old timey snake oil label

E-mail Marketing Services do not improve deliverability

Origin of the myth

There is a misconception on the internet that services like Constant Contact, Mailchimp, and Sendgrid will improve deliverability of your E-mail marketing materials. However that is simply not true. The misconception was created by the marketing and advertising efforts of those same corporations. If you repeat a lie enough times people will start to believe it.

Mailing List Services Reduce Deliverability

In fact, using any of those services increases the chance that your E-mails will be blacklisted. All E-mail server operators know that those services are used exclusively for sending out E-mail marketing material. Sendgrid has a very poor reputation for handling spam, and is auto-blacklisted from all of my personal E-mail servers.

This means if your business uses one of these services you could be blacklisted even if you never send out spam. Simply associating with these spam giants will cause you reduced deliverability.

Your Business E-mail should be 100% private.

In the meantime you can install free mailing list software such as phpList and others, and send your marketing material directly from your own private and properly configured E-mail server. Operating your own private services is the only way to ensure that other people’s behavior cannot negatively impact your own business. The total costs of this are very low, even the smallest of businesses can afford it.

There’s No Such Thing As Free Services

Many open source software applications are free, but internet services are not. Anyone who offers “Free service” is doing so as a marketing trick so they can eventually turn you into a paying customer, at best. And chances are they are getting value from your patronage in other ways even while you use their “free” plan.

care bears holding paws

How to socialize on the internet

Preface

It occurs to me many internet users maybe don’t have a Free and Open Source guide to the socializing options available to everyone. We all know about large social media corporations but perhaps you’re tired of the limitations they place on your content, or the invasions into your property rights or privacy. So this guide will be a signpost to a few great (and free!) choices.

The Blog – WordPress

WordPress is currently the best choice for blogging. It’s a great choice for a lot of other purposes too, which makes it a solid leader for “best website software”. Your family photo album, your small business, your personal opinions, and many other capabilities. I suggest starting with free themes, and low cost private hosting that offers you E-mail with your website’s domain name.

How will my friends follow me?

All the best blogging softwares, including WordPress, include support for publishing content “feeds”, including rss, rss2, atom, and so on. This is usually built in and enabled by default, allowing anyone to use various free RSS feed reader applications to follow their friends’ updates.

Link to WordPress: https://wordpress.org/.
Link to RSS Readers: Wikipedia.
Link to Hosting: Pride Tech Design.

The BBS – phpBB

A somewhat underappreciated feature of social computer networks is the bulletin boards, these days called forums. It’s a slow and thoughtful way to communicate and an excellent method to meet new friends with similar interests. I recommend the phpBB software, it’s extremely mature. It’s not as easy to install or administer as WordPress but there is documentation and with a little effort anyone can do it.

Link to phpBB: https://www.phpbb.com/.

The MicroBlog – Mastodon

Twitter is a corporate giant and your satisfaction as a user is second place to their return on investment. An excellent choice of alternatives is Mastodon, which is a diversified and federated network of private and community “instances”. You can join one or many, you can create your own, and everyone can participate together.

Link to Mastodon: https://joinmastodon.org/.

Simba as a cartoon tornadoUPDATE: After years of watching how people socialize on microblogs I’ve determined they are a terrible thing. They start out fine, but they do not scale. Eventually nobody is paying attention to anyone anymore, and it’s like trying to socialize in a tornado.

The Chat – Matrix

You’ve got a lot of options for chat softwares.. that is any app aimed at instant response conversations with support for group conversations. I recommend Matrix.org, for a number of reasons. It’s free, it’s open source, it’s distributed, it’s disowned from any corporate masters, and it’s ambitious. You’ll need to be patient with it, it is brand new software and they are trying to do a lot of very modern and exciting features. It’s a great opportunity for new programmers to cut their teeth on something exciting too.

Link to Matrix.org: https://matrix.org/.
Link to Riot.im (Leading client): https://riot.im/.

apple 2 computer showing bbs screen

How to build a Modern BBS

Preface

After reading an article here about building a modern Bulletin Board System, and crafting my own brief response here about how the website already is a modern BBS, I decided I should write a short guide on how you can construct a modern equivalent of a BBS on the web using mostly free tools.

A computer & phone line

In the 1980s operating a BBS required a computer and at least one phone line. Back then a single phone line would cost $20 to $50 per month. Today, a phone line still costs a minimum of $20 a month (phone service is a racket!), but you don’t need to spend that much. For $5 per month you can rent a Virtual Server from Digital Ocean with a dedicated IP address. As far as quality and reliability are concerned Digital Ocean are the best in the marketplace, which is why I recommend them. The link I provide is a referral link which will give me credit toward my own hosting bill if you sign up.

Digital Ocean Hosting

Website Software

It is true that you could build a website from scratch so you don’t actually need to use this software but that takes a lot of time and you’d be re-inventing the wheel. That’s okay if you’re a developer and you’ve got a great idea for a wheel that nobody has thought of before, but otherwise I recommend using WordPress. It’s free and mature, as well as very easy to start using.

WordPress.org

Message Boards

In the 1980s, “Message Boards” are where people would post and discuss topics. Today we call these things “Forums” but they serve the same functionality. The best software for setting up a message board on a website is phpBB. Not only is it free, but it has a really excellent user interface that meets all of the common needs and is very intuitive. It is stand-alone software and it is loaded with features. Installation is pretty easy but configuration can feel a bit daunting. Just take your time and read the documentation and you should be fine.

phpBB

DOOR Games

One of the coolest features of a BBS in the 1980s was Door Games. These were computer games that ran externally from the BBS software. The term ‘door’ was a reference to how the BBS acts as a gateway to access these games. This technology has evolved in multiple ways and powers many of the advanced capabilities seen on the internet today.

There are many ways to run games on your website. Software such as Unity or HTML5 make it possible to build modern games for the browser. However because Nostalgia is a big part of this theme, I’m going to recommend EM-DOSBOX, which is a plugin that allows you to run actual DOS games from within a web browser. The Internet Archive uses this same software for it’s video game archive website.

EM-DOSBOX

Real Time Chat

In the 1980s operating a chat system on a BBS was extremely expensive. First most free BBS software didn’t support it well at all, so you probably had to pay for a commercial platform. Second, every user required their own phone line connection, so if you wanted a 10 person chatroom you had to pay for 10 separate phone lines. Today it’s so much easier and cheaper.

There’s a lot of ‘chat’ plugins available for WordPress. I am going to focus on Matrix.org and Riot.im. There isn’t an easy ‘plugin’ available to install these on your website, but you could use an iframe to embed a riot.im chatroom. The Matrix protocol is still very early in development and as time goes on you can expect there will be simpler and more elegant solutions for this purpose.

Matrix.org
Riot.im

Summary

So there you have it all of the tools required to build a modern “BBS” on the web, and with the exception of server rental all of it is free. You could, in theory, do all of this on your own server running on your home internet connection but that introduces some challenges such as DNS addressing. It’s up to you if that’s worth the $5 saved.

You might notice I did not include detailed tutorials on each piece of this puzzle. That is intentional. This post is meant to be a starting point for people interested in this sort of project. There are already dozens of specific guides and tutorials available for each of the things I’ve linked. This kind of project represents an adventure and learning about the software is part of that adventure. Also, detailed information like installation procedures are likely to evolve over time. So if you’re looking for help with phpBB or WordPress, just do a web search for tutorials on those subjects and you’ll find dozens.

I hope you found this article helpful or useful. I welcome any comments on how to improve my recommendations.

The website is the modern equivalent of a dialup BBS

Preface

Today I read a really cool and nostalgia article about the BBS, which stands for Bulletin Board System. BBSes were what the cool kids used to communicate online before there was a consumer internet. You can read that article here

I just had to comment, because BBSes played a significant role in my teenage life. I spent more time online than I did in the classroom. Seriously I failed several classes in high school because I never attended, I was at home playing Legend of the Red Dragon or responding to posts in the forums. I’ve included my response below:

My response

I think it’s awesome what you’re doing, I grew up on BBSes and I didn’t think they were weird at all, but everyone at school thought I was weird. Then the internet hit their living rooms and I don’t talk to those people anymore. Too busy getting paid $100/hr to build and support their websites.

While I love the nostalgia of this project, I think it’s worth noting that the “Modern BBS” is called a website. I know I know, ‘it’s not the same!’, believe me I get it. But from a purely end-user functionality standpoint, a website is exactly the same as a BBS, only improved.

Forums are handled by software such as phpBB (hands down the best UX in forums), you can play all sorts of web based games including dosbox classics with some java plugin, chat rooms are easy to embed especially with the new Matrix.org protocol, and of course we have various ‘wiki’ software to handle documents.

Best of all, an IP address is cheaper than a phone line ($5/mo droplets from Digital Ocean are the way to go) and the cheapest solutions can still handle 5–20 simultaneous visitors.

One of the things I always thought was really great about BBSes is how they empower “regular” people to organize and communicate ideas. Literally anybody can set one up, you don’t need a license or permit and the costs aren’t prohibitive. Websites are the same. We’ve been seeing the results of this anarchy for the past 30 years as corporations are no longer able to monopolize the distribution of information.

When I was a kid I ran my own BBS using the Renegade software. I had wicked ASCII art I found on pirate sites when you logged in, I forget what but it was probably a grim reaper or something. Now I have tailpuff.net and the first thing you see are high resolution full color graphics. It doesn’t tweak the nostalgia but it definitely is an improvement of the model first presented by the BBS.

How to Build a Modern BBS

I thought people might be interested in this idea, and so I decided I would provide some links to software and resources you can use to re-create all of the features of a BBS from your own blog website. These are not the only solutions, just my personal favorites.

Full disclosure: The Digital Ocean link is a referral link, if you sign up I will get credit toward my own hosting bill.

care bears holding paws

Furry fandom is not an “accepting” community.

I was introduced to “Furry Fandom” in 1994

I was spending time in a role playing chatroom on America On-Line. Some friends of mine at the time introduced me to this thing called TLK Muck where I could role-play in the Lion King universe. It was basically a whole world built out of a chat network. I joined that for a few months and met some others who introduced me to something called “FurryMUCK”. This is how I learned about the Furry Fandom.

Care Bear at Heart

When I was growing up I would watch the care bears every morning at 5:30 before going to school. This was where I learned to socialize. I learned about being considerate of others and caring about their feelings. I learned to be nice instead of mean. Because of this, I did not get along well with most of the people at school, because most of them are dicks who do not care about anyone but themselves and their own instant gratification. Before you think I’m being extreme, we are talking about 10-18 year olds here.

O.G. Furry

Furry fandom spoke to all of my interests. I started attending and volunteering at conventions. I worked 10 years in the security department for Midwest FurFest, and 10 years in the Audio/Video department for Anthrocon. I was also on the Anthrocon Board of Directors for 3 years, as the head of the A/V crew. I worked 90 hour weekends. It was physically and emotionally taxing, and I enjoyed it because I was building this thing that so many people were enjoying.

“Retirement”

In 2009 I suffered a painful break-up and lost my job a few months later. The stress was too much. It was difficult enough finding money to attend conventions and so I stopped volunteering. It wasn’t until 2013 that I really got back on my feet, when I moved to Georgia and started my own business as a technology consultant.

I have been attending FWA each year since, and while I have felt the craving to volunteer I’ve forced myself to stay in retirement. Other people can do the hard work, and I will just enjoy it, I’ve told myself.

Making Friends Online

I’ve made most of my friends using the internet since the mid 1990s. Several of my friends have died in recent years, and others have written me out of their lives for this or that bullshit reason. So to find new friends I returned to the internet. I started joining “furry” themed chat groups based on interests I share. Surely I could find some new friends this way, I thought.

Furries are bullies. Furries are trolls.

What actually happened was something different entirely. I got banned from more than half of the groups I joined because I stood up to bullying. The pattern was so consistent I was able to identify the exact method they use, which I will describe in a moment. Every where I went, IRC, Telegram, Forums, and so on, the same thing happened.

The Playbook

I mentioned that the bullies use a consistent method, and here it is. Someone throws out some “innocent” looking statement into the chat, usually something based on the stated interest focus of that chat group. When someone responds to it, they gang up on that person. This happened to me a lot, because I thought the point of being in chat rooms for specific interests was to chat about those interests. I did not know they’ve been taken over completely by social predators. When I learned to stop taking the bait, I started seeing them doing it to other people.

Once the victim has been identified, you see the exact same people every time gang up on that victim. If this goes on long enough, the victim gets “banned” for “causing trouble”.

The Definition of Cause

The victim did not cause the trouble, the cause of the trouble was the person who threw out the bait in the first place.

the whole ugly thing is hiding behind “free hugs” like a creepy man handing out candy to children from his van.

This is the reality of “furry fandom” culture.

This is an organized and pervasive culture of bullying, it is going on every day, in every “furry” chat group.  This is not an “accepting” fandom. It’s a hostile place, full of real life predators, and the whole ugly thing is hiding behind “free hugs” like a creepy man handing out candy to children from his van.

I love anthropomorphic art and stories and I think a lot of furries are really awesome people. But this thing that I’ve born witness to for the past decade is not anything that I would ever support.

Sex is okay tho.

You want to know what doesn’t get attacked? Sex. If you’re sharing porn or encouraging sexual behavior, with the obvious exception of groups that explicitly forbid that, the bullies never target that. Intelligent conversations get you banned, mindless masturbation material is encouraged. This is 100% true, and not accidental at all. It’s intentional and it’s organized and it’s everywhere.

P.S. The Irony..

I tried posting something about this on /r/furry, a sub-reddit on the popular reddit forum service. They banned me. With their action in spite of my warnings they validated everything I’ve said.

stacks of money

DMARC is not the solution to E-mail Fraud.

The latest craze in E-mail security appears to be DMARC. Let me preface my post by saying I use DMARC, I use SPF and I use DKIM. I understand that people are mostly up in arms about the importance of DMARC because of how many major organizations haven’t adopted it. I understand it’s importance.

Problems with DMARC

Here’s the issue as I see it. DMARC does not solve phishing E-mails. It doesn’t do much more than SPF already does, and it doesn’t solve trust or identity in E-mail.

DMARC requires compliance by the recipient server to function at all, and all it does is tell the recipient to reject, quarantine, or allow fraudulent E-mails, a feature that SPF already provides.

This prevents someone from sending email from “custserv@paypal.com” but it doesn’t do anything to prevent them from sending an email from “custserv@payypal.com” which is how a huge number of phishing attacks are launched.

Oh and DMARC gives you some forensic information on who is sending fake E-mails from your domain. Which is completely useless in a high traffic real world scenario because you can’t take any effective action against the perpetrators.

Key Pair Signing & Encryption, a Real Solution.

Meanwhile we have PGP/GPG signatures which would, if properly implemented, provide a user friendly means of identifying the sender of an E-mail and verifying the integrity of an E-mail. But these have been completely disregarded by nearly 100% of organizations as “too difficult” to implement. Seriously, why doesn’t GMAIL come with a ‘PGP’ button?

PGP is arguably easier to implement worldwide than SPF + DKIM + DMARC. All you need to do is create the functionality client-side to create keys manage keyrings and interact with key databases. Compare this with setting up 3 different inline mail verification tools on every E-mail server in the world plus a slew of DNS records which can instruct servers to pass fake E-mails along without notifying the end users at all of suspicion.

Why are we being sold this half-assed solution to E-mail fraud when the real answer has existed for decades and would be easier to implement? If someone can explain why DMARC is being treated as the holy grail of E-mail security I would really appreciate it.

GPG/PGP is “Too Hard” for End Users

Bullshit. The difficulty of PGP/GPG has nothing to do with the technology and everything to do with the lack of proper support in E-mail clients. End Users don’t need to understand the technology at all, they just need a button that creates a key and publishes it to public key databases. The process is no more complicated than adding people to the address book on your phone.

Paranoid Conclusion

Using keypairs to verify authenticity of E-mail comes with a bonus feature, they can be used to encrypt E-mail to the point that it is “uncrackable”. Adding the signing capability to a service like GMAIL would also make it a lot easier for users to encrypt their E-mail, which would destroy Google’s business model since they read all of your E-mail to gather data. This is probably the #1 reason why keypairs have been ignored, with the #2 reason being pressure from world governments.

Your Thoughts?

My paranoid conclusion is not the only possible scenario, I would love to hear the opinions of other internet security experts on this issue.

Some Good News

You can implement PGP/GPG in your own E-mail and start using it with your friends, family and colleagues right away. And you should.  Visit the Electronic Frontier Foundation website to find some simple step by step tutorials for all platforms.

My Public Key: https://tailpuff.net/keys/

The “Internet of Things” must be stopped.

Preface

The Internet of Things is an idiotic idea dreamed up in a marketing lab at Apple and other corporations. Wide-eyed executives with no real grasp of technology saw an emerging market where they could capitalize and make billions of dollars, and they rushed to dive in without thought toward the consequences.

What is the Internet of Things?

The IoT or Internet of Things is the name given to a world filled with devices that have embedded operating systems which are internet-capable. On paper, in a fictional utopian paradise, it presents some pretty cool ideas. Sharing of data between apps, remote control, etc.

Where did the Internet of Things go wrong?

The IoT has been a complete fucking disaster. Because the devices are being rushed to market and made by the lowest bidders in chinese code-factories, the software is easily exploitable. The IoT has regressed internet security by 30 years in a handful of months.

What is the evidence for this disaster?

A recent DDoS attack, that is a “Distributed Denial of Service”, was launched using a botnet which is comprised at least in part by millions of “Internet of Things” devices. This was the largest recorded DDoS attack in the history of the internet and it won’t be the last. Think of this like a country testing a nuclear bomb. A black-hat hacker-for-hire group is displaying it’s capability. Next they will sell their service to anyone willing to pay.

What is the solution?

The Internet of Things needs to die, right now. Boycott all embedded devices which do not have robust security controls. Device owners need the ability to upgrade the software and install their own security controls which could be superior to the factory settings. This is absolutely required to bring embedded devices up to speed with the rest of the computerized world.

What if we do nothing?

Selling unstoppable DDoS attacks will become a common practice. With the IoT growing at a ridiculous rate, it will become trivial for anyone with some technical know-how to own networks of millions of bots. A huge black-market industry will emerge. There will be attacks on corporations, on non-profits, on news organizations, on government systems. Giant CDNs like Cloudflare will be destroyed by botnets. The internet will become a wasteland. The benefits we’ve seen in recent decades, improvements to human rights for example, will be lost.

Summary

This is a pivotal moment in human development. We have a choice to nudge our own technological evolution forward in a responsible manner, or push everyone off a cliff in a fool’s gold-rush lead by absolute idiots who are drunk on greed and have no idea how the technology works.

Encryption, PGP and Keybase.io

Privacy matters. Encryption matters.

Everyone has heard that the united states government is spying on you. They probably aren’t the only ones. If you aren’t concerned that strangers are reading your emails and instant messages and tracking your browsing histories you really, really should be.

A strong encrypted solution to online privacy has existed since 1991 when PGP was invented. A lot of people think that key-pair encryption, also known as end-to-end encryption, is really complicated or technical but it isn’t.

How it works

You have two keys. a PRIVATE KEY and a PUBLIC KEY. Your PRIVATE KEY is kept private, and you give your PUBLIC KEY to the world.

Receiving encrypted files & emails

When someone wants to send you an encrypted message or file, they encrypt it using your PUBLIC KEY. You decrypt it with your PRIVATE KEY.

Sending encrypted files & emails

When you want to send someone else an encrypted message or file, you encrypt it using their PUBLIC KEY and the other person decrypts it using their PRIVATE KEY.

The Trust Issue

There is another consideration, how do you know if the PUBLIC KEY that claims to be from john.doe@example.com actually belongs to Mr. Doe? In the past the method was to create a “web of trust”. John would personally give you his PUBLIC KEY, and you would digitally sign it using your key. Then when John gives his PUBLIC KEY to someone else, they can see that you have vouched for it’s authenticity. The problem with this is that everyone needs to do it. This has been one of the greatest hurdles in the adoption of key-pair encryption.

Enter Keybase.io

The clever folks at Keybase.io have found a solution. Their service allows you to connect your PUBLIC KEY with various online identities, such as Twitter and Reddit, or websites which you control. These entities are considered trust-worthy, because we use them every day to communicate with our family, friends, and colleagues. This service practically solves the trust issue, eliminating the necessity for the “web of trust”.

Keybase.io will also help you with the creation of a key pair, which simplifies and standardizes the process for a lot of people. Keybase.io also generates seperate key pairs for each device that you use, be it a smart phone or a laptop or desktop. If you stop using a particular device (for example if your smart phone is lost or stolen) you can revoke the keys for that device, preventing someone from using it to impersonate you, without having to destroy your original PRIVATE KEY.

The Future, Transparency and Ease-of-Use

Encryption is the future. It is the future because the alternatives are too horrifying to live with, which is why we have books and movies like 1984 and The Matrix warning us about them years in advance. Privacy is sacred and as a race human beings are going to embrace it, whether the government likes it or not (they really don’t like it). There have been technical hurdles to overcome, but with open-source community funded projects like Keybase.io, I am confident that the future of privacy looks bright.

“Algorithmic” timelines & social media, #RIPtwitter

The Slow Crumbling Death of Social Media

Today Twitter drove the final nail into the social media coffin. Twitter was the only wildly popular service which still presented a chronological timeline. Twitter does not make money, and they think the solution is to be more like facebook. Their mistake is that facebook is also not making any money from social media. Facebook makes money from unrelated “premium” content which they tack onto their social media product. Twitter does not offer that, so trying to copy Facebook is a sincerely foolish mistake. Their users have been telling them this for years as they’ve experimented blindly with various techniques to raise money, and they have ignored the wishes of their users, another serious faux pas.

For example I offer my own case. For the past 2 years I have been carefully pruning my tweets to ensure that what is left behind will be of some value, and representative of my mind and emotions. The chronological presentation of these tweets is critical to this effort. The new algorithm means something I posted 1 year ago might display today as if it were brand new while more recent tweets are lost in the noise. That is not the way I want my “micro-blogs” to be presented. In my case I saw the product that Twitter offered and I did something creative and soulfull with it, and in the flip of a switch Twitter has taken a giant shit all over my effort to embrace their product.

It is exactly the same as if you walked into a museum of art and decided to remove body parts from a statue and replace them in different spots because “trending data suggests people want to see arms where ears should be.” It’s thoughtless, short-sighted, and displays more disrespect for their own product than anything else. Their decision shows they have no faith in their service. If Twitter’s own executive board has no faith in their product then why should anyone else?

The people who run these social media “giants” are suit and tie business men who do not understand the culture of the internet, they don’t understand how it began or how it grew to where it is today, and they do not understand how their products fit into that culture. They don’t understand how people use their products and worse they’ve turned blind and deaf to user feedback. As corporate leaders, these people are the definition of failures. The continued crumbling of the social media “blogosphere” is proof.

All is not lost. It is increasingly simple to set up a personal blog site using free software, free of the controls of corporations like Facebook and Twitter. Thru the magic of RSS, a technology which predates social media and keeps control in the hands of the users, those corporations can be eliminated from the social media scene completely. The only roadblock has been ignorance to the available tools, but as social media users become more familiar with the internet and the kinds of technologies that it offers besides the World Wide Web, there will be wider adoption of protocols such as RSS. Indeed, that’s why you’re reading this post on tailpuff.net.

Helpful Links