Stopping Spam
Alan Schwartz and Simson Garfinkel
191 pages
O’Reilly, 1998
$19.95
ISBN 1-56592-388-X
As the name implies, this book is all about trying to stop “spam,” the unwanted and unsolicited email and Usenet newgroup postings that often involve questionable commercial ventures (“Earn $5,000/month at home stuffing envelopes!”). Spam is sometimes a controversial issue, as it can be tied to freedom of speech issues. The authors of this book are opposed to pretty much all forms of spam. Apparently, I’m more in the middle on this issue. When I get an unsolicited email with a legitimate return address from someone with a real business that offers a legal product, I just hit the delete key and go on my way without trying to complain or prevent future occurrences from the sender. Many magazines (including this one) could not be born or survive without the use of so-called “junk mail,” so that probably makes me more tolerant than most. However, it turns out that over 90 percent of the spam I receive either does not have a legitimate return address, uses “hijacked” Internet servers in violation of their stated use policies, or advertises blatantly illegal schemes or products or scams. So, while I don’t agree with all the authors’ positions, the current abuse of the Internet is so extreme that the kind of spam I would be willing to label legitimate is a tiny minority.
The book is much more than the fluff piece I expected. They’ve done an excellent job of retelling the history of spam, and it makes quite entertaining reading. It’s an ongoing war, and each side is actively evolving new techniques for combating the other, both legal and technical. If you’ve ever felt helpless after complaining to an ISP about spam and getting brushed off, you’ll love reading about the imposition of the Usenet Death Penalty (UDP) on recalcitrant hosters of spam. I was actually a user at Compuserve back when they totally ignored spam complaints — right up until the day their UDP was imposed. It warmed the cockles of my heart.
The book is not just definitions and entertainment, however. I figured on getting some platitudes about how to properly complain about spam. However, the book has lots of factual tips for several platforms. I’ve always thought the idea of using filters to eliminate spam was hopeless, but some of the tips offered here turn out to work well against my typical spam stream. The book points out that you may need to care more about spam than you think you do. Does your company operate its own mail server? Then you better make sure it cannot be hijacked by spammers who will use it to hide their own origin and have bounce-backs and hate mail sent directly to you! There’s even advice for ISPs on how to detect when their customers are engaging in spam.
Even if you don’t get much spam and don’t operate a mail/news server or ISP, the authors make a compelling case that spam ultimately still affects you. America Online testified in 1997 that roughly one-third of all received AOL email messages were unsolicited spam. Likewise, some statistics indicate that 35 percent of all posted Usenet articles are spam (down from 60 percent before serious anti-spamming software kicked in). When your email seems to take a long time to arrive, when your web browser takes longer to display pages even though you’re paying for a high-speed connection, just think of 30 percent or more of those TCP/IP packets out there being devoted to pyramid schemes and chain letters. A real spammer is happy to send out 150,000 email messages to get just a handful of new suckers. Spam has reached ridiculous proportions.
I’m not as gloomy about the possibility of spam destroying the Internet as the authors. It seems to me this is a case of déjà vu all over again. Remember when marketers discovered the computerized telemarketing machine, and everyone was bombarded with evening phone calls that asked you to say “Yes or No” at each beep? Or how about when marketers discovered so many people had fax machines that it was profitable to keep a database of fax numbers and bombard them with marketing information? There’s a pattern here. Each time marketers discover a cheaper information medium, they start to use it; then the hucksters catch on to it, and they totally abuse it; then there’s public outcry against the absurd overuse of the medium by scam artists. Finally, legislation gets formed, and the bulk of the abuse is eliminated. For example, in my state (Washington), it’s illegal to send me an unsolicited commercial fax or to use a computer to dial my number and read a marketing message to me. Consequently, those things rarely happen to me anymore.
Legislation is never going to eliminate spam — the small-time, hit-and-run artist willing to take a risk will always be around. But that’s no different than other mediums. For example, pick up any major national publication, and you can probably find the old “stuffing envelopes” scam advertised somewhere in the back. Postal authorities try to go after some of the more annoying perpetrators, but they often can just fold up their anonymous P.O. box and move to another city without being caught. The point is, national publications do not have 30 percent of their content consumed by paper spam, and I expect that after enough appropriate Internet legislation appears, spam will drop to a low rumble there as well. In my state, it’s against the law to send me an unsolicited email with a false or forged header or a misleading subject line. You can hop over to http://www.wa.gov/ago/junkemail/complaint.html and get an email form for complaining about junk email. That doesn’t mean anything will happen, but the attorney general uses such complaints to decide which abusers are worth going after. I think Washington’s new law has already had an effect (as I write this, the second suit under the new law has just been filed) and will probably continue to do so as more enforcement actions take place.
One thing slowing down the demise of spam is the fact that our legislators often don’t seem to be very good at, well, legislation. They create all manner of wacky laws that infringe on the Constitution (and therefore get overturned later) and don’t manage to produce the desired results. For some reason, people always seem to think the computer requires a whole different set of rules and laws than any other aspect of life, which is often not true. Deceptive advertising is against the law, and we shouldn’t need a new law to say that using a computer for deceptive advertising is illegal. Among government agencies jumping on the spam bandwagon, I think the SEC has had the best approach. They monitored reports of stock touting (telling lots of folks to buy a stock without disclosing that you stand to make a lot of money if they do) on the Internet, collected evidence, and then busted the perpetrators. No new laws, no fuss, no muss, just prosecution for the same old offenses without regard to the particular tool used to offend.
It’s taking a long time, but I think the spam situation is going to get better. If you buy this entertaining and fact-filled book, you can learn how to help make that happen. The speed with which spam decreases depends greatly on the actions of individuals.
Visual C++ MFC Programming by Example
John E. Swanke
594 pages
R&D Books, 1999
$49.95 (includes CD-ROM)
ISBN 0879305444
Visual C++ MFC Programming by Example by John E. Swanke serves both as an introduction to the MFC programming paradigm and an encyclopedia of how to solve 85 common application problems. In this sense, the book does apply to both beginning and experienced developers as advertised. Swanke assumes a working knowledge of object-oriented design concepts, such as inheritance and polymorphism. Developers who dive into MFC without this background are likely to become confused quickly.
The introductory text covers messaging thoroughly, which is the single most important thing you need to know about how MFC works. This includes essential topics, such as subclassing, superclassing, message pumps, reflectors, and window hooks. Each of these fairly abstract concepts are grounded in practical usage considerations. Many data-flow diagrams are used to good effect. However, the use of font sizes as small as six points makes them painful to read. Since the introduction to MFC is only a little more than 100 pages, only messages and drawing are covered in depth.
The remainder of the book forms an encylopedia of 85 user-interface examples. The layout of each example includes an Objective, Strategy, Steps, and Notes section. These run the gamut from the simple (Example 54: “Drawing Text”) to the tricky (Example 47: “Customizing a Common Control Window with Subclassing”). Lots of them are going to be essential to any nontrivial MFC application (Example 28: “Adding NonButton Controls to a Toolbar”). These will get you on your way, though a few may be too brief, such as “How to Use DAO,” which is only eight pages. Overall, I believe the approach will be most helpful to either novice MFC developers going in to do maintenance on an MFC application or Windows developers from a different background who are converting to MFC (e.g., Visual Basic or Delphi).
Approximately the last 100 pages are miscellaneous appendices of which the most useful concerns window styles for all MFC-supported controls. Many examples are included, which can save some trial-and-error in setting those often pesky flags. The accompanying CD-ROM has 4.6Mb of the samples from the book. However, with many examples being fewer than 20 lines of code, the CD-ROM is overkill. A single .zip file on an FTP site would have been better.
Any half-dozen of the 85 examples is likely to save you more than a couple hours of research or, worse yet, doing things the wrong way. Unless you’re the most grizzled MFC veteran, I think you’ll learn something from Visual C++ MFC Programming by Example.
Let's Talk Books
From: Glenn Sugden <[email protected]>
Subject: Interesting...In your review of More Effective C++, you used both halves (“kind of language that gives you enough rope to hang yourself” and “loaded gun that’s left holes in the feet of”) of the title of another great “distillation” book: Enough Rope to Shoot Yourself in the Foot, by Allen I. Holub. Was this a (grin) subconscious leak?
P.S. Both really are good books IMNSHO.
Unbelievably, Holub’s 1995 book never crossed my desktop, so if it was a subconscious leak, it must’ve been via the collective subconscious! —rlb
From: Julian Templeman <[email protected]>
Subject: ATL books
Ron,You asked in the December issue for brief descriptions of good books on ATL and IDL.
For ATL, I’d have to highly recommend Richard Grimes’ latest work for Wrox Press, Professional ATL COM Programming. Now, I know that I do write for Wrox, but I also teach ATL for a living, and this is one of the books that I highly recommend to anyone who is serious about programming with ATL. This library shares certain characteristics with MFC, among which are the fact that (a) you get the source code, and (b) that source code isn’t always as clear as it might be. Richard takes the ATL code to pieces, in much the same way as George Shepherd and Scott Wingo did for MFC, and gives a really valuable insight into how it works and how you can make it do what you want!
As for IDL, well, there really isn’t much around at the minute, but watch for a new title devoted to IDL, which will be out sometime in early 99. I gather that someone from the DevelopMentor crowd is also working on an IDL book, but I don’t know when that’s due.
Thanks for the feedback! —rlb
Books Received
Francis, Fedorov, Harrison, Homer, Murphy, Sussman, Smith, and Wood. Professional Active Server Pages 2.0. WROX, 1998. 991 pages. $59.95. ISBN 1-861001-26-6. Programming Microsoft’s web server, including transaction processing, e-commerce, databases, and more.
Goncalves. Core MCSE Implementing & Supporting Microsoft Exchange Server 5.5. Prentice Hall, 1999. 426 pages. $49.99, includes CD-ROM. ISBN 0-13-923525-6. Read the book, take the exam, come figure out why Exchange crashes my machine so often. CD-ROM includes CBT software.
Keogh. Core MCSE Networking Essentials. Prentice Hall, 1999. 358 pages. $49.99, includes CD-ROM. ISBN 0-13-010733-6. Get up to speed on networking for the big exam. CD-ROM includes CBT software.
Perry. Year 2000 Software Testing. Wiley, 1999. 413 pages. $49.99. ISBN 0-471-31428-5. I have to wonder, if it’s not too late to start preparing for the Y2K problem, then is it too soon to start preparing for the Y10K problem?
Pinnock. Professional DCOM Application Development. WROX, 1998. 479 pages. $49.99. ISBN 1-861001-31-2. Hands-on walk through DCOM topics, including transactions, LDAP, clusters, security, and more.
Wright. Beginning Visual Basic 6 Objects. WROX, 1998. 477 pages. $39.99. ISBN 1-861001-72-X. Introduction to use objects with the latest VB.
Got an opinion about these or other programming books? Send them to [email protected]. To submit books for review, see the guidelines at www.wdj.com/vendor/.