Rand Wacker

What a fantastic vacation weekend. Having worked pretty much non-stop since our honeymoon back in March, along with several periods of extended work travel, I didn’t realize just how tired I had gotten and how much I needed a break. An extended Thanksgiving holiday was exactly what the doctor ordered (almost literally).

I unfortunately started off the week (all the way back last Saturday at the Big Game between Cal and Stanford. Spent all of Sunday on the couch with a head cold, and only managing half a day of work on Monday and Tuesday. I had decided to take Wednesday (and today) off as extra padding around the holidays since I was gone for so damn long, so Lex and I headed up to Durham on Tuesday evening, avoiding the horrible traffic that I’m sure snared a few too many people.

Wednesday, Thursday, and Friday we did essentially nothing. Well, I actually cooked Thanksgiving dinner over at my Dad’s (which is more therapeutic for me than anything), and we went get massages, but we pretty much vegged out, and slept. I usually have no trouble putting in a full 8 hours or so, but between the lingering cold, daylight savings, general holiday relaxation, and too much food, I think I actually racked up close to twelve hours a night!?!

Saturday we took off early in order to break in our season passes at Kirkwood. With a storm passing through the mountains it took us several hours to get there, but we found eight inches of fresh on the ground and a clear blue sky by the time we were done with lunch..,fantastic day on the slopes! We were tempted to see if there was any space at the inn and make it a romantic ski weekend, but we decided to beat the traffic pouring back in to the Bay and headed home on Saturday night.

Unfortunately my virulent head cold finally caught up with Lex, so she was wiped out all day yesterday. I got a chance to dig out from under the pile of (postal) mail that built up while I was gone, plus continue on our door-refinishing project (more later). Today I’ve got one last day of freedom before returning to work tomorrow, and I intend on enjoying it (even if enjoying it just means making sure I don’t feel buried by all kinds of crap). The trick is going to be avoiding the TV, but since the weekend is now officially over I don’t think there will be so many pointless-yet-entertaining movies to keep me lobotomized.

Hope everyone else had a relaxing weekend as well. Time to get ready for the Christmas holidays and onward!

How-To: BroadCatching using RSS BitTorrent to automatically download TV shows - Engadget - www.engadget.com

For this week’s How-To we’re going to show you how you can use RSS and BitTorrent to find and download your favorite shows, automatically, using free software.

I’ve never been a big downloader for MP3s or other media through the slew of P2P networks that are out there, but I found this Engadget posting of finding recorded TV shows to download via RSS feeds to be a really cool idea. I’m sure that all the cool kids have been doing this for a while, but automatic searching of published file lists for download and later perusal is a really cool combination of technologies.

My DirecTivo is still working great for me so I have no need or desire (or time) to set something like this up, but it seems to me like another step down the path to a completely digital world, but driven by technology hackers instead of the major corporations (who, as usual, are just trying to catch up).

One of the authors on my blogroll is Chad Dickerson, who (I believe) is CIO for InfoWorld. He has good insights in to modern IT infrastructure and a pragmatic approach. They just put a recent article of his up covering the Top 20 IT Mistakes that companies make. If you’re responsible for infrastructure of any kind, it’s worth a quick read.

I was offline over the weekend with a head cold and opened my mail this morning to see some 150+ blog spams. MT-Blacklist isn’t able to keep up anymore and I haven’t been able to get any of the CAPTCHA plug-ins working, so I’m disabling commenting on MT until such time as I get a better solution in place (probably MT 3.1 with TypeKey). Sorry for any inconvenience.

One of my pending Netflix films I took with me on this trip was The Station Agent, which I have to say I quite enjoyed. Its a small film and a relatively simple story, but its well done and very enjoyable to watch. If you’re looking for something mellow some evening you might want to check it out.

SuperDuper

Last night I sat on a panel at the INBOX Email Conference about Email Sender Authentication Deployment, “What to do now”. The deck was a little stacked with my CEO moderating the discussion and the other participants from Microsoft and the SPF community all being on the same page as us, but I took a moment to reflect on exactly how far we’d come in the past year as an industry.

At the end of 2003 people were still sorting out a myriad of different anti-spam content approaches, email was still mostly reliable, but we all knew that we were going to have to evolve the infrastructure in order to continue to provide service for the billion or so users that have come to rely on electronic messaging. There was limited cooperation between groups, mostly in the form of a gorilla gang of huge ISPs that formed the Anti-Spam Technology Alliance (ASTA). In January, a meeting was hosted in Boston (on the coldest day on record I might add, 40 below zero!) that brought together a large number of ISPs, legitimate volume senders, technology vendors, and various luminaries in the email space to lay out a plan for what needed to be the next steps for email. It had been clear for a while before this time that we at least needed a way to provide accountability in the email stream so that we would at least know with reliability where a message was coming from, but there was still a lot of uncertainty about what to do with that information.

At the Boston meeting we started to compare and contrast a wide variety of proposals for email authentication: SPF, Microsoft’s Caller-ID, Yahoo’s DomainKeys. More importantly, the key players forged relationships that have allowed us to work productively (for the most part)) over the past year. Now everyone understands that authentication itself won’t make much money (in fact, it has to be nearly free in order to become ubiquitous), and they’re willing to work towards the common good as we understand it will enable an entirely new approach to email management that will be enabled by identity, accreditation, and reputation.

As a core part of the email infrastructure, Sendmail has taken a central role over the past year to help refine, test, and deploy these different authentication solutions (because we feel that it is not only likely, but necessary to have multiple complimentary standards). We have been actively engaged with the major proposal authors, written and released several open source (ie, free) plug-ins for people to use, and spent quite a bit of time evangelizing the concept in the media, at various conferences, and on our own site.

Back in January there was an insignificant number of domains that were authenticating their email (a notable exception being AOL…kudos to their gung-ho attitude). We set a goal for ourselves that we’d like to try to get 10% of legitimate email authenticated by the end of the year (knowing that a large portion of spammers would authenticate their mail as well, which is a good thing). Recent figures from various ISPs that have started checking for authentication information on inbound mail shows that already 30-40% of mail (by volume) has authentication information available. This is a tremendous gain, and I think its safe to say that by the end of 2004, nearly half of all legitimate email will be able to prove that it really came from where it says it came from. Even more encouraging, there has been an equally quick ramp-up (although slightly delayed) of cryptographic authentication proposals (an approach that we feel will provide better protection for more messages in the long run). Yahoo and Gmail are already signing 100% of their outbound email, AOL and Earthlink will start soon, and many financial and e-commerce sites with content to protect are making plans to begin signing during the first half of next year.

This means that we’ve reached the first tipping point in market adoption, after less than twelve months. So many sites are authenticating their outbound mail that there is now real value for receivers to start checking and using this information on the mail that they accept. Already a number of receivers are using authentication status as a factor in their decisions about whether or not to accept a message, and in just the past few weeks we’ve seen the first indications that they are starting to consider requiring authentication on inbound email at some point in the future. In short, even though there were a number of bumps along the way, I think we’ve more than achieved our goals for this year. Even though we set what we thought were fairly optimistic targets, those expectations have been blown away.

So what’s next? 2005 is going to see a huge amount of innovation as people start to implement new ways of processing their email. Spammers and phishers will still be out there, but they are going to have to radically change the way they do business, so we’ll be watching for shifts and countering at every move. Most importantly, receivers are going to re-gain control of what gets in to their inbox. Email will become reliable again, and can continue on pace as the most cost-effective and wide-reaching communications medium we have.

What should you be doing? If you’re an email administrator or domain owner, take a look at the information we’ve published on sendmail.net about all of this new technology. In particular I recommend that you read our white papers that present an overview of the whole topic, as well as our current recommendations. If you are an end-user, you should encourage your administrators or ISPs to begin adopting these practices, because you will want to be sure that your email provider is doing everything they can to protect both your identity on outbound messages as well as the integrity of email they delivery to you.

As for me, I expect to spend much of next year back out there with the random cast of characters who have been flogging this topic for quite some time. At this point we’ve come to think of ourselves as a group somewhat similar to either a world cup ski team (although the destinations or activities are no-where near as glamorous) or a traveling circus (even though our activities are nowhere near as organized).

And yes, I need to get authentication working on my home domains for real now, I just need to get back to real connectivity first!

I’m finally flying home after a record three-week trip for work. Due to a conflagration of various meetings I had to be on the East Coast for the majority of November. I was in Atlanta during Election week for a meeting of the Mail Anti-Abuse Working Group (MAAWG), went to DC the next week for a summit on email authentication at the Federal Trade Commission (and to poke my head in on the IETF meeting), and then returned to Atlanta for the INBOX Email conference (didn’t even get a chance to attend Usenix’s LISA, also in Atlanta). You might say that November saw a perfect storm of meetings.

Being comfortable with extended travel ever since I was a kid, I thought that it might be easier/cheaper/more fun to just combine these all in to one mega-trip, booked a round-trip in and out of Atlanta three weeks apart, and made plans to visit friends and bring Alexis out for a weekend in DC. I was mostly wrong on all three counts.

It seems as I’ve moved to the next phases in life, being at home has become more important to me. Back in college I could never fathom the idea of taking a week of vacation from work and just staying home; now I somewhat relish the concept. I like traveling to and seeing interesting new places, but most of the business travel I’m doing these days is to places which are neither interesting nor new.

Its definitely not all bad. I’ve been seeing a lot of old friends who moved far away, getting to explore different parts of the country with my wife and with others, but in general I think I’m going to make an effort to turn my US business trips in to tactical strikes on meetings instead of longer planned stays. Contrasting my mod after this trip with an even longer six week period this summer where I was somewhere different every week, I was much happier when I was home each weekend and away from it three nights or less a week.

This is just a shift in priorities. Having dinner with a friend and ex-coworker from our Professional Services group the other night he expressed the same change in sentiment, adding, “when I was 22 at a much larger consulting firm, I abused [long road trips].” Exploration on the companies dime was just a much more interesting prospect before we built nests for ourselves at home with house, families, and friends.

I’m not complaining (about anything beyond this extendedness of this trip), but its an interesting lesson learned. Time to write a little bit about the highlights now!

An Introduction to Cluster Ballooning

Like hot-air balloons, cluster balloons are flown in the very early morning, when winds are calm. In some areas, it is also possible to fly in the evening, in the hour or two before sunset. Preparations for a morning flight flight start before dawn. The balloons range in size from four to seven feet; depending on the mix of sizes, anywhere from 50 to 150 balloons may be needed. It takes a crew of fiften to twenty people about an hour and a half to inflate the balloons. Special hoses and manifolds are used to inflate the balloons to the desired size, based on the volume of the helium tanks. The inflated balloons are sealed using tape and cable ties, and are tied with nylon twine.

I’m still a little shell-shocked. Sitting here this morning I’m watching W’s surprise news conference where he has literally referred to himself as, “the will of the people.” I am just astounded by the 3.5 million vote margin for W, and I’m terrified about what this means for the country when the radical right takes it as a “mandate” (which they already are):

- It is a mandate in support of John Ashcroft’s war against the Bill of Rights and the erosion of civil liberties.

- It is a mandate in support of preemptive invasions of countries that didn’t attack us, did not have the means to attack us, and did not work with the people who attacked us.

- It is a mandate to ignore the risks posed by countries that really do have nuclear weapons, and to demonstrate to them that the only way they can remain safe from US aggression is to build up and be willing to use those weapons.

- It is a mandate (along with 11 state initiatives) to dictate to people who they can spend their lives with.

- It is a mandate to continue to destroy our environment through Orwellian initiatives such as “Clear Skies” and “Healthy Forests”

- It is a mandate to run our economy in to the group by running a deficit of more than half a trillion dollars (more than a quarter of our national budget), resulting in latter-day interest rate climbs and a crushing blow to our economy a few years down the road.

- It is a mandate to “not worry” about the man who did attack us, and still taunts us on world-wide TV.

This is an election won on the basis of fear and of hatred. It is a mandate for a party that has shown fiscal recklessness and social/civil fascism. How can we believe in a country that is turning away from a path of continuing freedoms to a path of deceit and repression?