The Future of Email

Quick! Pick a platform and then count the web browsers that run on it. Firefox, Chrome, IE, Safari, Opera. The usual suspects. Those especially geeky might be needing a 2nd pair of hands. Now do the same for mail clients. How many fingers do you even need? (continue reading…)


The Next Revolution

The original iPhone was revolutionary because it was the first product to combine a phone, music player, Internet browser, mail client, camera, gaming system, and – let’s face it – an anything-to-anyone customizable application platform.

Likewise, the iPad was equally revolutionary in it’s positioning as a re-imagined PC alternative and Internet/media consumption device.

These were paradigm shifts. Nothing since then – whether from competitors or Apple’s own evolutionary releases – carry the gravitas that would allow anyone to call them similarly “revolutionary”.

Yet “not revolutionary” has been the charge levied – unfairly, in my opinion – against releases such as iPhone 3GS, iPad 2, and iPhone 4S. To my way of thinking, “revolutionary” is a difficult goal to achieve for any well-entrenched product line. And it got me to thinking: what would make for a “revolutionary” jump in mobile devices?

  • A capacitive multitouch display that also had solar charging capabilities? (Not just a solar cell on the back, but one integrated into the touchscreen?)
  • A pico projector and integrated laser-projection keyboard?


What do you think? Take a moment to participate in this thought experiment. Beyond simply “bigger, faster”, what next technology iteration would make a mobile device be worthy of the label “revolutionary”? Please comment!

Twitter Has A Lot Of Growing Up To Do

In the early 80s, I thought the two greatest things in the world were email and USENET. I was totally addicted. Carrying on conversations with far-away people without the worry of telephone or time zone, or sharing a passion with fellow rec.sports.this or comp.sys.that afficianados was refreshingly liberating, especially for a quiet guy that was barely audible in public. I spent countless hours in the computer labs, and when I found out that I could dial into the school network from my own home using just a $100 Televideo tty with modem, it was truly “game on”.

As a student, I had limited access to the inner-workings of the system and I was only a ‘consumer’ of the information stream. And a glorious stream it was. But by the late 80s, I had the fortune of seeing the belly of the beast. Now I was an admin, and I could see the way the network worked, the transmission between hosts, the dance of the cron jobs to keep everything in balance. When most others were mesmerized by shared commercial email services like Compuserve and Prodigy, I had a *personal* .UUCP node on my Mac IIfx and my own USENET feed of selected newsgroups. We were a self-policing organism. AND IT WAS ALL FREE!

But money changes everything, and like absolute power, corrupts absolutely. Commerce trolls had made their way onto USENET, and it was no cost to them to ply their wares in open forums. They had a ready-made audience of sitting ducks, and all they needed to do was drop their spam bomb and move on to the next newsgroup. Now the beautiful synchrony of USENET propagation was interrupted by the staccato of “cancel” messages that back-propagated to kill the discordant posts. In the end, it became more trouble than it was worth. The bang-for-buck was no longer there for me, and it faded into distant memory as the next open frontier – WWW – became my new passion.

My love for email still lives on, but management of it too is more burdensome than it was back in those idyllic days. First came the unwanted spam for “viagra”. Then simple keyword filtering stopped being effective when “V1@gra” entered the scene. Then “V   I   A   G   R   A”. Then embedded image spam. And so on. Whitelists, blacklists, procmail, DNSRBL, Bayesian filtering, spam firewalls. It’s actually quite a battle, though the bang-for-buck is still there.

So, as you’ve weathered my typical long story, what is my point? Twitter is where email and USENET were 20 years ago. Isn’t it wonderful that we can establish relationships with people we may not otherwise encounter, share passions, let links go viral, proclaim “what’s happening now”, and converse (albeit in a 140-character unthreaded style)? I’m very “greatest thing since sliced bread” excited about things like Twitter and Flipboard right now. But it’s all too eerily familiar…

And like the Sentinels from The Matrix, “here they come”. The spambots that search the entire twitterverse for your mention of “solar” so they can hit you with a renewable energy resources tweet. The ones who offer the best way to stop smoking if you mention anything even remotely relevant. Or the ones who simply suggest you buy a certain TV because you mentioned, well, nothing relevant at all.

Twitter is self-policing like USENET and email were in those early days. You can block a user and/or report them for spam, at which point you assume that the Twitter gods will banish them from the kingdom. But it is trivial to start a new account and begin spamming all over again. Eventually the cacophony is going to be overwhelming, or the self-policing will become too burdensome. Either could be the death-knell for Twitter. If Twitter had the same RBLs and Bayesian filters and other tools that evolved for email de-spamification, I might be inclined to use them. But even the need for those could be signaling the beginning of the end.

I think Twitter is in its naive era, where everything is good and nothing can corrupt. They seem to be worried more about their 3rd-party clients and API usability, and less about the people that will be (ab)using them. It’s well-known enough (compared to something like Orkut) to elevate itself into everyday culture, but not yet under the weight of its own gravity like Facebook. Usage will undoubtedly continue to increase, probably exponentially thanks to things like iOS5 deep integration bringing it rapidly to the fore. And thus Twitter needs to grow out of its naivete quickly.

There’s that old line from superhero movies, “if only he’d have used his power for good instead of evil”, and there is potential to do some major Twitter evil out there. What we’ve seen to date has barely scratched the surface. Many people are intent on working within the boundaries of the system for their own commercial best interests, and many more still have no qualms about abusing. (Let’s hope it doesn’t get as bad as email, where 78% of all messages are spam.)

So if Twitter is listening, please: let’s set those boundaries firmly and build in processes that will weed out the offenders. Twitter needs to take a much more proactive and hard-line role in preventing tweet spam from overtaking the community.

Maximizing Your LinkedIn Connectedness

LinkedIn boasts millions of members. But dig deeper and you may notice that many of the profiles are old and abandoned. Beyond a general apathy/disillusionment over the LinkedIn social media experience, I believe many of these orphaned accounts are due to the user leaving an employer and thus losing access to the email account that they subscribed under. Or perhaps registering using their personal email address, but later changing ISPs…

Many people must not be aware of the fact that LinkedIn supports multiple email addresses associated with one account. I have had several friends.. er um, sorry.. “connections” that re-invited me to connect because they started a brand new LinkedIn profile for their job at a new company. Ouch. It would seem painful to me to invest time building a network, only to lose it because you no longer had access to your originally-registered email.

Thankfully, LinkedIn allows you to register multiple email addresses. If you do so while you still have access to them – they require an acknowledgement of a confirmation email – you can actually register as many addresses as you may be known by. Both professionally and personally.

Go to Settings > Account > Add & change email address. Here you can kick off the confirmation process for any address, delete an abandoned email, or swap your ‘primary’ from one to another.

There’s an additional advantage to registering multiple addresses: when you sign up for LinkedIn discussion groups, you can have the alerts/announcements be redirected to any of your confirmed addresses (not just the primary). And unlike, say, a mailing list, you can change them without involving lots of approvals or change of address submissions. Just select from the drop-down on the group’s member profile. So for instance, you could redirect alumni group emails to your Gmail, but business groups to your work address. A very handy feature.

My advice: take the time to register your various email addresses ahead of time. You never know where life takes you. Your employment situation may change or you could move from a Cox service area to Time-Warner. I guarantee that what address you registered with on LinkedIn will probably be the last thing on your mind at the time, but you’ll be glad you were prepared.

PS: Facebook also supports a similar multiple-address feature. Though I don’t think Facebook has the same abandonment issues that LinkedIn does…

Google Spam: Not A Problem

A lot of press has been devoted recently to problems with Google search spam, eyeball-stealing content farms, and search algorithm optimization. But very few complaints are ever made about how Google deals with the original type of spam – unsolicited email. That’s because Google does a pretty damn good job in combating it.

I just got my first GMail spam today. After 5 years on their system, the first unwanted email I received was not about V1@gra or diplomas-by-mail – it was a Mastercard/Visa offer in Spanish (which is probably why it snuck through their filters).

Receipt of spam is hardly newsworthy, but it is significant given Google’s track record. They just don’t seem to get enough credit in that regard. Contrast this performance to Yahoo, where I received my first spam within 24hrs of account creation. Which was a real puzzler at the time since I had not even used the account yet…

I can’t even begin to measure the amount of Yahoo spam that I have been subjected to in these past 15+ yrs. And while they have made small anti-spam improvements, it is nothing like what Google has managed to do. In fact, that is one of the key reasons why I do not use my address often. (The other reason: at every login, Yahoo bombards me with “chat spam” requests and it takes 3 clicks to decline each person.)

Exchange 2007 OAB Subtleties

For quite some time, we had been dealing with Outlook Offline Address Book problems. The OAB would go in and out of visibility for both Outlook 2003 (Public Folder distribution) and Outlook 2007 (Autodiscover method); both RPC and Proxy; both Cached Mode vs not. Errors seen whenever the problem was present included: (continue reading…)

The Geosocial Universe

An interesting infographic on the penetration of social media in the mobile world.

Check out what we are calling "The Geosocial Universe&qu... on Twitpic

I might quibble over the representation of Hotmail, Gmail, and Yahoo! Mail as individual closed systems though. Size matters relative to their marketing capabilities – think eyeballs and click-throughs – but in the social media universe I would think they are all part of a generic “email” aggregate that dwarfs all others.

Upgrading Exchange 2007 to SP2 in N+1 Easy Steps

Running an Exchange continuous-replication cluster can seem rather intimidating, but it’s really not that bad. When it comes to patches, upgrades, etc it really just boils down to working on the passive node, flipping roles, and then working on the (former) active node.

Upgrading an Exchange 2007 CCR to SP2 is no different, and is explained in great detail on this TelnetPort25 guide. It is a relatively simple process, but I guess I was groggy because I managed to skip a step and royally screw things up. My folly is documented here in case anyone else runs into a similar situation.

  1. Upgrade the passive node.
  2. Flip active/passive roles.
  3. Stop the cluster.
  4. Upgrade the virtual CMS.
  5. Upgrade the (former) active node.
  6. Start the cluster.

Step #4? Pretty darn important. But while #1 and #5 involve running SETUP.COM with a /m Mode switch, step #4 uses a special /UpgradeCMS switch.

If you overlook the subtle difference and miss that critical step, you will end up with 2 physical installations upgraded to SP2, but with the virtual node of the cluster still on the previous release. Exchange will not start because the versions are mismatched, and you cannot run the /UpgradeCMS command after the damage has been done.

At least not right away.

If you are unlucky enough to duplicate my stupidity, the fix is actually rather simple.

To fake the CMS out and allow it to be upgraded (even though both physical nodes are already up-to-date), you need to delete the registry key that marks the CMS as installed:


Once the key has been removed, the /UpgradeCMS command will be able to run as it originally should have been.

Lots of panic and self-flagellation, plus one extra step.

Clever “Adobe Risk Management” Fake Alert

Earlier this year, I posted an example of a ridiculously contrived attempt to propagate malware. For as amateurish as that one was, this one is the exact opposite: a very clever and convincing ruse. The message purports to be courtesy of an Adobe “Risk Management” official, referencing a known Acrobat exploit, and urging the application of a patch.  What made it quasi-legit was not the fact that it came from Adobe, but that it came as a simulated mail thread from company VP to company VP, ultimately addressing an end-user by name and directing her to take action. I am not a malware expert and did not deconstruct the PDF or EXE to know if or what was infected, but it all seemed suspicious enough to me…

(continue reading…)

Challenge-Response Email

Mailing to a friend, I just had an encounter with his Challenge-Response mail system. I was curious enough to look at the marketing material for this particular commercial product, and noted that it claimed 100% accuracy for anti-spam. Well of course. That’s because C-R is not an anti-spam system, it is an anti-email system.

A C-R system requires the email sender to verify their legitimacy as a human being (rather than automated spammer) by using some Turing-like Test such as CAPTCHA (a common verification technique found on web sites, such as the GuestBook link above). It does this for all mail, regardless of content. It is something akin to email call-screening, but really has very little to do with anti-spam. It is a whitelist/blacklist system based entirely on sender address that builds up the respective filters via the screening process. Proponents argue that C-R is 100% accurate while other methods that constantly tweak content filters are not. To some extent, this is true. But is it truly worth it to never see a spam again?

Users love C-R because they no longer receive spam. But what else are they not getting? Senders – legitimate ones – tend to not like dealing with the business end of C-R systems because it has the appearance of being slightly rude: not only is it like saying “here’s my email address, maybe I will allow your message in”, but it automatically paints everyone as a spammer until proven otherwise. Not to mention that the CAPTCHA process, one-time or not, can be slightly irritating. More times than not, senders just walk away with a “why bother?” attitude.

There are other ways. My ISP provides SpamAssassin as part of their Exim front-end mailer. On the back-end, I use Thunderbird’s Bayesian filter. Between the two, I have about a 97% anti-spam accuracy and have not experienced a single false-positive in 3+ years. Sure, the occasional spam may get through, but I just use it as an opportunity to further train T’bird. At work, we use a Barracuda spam firewall in front of our Exchange server. The false-positive rate [dropping into the Quarantine area] is decidedly not zero, but when you look at the millions-per-day of spam that were successfully blocked, one has to admire the overall efficiency of the product.

I don’t mind the occasional spam that does get through these protections, because I know they are working in my favor the majority of the time. I am not so offended by the stray advert that I desire to “terminate with extreme prejudice”, and I will not risk alienating legit senders just so my delicate nature is never uglied up by the outside world.

  • DarkSideGeek on Twitter

  • New This Month

    April 2020
    M T W T F S S
    « Apr    
  • Copyright © 1996-2010 The Dark Side Geek. All rights reserved.
    Jarrah theme by Templates Next | Powered by WordPress
    %d bloggers like this: