Blog Administration
Tuesday, July 19. 2005
The SPAM Debacle Appears To Be Over
"The day is ours, the bloody dog is dead." -- Mr. Shakespeare
In what can only be described as a tacit admission of utter and complete failure, NMCI administrators have disabled the tagging of spam in association with the "word lists" method described elsewhere in these pages.
You heard it here first. We told you it wouldn't work.
Not only did it not work to defeat spam, it caused horrendous disruption for thousands of Navy and Marine Corps users. Rampant false positives left a user's mailbox littered with erroneous warnings about "Sexual content", "profanity" and "Proprietary content".
The warnings were changed cosmetically early on in the debacle to include the words "May contain..." which was apparently done in an effort to make users feel better about false positives and the associated ineffective treatment of spam. Another cosmetic change was made from "sexual content" to "unauthorized content". This was not only completely useless, but was most likely technically incorrect for places like Naval hospitals where legitimate e-mails probably contain words that are both sexual in content and authorized.
One official from the East coast instructed managers to tell complaining users that, "...this is the solution to SPAM and unwanted e-mail users have been asking for." Really? We would be interested to see the requests to use such an ill-conceived method to address the spam issue.
The erroneous tagging was more than just annoying for the primary recipients. The tags, adulterating both the body of the E-mail and the subject line, had to be scrubbed before the message could be forwarded or replied to. Wasting the Government's time and resources once again, thank you NMCI.
No white-listing or "intelligent" source analysis was done on the E-mails. Simply confirming the message source (through IP address, not sender fields) as .mil or .gov addresses could have easily abated some of the mess and probably reduced loading on the systems parsing thousands of messages a day. Of course there never was any facility for the users to do custom white-lists of their own.
User's quarantined messages were to be deleted in seven days, regardless of activity from the intended recipient. So if a user was on TDY, vacation or away from an NMCI seat for more than seven days his E-mail would begin to be permanently purged having never seen the light of day. There was no provision for the user to extend this time period or disable the "feature" of quarantine all together.
We are still completely baffled why IronPort would cast its shadow on such an idiotic undertaking. SpamCop.net, Bonded Sender Program, Senderbase.org and C-Series Appliances all speak to IronPorts ability to provide very effective spam handling. What were they thinking?
In what can only be described as a tacit admission of utter and complete failure, NMCI administrators have disabled the tagging of spam in association with the "word lists" method described elsewhere in these pages.
You heard it here first. We told you it wouldn't work.
Not only did it not work to defeat spam, it caused horrendous disruption for thousands of Navy and Marine Corps users. Rampant false positives left a user's mailbox littered with erroneous warnings about "Sexual content", "profanity" and "Proprietary content".
The warnings were changed cosmetically early on in the debacle to include the words "May contain..." which was apparently done in an effort to make users feel better about false positives and the associated ineffective treatment of spam. Another cosmetic change was made from "sexual content" to "unauthorized content". This was not only completely useless, but was most likely technically incorrect for places like Naval hospitals where legitimate e-mails probably contain words that are both sexual in content and authorized.
One official from the East coast instructed managers to tell complaining users that, "...this is the solution to SPAM and unwanted e-mail users have been asking for." Really? We would be interested to see the requests to use such an ill-conceived method to address the spam issue.
The erroneous tagging was more than just annoying for the primary recipients. The tags, adulterating both the body of the E-mail and the subject line, had to be scrubbed before the message could be forwarded or replied to. Wasting the Government's time and resources once again, thank you NMCI.
No white-listing or "intelligent" source analysis was done on the E-mails. Simply confirming the message source (through IP address, not sender fields) as .mil or .gov addresses could have easily abated some of the mess and probably reduced loading on the systems parsing thousands of messages a day. Of course there never was any facility for the users to do custom white-lists of their own.
User's quarantined messages were to be deleted in seven days, regardless of activity from the intended recipient. So if a user was on TDY, vacation or away from an NMCI seat for more than seven days his E-mail would begin to be permanently purged having never seen the light of day. There was no provision for the user to extend this time period or disable the "feature" of quarantine all together.
We are still completely baffled why IronPort would cast its shadow on such an idiotic undertaking. SpamCop.net, Bonded Sender Program, Senderbase.org and C-Series Appliances all speak to IronPorts ability to provide very effective spam handling. What were they thinking?
Monday, July 4. 2005
Waging War on SPAM
In an effort to help wage the Holy War against UCE/SPAM, NMCI has announced that it will be partnering with IronPort Systems and Symantec. We applaud this effort and can only hope that NMCI will begin utilizing the excellent SpamCop real-time blacklist from IronPort Systems. NMCI press releases state that the new spam solution "will provide NMCI with advanced threat prevention, block SPAM, and enable effective DoN e-mail policy enforcement." This statement, of course, was written by a salesman or an accountant but by applying the nonsense filter, this appears to point in a hopeful direction.
One disturbing statement addresses the proposed method of identifying spam. "...the DoN and EDS have agreed to a set of business rules designed to identify specific words or phrases that are contained in SPAM messages." We can only hope that they do not actually intend to waste Government time and money on building a word/phrase list to identify SPAM. Such a sophomoric attempt at tagging spam might have worked ten years ago but "bad" word lists would be lucky to catch 5% of SPAM today. Bayesian filtering applies a statistically weighted version of a word list but needs to be customized for each application and the filter must "learn" from actual user E-mail for it to be effective. Spammers use dozens of methods to defeat simple word filters and even Bayesian filters. Certainly companies like Symantec and IronPort know this already. It is curious that NMCI would even mention such a useless task.
An intranet article referenced in the announcement explains that spam will be kept in a type of escrow account where the user will be able to review suspected spam and move it to their inbox or delete it (confirming that it is spam).
All of this, with the notable exception of word lists, sounds like an excellent but long-overdue treatment of spam on the NMCI network. Kudos to NMCI for the effort but we make the following suggestions:
1. Use real-time DNS blacklists at the mail gateway to block SMTP connections before they even connect to the server. Spamcop.net (an Ironport Systems project now) and Spamhaus.org (SBL-XBL) are two excellent choices if anyone is listening....
2. Abandon the use of "word and phrase lists" as they are completely ineffective and a waste of resources. The high number of false positives will cause user distrust and the use of pure word lists, as opposed to pattern matching, has been ineffective for the past several years. Smart matching from programs like Spam Assassin are an excellent alternative but come at the cost of processor loading.
3. Utilize a Bayesian database for each user to help build a statistical perspective that is surprisingly effective even with extensive Bayes poisoning campaigns now being waged by spammers.
One disturbing statement addresses the proposed method of identifying spam. "...the DoN and EDS have agreed to a set of business rules designed to identify specific words or phrases that are contained in SPAM messages." We can only hope that they do not actually intend to waste Government time and money on building a word/phrase list to identify SPAM. Such a sophomoric attempt at tagging spam might have worked ten years ago but "bad" word lists would be lucky to catch 5% of SPAM today. Bayesian filtering applies a statistically weighted version of a word list but needs to be customized for each application and the filter must "learn" from actual user E-mail for it to be effective. Spammers use dozens of methods to defeat simple word filters and even Bayesian filters. Certainly companies like Symantec and IronPort know this already. It is curious that NMCI would even mention such a useless task.
An intranet article referenced in the announcement explains that spam will be kept in a type of escrow account where the user will be able to review suspected spam and move it to their inbox or delete it (confirming that it is spam).
All of this, with the notable exception of word lists, sounds like an excellent but long-overdue treatment of spam on the NMCI network. Kudos to NMCI for the effort but we make the following suggestions:
1. Use real-time DNS blacklists at the mail gateway to block SMTP connections before they even connect to the server. Spamcop.net (an Ironport Systems project now) and Spamhaus.org (SBL-XBL) are two excellent choices if anyone is listening....
2. Abandon the use of "word and phrase lists" as they are completely ineffective and a waste of resources. The high number of false positives will cause user distrust and the use of pure word lists, as opposed to pattern matching, has been ineffective for the past several years. Smart matching from programs like Spam Assassin are an excellent alternative but come at the cost of processor loading.
3. Utilize a Bayesian database for each user to help build a statistical perspective that is surprisingly effective even with extensive Bayes poisoning campaigns now being waged by spammers.
Thursday, June 16. 2005
Survey Says
We have some representative questions from one of the vaunted NMCI customer surveys. We assume each survey is asked some subset of a question pool so your mileage may vary. Information on what types of surveys are conducted and why they are so important to EDS can be found here.
This particular survey was an "Enterprise Satisfaction" survey. The survey was only accessible through an NMCI seat and consisted of 14 questions. We are not sure why EDS has been so secretive with the questions as they are fairly reasonable.
However, that being said, the questions are somewhat vague and could be interpreted a number of different ways. This is especially true given the varied experience levels and technical skill levels of the user base.
For example, "How satisfied are you with network reliability?" is a ridiculous question to ask anyone, even a Navy network engineer. How is a user to distinguish a network problem from a web proxy problem from a Windows domain controller problem from a shared drive problem from a mail server problem from a.... Users are not allowed to run or install network analyzers on the NMCI network so how is staring at a Windows 2000 GUI going to tell them anything about "network reliability"?
Other examples of obtuse questions include "processes to make changes to your IT environment." Exactly what does that mean? User don't know of any changes they can make to the IT environment -- its a managed IT infrastructure. Perhaps changing the Windows wallpaper image counts. The "process" for making changes to the environment is to modify the EDS contract. Not something the average user is going to have experience with.
Without further delay or curmudgeonry, here are the questions we had submitted.
How satisfied are you:
1. With the dependability of the computer you use?
2. With network reliability?
3. With having access to the computer hardware you need to accomplish your job?
4. With having access to the software you need to accomplish your job?
5. With the professionalism of EDS personnel?
6. With technical support services provided by the help desk?
7. With technical support services provided by on-site personnel?
8. With the timeliness of problem resolution?
9. With the solution implemented to correct any problem you experienced?
10. With finding and using information about NMCI services?
11. With the accuracy of information describing how to use NMCI services?
12. With training on how to use NMCI effectively?
13. With the processes to make changes to your IT environment?
14. What is your overall satisfaction with services provided by EDS?
The survey then gives a form field for free-form entry of comments or questions and a couple demographic questions:
How experienced are you with using a computer?
Beginner - Primarily used for email and word processing.
Average - Above plus Internet services and other commercial software use.
Intermediate - Above plus spreadsheets.
Power-user - Above plus report development and legacy applications.
Expert - Above plus solving technical issues and running multiple applications.
What tasks do you perform with your computer?
Detailed research
E-mail
Job planning/scheduling
Presentation Development
Scientific or engineering computing
Spreadsheet activities
Web Browsing
Word Processing
What type of computer do you use most often?
Desktop
Laptop (including docking station)
Deployable
None of the above
This particular survey was an "Enterprise Satisfaction" survey. The survey was only accessible through an NMCI seat and consisted of 14 questions. We are not sure why EDS has been so secretive with the questions as they are fairly reasonable.
However, that being said, the questions are somewhat vague and could be interpreted a number of different ways. This is especially true given the varied experience levels and technical skill levels of the user base.
For example, "How satisfied are you with network reliability?" is a ridiculous question to ask anyone, even a Navy network engineer. How is a user to distinguish a network problem from a web proxy problem from a Windows domain controller problem from a shared drive problem from a mail server problem from a.... Users are not allowed to run or install network analyzers on the NMCI network so how is staring at a Windows 2000 GUI going to tell them anything about "network reliability"?
Other examples of obtuse questions include "processes to make changes to your IT environment." Exactly what does that mean? User don't know of any changes they can make to the IT environment -- its a managed IT infrastructure. Perhaps changing the Windows wallpaper image counts. The "process" for making changes to the environment is to modify the EDS contract. Not something the average user is going to have experience with.
Without further delay or curmudgeonry, here are the questions we had submitted.
How satisfied are you:
1. With the dependability of the computer you use?
2. With network reliability?
3. With having access to the computer hardware you need to accomplish your job?
4. With having access to the software you need to accomplish your job?
5. With the professionalism of EDS personnel?
6. With technical support services provided by the help desk?
7. With technical support services provided by on-site personnel?
8. With the timeliness of problem resolution?
9. With the solution implemented to correct any problem you experienced?
10. With finding and using information about NMCI services?
11. With the accuracy of information describing how to use NMCI services?
12. With training on how to use NMCI effectively?
13. With the processes to make changes to your IT environment?
14. What is your overall satisfaction with services provided by EDS?
The survey then gives a form field for free-form entry of comments or questions and a couple demographic questions:
How experienced are you with using a computer?
Beginner - Primarily used for email and word processing.
Average - Above plus Internet services and other commercial software use.
Intermediate - Above plus spreadsheets.
Power-user - Above plus report development and legacy applications.
Expert - Above plus solving technical issues and running multiple applications.
What tasks do you perform with your computer?
Detailed research
Job planning/scheduling
Presentation Development
Scientific or engineering computing
Spreadsheet activities
Web Browsing
Word Processing
What type of computer do you use most often?
Desktop
Laptop (including docking station)
Deployable
None of the above
Sunday, April 24. 2005
Running Startup Scripts
Why does it take so long for an NMCI machine to boot up? Exactly what is the machine doing when it boots? Does anyone know?
We took a small sampling of boot up times for both laptop and desktop seats. Remember this is relatively current hardware running Windows 2000 -- not state of the art but certainly not something out of the 80s. These are average times.
Laptop -- From Boot to Login: 3 Minutes, 37 Seconds
Laptop -- From Login to Desktop: 2 Minutes, 18 Seconds
Total Unusable Time: 5 Minutes 55 Seconds
Desktop -- From Boot to Login: 3 Minutes, 30 Seconds
Desktop -- From Login to Desktop: 2 Minutes, 12 Seconds
Total Unusable Time: 5 Minutes, 42 Seconds
Of course NMCI attempts to mitigate these times by instructing users to not turn off their machines at night. Of course this flies in the face of the energy saving initiatives at many sites. More importantly, many laptop users have discovered -- the hard way -- that their laptop hard drives are not rated for continuous duty. Leaving these machines on 24 hours a day is the kiss of death for the older Dell hard drives.
It should be noted that some machines took significantly longer to boot, so much so that they were not even recorded in this sample and dismissed as aberrant. One desktop machine took over 10 minutes after log in to present a usable desktop. Several laptops on the same network at the same facility took an extra minute beyond the times shown here.
As a data point, the following times were taken from several legacy Windows XP machines running similar hardware.
From Boot to Login: 41 Seconds
From Login to Desktop: 17 Seconds
Total Unusable Time: 58 Seconds
Certainly all of these times, NMCI and Legacy, are the result of dozens of variables. It appears that the NMCI machines are interacting heavily with Domain Controllers or something else on the network during boot.
Just as long as people are counting the extra five minutes of wasted employee time (several times a day for thousands of employees) when they tout the improved efficiency of NMCI.
We took a small sampling of boot up times for both laptop and desktop seats. Remember this is relatively current hardware running Windows 2000 -- not state of the art but certainly not something out of the 80s. These are average times.
Laptop -- From Boot to Login: 3 Minutes, 37 Seconds
Laptop -- From Login to Desktop: 2 Minutes, 18 Seconds
Total Unusable Time: 5 Minutes 55 Seconds
Desktop -- From Boot to Login: 3 Minutes, 30 Seconds
Desktop -- From Login to Desktop: 2 Minutes, 12 Seconds
Total Unusable Time: 5 Minutes, 42 Seconds
Of course NMCI attempts to mitigate these times by instructing users to not turn off their machines at night. Of course this flies in the face of the energy saving initiatives at many sites. More importantly, many laptop users have discovered -- the hard way -- that their laptop hard drives are not rated for continuous duty. Leaving these machines on 24 hours a day is the kiss of death for the older Dell hard drives.
It should be noted that some machines took significantly longer to boot, so much so that they were not even recorded in this sample and dismissed as aberrant. One desktop machine took over 10 minutes after log in to present a usable desktop. Several laptops on the same network at the same facility took an extra minute beyond the times shown here.
As a data point, the following times were taken from several legacy Windows XP machines running similar hardware.
From Boot to Login: 41 Seconds
From Login to Desktop: 17 Seconds
Total Unusable Time: 58 Seconds
Certainly all of these times, NMCI and Legacy, are the result of dozens of variables. It appears that the NMCI machines are interacting heavily with Domain Controllers or something else on the network during boot.
Just as long as people are counting the extra five minutes of wasted employee time (several times a day for thousands of employees) when they tout the improved efficiency of NMCI.
Monday, April 18. 2005
More Surveys
For what its worth, NMCI has released the results of the most recent "customer satisfaction" survey conducted first quarter 2005. The survey was conducted from February 28th to March 29th and was sent to 25% of the deployed users. We shall see if details of the survey are forthcoming. Previous surveys have been shrouded in mystery with EDS refusing to release details including what questions were actually asked.
EDS reports that the latest results show that overall customer satisfaction was at 73.6% which is up from the previous survey results at just over 72%. Further breaking down the results, EDS says users are happy with EDS personnel (86%) and not so happy with "the processes to make changes to the IT environment" (56% satisfied).
We could find no further details about which "processes" they are talking about. One is also left to wonder (much as last time survey results were released) exactly what questions were asked and how many surveys were actually returned to be counted. The usual gouge at Federal Computer Week, Government Executive and Navy/Federal Times sheds no light on the subject either.
Apparently Marine Corps customers were left out of previous surveys. Joining in this survey, only 69.1% of Marines were satisfied with NMCI. Not a glowing recommendation. Then again, we don't even have a clue as to what "satisfied" actually means in this context.
EDS reports that the latest results show that overall customer satisfaction was at 73.6% which is up from the previous survey results at just over 72%. Further breaking down the results, EDS says users are happy with EDS personnel (86%) and not so happy with "the processes to make changes to the IT environment" (56% satisfied).
We could find no further details about which "processes" they are talking about. One is also left to wonder (much as last time survey results were released) exactly what questions were asked and how many surveys were actually returned to be counted. The usual gouge at Federal Computer Week, Government Executive and Navy/Federal Times sheds no light on the subject either.
Apparently Marine Corps customers were left out of previous surveys. Joining in this survey, only 69.1% of Marines were satisfied with NMCI. Not a glowing recommendation. Then again, we don't even have a clue as to what "satisfied" actually means in this context.
Sunday, April 17. 2005
Where Credit Is Due
Let's give credit where credit is due. NMCI does do some things right. Albeit a bit late.
In an effort to allow laptop users to utilize higher bandwidth legacy and "secular" networks, NMCI began officially rolling out its Broadband Unclassified Remote Access Service (BuRAS) in late March. BuRAS is not much more than a virtual private network (VPN) solution that is custom tweaked to operate correctly with the NMCI software and OS load.
EDS reports that it is officially pushing BuRAS to "Navy flag officers, SES personnel, and their direct staffs" and expects to push to all 80,000 NMCI laptop users in a phased approach. It has not been rolled out to Marine Corps seats yet. It remains a mystery why initial pushes to high-ranking personnel were deemed more important than any other user. With rank comes privilege, apparently....
BuRAS has been in beta test for several months with select users. It works well although, like some other software VPN solutions, takes a fair amount of time to establish a connection before the user can begin working. Once connected it offers the mobile user full access to all NMCI assets such as shared drives, E-mail and intranet servers.
Users can connect via any high speed connection such as ADSL, cable modems, corporate Ethernet networks, and hotel or airport networks. It uses the RJ-45 Ethernet port on the laptop. USB connectivity via external adapters is not supported.
In an effort to allow laptop users to utilize higher bandwidth legacy and "secular" networks, NMCI began officially rolling out its Broadband Unclassified Remote Access Service (BuRAS) in late March. BuRAS is not much more than a virtual private network (VPN) solution that is custom tweaked to operate correctly with the NMCI software and OS load.
EDS reports that it is officially pushing BuRAS to "Navy flag officers, SES personnel, and their direct staffs" and expects to push to all 80,000 NMCI laptop users in a phased approach. It has not been rolled out to Marine Corps seats yet. It remains a mystery why initial pushes to high-ranking personnel were deemed more important than any other user. With rank comes privilege, apparently....
BuRAS has been in beta test for several months with select users. It works well although, like some other software VPN solutions, takes a fair amount of time to establish a connection before the user can begin working. Once connected it offers the mobile user full access to all NMCI assets such as shared drives, E-mail and intranet servers.
Users can connect via any high speed connection such as ADSL, cable modems, corporate Ethernet networks, and hotel or airport networks. It uses the RJ-45 Ethernet port on the laptop. USB connectivity via external adapters is not supported.
Wednesday, April 6. 2005
Never Heard Of Him
The Navy Marine Corps Intranet appears to be simply the Navy Intranet or the Marine Corps Intranet depending on what side of the Pentagon you salute. Navy users can plow through literally thousands of E-mail addresses in the MS Outlook global address book without seeing a single Marine Corps E-mail address. Marine Corps users have no access to the Navy address list either.
NMCI has stated that it has "no plans" to merge the two databases. We believe that is perhaps a bit overstated (and certainly came from an unofficial and non-authoritative source). Perhaps they mean they have no immediate plans to provide a single address list. Perhaps they can not do it because of technical limitations in their chosen database method.
Whatever the reason, the purple color of NMCI appears to be fading a bit more every day.
NMCI has stated that it has "no plans" to merge the two databases. We believe that is perhaps a bit overstated (and certainly came from an unofficial and non-authoritative source). Perhaps they mean they have no immediate plans to provide a single address list. Perhaps they can not do it because of technical limitations in their chosen database method.
Whatever the reason, the purple color of NMCI appears to be fading a bit more every day.
« previous page
(Page 3 of 5, totaling 35 entries)
» next page
