Internet commentary
Spam, Spam, Spam [1]
Keywords: Internet, SMART Group
Don't be put off because the title – and its footnote – are the same as in the last issue. There has been a lot more news on the spam front,over the past couple of months or so.
Perhaps one of the most important items is that there have been many media reports that Microsoft proposes taking some spammers to court. Apparently, two of these spammers, in the UK, have hacked into one or more Microsoft servers and have "harvested" the e-mail addresses stored therein to add them to their lists. This would appear to be a criminal misdemeanour under the Misuse of Computers Act. However, another 13 suits have been filed in the USA, accusing the spammers of sending deceptive e-mails to Microsoft customers. This would be a civil charge, far less serious.
In the first case, I wonder whether Microsoft is not setting up a smokescreen to take the public attention away from how the spammers accessed the servers, in the first place. It is hardly a good advertisement for a company that is a major server software provider, if the harvesting process can pass all the standard security measures so easily, is it? OK, yes, I know, no Internet system is absolutely secure, mais quand même!
Microsoft is not alone in this fight. AOL Time Warner and EarthLink are also pressing suits against spammers, as are a few organisations of Internet users. Even a handful of individuals have pressed charges, but it must be very difficult to prove that a given spammer has caused sufficient damage to a single person to justify a court case, even if it is possible to trace his origin (not very easy) with sufficient certainty that it would stand up in a court of law.
Much of the spam whizzing around the Internet is illegal in many countries. Obviously, pornography springs to mind, especially when sent to minors. My two teenage grandchildren have received all sorts of lurid, more or less explicit,invitations. Pharmaceutical products cannot be bought over the Internet in many countries and the offer of them may constitute an offence. Deliberately,virus-infected e-mails are also illegal in some countries.
Are law courts a solution to this pandemic plague? Certainly not. They can,at best, touch only the smallest tip of the iceberg. If someone has a server specialising in the dissemination of spam in New York or Manchester, Paris or Frankfurt, then, yes, the police can intervene and shut it down, following a court order. But, if the server is in Harare, Islamabad, Pyongyang or Vera Cruz,do you really think that anything concrete can or would be done?
How severe is the problem of address harvesting? Probably a lot worse than you think. I recently set up a brand new e-mail dial-up account for my granddaughter, with a major Swiss ISP. At the same time, I installed a software firewall on her computer. The following day, I looked at the firewall log and found that, in less than 24 h, the software had blocked not less than 41 unauthorised accesses to her computer. Some of these may have been innocuous pinging, but some may equally have been looking for the contents of her address book or attempting to install spyware. What is interesting are the countries of origin of some of these spurious attacks. They include the USA, Germany, South Korea, Australia, Puerto Rico, Uruguay, Russia, Indonesia and many others. This illustrates the internationalism of the problem.
So what are governments doing about it? Not a great deal. The US Congress has established rules, which are totally ignored and they are reported to be looking at ways to restrict spam more effectively. The problem must be attacked at an international level before much can be done, in my opinion. Do you think Kofi Annan should create a United Nations Internet Security Programme (UNISP)? This would produce a problem of a different kind. As most of the security-leaky software comes from the USA, Congress may decide that it is against the economic interests of the USA to fund a UN agency to restrict the American software authors. On the contrary, leaky security makes it easier for Government Agencies to hack in and monitor Al Qaeda et al.
More seriously, can anything be done at an ISP level, so that the spam is blocked before it even gets onto a server? Well, er, yes, maybe. The problem is that the ISP must be 100 per cent sure that anything they block is spam and that no wanted messages can ever be blocked. Ever! This is a tall order. There is no possible way that any one can be sure about every e-mail. If an ISP sees that 10,000 clients have all been addressed an identical e-mail whose subject is an invitation to buy Viagra at low prices, then yes, it can be safely removed from all the servers. But what about a single e-mail with the same subject? It may be in response to a genuine customer enquiry. My ISP has recently started blatant spam filtering, using SpamAssassin. As it is set up, I would guess that it has reduced my spam frequency from about 50-60 per day to about 35 per day, although it is early to have a reliable statistic on the matter. I am very scared though that, sooner or later, the system would not eliminate a false positive,genuinely telling me that I had won a lottery or some other good news. I shall never know. I would much rather do the spam filtering myself.
Another thing that is often done at ISP level is to disallow the sending of multiple messages. The question is how many constitute "multiple". Microsoft Hotmail was a bad offender with no limitation, although they now restrict sending messages to a maximum of 100 destinations per day. Is this reasonable?For private usage, it seems reasonable, but certainly not for professional use. It must hit the spammers fairly badly, though. My own Cypriot ISP does not allow me to send a message to more than about 30 destinations, although they have now upped the ante here, to more than 60 (I do not know the new limit).
In the previous issue, I mentioned, at length, a spam-filtering software called POPFile, which I recommended. Since then, the authors have released a new version with some important improvements. Although I installed it just a few days back, I can vouch for a more user-friendly interface and apparently improved filtering algorithms. I believe that this is the best naive Bayesian e-mail sorter and spam filter available and is obtainable for virtually any platform. It runs easily at about 99.5 per cent accuracy (after a week training), with virtually no false positives in the spam "bucket" (and recoverable, if one should happen to arrive there). So, 4 months later, I am still recommending it: best thing since sliced bread! I have installed it on a number of computers and all the users have been delighted with the results(including one person who, while not being totally computer-illiterate, is not far off it). And it is free!
Spammers have tried various tricks to get round Bayesian filtering. Most of them are such that, if they get round the system once, they would not succeed a second time. For example, "invisible ink" in HTML, where the text colour is the same as the background colour, with a long load of invisible, but innocuous sentences, is designed to fool the filtering into thinking that it is an innocent e-mail, while the spam message is kept very short and to the point,with minimal numbers of give- away keywords. This simply has not worked, because POPFile ignores invisible text. So the spammers have been going for"near-invisible ink", where the six-figure hexadecimal code for the colour of the text (e.g. "FFFFFE") is just one bit removed from the background colour code(e.g. "FFFFFF"). The code for the "near-invisible ink" is placed in the spam corpus first time round, but will be a strong indicator that future use of the same colour scheme will be spam. I have been told that the next version (the 20th) of the software will include a contrast filter, which ensures that only readable text will be used for classifying the messages.
It is some time since I reviewed the SMART Group Web site (Plate 1). I had a brainwave to do it for this issue, so I looked in an SSMT to find the URL. You know what? I could not find it easily. On the front cover was the logo and the text saying that it was the SMART journal, but the only URL was that of Emerald. So I looked inside, with no better success. Maybe it is there, somewhere, hidden in a corner but, if it is, it eluded me, so I Googled for it, to find:
At first glance, the home page looks like a portal, which it is not. This is not a criticism, simply a statement, probably because it is of fixed width and the main part of it, in the middle, are a handful of news items, with an invitation to click on a hyperlink for the full story. To the left and right of this, there are columns of advertisements. At the time of writing, there were 39 graphics, mostly small, with the exception of the advertisement for Techspray,which does slow downloading, taking over 2 min with a 56 kbit/s modem. These advertisements link directly to the advertisers' Web sites, for the convenience of surfers. The code is fairly conventional with limited use of Javascript,including a thing which tells you if you are using a Netscape or MS Internet Explorer browser, or neither of them (as if you did not know)! This is used to take you to a poll; at the time of writing, it was asking which plating finish you would specify for lead-free components (see Surveys below). Navigation round the site is fairly easy with page tabs at the top and a menu at the top left. As for the home page content, one could perhaps be excused for thinking that lead-free was a burning issue. Dare I say that it looks more like a political or commercial agenda, rather than an impartial technical examination of the problem?
Plate 1 The SMART Group Home Page
The next page I looked at is entitled Membership. Nothing to say here,it gives the expected information. The number of current members and their geographical distribution are prominent. Interestingly, the SMART Group claims to be the biggest trade association of its kind in Europe, but the membership seems restricted to the UK and Ireland. Has Europe shrunk to the archipelago off the north-west coast of the Continent or have continental members been accidentally omitted? The benefits of adhering, and the cost (very reasonable)for different types of membership, are clearly defined.
Another page offers a Statement of Aims, defined as:
The SMART Group Aims to Promote the Advancement of the Electronics Manufacturing Industry through the Education, Training and Notification of its Members in Surface Mount and Related Assembly Technologies, and by the Promotion of a Community of Electronics Manufacturing Professionals.
This is to be Accomplished by Active Encouragement of Member Inter-activity,through Meetings, Seminars, Conferences and Publication of Technical Information.
The SMART Group Invites and Requires the Active Participation of all its Members in these Aims.
This seems very clear.
Going down a click in the menu, we come to something called smart-e-link. This is not part of a chain for smarties, as you might be excused for thinking,but a forum, or rather a net list, which Shakespeare said "was the same thing as a rose". Looking through the archives, this seems reasonably well frequented and of a high technical quality. As it is open to non-members, the number of participants is virtually unlimited. The usual kind of netiquette is imposed (no commercial posts, politeness etc.).
The next menu item is called Link List and provides a comprehensive set of hyperlinks to industry associations, trade magazines, trade shows,suppliers, solder [suppliers], equipment for repair and rework, pick and place and printing. Then, there are lists of contract electronics manufacturers,catalogues, people and miscellaneous. These lists offer a good choice in each category, even if there are a few missing items; for example, under Trade Magazines, this journal is conspicuous, as it should be, but our sister-journals, Circuit World and Microelectronics Internationalare equally conspicuous, although by their absence.
The next course on the menu bears the name Diary. It is a simple list of events to come of both SMART and other happenings.
This is followed by Events, a list of what the SMART Group has been doing in the last 2 or 3 years, plus a small number of non-SMART occasions. Each one is linked to a page giving a comprehensive description of the event, whether social or, more often, technical. These pages are illustrated with many photographs and, where papers are presented, there is a link to the proceedings,accessible only to members.
The Group does a poll on various subjects, in the home page, each month, or nearly so. The results are published under Surveys mostly as percentage responses to a set of questions. The numbers responding vary, usually between 15 and 50 over the past months, and the samples may be a little low, in some cases,to be statistically reliable. Notwithstanding, they are generally interesting and occasionally surprising; sometimes, perhaps because the questions may be slightly ambiguous in their wording.
Then comes smart-e-products. This unobvious name hides a whole host of CD-ROMs (some of them interactive), videos and wall charts for sale. The complete list is downloadable in the form of a PDF file. The variety of subjects is wide and covers most aspects of our technology, in at least one form. There is one point that worries me, though. It is possible to order the products on line, but the page in which you type your credit card details is not https://and the little padlock on my browser remains obstinately open, indicating a possible security breach.
A page is devoted to various Committees, of which there are five, with a total of 37 members. In keeping with my remarks on the membership, these seem to be all stationed within the British Isles.
The Press Releases page was unsatisfactory, because the documents seem to be bundled into a single 145 kbyte zip file. I do not know about other technical journalists, but I like to be able to click onto individual HTML press releases from a well indexed list. That way, I can see what I want, when I want,without sifting through a lot of useless information, instead of downloading and unzipping about ten Word files, the most recent of which is nearly a year old,at the time of writing. Could do better! Also on this page, there are some monthly "hit" statistics for the site, from June 2001 to October 2002.
The same could be said when clicking onto Awards; they are simply past history. The most recent mention is the 2001 Nepcon Awards, while the SMART Fellow Awards stop at 2000. Reading through the latter, I was rather surprised at the number of "Smart Fellows". May I respectfully say that, if there have not been any awards presented more recently, it would be better to delete the pages altogether, otherwise they should be updated?
Clicking on Book Reviews takes you to a formidable list of books, each of which has a page for its review. The reviews are generally to the point. Two things rather surprised me, though: the first was to find a review on a work about diving. This was not about scraping away conformal coating to find a hidden problem, but immersing oneself in the sea with a load of paraphernalia strapped to the back. Rather fishy, finding it here? The other was that very few of the Electrochemical Publications series of books were in the list. I can think of at least half-a-dozen that merit a place. May I make a suggestion?In the same style as on the Amazon Web site, it may be good to have a readers' rating section for each book, as well.
The Downloads section offers technical information on a variety of subjects. It requires pre-registration to access them, but the registration questionnaire is fairly anodyne although it is not secure. This means that if a hacker succeeded in accessing the SMART server, he could probably harvest the names and passwords. Provided you used a fictitious name and other details, with an ad hoc password, this would not matter. However, I did not register,so cannot judge the calibre of the articles, but that was my choice.
Finally, Engineering Spotlight offers a number of videos about some of the well known personalities in our industry. These require a real plug-in coupled to your browser and I presume that they are streaming cameos. I do not know, because I have become a little allergic to Real software in recent months,because it tries to take over everything in your computer. I spent some time and effort getting rid of it and its spyware and have no wish to start the circus again. I was therefore unable to view these videos to judge their utility.
Well, that's it. The SMART Web site is interesting and useful, but variable in quality. I feel that bringing it up to date should be a priority (if it has not been done between penning this article and its publication!). I hope that SMART does not smart under my constructive criticisms and will be smart enough to do the necessary to correct the causes, so that their Web site becomes smart!
Brian EllisCyprusb_ellis@protonique.com
Note1. Use of the term "spam" was adopted as a result of the Monty Python skit in which a group of Vikings sang a chorus of"SPAM, SPAM, SPAM ..." in a crescendo, drowning out other conversation. The analogy applied because unsolicited commercial e-mails were drowning out normal"conversation" on the Internet. It has nothing to do with the canned luncheon meat of the same name that is no longer available, but which became a bit of a joke during the Second World War in the UK. Lord Woolton, the then Minister of Food, also perpetrated a number of other doubtful jokes on the unsuspecting but hungry public, not the least of which was "snoek" a very inferior canned fish,related to the tuna, which was supposed to replace salmon.
