Thursday, September 07, 2006

Getting email through: SenderID, DomainKeys and SPF

I've been trying to see how I can stop Google from tagging my email as spam. Only Google, which has the worst spam filtering in the industry, has this problem. I've been looking into what's available in terms of sender authentication. Alas, things are not in great shape. There are 3 options currently:
  • DomainKeys: "cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit." Supported by Yahoo, Google, and, I think, Earthlink.

  • Sender Policy Framework SPF: Wikipedia - "SPF allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path)". Spammers, however, were early adopters of SPF. SPF has been championed by AOL.

  • SenderID: was a combination of SPF and "Caller ID". Unfortunately Microsoft has the relevant patents and they chose to use those patents to attack open source software. The result was the rejection of SenderID. (SenderID also uses SPF, so it's "SPF + Caller ID")
SPF has an open source implementation, but it's not encouraging that it was widely adopted by spammers. Also, AOL is not a great champion. SPF isn't enough by itself to bother with.

SenderID has the advantage of Microsoft's support, but the Wikipedia article makes it sound awful on several levels.

That leaves DomainKeys, which has been adopted by Google and Yahoo. Yahoo owns the key patent, but they produced an open source type license.

I have two ISPs: VISI and Lunarpages. VISI doesn't do support any form of email authentication (they promised to put my request on the list), but Lunarpages supports SPF -- unfortunately SPF doesn't seem to amount to much.

I get the sense that first rank ISPs will support DomainKeys, and that corporate pressures may force support of SenderID too -- no matter how ugly it is. In the meantime, I'll just encourage my ISPs to look at DomainKeys more seriously.

iusethis.com: some interesting products

iusethis.com has some interesting products I'll check out:

1. Memtest check system memory. Highly recommended for new memory or when buying a used system. Freeware.

2. code collector: manage code fragments

3. Alarm clock II

4. Google maps Plugin

Wednesday, September 06, 2006

Retrospect Pro needs internet access to backup my LAN

The program formerly known as 'Dantz Retrospect' was a mainstay of the Mac community in the 1980s and early 1990s. Sometime in the late 1990s, when the Mac was really dying, Retrospect ran out of steam. By the time the Mac flamed on again, Dantz had lost its mojo; the application never got the care and feeding it needed and the customer base never returned. (In fairness to Dantz, the 21st century Mac is a consumer product and Retrospect was a SOHO/corporate solution.)

Now the decaying remnant of Retropsect is owned by EMC Insignia. I still use Retrospect Pro, but I don't know anyone else who does. There are few Amazon reviews and no respectable reviews anywhere else. No decent blogger confesses to using it (ok, there's me, but I'm not decent). There are no free downloads and no user forums. It's fair to say that EMC is simply feeding off a decaying user base.

All of which is by way of introducing a curiousity. I recently terminated NAV and installed a trial version of Microsoft OneCare. That means I have a better firewall than I used to. Today I found that Retrospect Pro had hung during a LAN backup. The firewall told me that it had blocked Retrospect's acccess to the net. I allowed access to Retrospect and the backup resumed.

Retrospect uses an internet registry to find the address of machines it backs up. That's how it can do backups across a WAN. One day, of course, EMC will give up and turn off that service. I think there's a workaround (hard code the IP addresses probably), but it is interesting to see examples of remote application disabling that date back to the 1990s.

Monday, September 04, 2006

Reconfiguring an Airport Express to WDS and switching from home to travel configuration

My Airport Express (why, oh why, couldn't Apple make the USB port powered?!) went traveling with me. When it came home I had to restore it to its usual duty -- extending my base station. It took me a while to remember how to do this [note: see two updates below, including use of the Configuration (profiles). Basically you:
1. try a hard reset first. If that doesn't work do a factory reset (MacWorld ref article on resets - since I wrote this I've found the factory reset more useful).
  • To perform a hard reset, push and hold the reset button for 10 full seconds with the AE powered the whole time.
  • Release the button, and AirPort Express will reset.
  • For the factory reset, unplug first. Press and hold the reset button and, while holding it, plug in the AirPort Express (this is a pain in the butt to do). KEEP HOLDING. It takes at least 30 seconds after plugging in before it resets.
2. Use Airport Admin utility to configure the Airport Extreme Base Station, not the Airport Express! This is the counterintuitive part: AirPort Extreme and Express: Using WDS to create a network from multiple base stations.
Here's the catch. My AEBS recognized the ethernet ID of the Airport Express and "assumed" it was already configured -- so it wouldn't run the auto-configuration (don't try to do this manually, it's ugly). I had to remove the AExp entry from the WDS client list, then add it back in again. That ran the setup routine. Don't forget to set a password on the AExp.

Then I used the Admin tool to configure the AExp to a more recognizable name.

Way too hard.

Update 10/12/06: The good news is that you can save the configuration prior to travel from the admin utility, then reload it on return. The bad news is that if you change the password on a WDS WLAN access point (the main Airport Extreme), you break everything. You need to connect individually with each of the stranded access points using the old password, then remove the password, then add them back in as above. Really, Apple's Airport Express was really only half-baked.

Update 9/5/09

When I bought my 802.11n Time Capsule I didn't think I'd use my Airport Express except as an AirTunes connection. After all, the Time Capsule is supposed to have great range.

Cough. That's great range for 802.11n, but most of my devices are b/g. Also, I was disappointed with the AirTunes behavior of the Airport Express (Aexp) in passive client mode, I wanted to see if returning to WDS would restore the performance it had with my old flying saucer base station.

This time I used AirPort utility 5.4.2, and things were a bit different -- also quirky and buggy. (see also)

It took several tries to get it working. As before you certainly need to do this in automatic mode -- doing it in manual mode never seems to work.

I had to do a factory reset, then walk through automatic setup, and choose the extend network option. I had to work through these bugs:
  1. On initial configuration I kept getting asked for an Airport Express password -- even though I'd done a factory reset. I had to disconnect my iMac from the wired LAN (and thus the Time Capsule), so it was purely an Airport client, before this went away. This is pure weird and I can't explain what intuition led me to the workaround.
  2. To configure the Aexp you need to switch to it's network. That means you're not on the base station network any more. There's a place where you're supposed to see the name the base station network. When I did this - nothing showed up (tried in two accounts). That is, nothing showed up until I typed in my network name. That produced an error message, but when the screen refreshed the wireless networks appeared.
Pretty buggy stuff!

Update 11/8/09: A reader commented that I ought to try using "profiles" to switch, instead of going through the reset dance. If you change to Manual Setup, the current version of "Airport Utility" allows one to save a configuration to an external file, and to load in a file based configuration (requires your admin password). The files are given the extension .baseconfig.

I've saved two configurations - one for home and one for use with my parents. I've saved them to the laptop I usually travel with and to a thumb drive.

Here's what I did to switch back to WDS on returning home:
  1. Plug in Airport Express (AExp). It doesn't need to be connected to the net.
  2. Connect to the AExp wireless network so you can talk to it.
  3. Open Airport Utility. It took a while for it to find my AExp. Maybe it hadn't finished restarting?
  4. Set Airport Utility to Manual setup
  5. You can "Open" the external configuration file to view it, but to switch you need to use import.
  6. Restart AExp. Worked for me.
Remember that to do this you will also need your admin password. I carry mine in an encrypted iPhone 1Password.app database, but you could also store it in an encrypted Disk Utility sparsefile image on your laptop or thumb drive.

Microsoft OneCare: googletoolbarinstaller.exe is a virus

I've uninstalled NAV and I'm testing Windows Live OneCare antivirus. I had it scan my system, it reported "7 infections". Among the virus bearers were: Gooletoolbarinstaller and GDSSetup.exe. Hmm. Maybe. On the other hand much of the reporting from the scan was gibberish.

More on Microsoft's core subscription software service later ...