LWN: Comments on "The SAY2K10 bug"

The SAY2K10 bug

Zenith — Wed, 14 Apr 2010 05:36:45 +0000

Seriously LOL'ed at work from this. Got a few stares ;)

But yeah, I read the same thing from it as well ;)

The SAY2K10 bug

Kissaki — Thu, 14 Jan 2010 00:53:16 +0000

Not to pile on, but you don't want to be overly specific because sometimes people just make mistakes. If someone accidentally gets the month wrong when setting up or configuring their computer, and don't turn on NTP, you could be affecting their ability to send you email and (depending on what the email contains) give you money.

Egregious errors (wrong decade) are one thing, but 26 hours is probably cutting it too close.

I assume the reason it isn't dynamic is to be able to do static string matching / regular expression compilation, rather than recalculate the string to match every time. You could get past that by making it re-compute the date string on restart, assuming you restart frequently enough.

The SAY2K10 bug

MattPerry — Sat, 09 Jan 2010 18:11:57 +0000

Thanks for the links. I didn't know about those. Then 'current date + 26 hours' is sufficient. No need for 'current date + 1 year' since that would leave plenty of room for spammers to still set dates into the future.

The SAY2K10 bug

mp — Sat, 09 Jan 2010 08:02:06 +0000

Actually there are 26 hours between some places.

The SAY2K10 bug

MattPerry — Sat, 09 Jan 2010 03:22:20 +0000

> Not if you have correspondents on the other side of the date line.

How so? Those correspondents will be, at most, only one day ahead. No timezone is more than 24 hours ahead of any other timezone. Therefore 'current date + 1 day' is sufficient.

The SAY2K10 bug

sfeam — Sat, 09 Jan 2010 00:26:32 +0000

'current date + 1 day' would be even better.

Not if you have correspondents on the other side of the date line.

The SAY2K10 bug

MattPerry — Fri, 08 Jan 2010 18:31:58 +0000

'current date + 1 day' would be even better.

The SAY2K10 bug

nix — Fri, 08 Jan 2010 00:24:05 +0000

You could also have a scandal involving maintenance of sluices,
watergate-gate *with a lowercase w*.

The SAY2K10 bug

jzbiciak — Thu, 07 Jan 2010 19:47:36 +0000

Lovely. On the politics side, I'm still waiting for there to be some water-related scandal, so we can have "Water-gate", and some new scandal involving the Watergate Hotel, so we can have "Watergate-gate".

The SAY2K10 bug

RobSeace — Thu, 07 Jan 2010 19:35:07 +0000

I'm afraid "Y2K-*" is destined to be the IT equivalent of politics' "*-gate" for all future date/time-related computer problems... In 2100, they'll be talking about the "Y2K100" bugs (or maybe "Y2.1K", if we're lucky)... ;-)

The SAY2K10 bug

lab — Thu, 07 Jan 2010 16:50:38 +0000

No, sorry. Inspired by the first commenter, I was jumping to a more general category of bugs, apparently triggered by the shift from 2009->2010. The explanations I've briefly read, says something about sloppy hex->decimal conversions, or some such.

The SAY2K10 bug

nix — Thu, 07 Jan 2010 16:11:40 +0000

The Danish parking meter machines depended on SpamAssassin?!

Zimbra ops need to fix this too

Baylink — Thu, 07 Jan 2010 15:33:04 +0000

See http://bugzilla.zimbra.com/show_bug.cgi?id=43766, the file is

/opt/zimbra/conf/spamassassin/72_active.cf

the fix is in that bug.

The SAY2K10 bug

jzbiciak — Thu, 07 Jan 2010 14:54:57 +0000

Ok, I understood "2K"... that saves a two whole characters. 2K1 was cute for about 10 minutes, but 2K2 through 2K9 seemed like needless optimization.

So what's this 2K10 I see?

/cranky, need coffee.

Spam folders considered harmful

ballombe — Thu, 07 Jan 2010 14:54:25 +0000

In the case at hand, it is possible to grep the spam folder for messages with score <= 8.5 or even to rescan them with a fixed spamassassin.

Even if you decide to reject spam, keeping a copy in a spam folder allow to assess the behavior of the spam filtering system, and recover from failure.

Spam folders considered harmful

jschrod — Thu, 07 Jan 2010 14:23:31 +0000

I didn't want to imply that backscatter handling is described there best, but that the reasons why (a) one shall reject spam, not bounce it, and (b) that spam rejection after DATA is explicitely allowed by RFC 5321, contrary to the statement by fluke571.

Spam folders considered harmful

dwmw2 — Thu, 07 Jan 2010 13:19:47 +0000

Well, with the exception that it seems to be suggesting that people use backscatterer.org. It does admit that that list includes servers which only do sender verification callouts and don't actually send bounces, but then in the very next sentence says "That list can be used to reject just unwanted NDNs.", which is obviously false.

Backscatterer.org is definitely best avoided, because it deliberately includes these false positives.

Besides, there are much better ways (PRVS/BATV/etc.) to avoid unwanted bounces.

My setup for that is documented here, although it can be done more simply now that Exim has built-in PRVS support. In short, the way it works is that I never send MAIL FROM:<dwmw2@infradead.org> and thus I never accept bounces to that address. And anyone who does sender verification callouts doesn't accept mail that's faked from my address either.

But we digress...

Spam folders considered harmful

jschrod — Thu, 07 Jan 2010 13:07:30 +0000

Well, http://www.dontbouncespam.org/ says it best.

Spam folders considered harmful

anselm — Thu, 07 Jan 2010 12:46:15 +0000

By way of clarification, I think the upstream comment meant »once the mail has entered the local queue«. It is possible to reject a message while it is being submitted, but once the local MTA has accepted responsibility for it it can only be bounced, which as has been noted will in most cases inconvenience those people whose addresses the spam claims it is being sent from.

To reject spam rather than bounce it, one needs to run anti-spam software while the message is still in the process of being read, where the more common setup is to run the anti-spam software after the message has been accepted locally but before it is delivered to the addressee's mailbox. Depending on the checks the anti-spam software performs (especially ones that access the network), pre-queue checking may be a resource-intensive process, so it requires careful configuration.

Spam folders considered harmful

jschrod — Thu, 07 Jan 2010 11:48:24 +0000

> You cannot just reject mail, once body was sent.

Huh, why not? Failure codes 552, 554, 451, and 452 are valid after <CR>.<CR>, according to RFC 821, section 4.3.

Spam folders considered harmful

dwmw2 — Thu, 07 Jan 2010 11:43:05 +0000

You are mistaken. You can quite happily give a 5xx rejection message after DATA — or a 4xx temporary rejection, if you've decided that the mail is suspicious enough to warrant greylisting, but not bad enough that you want to reject it outright.

Spam folders considered harmful

fluke571 — Thu, 07 Jan 2010 11:32:19 +0000

You cannot just reject mail, once body was sent. You can only send bounce afterwards, but since 99,9% of From: fields are fake/random, you effectively become a spammer if you're doing this.

Spam folders considered harmful

dwmw2 — Thu, 07 Jan 2010 10:56:32 +0000

"Your editor, receiving 5,000 spams every day, has long since stopped scanning the spam folder for false positives; even if they exist (which they almost never do), they represent a needle which is almost impossible to find in a haystack that large. So email classified as spam is, for all practical purposes, simply lost."

This is why having a spam folder is often a bad idea. It's much better just to reject the offending mail so that when false positives happen, the sender gets a bounce and knows that the mail wasn't received.

The SAY2K10 bug

nix — Thu, 07 Jan 2010 08:41:21 +0000

And, of course, last year we had MMIX bugs. And this before Volume IV was
even published...

The SAY2K10 bug

lab — Thu, 07 Jan 2010 07:35:40 +0000

In Denmark, the new sophisticated parking meter machines, accepting card payments, also failed due to this bug, along with other assorted equipment.

The SAY2K10 bug

ncm — Thu, 07 Jan 2010 07:27:45 +0000

The SAY2K10 bug

Bayes — Thu, 07 Jan 2010 04:56:48 +0000

Why couldn't the rule be 'current date + 1 year'? No way to get current date in the rule body?

The SAY2K10 bug

ncm — Thu, 07 Jan 2010 02:21:46 +0000

I gather the electric bank machines in Germany also failed.

We should be calling these "MMX" bugs.