Digital Choke Daynotes

"Daynotes" are popularized by a Internet Web site called the "Daynotes Gang" (http://www.daynotes.com or http://www.daynotes.org), a collection of the daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals. You can send your comments to us by clicking on any mailbox icon.

It turned out to be a nice day today. Partly cloudy, a bit cool, but no rain. It's obviously been a wet spring, and the local farmers are starting to get worried.

I spent most of yesterday being a couch potato. I did work on a few work-related projects: some guidelines for physical access to the Data Center, and how to allow remote access to the network by City employees. We're trying to enhance the existing telecommuting guidelines. There are some changes that need to be made, but you can't make too many changes or the various unions will have to sign off on the whole thing again. And that would take a lot of time, not to mention the probability that you would have to fight over the things they already agreed to in the original policy.

I watched (again) "The Shawshank Redemption". That's a very good movie. I don't watch many movies more than once, but that's one that is quite entertaining each time I watch it. If you haven't seen it, I recommend that you grab that one the next time you stop by your local video store.

John Dominick, who writes a very entertaining Daynotes site, reminded me about the request for a MIME reading program. I had a bunch of ASCII files that were email messages, and I had to analyze them for content as part of the spam filtering process we are going through. So I was thinking that a program that would import each message into a database would be very helpful. I spent an evening doing a Google for programs that would do that, and didn't find anything that was very helpful.

The next day I decided that I was trying to over-engineer the whole process. I just needed to look for certain information in each message. And since all the messages were in separate files, I just needed a quick ASCII text reader. So I turned to a very old program I still have: Vernon Beurg's LIST program. It's an old DOS shareware program from at least 10 years back, probably the first shareware program I ever registered. It will display an ASCII (plain text) file, and you can look at a bunch of files sequentially by using 'wildcards' in the filenames you specify in the command line.

Since the information I needed to look for was in the first few lines of each message, the LIST program was easy to use. I had about 4000 messages to look at, so it took a while, but I was able to find the information I needed. It reminded me that sometimes a low-tech way is the best.

A clear day, a bit cool, but it was nice to see the sun. No worries about tornadoes here (although there have been a few small funnel clouds that poked their way out of a thunderhead in the last couple of storms). Much destruction in "Tornado Alley", though. Not fun for those that are in that area. A friend's son is in Tennessee area serving a church mission, but I haven't heard anything about him.

When I got to work this morning, I checked up on the anti-spam mail server. It was stuck. There are three services that are running for that function: a service to receive mail, a rule service to check the messages against the rules, and a sending service that sends out the mail. All incoming and outgoing mail goes through those three services. The status screen showed that the rules service was recycling on and off, so messages were stuck in the rules queue. I tried stopping and restarting the rule service, but that didn't help. It was easiest to restart the server. All the mail messages were in a queue folder, so nothing would be lost during the three minute restart process.

After restarting the server, I took a look at the anti-spam message monitor. There were over 9000 messages that were waiting to be processed by the rules service. The restart got everything going OK, but it took a long time to process the backlog. The 9000+ messages that were already received had to be processed, plus all the incoming and outgoing mail. We get about 40-50,000 messages a day, so it took a while. I restarted the server at about 7:30am, and it took until a bit after 10:30am for it to get caught up. I didn't find anything significant in the log files, but I need to take a closer look at the log files and then give SurfControl support a call to see what happened.

One of the rules in that mail server is to look for adult messages, and block them. Incoming messages are put into a queue, as are outgoing messages. If an 'adult' message is sent from our company, then the sender also gets a message telling them their message was blocked. The message includes a note that they can call the Help Desk if they think that the message should have been delivered. As you might suspect, the Help Desk doesn't get too many phone calls complaining that their adult joke didn't get sent. And the volume of outgoing messages that are caught by by that rule has gone way down since we started the mail filtering software.

But occasionally, there is a message that gets blocked by that rule that really shouldn't have been blocked. I watch out for those types of messages, and take a look at them to help get the rules to be most efficient at blocking the bad stuff, while still letting the good stuff through.

So today I got an email from a supervisor complaining that his email to his wife was blocked because of it's apparent adult content. Now, I have seen some of those messages before, and some of them are indeed adult content. (During the process of testing all the rules, I learned more about a few employees than I really wanted to know.) This one had 10 occurrences of a word in the adult dictionary, which put it's score that triggered the adult message rule. (Every word has a score, the total is added up and compared to the limit as defined in the rule.) The word was "Lolita", which can be in an adult message (usually from the extreme adult spammers). So I told him that, and he told me that "Lolita" was his wife's name. Well, that's different, of course, so it was a case of a rule that usually works, but this time it was different. You don't want to weaken the rule that is catching adult content, but you still want to allow him to send mail. (Actually, there is a policy in place that says that the company's mail system is to be used only for business use, but we do allow 'incidental' use, as long as the content is not inappropriate.) I recommended that he minimize the use of his wife's name in his messages, and told him that he can use that name up to x times (the actual value is not important here) without triggering the rule. I think that he was OK with that, but I kept a copy of the message for my "GOOJF" file.

Everyone should have a "GOOJF" file. It's where you put the "I told you so" memos, or the "It's OK to do that" memo from the boss. It comes in handy when you need it. You've seen a GOOJF card in the Monopoly game.....a "Get Out Of Jail Free" card. I haven't had to use one yet, but I am sure, based upon my job as the Information Security Dweeb in the company, that it is a good thing to have.

Spent the rest of the day at work finishing up a couple of security guidelines. One involved telecommuting, the other was about physical access to the data center. Each gets a meeting later this week to discuss it with the affected sections of IT. I also sent out the results of a user password audit to various department network administrators. And a list of 'dead users' -- user names that haven't shown a login for over 90 days. Dead user id's are a good thing to get rid of. They can sometimes be back doors into systems.

Tonight I plan on a bit of surfing after I send this up. And CSI is on at 9pm. Stacy (youngest, graduating from high school) is going into nursing, so we find that show interesting to watch.

We had problems today with the mail filtering server. Turns out that the latest update from the vendor caused an old error to crop up. Certain types of Word documents attached to messages would cause the rules service to get stuck. Messages would pile up in the queue, so they weren't lost, just delayed. I called the tech support guys, and after a 25 minute wait, the guy recognized the problem and gave me the workaround. A new patch is due out next week. In the meantime, I've been keeping a close eye on the system to make sure that the mail doesn't get delayed. People expect mail messages to be immediately delivered. That's what usually happens, but email in general is not always that quickly delivered.

Most of the day at work was spent in some more analysis of some user activities. I did some auditing of user id's, and needed to analyze their access activities. It took a bit of time to do manual lookups of the data, but it is an important project. I can't get into any more details than that. But the analysis was a bit surprising. I gave it all to the CIO, who will take the data to the appropriate levels and actions.

After work, I went back to the apartment, did a quick clothes change, and took the truck over to the old house for a final "Lone Ranger" run. I got the truck loaded, and went to the dump. I got there are 7:30pm, just in time for the guy to tell me that they closed at 7:00. So I brought the truck back to the apartments; I'll make a trip this weekend.

Tomorrow is a catch-up day, trying to get to the things that I missed today due to the email thing and the user activity analysis. Thursday is meeting day for the data center access guidelines, and a couple of other projects. And there is a pile of reading material that I need to go through. I am also getting together with the network support guys to figure out how we want to test Windows 2003 Server in the lab. We have some systems that are still at WinNT4. It may be best to move directly to Win2k3 Server. It will be a bit involved, since we won't do an upgrade, but a fresh install to a new server. Then we'll move the content to the new server, and put that in production. Then fresh install on the old server, move content again, and put that in production. That will take a bit more time, but we have to keep the data in production without spending multiple weekends doing upgrades.

And there's a few things about network security I want to discuss here. For instance, it would be a good idea not to commit a felony when you monitor a network. That particular one is 5-10 years in a federal prison of their choosing. That discussion will take more energy than I have tonight, but I thought it might grab your attention.

Still problems with the mail filtering server this morning. I took a closer look at the whole process, and dug into various logs. The scheduling log had some interesting information. There is a process that runs each morning (early) that synchronizes the message holding queue area. This process goes through all the messages in the queue, and grabs related information out of the SQL database to build information for the message administration process. One parameter of that process limits the number of messages in the queue. The scheduling log shows that the process started, but there was never a completion message. There is a big pile of messages in the 'inbox', and the earliest one is right about the same time that the process started. So it would seem that the process is hitting the limit of the number of messages in that parameter, and not recovering gracefully from hitting that limit.

That seems to cause a problem with the restart of the rule analysis process. It never gets going fully, and so messages are stuck in the queue. Incoming messages are still stored, so messages are not lost. But they aren't getting delivered. And users get really cranky when they don't get their morning pile of spam.

I talked to the tech support guys, and they hadn't heard of the problem, but it was getting escalated to second level support. In the meantime, I removed that process from the scheduler, so it won't run tonight. When I get in tomorrow morning, we'll see how this theory holds up.

I spent a bit of time trying to fine-tune the rule that gets rid of shopping-type spam. That one is a bit harder to do. Right now I have that rule running in passive mode: it BCC's a copy of the message to me while letting the message processing continue. I've got a rule in my mail program that puts those messages in a separate folder. So I get about 1000 messages a day in that folder. Many are duplicates, so I don't have to look at all of them. But I do have to find the valid emails in there to find messages that shouldn't have been blocked. I look at those, and then try to figure out how to tweak the rule to make it better.

Just before I left today, I decided to try to apply the rule just to the message body, not any attachments. It looks like most shopping spam never has any attachments, and if they do, the text in there wouldn't trigger a rule. Most of the valid mail that gets caught by that rule has attachments that trigger the rule. So we'll see what my spam folder holds tomorrow. With any luck, it will just hold shopping spam, not valid mail.

In our downtown area, there is a Farmer's Market every Wednesday during growing season. Today was the first day, so I took a short break and met my wife over there. It was nice outside; a bit breezy because of an incoming storm, but it was sunny then. My wife headed to the kettle corn (sweetened popcorn roasted in large copper kettles), and I found some really nice cherries. I was munching on them most of the day. So I am sure that I got my nine servings of fruit today, as I also had an large apple with lunch, and some raisins.

We stopped by the grocery store on the way home, and picked up ingredients for 'giant burritos'. It's quite simple to make. You pan-fry chicken breasts, cutting them up into small pieces, with a bit of taco seasoning sprinkled on them. You also make some Spanish Rice (Rice-A-Roni), adding a small can of diced tomatoes. Grate some cheese, shred some lettuce, cut up a few fresh tomatoes, and heat some large tortillas in the microwave for about 25 seconds. Put a couple spoonfuls of chicken in the burrito, add a spoonful of rice, then a bit of grated cheese, then the tomatoes, and then lettuce. Add some taco sauce or salsa, then fold it up. Voil-lay! Rick's Giant Chicken Burritos. Very tasty, and very filling. I had two of them, although I probably shouldn't have; I am still full four hours later. But you really ought to try it. It's a very quick and easy to make, and is good for a group of people, as everyone can build their own.

Tommorrow is a full day. A big meeting of upper management types, and two meetings. And I'll need to make sure the mail filter server is running OK. And I really need to reserve a moving truck for the end of the month before they are all gone. Our old house should close escrow by Friday, and the new place should be ready for escrow by the 19th. That means I only have a couple of weeks to rest up before I need to move again.

It's getting late, so I can't get into the subject I hinted about in yesterday's post. But I'll work on it; I think that you will find it a bit interesting.`

I survived meeting day, with good results. We've got a preliminary plan to upgrade several of the servers OS. I've read good things about Windows 2003 Server in Infoworld and other pubs, so we have decided to get a bit ahead of the curve, rather than being way behind. A lot of our servers are still running NT4. We're going to put a new server in the lab, and clone one of the existing servers that is running NT4. Then we'll do an in-place upgrade to Win2k3 and test all the pages and the applications on it. And we'll probably do it a couple of times to get the procedure down. With any luck, we'll be able to do in-place upgrades of the production servers (after backing up everything). The whole plan is a bit more complex than that. And we have to do it to about 6 servers to start with. Should be an interesting experience, and worth the effort.

Another meeting for physical security also went well. We've got a good plan in place that will help ensure that access is limited to those that need it. We're also making good progress on the telecommuting guidelines. I still need to write up the notes for all those meetings; that's on the agenda for tomorrow.

The spam server was working fine all day, without a repeat of the past days' problems. That scheduled process seems to cause the problem. The vendor tech support guy called today while I was out, but I've got an appointment with them for Monday. That's OK, because the program was working well today, although working really hard under the load of all the mail we process every day.

I was also able to spend some time tweaking the anti-spam rules for a few categories of mail. Some of the more disgusting stuff is still getting through, although it is a small number compared to what we are catching. But the users still don't like getting it. And I also had to do a bit more of the user access analysis, which was a bit time consuming. So I kept a bit busy today.

We celebrated my oldest daughter's 25th birthday tonight with a small family outing to the "Hop Sing Palace" in old-town Folsom. I am not a big fan of Chinese food, but it's a pretty good place, and has reasonable prices.

The weather today was quite different for this area. It started out clear and cold, but a good cold line of thunderstorms came in -- lot's of 'yellow' on the weather Doppler screen. There were a couple of small funnel clouds, but they didn't reach far out of the clouds. A bit of thunderboomers. A couple of inches of snow in the mountains. We managed to miss most of the storm, but it got all the weather dweebs quite excited. Another storm is coming in Thursday, with a break during the weekend. It is a bit unusual around here to get storms this time of year, although not unheard of.

So, tomorrow I'll fix up the reports on the meetings, and prepare for the weekend. I still need to move the trailer from the old house on Saturday. The good news is that house should close tomorrow. Our new house is on schedule for a close around the 20th, although we might give the sellers a couple of extra days at their request. I did get a moving truck reserved for Saturday the 24th. So after moving the trailer, it looks like I'll have to go to a couple of furniture stores with my wife. I may sneak in a trip to the local TV store to look at some high-definition televisions.

Condensed version. Woke up. Work. Anti-spam. Reports. Guidelines. Lunch. More anti-spam. Finalize guideline. New confidential phone list. Left work. Furniture shopping. Home to the apartment. Dinner. Daughter and granddaughter come over. Everyone else goes shopping. Finish reading newspaper. Fall asleep in front of TV. Snoring. Clean sheets on bed. Type very fast. Upload. Shut down. More tomorrow.

Now that I think of it, it's probably "Mrs. Calabash". I haven't checked the mail yet, but I bet that Brian C. has corrected me. I was too tired last night to go on-line to Google that line. I may later, though.

Right now, it's half-time in the King's game. The halftime score is closer than the game might indicate. I am not a big sports fan, but I enjoy watching a good basketball game now and then. But AMC is also running Clint Eastwood movies all day long, and I do enjoy a good western. He's got a really good steely-eyed stare. And a mean, growling voice. You rellay know when you are in trouble when he uses that look and that voice.

Had a busy day today. Finally got the trailer moved from the old house over to my in-laws. We had some problems hooking up the brake lights of the trailer; I am not sure if they work right or if we just didn't get them wired right. But then we figured that since we only had to take it about ten miles away, we could forget about hooking up the lights, and I would just follow the trailer over to the house. That worked out well.

We're still waiting on the close of escrow of the old house. The buyers' old house sale is taking a bit longer than we figured; it seems that the people buying our buyer's house are getting a bit delayed by their mortgage funding. We heard that their loan is approved, though, so are hoping for closure on that end on Monday. Our buyers are really anxious to get it to our old house. They are planning to replace all the windows and stucco the exterior (it has wood siding now). And the grass is getting a bit long there. I gave away my lawnmower when we moved out a couple of weeks ago, and it's been raining quite a bit the past several weeks. The grass (weeds) is about eight inches tall now, I'd bet. But, it's nice not to have to worry about it.

My son (21) found a studio apartment in the downtown area. That will work out really well for him. The rent is reasonable, and he really likes to be alone working on his computer. He does some video and audio editing, along with some music creation. He has two computers and three monitors, plus a music keyboard and some other stuff. He found a nice L-shaped desk at one of the office stores. He'll be able to start moving into the apartment on Monday. He's a bit excited about it.

My youngest is at her Senior Ball tonight. She and my wife went shopping this morning for some last-minute stuff, and then she went over to a friend's house to get her hair done and finish up her dress (which she and her friend made). We stopped by to take a look, and she looked very nice. She's going with two of her good freinds and all their dates, and rented a limo. The dance is on a riverboat, and includes a river cruise. There was a bit of controversy about the whole thing, because there were a limited amount of tickets. And they didn't put them on sale until this week. So there was a situation where many had planned to go and spent a lot of money on clothes and stuff for the dance, then they couldn't get a ticket. The school decided to have some lower-cost tickets where people could go aboard the boat for snacks and stuff before the cruise starts. But it really wasn't handled well.

So here I sit watching the King's game (still close in the third quarter). It's pretty quiet here at the apartment. Kind of relaxing.

(Later) Well, if you are a King's fan, it probably wasn't as relaxing as I mentioned. The gang lost, although it was close. I enjoyed watching it. My wife enjoyed it also, as her head was on my lap as I was giving her head rubs. She slept through most of it, but was purring. I was glad to help. She takes care of me, I take care of her.

Daynotes	a daily journal of our activity	Send us email
Digital Choke	an action that is sometimes needed for your computer; also a short techno-story available here.	Send us email