50 Shades of grep (NSFW)

July 9th, 2012

<grifferz> unixmen.com is a bit of an odd name isn’t it

<taras> i thought it was going to be unix fanfic

<grifferz> maybe you could write and post some there

<taras> Torvalds cupped Stallman’s bristly sack in his delicate Finnish hand

<taras> “Let’s see if you’ve ‘Hurd’ of this position,” he whispered

<grifferz> 50 Shades of grep

Strategies for talking to Labour MPs about the draft Communications Data Bill

July 2nd, 2012

Dear Lazyweb,

I’m thinking of having a conversation, face-to-face, with my MP about the draft Communications Data Bill. I’ve already done some research on the logical and moral reasons why the bill is a terrible idea. I feel pretty confident in how I can articulate those points.

My MP is a Labour MP though, so I am wondering what additional points I can bring up that will appeal to the Labour party. I’m hoping that those of you who aren’t going to write to or visit your MPs would instead be willing to lazyweb me some advice.

Most obviously there is the fact that Labour is in opposition so anything they can say to criticise the coalition government is a good thing for them.

On that score, we have the following ace in the sleeve:

Labour have subjected Britain’s historic freedoms to unprecedented attack. They have trampled on liberties and, in their place, compiled huge databases to track the activities of millions of perfectly innocent people, giving public bodies extraordinary powers to intervene in the way we live our lives. The impact of this has been profound and far-reaching. Trust has been replaced by suspicion. The database state is a poor substitute for the human judgement essential to the delivery of public services. Worse than that, it gives people false comfort that an infallible central state is looking after their best interests. But the many scandals of lost data, leaked documents and database failures have put millions at risk. It is time for a new approach to protecting our liberty…

– David Cameron, “Invitation to Join the Government of Great Britain”, 2010

The problem I can foresee is, what if my MP points out that the bill is almost identical to the one Labour tried to introduce in 2008/2009 and therefore is something that she is broadly in favour of?

If this does happen then I could possibly try the angle that although Labour did investigate it, they found it had too much public opposition and was technically infeasible at a sensible cost. In effect I could try to spin this as a further attack point on the coalition that despite a past government having already spent time and money on this and getting an answer the coalition doesn’t like, they are going to do it all over again. If anything in an age when we have even less money and time to be spending on it.

I think my MP is a fan of Harriet Harman. Has Harriet Harman yet said anything that would indicate opposition of the CDB in all its past incarnations? What was Ms Harman’s stance on the CDB when Labour were proposing it? Give me links, people.

Any more ideas why Labour should get their hate on?

(If my MP is reading this, no disrespect is intended and I’m fully glad that you are able to read this without having to snarf it off of a black box on my ISP’s network! I look forward to having a chat with you about it.)

Update:

Just after writing this I contacted my MP’s secretary and asked for details of her surgeries. I was emailed back and asked if I would instead like to speak to her on the phone.

I was disappointed at not being offered a face to face meeting, but not wanting to appear to be a nutter I agreed to this and a call was scheduled for 2.30pm on Friday 6th July.

Depending on how it goes I may still try to have a follow up meeting. Whatever the case I will put all my concerns in writing anyway.

Update Friday 6th July:
It got to 3pm and I hadn’t had the call I was promised, so I emailed the MP’s secretary again to ask if it was still happening. The secretary replied immediately that she was sorry and would text my MP to find out what had happened.

Shortly afterwards I received a phone call from my MP, who was obviously in her car, apologising. She said that she had hoped to speak to me between meetings but was now having to rush to another and wouldn’t be able to, and asked if we could re-schedule the call for Monday 9th July.

I have agreed to that.

Update Monday 9th July:

Our phone call had been arranged for 11.30 today. By 12.30 I hadn’t received a call, so I emailed the MP’s secretary again to ask if it was still happening. As of 2pm I’ve received no response and I’m not available on the phone for the rest of today.

I’m rather disappointed that it seems to be so difficult to speak to my MP about this important piece of proposed legislation. I suspect that, as my first query about surgeries was turned into a suggestion of a phone call, that my MP doesn’t hold surgeries (I can find no details of any surgeries she may have held). I haven’t got infinite time to spend on this and am considering just putting my views in writing and calling an end to it.


Update Tuesday 10th July:

I received an email reply this morning from my MP’s secretary saying that she (the secretary) had not been working the day before so had not seen my email querying the lack of phone call. She asked me to confirm if a phone call had taken place. I replied that it had not taken place.

Around 5.45pm someone else from my MP’s office emailed me to ask if I was able to take a phone call on Friday (13th). No explanation of why the previously arranged call hadn’t happened.

I’m unsure at this point whether to suck it up and agree to reschedule the call, or whether to give up. If this were anyone in my personal or professional life I would have given up on them by now. But that doesn’t help anyone does it, and leaves me open to the criticism that I just didn’t try hard enough.

Update Wednesday 11th July:

Yesterday I was rather frustrated by the whole thing, but after a night’s sleep I’ve had chance to calm down and I’ve decided that in the interests of getting my point across I will swallow my pride.

I’ve again asked if a face to face conversation at a surgery is possible (because I think this is a complicated subject that isn’t best discussed on the phone), but if not then I’ve agreed to reschedule the call for Friday.

Around 09:45 I received a phone call from Mary Jo (secretary) who apologised unreservedly for how I had been treated and promised to sort it out today. I’m now glad that I didn’t lose my temper yesterday.

It’s since been arranged that I will have a face to face meeting with my MP on Friday 13th, so that’s great news.

Update Friday 13th July:

I think the meeting today went well. Ms Malhotra gave me plenty of time to discuss my concerns, seemed to genuinely take many of them on board and offered me some very useful advice for how I might like to take things further. She apologised for the initial problems I’d had in getting to speak to her. Overall I’m very glad that I persevered with this.

Of course there is much more to do, but making my views known to my MP was a necessary step.

SSH launchers for Ubuntu Unity

May 5th, 2012

Ubuntu 12.04

Given the recent release of Ubuntu 12.04, I thought it was about time that I upgraded one of my machines to it so that I could make sure I could still work with it effectively.

You see, both my laptop and my desktop were on the previous long term support release, 10.04. These days I don’t have a lot of patience for upgrading things every 6 months so I’m glad that the LTS releases are supported for many years. But after 10.04 Ubuntu made a bold departure away from the GNOME desktop and onto Unity. Knowing that I would be forced to change the way I did many things I have been putting off trying Unity. No more putting it off.

Terminals, Terminals, Terminals, Terminals, Terminals, Terminals

Given what I do for a living it’s fair to say that the predominant applications running on any of my desktop machines are many instances of terminals running SSH to remote hosts. I try to automate and configuration manage the hell out of everything, but it’s hard to avoid having connections open to a bunch of different machines at any one time.

In 10.04 what I used to do was have a .desktop file for each host that I commonly log in to, something like:

#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_GB]=/usr/share/icons/Humanity/apps/48/terminal.svg
Name[en_GB]=specialbrew
Exec=urxvtc -T specialbrew -e ssh specialbrew.localnet
Name=specialbrew
Icon=/usr/share/icons/Humanity/apps/48/terminal.svg

I’d then have a menu called “SSH” added to my top menu bar, with an entry for each of those files. This was quite nice as I could also have multiple levels of menu, thus segregating different classes of host, hosts I administer with different hats on, customers I do consulting work for, etc.

Unity’s Launchers

Sadly that all goes out of the window with Unity. For a start there is no top menu bar. You’ve got the launcher down the side where you can add the launcher for gnome-terminal, but if you click that launcher more than once all that happens is you get your first terminal window brought back to focus.

There’s an open bug report asking for ways to set different properties on launchers, but judging by the age it doesn’t seem to be much of a priority.

I haven’t got a clue about launchers in Unity but I had a quick read of some documentation and worked out how to add a launcher for urxvt (my preferred terminal as opposed to gnome-terminal), and how to put different options on it. For example:

$ cat ~/.local/share/applications/rxvt.desktop 
[Desktop Entry]
Name=rxvt
Comment=Use the command line
TryExec=/home/andy/bin/urxvtc
Exec=/home/andy/bin/urxvtc
Icon=utilities-terminal
Type=Application
Categories=Utility;TerminalEmulator;
StartupNotify=true
OnlyShowIn=Unity;
Keywords=Run;
Actions=New;specialbrew;backup1

[Desktop Action New]
Name=New Terminal (localhost)
Exec=/home/andy/bin/urxvtc -T stoli
OnlyShowIn=Unity

[Desktop Action specialbrew]
Name=New Terminal (specialbrew)
Exec=/home/andy/bin/urxvtc -T specialbrew -e ssh specialbrew.localnet
OnlyShowIn=Unity

[Desktop Action backup1]
Name=New Terminal (backup1)
Exec=/home/andy/bin/urxvtc -T backup1.bitfolk.com -e ssh backup1.bitfolk.com
OnlyShowIn=Unity

Once you do something like that and get the icon locked on the Launcher, you can right click on it and be offered “localhost”, “specialbrew”, “backup1″, etc.

Okay that is workable, but it kind of sucks. That list will get huge, and it’s a flat list.

Lenses

Lenses seem like a very powerful feature of Unity. When I was asking on IRC about how people handled this use case, someone suggested (sarcastically, I think!) that I needed to create a lens to view all my hosts.

I actually did have a look into it, and was initially rather put off by the task. Fortunately it seems that someone already had the idea of a lens that scrapes SSH hosts out of ~/.ssh/config and ~/.ssh/known_hosts.

The SSH Search Lens

After installing this, it worked pretty much as advertised. As noted in the README you do have to use “HashKnownHosts no” to take advantage of it being able to read ~/.ssh/known_hosts — some would consider that a security flaw. Rather than disabling known host hashing for all users, you can disable it just for yourself:

$ cat ~/.ssh/config
HashKnownHosts no
...

Note that it only re-parses the SSH configuration files when it starts, which means that if you SSH to somewhere new then it won’t be found in Dash Home until after you’ve logged out and in again (officially). I found that looking for the /usr/bin/python /opt/extras.ubuntu.com/unity-lens-sshsearch/unity-lens-sshsearch.py process and killing it would cause it to be restarted next time I went to Dash Home. That saves a logout/in (but might be Bad).

The current version is hardcoded to call gnome-terminal, and I wanted to change that. I edited /opt/extras.ubuntu.com/unity-lens-sshsearch/unity-lens-sshsearch.py and changed the following line:

TERMINAL_APP = 'gnome-terminal'

to

TERMINAL_APP = '/home/andy/bin/urxvtc'

(Yes, I compile rxvt-unicode from source and keep it in ~/bin. What of it? Wanna fight about it?)

After restarting the lens it failed to work. Nothing happened when clicking on the icons it found. It wasn’t sending anything to ~/.xsession-errors either.

In the end I had to strace it, only to find it was getting “permission denied” when trying to execute my TERMINAL_APP. What? I can execute it myself.

FFFFFUUUUUUUUUUUUUUUUU AppArmor

Yeah, unity-lens-sshsearch ships an AppArmor profile, /etc/apparmor.d/opt.extras.ubuntu.com.unity-lens-sshsearch.unity-lens-sshsearch.py to be exact. That specifies what it can execute, and it’s limited to gnome-terminal.

After adding the paths to my rxvt-unicode there (it’s pretty obvious how, if you look in the file) it was happy.

Deficiencies of the SSH Search Lens

So, obvious deficiences here:

  • Have to log out or risk killing the process to get it to index newly-added entries.
  • Hard-coded to gnome-terminal.
  • Still limited in terms of configurability to <command>, <user>, <host> and <port>
  • Still has a flat hierarchy — you’ve got a list of hosts that your search term will be matched against. Possibly greater knowledge of Lenses/Scopes could improve this.
  • My rxvt-unicode doesn’t have a nice icon like gnome-terminal does! I’m guessing I will be able to fix this by reading up more about the Launcher.
  • Would be nice if the stderr output of the lens went to ~/.xsession-errors like every other X application, instead of /dev/null that I note it is redirected to. I realise that ~/.xsession-errors tends to be known as “that multi-gigabyte file of garbage that no one ever looks at” but it’s marginally more useful than /dev/null!

But on the whole this is a fairly natural way for me to launch these SSH sessions — I can press the “super” key and start typing the host name and I’ll get a list of matching icons to click on.

Also even though I don’t know Python, the source of this lens seems quite readable so I may be able to improve it and/or make my own lenses in future.

Having Music Is Ace

April 30th, 2012

Tonight I’m on my own as Jenny decided to go to bed early; she has to get up very very early tomorrow for work. I got up a bit late today and don’t feel tired at all so I’m just contemplating an evening of work.

When I work I like to have a soundtrack, so I’m picking out a playlist for the next 12 hours (yes I will probably stay up all night).

What struck me is how much great music I have and what a terrible loss it would be if my collection were to be taken from me.

I’m not saying I have great taste in music. I don’t go to gigs — in fact I’ve never actually been to a gig at any venue larger than a pub — and I tend to find my new music through radio and TV; Later…, coverage of Reading, Glastonbury, that sort of thing. My taste in music has been described as “mediocre” by others, so I’m not saying I’m any kind of opinion leader here.

I was having a conversation on IRC recently about the streaming music service Spotify and how I don’t really understand the use case for it — I do get the mobile streaming part, it’s the idea of using it at home as your main method of playing music that I fail to comprehend.

During that conversation someone said to me:

“I use Spotify because I don’t have a music collection [...] I don’t derive pleasure from having a music collection.”

This idea completely boggles my mind! Looking through my collection I find all kinds of things with personal attachment.

It’s not that I feel like I have every bit of music ever. I know people who just download every bit of music they can and have hundreds of thousands of tracks. I’m not like that; I have just over 3,200 tracks most of which were ripped from CDs or purchased as online singles. If I don’t find myself listening to something for years then I usually delete it. So, my collection is stuff I do still listen to.

When building a playlist, every time seeing the list of albums brings back so many memories. Music that came out at certain times in my life, or was listened to a lot at certain times in my life. It brings back memories of my teenage years, university, past relationships (girlfriends who stole my CDs!), people who have since died. I’m not into a lot of obscure music, but there’s things there you won’t even find on Amazon as a CD, let alone on Spotify for streaming.

Maybe I am just getting old and not embracing the cloud. But how does one build a big playlist with something like Spotify? What about when they remove things from the service? I should just try the free version and see what it’s like.

Perhaps there are people of an older generation who don’t like the idea of only keeping music on the computer, and regard me with pity for not being immediately able to lay my hands on the CD or vinyl for most of my collection? That really doesn’t bother me; to me it’s the music that matters and it’s there for playing.

What bothers me is the idea of marking some track in the cloud as “liked” by me, and then later finding it’s disappeared for some reason so I can no longer listen. Memories gone.

If I did use something like Spotify I’d probably have to do some report of things I listened to a lot and make sure I buy them. I will get around to trying out Spotify at some point but I can’t imagine it will replace the desire to buy and own music, rather I would hope it would help me find more music that I like.

Because having music is ace.

Firefox, Ubuntu and middlemouse.contentLoadURL

March 18th, 2012

I use Firefox web browser, currently on Ubuntu 10.04 LTS. For many years I have set the config option middlemouse.contentLoadURL to true so that middle clicking anywhere in the page (that does not accept input) will load the URL that is in my clipboard.

After restarting my web browser somewhere near the end of January 2012 I found my Firefox 3.x had been upgraded to Firefox 9.x. Also the middle click behaviour no longer worked.

Perusing about:config showed that the option had been set to false again. I set it back to true but on restart of the browser it was set back to false. A bit of searching about found various suggestions about forcing it in my user.js file, but none of those worked either.

Finally, in desperation, I did a search of every file beneath /usr for the string “middlemouse”. Lo and behold:

/usr/lib/firefox-9.0.1/extensions/ubufox@ubuntu.com/defaults/preferences/ubuntu-mods.js

…
pref("middlemouse.contentLoadURL", false); //setting to false disables pasting urls on to the page
…

Commenting this line out once more allowed me to change the setting myself.

It seems this this override was discussed by Ubuntu as far back as 2004, but it only became something that I could not override upon the upgrade to Firefox 9.

I reported a bug about this, and one of the comments seems to suggest that the method Ubuntu uses to change these settings has changed because they were breaking Firefox Sync, and that this outcome (overriding middlemouse.contentLoadURL) is not as bad as breaking Firefox Sync.

Even so, I would suggest that this outcome is very confusing for people and that as middlemouse.contentLoadURL is a popular setting which is easy to change, it should not be overridden in some obscure file.

As of the recent upgrade to Firefox 11, the file with the override in it has now moved to /usr/share/xul-ext/ubufox/defaults/preferences/ubuntu-mods.js.

Dear System Integrators, a few words about screwing

March 10th, 2012

Right, System Integrators – those companies that buy components from Supermicro et al and build you a server out of them. You guys seem to have a bit of a fascination with screwing. Screwing things in as tight as you can. Please stop.

It’s 100% true that vibration of components like hard disks is bad. numerous studies have been done that prove that vibration causes performance problems as drives need to do more corrective work.

However, this does not mean that you have to screw in the drives to the caddies to the limit of what is physically possible. They just need to be tightened until a little force won’t tighten them any more.

When you supply me with a server that’s got four super-tightened screws for each drive in it, and I deploy that server, chances are that one of the first things that will break in that server is one of the disk drives.

During the years those screws have been there they haven’t got any looser. It’s likely that if you tightened them all to the limit of your strength and tools, by now the force required to unscrew them will be less than the force required to deform the screw head. Like this:

Stripped screw heads in a drive caddy

Close-up of a stripped screw head

No, this is not an issue of using the wrong driver head. Yes, you will strip a screw if you use the wrong driver head. That’s why I carry this stuff every time I go to a datacentre:

A selection of screwdrivers for your pleasure

There’s two exactly correct drivers in there, and several that should also work anyway despite being a little bit off. I have never had a problem unscrewing any screw that I originally put in. Probably because I don’t tighten them like I am some sort of lunatic. I can even unscrew them around a corner with the offline driver. Oh yeah baby. So far nothing I have screwed in with merely normal force has fallen apart.

And this is not an isolated occurrence! Nearly all of you seem to do this with every screw, everywhere. Stop it!

The drive in that caddy is a dead one, and luckily I had a spare caddy with me for the replacement drive to go in, otherwise I too would have been screwed beyond the limits of my endurance.

So, now I’ve got to drill those out just to get this caddy back to being useful again. Or more likely find someone else to drill it out for me as I don’t trust myself with power tools really.

ffffuuuuu

Dear Intarweb, please provide ethics check

January 5th, 2012

Earlier this evening I received a marketing email from a company I had never heard of, for an event I wasn’t interested in, to an email address I had only ever given to a differently, seemingly-unrelated company that we shall call Company U.

When this sort of thing happens it may be an indication that Company U has leaked their customer address database or else decided to sell the contact details on, so I’d sometimes follow it up instead of just opting out and consigning the address to the bitbucket forever.

In this case as many times before, I decided to have a whinge on twitter about it first.

Anyway to cut a long story short they got in touch, and it turns out that this marketing email has been sent by Company S. Someone from Company S emailed me to apologise and to remove my address from their list.

I asked this person how they obtained my email address that had only been sent to Company U, and they admitted that they used to work for Company U and that their “rampant CRM system” had somehow “indexed all of my PERSONAL emails”.

Now, from my point of view, this would actually suggest that this person has likely taken a database of customers of Company U with him to his new employer.

So, Internauts, do I have a duty to shop this guy to his former employer Company U? Or am I just frothing in my nerdrage here at the terrible inconvenience of being sent a piece of email I don’t want? Is the man a menace, or should I just get over it?

The Intruder™

November 25th, 2011

<grifferz> I want some sort of silicone stopper thing to put on top of my pint glasses when I put them in the freezer, so it forces the water up the sides and freezes them in a goblet shape, thus increasing the surface area of the ice

<grifferz> the top could be elasticated to fit varying diameters of glass

<grifferz> basically imagine a dildo with an elasticated base

<grifferz> an ice-intruding dildo

<MurkyGoth> …yes, it’s another Friday night on #bitfolk

<Robert> grifferz: do all of your glasses have the same girth?

<grifferz> yes (I only have three)

<Robert> grifferz: do you put your glasses vertical or horizontal in the freezer?

* MurkyGoth doesn’t like the way this is heading…

<grifferz> you’re asking me how I orient a half full glass of water in the freezer?

<Robert> yes grifferz

<grifferz> get tae fuck

<Robert> presumably vertically…

<Robert> but you might do it diagonally

<MurkyGoth> Robert “The Mad Inventor” Leverington and Andy “One man, two cans” Smith

<Robert> anyway, my point is i reckon this might be something you could do on a 3d printer

<MurkyGoth> #whatcouldpossiblygowrong

<Robert> do it as an insert that you put the glass upside down on top of

<MurkyGoth> DO IT

<MurkyGoth> Go to the London Hackspace and print yourself out a dildo

<MurkyGoth> THE INTERNET DEMANDS IT

<plett> “Hi. Can I print an ice-dildo on your 3D printer?”

<Robert> this will seal the water in and should be safe to push it out if it expands too much

<grifferz> I think The Intruder™ would have to be made of a material that “gives” (steady, Dave2) otherwise you wouldn’t be able to withdraw it (matron) from the ice

<Dave2> :O

<plett> I was expecting Dave2 to join in after: 21:02 <Robert> but you might do it diagonally

<Robert> grifferz: perhaps if you didn’t mind your Intruder being triangular you could design it such that it should be easy to pull out

<Robert> *pyramidical not triangular

<grifferz> hmm yes give it a notable camber..

<grifferz> I reckon ice would still grip it fairly strong

<MurkyGoth> Use a plastic cup of ice?

<grifferz> nice one, lateral thinking

<grifferz> little plastic cup with some ice cubes in..

<grifferz> let’s see if I can find one right now!

<grifferz> #BitFolk is doing science

<MurkyGoth> With beer

<MurkyGoth> The best kind of science

* MurkyGoth goes to solve the problems in the Middle East

<plett> It sounds like grifferz might actually want http://www.paramountzone.com/ice-tankard.htm

<find> plett: http://a.vu/9dix – Ice Tankard – Only £3.99 – Fast UK Delivery

<MurkyGoth> You must be new here

<MurkyGoth> On #bitfolk, one does not simply purchase the solution (for a reasonable sum of money)

<MurkyGoth> Channel rules demand time, effort and money are spent coming up with a plan which, at best, may only incidentally solve the original problem, and not very efficiently either

<MurkyGoth> (and for some reason, I just thought “Hmm, haven’t heard from so_solid_moo for a while…”)

<plett> In that case, the 3D printed ice dildo is clearly the best possible solution to the problem at hand

<MurkyGoth> I’ll ice dildo YOUR ha…never mind…

<grifferz> plett, nah, I want the ice in the drink as well (eventually)

<grifferz> anyway

<grifferz> I didn’t have any small plastic cups

<grifferz> so I cut the top off a small empty drink bottle and filled it with chick peas to weigh it down

<grifferz> my concern is that it will still be too hard to remove

<grifferz> I’ve taken a photo, hang on

<MurkyGoth> With the chickpeas removed, the soft plastic bottle should flex and be removable

<MurkyGoth> Failing that, fill plastic bottle with warm water, to melt the ice right next to the bottle, allowing the bottle to be removed

<grifferz> MurkyGoth, yeah that’s what I figured. might still try the small cup method though as it will be much faster to.. deploy

* MurkyGoth registers onemantwocups.com

SCIENCE!

I’ll let you know how it goes.

Update 2011-11-26:

The first attempt worked fairly well. It was not possible to remove the bottle from the ice without filling it with some warm water for a few seconds. I think this was probably because the bottle had a very slight bulge at the bottom.

It would be hard to find a perfectly cylindrical or even tapering plastic bottle, so I will next try the original plastic cup suggestion.


rsync: “Inflate (token) returned -5″

November 17th, 2011

Today one of my rsync backups began failing with:

inflate (token) returned -5
rsync error: error in rsync protocol data stream (code 12) at token.c(604) [receiver=3.0.3]
rsync: writefd_unbuffered failed to write 373 bytes [generator]: Broken pipe (32)
rsync error: error in rsync protocol data stream (code 12) at io.c(1544) [generator=3.0.3]

It was repeatable when trying to transfer the same file (a large gzipped SQL dump file).

It turned out to be a bug in that version of rsync.

rsync 3.0.3 comes with Debian lenny. In order to get a newer version I have had to use lenny-backports for this. That gets me rsync v3.0.7, which does not exhibit this bug.

(Yes, I am aware that squeeze has been released and this host should be upgraded to that. There is security support for lenny until at least February 2012.)

Did anyone else get this spam to an address they gave to Red Hat?

November 9th, 2011

On November 2nd I received this spam:

(some headers removed; xxxxxxxxxxx@strugglers.net is my censored email address)

Received: from mail15.soatube.com ([184.105.143.66])
        by mail.bitfolk.com with esmtp (Exim 4.72)
        (envelope-from <bounce@soatube.com%gt;)
        id 1RLikr-00070I-6U
        for xxxxxxxxxxx@strugglers.net; Wed, 02 Nov 2011 21:53:57 +0000
Received: from [64.62.145.53] (mail3.soatube.com [64.62.145.53])
        by mail15.soatube.com (Postfix) with ESMTP id 6B324181CFF
        for <xxxxxxxxxxx@strugglers.net>;
        Wed,  2 Nov 2011 14:46:01 -0700 (PDT)
To: xxxxxxxxxxx@strugglers.net
From: events@idevnews.com
Date: Wed, 02 Nov 2011 14:00:40 -0700
Subject: BPM Panel Discussion: IBM, Oracle and Progress Software

-------------
BPM-CON: BPM Panel Discussion - IBM, Oracle and Progress Software
-------------
Online Conference

Expert Speakers:
IBM, Oracle, Progress Software
etc..

The email address it arrived at was an email address I created in November 2004 in order to take a web-based test on Red Hat’s web site prior to going on an RHCE course. It has only ever been provided to Red Hat, and has not received any email since 2007 (and all of that was from Red Hat). Until November 2nd.

The spam email contains no reference to Red Hat and is not related to any Red Hat product.

From my point of view, I can only think that one of the following things has happened:

  1. Spammers guessed this email address out of the blue, first time, without trying any of the other possible variations of it all of which would still reach me.
  2. One of my computers has been cracked into and the only apparent repercussion is that someone spammed an email address that appears only in an email archive from 2004/2005.
  3. Red Hat knowingly gave/sold my email address to some spammers.
  4. Red Hat or one of its agents have accidentally lost a database containing email addresses.

Possibility #4 seems far and away the most likely.

I contacted Red Hat to ask them if they knew what had happened, but they ignored all of my questions and simply sent me the following statement:

“Hello.

Thank you for contacting Red Hat.

we apologies for the inconvenience caused however we would like to inform you that we have not provided your email address to anyone.

Thank You.

Red Hat Training coordinator.”

That wasn’t really what I was asking. Let’s try again.

“Hi Red Hat Training coordinator,

Thanks for your reply, but I’m afraid I am not very reassured by your response. Do you have any suggestions as to how an email address created in 2004 and used only by yourselves for my RHCE exam managed to be used for unrelated marketing by a third party in 2011, unless Red Hat either provided my email address or leaked my email address?

For clarity we are talking about the email address “xxxxxxxxxxx@strugglers.net” which has never ever received any email except from Red Hat, until yesterday, when it got some unwanted
marketing email from a third party.”

“Hi Andy,

Please be assured that Red Hat does not circulate student’s e-mail address to any third party.

Thanks,
Red Hat Training Coordinator”

I’m not getting anywhere am I? I was only after some reassurance that they would actually look into it. Maybe they are looking into it, and for some reason decided that the best way to assure me of this was to show complete disinterest.

Oh well, I can send that email address to the bitbucket, but I can’t help thinking it’s not just my email address that has been leaked.

Anyone else received similar email? If so, was it to an address you gave to Red Hat?

Update 2011-11-10: Someone suggested I politely ask the marketer where they obtained my email address. It’s worth a try.

“Hi Integration Developer News,

May I ask where you obtained my email address
“xxxxxxxxxxx@strugglers.net”? I’m concerned that it may have been
given to you without my authority.

Thanks,
Andy”

Also I have now been contacted by someone from Red Hat’s Information Security team, who is looking into it. Thanks!