The Great Outdoors in the upper North Island

This past Saturday Bryan and I went up to the Tongariro National Park, about five hours driving time from Wellington and hiked the 17 kilometre Tongariro crossing track. This was some of the most rugged hiking that I have ever done anywhere and we trekked through a lunar-like landscape of volcanic craters that took us over 8 hours of steady climbing to complete. To reach our first point of interest, the South Crater we had to first ascend the aptly named Devils Staircase. Our highest point of elevation was when we reached the Red Crater at 1,900 metres. We had the option of climbing nearby Mt. Ngauruhoe, New Zealand’s newest and most active volcano, but took a pass when we realized that we wouldn’t have had enough time. I also didn’t relish climbing the very steep 600 metres of very loose volcanic rock to reach the summit. The last 6 or seven kilometres were mostly downhill switchbacks that I actually found more tiring to negotiate with my aching legs than I had anticipated. Still this part of the crossing afforded some fine views of Lake Taupo, New Zealand largest inland lake. At the trails end we were utterly exhausted but we agreed that experiencing this unique landscape up close was well worth all the aches and soreness. In 1990 the park was deemed a World Heritage Site.

Whole lotta shaking going on

A 6.8 magnitude earthquake struck Gisborne this evening about 8:55pm New Zealand time. We felt the earthquake here in Wellington which is about 530 kilometres south of Gisborne. There are reports of some damage to buildings in Gisborne and a loss of power there but no reports of any injuries or death. We felt a momentary shaking in the building that houses our flat in Oriental Bay but there was no damage. New Zealand is an area where two tectonic plates collide and there is a lot of seismic activity that is reported annually. This is the first time since we arrived in June of this year that we have felt any tremors.

Spam, spam and more spam

I’m trying to remember the title of a book that I believe was published about twenty years ago. It’s a collection of dumb thoughts, observations and predictions. One of my favourites was, “Groups with guitars are no longer popular”, which was the response that Brian Epstein heard at Decca Records in 1962 when he was rebuffed in his efforts to sign the Beatles to their first record contract. There’s also, “Can’t sing, isn’t very good looking, can dance a little”, and those were the first impressions from a Hollywood studio executive about a Fred Astaire audition at the start of his film career. My all time favourite has to be these words from British Prime Minister Neville Chamberlain in a 1938 letter to his sister, “I looked into the eyes of Hitler and knew that this was a man I could trust”. Not included because it was only said in 2004 is, “Two years from now Spam will be solved”. That was Bill Gates speaking at the World Economic Forum in Davos, Switzerland. Gates saw the solution in a variety of tools that establish the identity of the email sender. None of the suggested tools included the idea of cryptographically signing email with the sending domain’s digital signature or authenticating the sender based on what path the mail took over the internet. Yet these are the two methods that are now being used by most anti-spam software.. In October I wrote about the Domain Keys technology that Yahoo and PayPal initially developed using digital signed mail and how that has became an IETF standard this year. Path based authentication is the other tack that Spam fighters are taking in preventing it from breaching through the firewalls, blacklists and the various types of filters that have been erected as battlements. Email users don’t see spam as a big problem anymore because these methods by and large have been working in reducing the amount of spam that reaches their inboxes. But spam is still being generated in ever increasing numbers, mostly from large botnets that are composed of thousands of malware infected computer nodes. We are talking about messages that worldwide number in the billions per year so that if filtering and blocking reduce the percentage of spam mail getting through by 90%, that remaining ten percent is still a huge number in absolute terms.

Sender Policy Framework or SPF is the implementation of path authentication that has been incorporated into software such as SpamAssassin. It works by having the owner of a domain designate which computers in the domain are allowed to send email to the internet. These machine names and addresses are specified in special records on that domain’s domain name server or DNS. In essence the email receiving domain verifies the legitimacy of a given message by querying the sender’s DNS to see if the message was sent from an authorized host. Email addresses can be easily spoofed but not the IP address of a domain designated email sender. SPF wouldn’t prevent a spammer who has legitimate mailboxes on a domain from sending spam from one of those mailboxes but this is easily traced and it’s not how spammers currently work. The deficiency with SPF is that email that is forwarded does not retain the original return path and may be dropped. Also by using a DNS that has been compromised an attacker could designate his own sender authenticated hosts. However DNS attacks are much harder as these servers are usually carefully hardened with security patches applied on a regular basis. Together both path based authentication and signed mail should be very effective but unlike Bill I won’t make any predictions.