spam. Note also that Bayesian filtering must receive entire messages in order to "learn" whether messages are spam or not. This means that the spammers have consumed your bandwidth. Some of us are concerned about stolen bandwidth - not just spam messages appearing in inboxes. I think techniques that rely on examining message content will never be a reliable way of blocking spam. The answer is in better protocols for moving mail and authenticating senders. Until we have these solutions, it's easier to identify white mail than to identify spam. DISCLAIMER PANUG and BizNix welcome contributions from all members. Member contributions do not necessarily represent the official positions of PANUG or BizNix. The views of members that contribute frequently may appear to be the official position of the group(s). If you contribute, you'll be adding vital diversity of opinion and outlook to these broadcasts.