Re: [LINK] Functional Programming

[Stephen Loosley]

Rick (and Jim) note,

> > Facebook went with a novel programming methodology,
> > called functional programming,
> Novel, eh? .. Novel to the reporter does not novel make.

Yes, indeed true Rick :-)

Mind you, I also think this reporter has indeed spotted the beginningof a major 
new direction in programming for future web based clouds.

For example, also reporting another functional programming initiative:
http://www.pcworld.idg.com.au/article/547567/won_t_believe_what_programming_language_wall_street_firm_uses/

Another reporter, Simon Bisson, also notes "Functional languages are here to 
stay. So are you ready to completely change the way you code?" 
http://www.zdnet.com/f-and-functional-computing-languages-out-of-the-lab-and-into-your-business-731309/
 
He writes .. "The sands of the IT world are shifting, as the cloud and mobile 
move from being secondary to the old n-tier+web model that's dominated for much 
of the last decade. That sea change is shifting the languages and tools we use, 
away from the C family of languages (such as C++, C#, and Java) to one that 
descends from more formal languages such as Lisp.

Functional programming languages were, until recently, languages for computer 
science. Based on a pure mathematical approach to programming, they were the 
basis of much modern computer science research, with languages such as ML, 
Haskell, and oCaml. One of the first commercialised functional programming 
languages was Erlang, developed to reduce the risk of errors in telephone 
networks. But now they're shifting to the desktop, and, more importantly,  to 
mobile devices, as well as programming cloud hosted PaaS platforms. 

It's important to understand the difference between traditional imperative 
programming techniques and functional programming. Functional programming is 
stateless, with mathematical functions at the heart of its operation. A 
function will always give the same result for the same inputs; it's never 
dependent on results from another function. That makes it easier to understand 
how a program will behave, something that's important when you're working with 
a range of external inputs — especially if you're working with streamed or 
asynchronous cloud data.

To get a feel for working with F# and functional programming, Microsoft 
Research runs an online F# interactive tutorial, where you can write code 
without leaving your browser.  http://www.tryfsharp.org/

Functional programming is a powerful technology, and one that's finally making 
its way from the research lab into your favourite IDE. You're probably using 
apps written using these languages already, as they're running the back ends of 
many major cloud services, as well as running complex financial systems — and 
social games. But it's in our pockets that it's going to make a difference, 
giving developers tools to write reliable, and predictable, code that copes 
with the complexities of the modern mobile network.
--


  
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] Question re spoofing with bad reply address

[Jeremy Visser]

Hi Stephen,

On 09/07/14 17:35, Stephen Rothwell wrote:
> SPF is broken by design (consider forwarding - including mailing 
> lists).

That’s because you’re forwarding incorrectly.  SPF validation is done based on 
the envelope, not the To/From headers, and all good mailing list software will 
fix this for you.  For example, your e-mail from the list to me contained these 
pertinent headers:

  From: Stephen Rothwell 
  To: Hamish Moffatt 
  Sender: link-boun...@mailman.anu.edu.au
  Return-Path: 

And the SMTP exchange would (presumably) have begin with "MAIL 
FROM:".  Therefore, the SPF validation is done 
against whether the sender can send from mailman.anu.edu.au, not rothwell.id.au.

A different situation I commonly encounter where forwarding happens but the 
envelope doesn’t change is if you deploy a spam filtering box (e.g. Postfix + 
Amavisd) in front of another box (e.g. MS Exchange).  If you don’t tell the 
downstream box (in this case, the MS Exchange box) to fully trust the upstream 
box, then it may erroneously perform SPF validation (MS calls it Sender ID 
validation, but same diff) on incoming messages (which will obviously fail).  I 
don’t see this as an SPF failure — rather, it’s a misconfiguration that stems 
from not thinking about the mail flow properly.

Jeremy.
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

[LINK] AEC to release secret voting source code

[Stephen Loosley]

> Date: Fri, 11 Jul 2014 11:59:45 +1000
> From: jer...@visser.name
> To: link@mailman.anu.edu.au

While you're here Jeremy ... thanks for supporting Tassie 
programmer-turned-lawyer Michael Cordover in his FOI request for the source 
code of AEC software, developed in-house, for conducting Senate counts.

At http://easycount.mjec.net Mr Cordover writes, "I'm a lawyer and nerd from 
Hobart, Tasmania. The AEC is responsible for counting Senate votes at each 
election. Given the complexity of the count, this is done using a computer, in 
accordance with the Electoral Act. This software was developed in-house at the 
AEC. Aware of that, and given the broad definition of document in the Freedom 
of Information Act, I put in a FOI request for the source code of the software 
used to conduct Senate counts.  (End quote)

Although the AEC refused, the Senate has quite correctly agreed, and forced the 
code release.

Article By Mahesh Sharma  (SMH)  July 10, 2014 - 8:23PM ...

The Senate has forced the Australian Electoral Commission to disclose the 
source code of the software that counts Senate preference votes after the 
organisation refused to release it in response to a freedom-of-information 
request.

The upper house on Thursday passed a motion by Greens senator Lee Rhiannon 
demanding that the Special Minister of State table the source code for the 
EasyCount application.

After the commission declined Tasmanian programmer-turned-lawyer Michael 
Cordover's FOI application he sent two further emails including another FOI 
request. It prompted the commission's chief legal officer, Paul Pirani, to 
accuse Mr Cordover of being a vexatious applicant who had colluded with another 
activist to harass the organisation.

Mr Cordover, who filed the FOI soon after last year's election, welcomed the 
motion but was sceptical of whether the commission would disclose the source 
code.

"The government has a tradition of not complying with orders of production of 
documents and I can see them waiving it on a range of grounds," Mr Cordover 
said. "If they do comply it renders my campaign moot, and I consider that an 
absolute success."

Mr Cordover said he was prompted to file the FOI after the 2013 West Australian 
Senate election because of a controversy a decade ago in America, where it was 
found that Diebold, the company that manufactures electronic voting machines, 
had strong ties to the Republican Party. People demanded the company release 
the machines' source code, in order to confirm that there was no bugs – or bias 
– that skewed votes.

Senator Rhiannon said after the bungled counting of last year's election, which 
forced a re-run of the West Australian poll and led to the resignation of 
commission head Ed Killesteyn, the refusal to disclose the source code had 
further damaged the organisation's reputation.

“There is no justification for the AEC refusing to release information on how 
the Senate vote is counted. It is widely known that it is very complex, so 
surely the methodology used should be publicly available," Senator Rhiannon 
said. “The AEC hardline position in trying to discredit Mr Cordover as a 
vexatious litigant is an abuse of the law under which the AEC operates and 
raises the very relevant question, what do they have to hide?"

The commission had not responded to a request for comment at the time of 
publication.

Mr Cordover has raised more than $6000 for an appeal against the commission's 
decision to reject his FOI application. He has pledged to pursue the matter 
until the source code is released, but committed to donate any unused funds to 
the Open Australia Foundation.

He said he did not suspect the commission had committed any wrongdoing, 
intentionally. But he said all software contained bugs and the only way to fix 
them was by inviting the public to scrutinise the source code. He said the 
risks were especially big given the complex methodology used to allocate Senate 
preference votes. Bugs had been found in an open-source system used in the ACT 
elections, he said, though this had not affected any results.

"The impact of those bugs could be quite varied. It could tell us that either 
the count was accurate and being done in the right way, or it wasn't," Mr 
Cordover said.

"I think it's important for democracy to see how votes are being counted. 
Secrecy is the antithesis of true democracy."

http://www.smh.com.au/it-pro/government-it/vexatious-digital-activist-forces-australian-electoral-commission-to-release-secret-computer-code-20140710-zt27i.html

Cheers,
Stephen


  
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] AEC to release secret voting source code

[Jim Birch]

On 11 July 2014 13:43, Stephen Loosley wrote:

> “The AEC hardline position in trying to discredit Mr Cordover as a
> vexatious litigant is an abuse of the law under which the AEC operates and
> raises the very relevant question, what do they have to hide?"


The Palmer bug? :)

More realistically, the way that the senate count works is open to
procedural interpretation as variation in the counting order could change
the result.  (I would have thought.)

Jim
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] Question re spoofing with bad reply address

[Stephen Rothwell]

Hi Jeremy,

On Fri, 11 Jul 2014 11:59:45 +1000 Jeremy Visser  wrote:
>
> On 09/07/14 17:35, Stephen Rothwell wrote:
> > SPF is broken by design (consider forwarding - including mailing 
> > lists).
> 
> That’s because you’re forwarding incorrectly.  SPF validation is done based
> on the envelope, not the To/From headers, and all good mailing list software
> will fix this for you.  For example, your e-mail from the list to me contained
> these pertinent headers:

I am not actually forwarding incorrectly, but you are right, the
mailing list example is a furphy (these days) that I should not have raised.

However, it does break any "normal" sort of forwarding unless the
forwarder goes to quite some effort when forwarding emails (that effort is
needed to allow the correct sending of error notifications).

Also, it seems from various sources that gmail (at least) are drawing
conclusions about whether an email is spam based on the *lack* fo SPF
information.  So if you have all your email forwarded to gmail (and
many do), then if the sender domain publishes explicit SPF information,
gmail will probably bounce it and if the sender domain does not publish
any SPF information, gmail may put it in your spam folder.  This is
partly caused by SPF's breakage of mail forwarding and partly gmail's
(assumed) overzealousness.

(I say "assumed" because I have found it impossible to get any response
from anyone at gmail when I complain about my emails going astray.)

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


signature.asc
Description: PGP signature
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] Question re spoofing with bad reply address

[Stephen Rothwell]

Hi Hamish,

On Wed, 09 Jul 2014 17:55:27 +1000 Hamish Moffatt  wrote:
>
> > It also doesn't help for those with email addresses in domains that
> > other people using the same domain post from lots of different places.
> > (e.g. other members of my family use various ISP's outgoing mail
> > servers)
> >
> 
> Yes, that's true. It might not suit all domains, and users might need to 
> adapt. Any reason why your other family members couldn't use an 
> authorised sender instead though?

Well, if for no other reason than that many ISPs insist that you use
their mail server for outgoing email and people change ISPs every now
and then.  Yes, I could ask them all to use the submission port on my
server and set up accounts for all of them but most of them also have
other email accounts (like gmail) and most of them are not very tech
savvy ...

> Email security is pretty poor, can we expect to fix it without the users 
> changing their configurations at all?

No, we can't, but SPF is not a good solution.

-- 
Cheers,
Stephen Rothwell


signature.asc
Description: PGP signature
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] Question re spoofing with bad reply address

[Jeremy Visser]

On 11/07/14 14:27, Stephen Rothwell wrote:
> Well, if for no other reason than that many ISPs insist that you use
> their mail server for outgoing email

Who does this?  I would invite you to name-and-shame them.

But before you do so, check that you are sending outbound as port 587 
(STARTTLS) or 465 (TLS).  It's common for providers to block port 25 due to 
rampant abuse, but as all port 587 or 465 based services are authenticated 
relays, there is no need to block this.

I know of some ISPs (e.g. Telstra 3G) who block port 25, but that's not the end 
of the world given that ports 465 and 587 are meant to be used these days for 
SMTP submission anyway.

(Blocking port 25 on Telstra 3G makes sense because it is a giant CGNAT 
network.  Think about it this way -- if they _allowed_ port 25, the CGNAT pool 
would constantly be listed/delisted from blacklists which would affect hundreds 
of customers at once.)

As a network/systems admin at a small ISP, I personally hate running mail 
services.  I prefer layers 2-3...layer 7 can get stuffed.  :-)  While I provide 
an anonymous SMTP relay for customers who for some goddamn stupid reason insist 
on using one, I do nothing to encourage people to use it, and usually try to 
talk people out of it.


___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] Question re spoofing with bad reply address

[Hamish Moffatt]

On 11/07/14 15:35, Jeremy Visser wrote:
> On 11/07/14 14:27, Stephen Rothwell wrote:
>> Well, if for no other reason than that many ISPs insist that you use
>> their mail server for outgoing email
> Who does this?  I would invite you to name-and-shame them.
>
> But before you do so, check that you are sending outbound as port 587 
> (STARTTLS) or 465 (TLS).  It's common for providers to block port 25 due to 
> rampant abuse, but as all port 587 or 465 based services are authenticated 
> relays, there is no need to block this.
>
> I know of some ISPs (e.g. Telstra 3G) who block port 25, but that's not the 
> end of the world given that ports 465 and 587 are meant to be used these days 
> for SMTP submission anyway.
>
> (Blocking port 25 on Telstra 3G makes sense because it is a giant CGNAT 
> network.  Think about it this way -- if they _allowed_ port 25, the CGNAT 
> pool would constantly be listed/delisted from blacklists which would affect 
> hundreds of customers at once.)
>
> As a network/systems admin at a small ISP, I personally hate running mail 
> services.  I prefer layers 2-3...layer 7 can get stuffed.  :-)  While I 
> provide an anonymous SMTP relay for customers who for some goddamn stupid 
> reason insist on using one, I do nothing to encourage people to use it, and 
> usually try to talk people out of it.
>
Why anonymous - can't you require them to STARTTLS+AUTH, even on port 25?

Optus blocks port 25 outbound too. Shrug; the customer IPs are listed in 
the dynamic IP blacklists anyway from memory. They don't block 465 or 
587 though.

Hamish
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link

Re: [LINK] AEC to release secret voting source code

[Chris Maltby]

> On 11 July 2014 13:43, Stephen Loosley wrote:
>> ???The AEC hardline position in trying to discredit Mr Cordover as a
>> vexatious litigant is an abuse of the law under which the AEC operates and
>> raises the very relevant question, what do they have to hide?"

On Fri, Jul 11, 2014 at 02:00:32PM +1000, Jim Birch wrote:
> The Palmer bug? :)
> 
> More realistically, the way that the senate count works is open to
> procedural interpretation as variation in the counting order could change
> the result.  (I would have thought.)

The only random element in the Senate count is the process to follow
when two or more candidates for election or exclusion have the same
number of votes, and they aren't eligible to be bulk excluded and
they also had the same number of votes at all previous stages of
the count.  Then (and only then) may one be selected by the State
Electoral Commissioner for election/exclusion - perhaps by tossing
a coin, but possibly deliberatively.

Not only is that circumstance very unlikely, the selection would
then most likely just affect a few subsequent stages of the count.
To be significant it would need to set off a cascade effect in the
order of subsequent exclusions to affect the actual election result.

And in the event of a tie for the last place with all candidates
having equal votes all the way back to the start of the count, then
the State Electoral Commissioner gets a deliberative casting vote.

Read the Senate Section of the Act (s273). It's hard to imagine
that any of the MPs who enacted it had any idea exactly how the
bulk exclusion process (13A) might be actually carried out.



I was a contractor to AEC in the mid 1990s when this software was
being developed. I can't understand why they never made it open-source,
but my recollection was that the developers ended up with partial
or complete ownership of the software even though they were paid
to write it by the AEC. Someone might have stuffed up the assignment
of IP terms in a contract...

Chris
___
Link mailing list
Link@mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link