Tony and Paige.com

Have you every received a post card?

You know, an old-school piece of paper with a picture on one side and writing on the other. It goes without saying that anyone can write anything on a postcard. I could go out and get a postcard with a picture of the White House on it and write “Wish you were here. Love, Dubya” on the back. If I send it to your address and put 1600 Pennsylvania Ave as the return address, then you have no way of knowing who really sent it.

E-mail works exactly the same way as a postcard. It’s so easy to forge the from address on an e-mail that even a child could do it (and many of them do). It’s even easier to send you an e-mail from dubya@whitehouse.gov than it is to send you a fake postcard. The differences are, it doesn’t cost me anything to send you an e-mail and there are programs that let me send thousands of e-mails with a single mouse-click.

With all of these facts in mind, it should be obvious to even the most inept computer user that you can’t trust the from address on an e-mail.

So why is it that I still receive complaints like this at least daily: “I got a spam e-mail from your address so you better check your computer, it’s sending spam!” To which I reply: “Every spam these days has a fake from address so you don’t know who really sent it.”

Here’s another one that I frequently get: “Someone at Paris ISD sent me a virus so you should check all of your computers!” Again I reply: “Every virus these days makes up a fake from address so you don’t know who really sent it. And, I monitor every message that goes through our server, so if one of our users has a virus I’ll know about it immediately.”

Finally, my all time favorite complaint: “I received an e-mail from you with a strange message and an attachment. I tried several times to open it, but never could make it work. Also, my computer is running really slow now and I think some of my files are missing…” You can make up your own reply for this one.

To make matters even worse, some mail server admins have set up their spam filters and anti-virus software to return bad e-mail to the (fake) sender. So people receive automatically genereated e-mail from a mail server saying something like “You sent an illegal e-mail to a user on our domain. If you continue to disrupt our network this way, you will be prosecuted to the fullest extent of the law.” I will never understand how these idiots get jobs running company networks.

Now, I know some of you out there are really clever and you’re saying “Wait a second, I can tell where your postcard came from by looking at the postmark.” If that’s you then you’re exactly right. All of those evenings spent watching CSI have finally paid off. E-mail has a similar feature where you can look in the message header and see what IP address actually sent the message. Unfortunately, even this can be spoofed by a clever virus or spammer, and most users don’t ever take them time to look at it.

What should you do with all of this new knowledge? First, never trust the from address on an e-mail again. Next, never open an attachment unless you’re absolutely sure what it is and why it was sent to you. If you have any doubts about a message, pick up the phone and call the sender. If you still have any questions about the origin or purpose of a message, just delete it. Don’t bother notifying the sender or e-mailing a warning to everyone in your address book. Just click delete and move on with your life.

Happy E-mailing!

Amazon.com has (finally) added a priority option to wish lists. This is something they’ve needed to do for a while. Instead of just seeing all of the items listed by date or price, you can sort the wishlist by how bad the person wants each item.

If you want to see an example of how this works, check out my wish list. This is really helpful since some of the things I really want are on the second page of my wishlist and no one ever notices them.

I couldn’t stand it any longer. Today I cancelled my dial-up account and switched back to a cable modem.

I’m paying twice as much, but my connection speed went from around 30 Kbps to about 1000 Kbps.

The Internet was abuzz this weekend with talk about the leaked (stolen?) source code to Microsoft Windows. There are two different files circulating on the file-sharing networks. One contains code for Windows NT 4.0 and the other contains Windows 2000.

covering the investigation into how the code got out. In the article they also mention the fact that the source code is “riddled with hidden notes and profanity”

I have not looked at the source code, and I don’t want to see it. I’m sure all developers of open source software feel the same way. Examaining this code would legally “taint” any programmer so that Microsoft could then sue them for copyright violation if any of the ideas from the code were reimplemented in another program.

Of course this hasn’t stopped the crackers. According to SecurityTracker.com an exploint based on the leaked source code has already been released. Proof once again that “security throught obscurity” (i.e. hiding your source code from the public), is a terrible way to run a software company.

Finally, just in case anyone feels safe because they’re running Windows XP, keep in mind that Windows XP is just the latest evolution of this same family of code. Windows 2000 is actually version 5.0 and Windows XP is version 5.1. Exploits discovered in this code will most likely affect Windows XP as well.

One of our star students, Zach Clifford, has set up his own web server. Why am I proud? Because he’s running Debian Linux, of course. I would love to take some of the credit for this site, but Zach did it all on his own. Actually, I just started visiting about a week ago.

It’s a great site. He as an active message board, games, picture galleries, etc. There’s only one thing wrong with his site – Google has never heard of it. A Google search for Zach Clifford doesn’t even list his site on the first page. Looking at the stats for his site, I realized that Google’s bot wasn’t even indexing his page.

Since Google is rather found of our little site, I though I would help him out by posting a few links to his site. So if there’s anything you want to know about Zach Clifford, be sure to check out his website at http://www.zachclifford.com.

We’ll see what this does for his page rank…