Upgrading an Older Macintosh with an SSD Replacement

Submitted by Brad Tombaugh on 9 February 2016 - 8:34am

Let me start with a little background -- I have been an avid Macintosh user since the original Macintosh (128K) was introduced in 1984, when I was in college. Yes, they can be expensive, but they are easier to use, which makes them more powerful, and I find that they have a longer useful lifespan then many other platforms. Over the years, I have kept many of my Macintoshes for over 5 years, keeping them relevant by adding memory and disk space over time, and of course keeping the operating system upgraded to the current version.

My strategy has often been to purchase a new machine just as it is discontinued, when it's very close to the current model but with a decent discount. My current Mac is an early-2011 MacBook Pro 17" that I bought in November 2011, when it was replaced by the late-2011 version, identical except for a modest bump in processor clock rate (2.2 vs 2.3GHz). I saved several hundred dollars by buying the earlier model.

After four years of faithful service, though, it was beginning to feel like an antique. Most of the OS X operating system updates actually improve the overall performance of the system, but it seemed like my old MBP just kept getting slower and slower. Exacerbating the problem is that my iTunes library has grown to over 500Gb, with music ripped in Apple-lossless (ALAC) format, high-definition movies, loads of books and apps, etc. It just wasn't practical to keep all of that on the internal drive, so i've moved the iTunes library to an external G-Drive. This has created an annoying problem. The G-Drive goes into a power-saving mode after being idle for some time. It seems that when it wakes up again when there is activity, it gets re-mounted in Read-Only mode, so you can't save any changes to the drive. Despite being unwritable, there is some background process, probably Spotlight, which is insistent that it has the drive in-use, so it won't allow me to eject the disk so that I can re-mount it again so that it is writable, unless I forced it.

This means that the only option was to shutdown the MBP, power off the external drive, reboot the Mac, then turn the external drive back on, and wait for everything to come back online. It was taking a couple of minutes to shutdown, 5-7 minutes to boot up, 2-3 minutes after logging in before the Desktop icons and menu bar icons would appear, etc. Overall, rebooting my laptop was taking nearly 20 minutes, which is a long time to wait before using the machine.

I was thinking that with tax-refund (hopefully!) season coming up, perhaps it was going to be time to replace the old machine with a new one. I've even contemplated moving to a desktop iMac instead of a laptop, since I tend to only use my iPad Air when I'm away from my desk. As I started to explore my options for a new Macintosh, I realized that the specifications on the new machines didn't seem all that different then my old one... I'm certain that there are probably a few underlying improvements, but the processors are only clocked a smidge faster than what I have now. So why do the newer MacBook Air models that my wife and daughter have feel so much faster than my 2.2GHz quad-core i7?

The answer lies in the storage! While my MBP had the option for a Solid-State Drive (SSD) back in 2011, it was a very pricey option at that time, and rather limited in capacity. I opted for a 5,400rpm 750Gb hard disk drive, which was more affordable, albeit much slower. As time has marched on, however, the slower drive performance has taken its toll. Most of the new Macintoshes have either a SSD or a hybrid "Fusion Drive" that caches the most-frequently accessed files on an SSD, then moves to/from a conventional hard drive for long-term storage.

The price for a solid state drive has come down considerably, especially for larger capacities. I did some research on the web, and the consensus seemed to be that the Samsung 850 EVO models were the highest-performance option at a reasonable cost, providing the best value. Many SSD's are packaged like a 2.5" internal SATA hard drive, so they are an easy swap for the hard drive in most laptops. I opted for a 1TB capacity, a bit larger then the 750Gb drive I was replacing, which cost about $350 on sale at MicroCenter in December, although the price on Amazon was similar.

Aside from the time to backup and restore the drive contents, the actual drive swap took under 10 minutes, but I've done this a few times before... As usual, I relied on nicely organized instructions from iFixit.com, just to guide me through the process. On my MacBook Pro, it's mostly removing the small Phillips screws around the perimeter of the bottom of the case, and removing a bracket that holds the drive in place. There are some pegs that screw into the mounting holes on the sides of the drive housing that get transferred to the housing for the SSD, then reverse the steps to reassemble.

Having already built a USB Flash Drive installer for OS X 10.11 "El Capitan" using the tutorial at MacWorld, I decided to start with a fresh install of the operating system. I booted up off of the flash drive, used Disk Utility to format the SSD as a journaled HFS volume, then let it complete the installation of the operating system. Next, I let the Migration Assistant move over the applications, settings, and files from my TimeMachine backup on an external FireWare 800 drive. This took some time, limited by the speed of the backup drive, not the SSD.

Once I was running on the SSD, I ran Software Update to load the latest updates. Even though I had been running 10.11.2 previously, the fresh install was only at 10.11, so it had to download the 1.4Gb update. I'm on ComCast Xfinity internet, with speeds up to 125Mbps, but was shocked that it was able to download in only a couple of minutes! It seems that even downloads are faster, when the machine isn't waiting to be able to save to the slow hard drive.

So the end result? I've timed the startup time, and from the time I press the power button until the login screen appears is now under 21 seconds! While there used to be a measurable delay in even seeing the Finder icons appear on the desktop, it's now instantaneous. Opening a new Finder window would have taken 15-30 seconds to populate with the directory listing, but is now immediate.

I also did an SSD upgrade in my home server, an older Core 2 Duo Mac mini, with similar results. Swapping out the drive in the Mac mini is a little trickier than the MacBook Pro was, so it took a bit more time, again utilizing a well-written guide from iFixit.com. While the original drive was a 320Gb, I've only used about a third of that, since most of the data is stored on a pair of external drives, so I chose a slightly smaller 250Gb Samsung 850 EVO unit.

While I spent about $500 on both SSD upgrades, I've gotten a significant performance increase in both Macintoshes, for a fraction of the cost of replacing either machine with a new model, breathing new life into my existing hardware investment. Highly recommended!

Moved to MacHighway

Submitted by Brad Tombaugh on 9 February 2016 - 8:33am

As I noted in December, my former web hosting service, GoDaddy, announced in December that they were going to revoke access to us the Mailman mailing list manager that is included by default in their Linux cPanel hosting accounts. I use Mailman for my personal use, as well as to manage several discussion lists for the MacinTech Macintosh Users' Group. GoDaddy claimed that it was due to spammers misusing the service, but I don't really believe that for a second... First, I've gotten more spam while being hosting by GoDaddy than any other service that I have ever used, so I have a hard time believing that they take any actions to prevent spam! They also began advertising their own bulk email service just days after the announcement that they were turning off Mailman, which I can't believe is a coincidence. I had moved my web sites to GoDaddy out of convenience when I was no longer able to host them myself after CenturyLink botched a DSL upgrade, leaving me offline for several weeks.

In any event, in early January, I signed up with local Denver-based web hosting service MacHighway. There package is actually less expensive than GoDaddy. It's also a bonus that they cater specifically to Macintosh users, so their instructions don't reference Windows for everything, although they seem fairly platform-nuetral overall.

So far, I am very pleased with MacHighway. The setup was easy. I have had to put in a couple of support tickets for things like requesting shell access, which is probably not typically used by their average customer. Initially, I had some issues with lots of my Mailman email traffic being discarded due to other sites deferring delivery using greylisting, but MacHighway was able to make adjustments to their Exim mailer settings to accommodate. They have been very responsive to the tickets that I've submitted, kept them open until resolved, and communicated frequently.

GoDaddy Shutting Off MailMan, so I'm Shutting Off GoDaddy

Submitted by Brad Tombaugh on 23 December 2015 - 3:50pm

This afternoon, I received this email from GoDaddy.com, my web hosting service:

Important information about your hosting account

Due to spammers abusing MailMan - a cPanel feature that lets you send bulk emails - we're removing the feature on January 23, 2016

If you want to send bulk emails to your customers or clients we recommend checking out GoDaddy Email Marketing. Not only does this program let you email customers, it also includes more powerful features than MailMan, like opt-out management.

If you have questions or need assistance, contact our Support Team at (480) 505-8877.

Mailman is one of the services that I rely on for personal use, as well as for the web site and mailing list that I operate on behalf of MacinTech, a non-profit Macintosh User's Group here in the Denver area.

I've just spent a half-hour on the phone with goDaddy, and there is no exception to their decision to remove Mailman from the service that I've already paid for in advance. Their proposed solution is to pay them twice as much as I do now to add their email marketing program!

There are other hosting providers, like MacHighway, that offer hosting packages for LESS than GoDaddy, which include a mailing list manager, Dada Mail, which is similar to Mailman.

So, after many years at GoDaddy, I'll be canceling my service and domain registrations with them in January, and moving to MacHighway.

Audiophile Headphones and High-Resolution Audio

Submitted by Brad Tombaugh on 20 July 2015 - 9:33pm

After we got the Bose Quiet Comfort 20i noise-canceling earbuds for Jeannette, I decided to sit down and compare them with my Bose Quiet Comfort 15 noise-canceling headphones, my Shure E3 in-ear monitors, and my Yamaha YHD-1 orthodymanic headphones. I was actually somewhat surprised by the differences between them, and I thought that they all sounded fairly good by themselves. I think that the Bose earbuds and headphones were very similar. I thought they my Shure E3 had better clarity, though the Yamaha sound was more open and natural, but lacked a little low-end.

While researching the earbuds, I ran across numerous articles on high-resolution audio as well, which is loosely anything that is more than the 44.1KHz sample rate with 16-bit depth (16/44) used by CD recordings. While many of the articles proclaimed how 24/96 or 24/192 sounded so much better than the overly compressed 16/44 recordings. I also found a number of articles like this one proclaiming that HD audio is like the modern-day equivalent "snake oil" marketing hype like tubes vs. transistors or oxygen-free speaker cables... Kirk McElhearn points out that at 16-bit, you can record up to 65K volume levels, and that 44KHz is the minimum sample rate to capture frequencies up to 20KHz, the standard for high-fidelity audio.

If you think back to the time when we went from 256 colors, to 65K colors to 16.7M colors, the difference was dramatic, with 16.7M colors more life-like and photo-realistic. While we were mostly content with 65K colors, and probably can't detect all 16.7M colors, the optimal color bit-depth probably lies somewhere in between 65K and 16.7M.

I think that the move to high-definition television is similar in many respects. In addition to being a higher pixel resolution, the image is also more realistic due to the improved color depth, with better shadowing and high-lights that also gives the image more depth. This change isn't just the resolution alone, but a combination of factors that makes the image discernibly improved, even when comparing 1080p to 720i resolutions.

Kirk McElhearn also had an article describing how to properly change the settings on the Mac to listen to high-resolution audio files, by changing the maximum bit-depth and sampling rate. He also points out that your sound quality is only as good as the weakest link, so if you're using cheap earbuds or speakers, you won't be able to detect any difference, much like trying to watch a Blu-Ray movie on an older analog TV wouldn't look any better than a DVD or a VHS tape.

Kirk also talked about the differences in the audio file format and compression used in MP3, AAC, Apple Lossless or FLAC, and uncompressed AIFF files. I was curious if I could detect the difference, so I took a CD and imported the same track as an MP3 and a 256Kbps AAC file. I found a free application in the Mac App Store called ABXTester which lets you do a blind comparison of two files in different formats, as long as they are natively supported (so no FLAC, for instance). With my Shure E3 in-ear monitors I was able to discern the difference between the higher and lower resolution files 4/5 times in repeated tests, which was enough to convince me that I was able to hear the difference. I re-imported the same CD using Apple Lossless, and was again able to pick which samples were which resolution more than 80% of the time.

Looking at my iTunes library, and displaying the columns for kind and bit-rate, I realized that most of my music was in the lower quality AAC (128kbps bit-rate), likely the default that I picked when my primary iPod was only 15Gb storage capacity. Even though higher rate formats were available, I hadn't changed the default, since that gave reasonable quality with a manageable file size, so that I could fit the majority of my music library on the iPod, without having to pick and choose what to include or exclude.

Over the next few weeks, I re-imported all of my CD collection into iTunes using Apple Lossless format, which preserves the quality of the audio, while allowing some compression to reduce the file sizes. I also changed the settings for synching my little iPod touch to convert down to 128K AAC, but 256K AAC on my iPad which has much more space available. This lets me have the highest quality on my MacBook Pro at home, with a more manageable size on my portable devices.

During this time, I also researched options for better quality headphones, using some of the same websites where I researched the noise-canceling earbuds. I prefer an over-the-ear style for more comfort when using the headphones for a longer period of time, and wanted an open-back design to use at home, since I already have the Bose QuietComfort 15 to use in noisy situations. I spent a lot of time reading through the reviews of full-size open-back audiophile headphones at InnerFidelity.

I was impressed to see that a decade old design costing under $300 on sale, the Sennheiser HD600, still made their "wall of fame" list, along with newer high-end headphones costing over $5,000! I've liked the professional audio gear from Sennheiser that I've used before, particularly their wireless microphones, and they are certainly widely regarded for their headphones. I also liked that many of the parts like the headband, ear pads and cables are replaceable, and sometimes interchangeable between similar models like the HD650.

The one drawback to the HD600 that I recognized is that the nominal impedance is over 300 ohms, which means that many low-power portable devices would have a difficult time driving them effectively, as they don't produce enough output power to drive that high of a load. That lead me to look for a headphone amplifier. While my intention is to primarily use the headphones at home, I wanted the option of a portable unit that I could take with me if I moved around the house. I found several portable headphone amplifiers that would work, but also discovered that for not much more than the price of an amplifier, I could get a unit that contained a higher performance Digital/Analog Converter as well, which would allow me to playback high-resolution audio files if I chose.

After some more research, I settled on the TEAC HA-P50 portable headphone amplifier/DAC. It's about the same size as the original iPod, with a large enough battery to last as long as my iPod Touch or iPad Air, and with a variety of inputs, including analog, TOSLINK, and USB. It comes with a high-resolution audio player on the Macintosh and for iOS, and allows USB connection to Windows, Mac, iOS and Android devices, so there is plenty of flexibility. It also incorporates its own Digital/Analog Convertor chip, a TI PCM5102 "Burr-Brown" unit that supports high sample rates and bit-depths.

I've been very pleased with the combination of the Sennheiser HD600 with the TEAC HA-P50. I think that i would have been very disappointed with the sound of the Sennheisers without the headphone amp. I do believe that the Burr-Brown DAC sounds better than the built-in DAC in the MacBook Pro or iPad, which also don't have enough power to drive the high-impedance load of the Sennheisers. I have done some comparison of high-resolution file formats, and with the HD600's, I can hear a difference in the sound quality. It is often subtle to be sure, but the HD audio has a more open, natural sound, with a more ambient, airy feel, where each voice or instrument can be discerned separately, instead of blended together in the lower-resolution recordings. You can hear the timbre of the horns, the resonance of the string bass, etc.

I can tell a significant difference with many of the CD recordings that I've had for years, re-imported using Apple Lossless format, played through the TEAC HA-P50 driving the Sennheiser HD600 headphones. Even live recordings like Kenny Loggins "Live from Under the Redwoods" has much better clarity, such that you can hear each voice in the chorus, instead of a single, blended voice.

I have downloaded some comparison samples from SoundLiaison and HDTracks.com which allow you to compare the same tracks in different formats. I've also purchased a few albums from HDTracks at higher resolution to compare with some of the CDs that I already owned. Anita Baker's "Rapture" has more clarity in HD audio than on the CD. I've just purchased a 24/96 high-resolution copy of "Chicago II" that is remarkably better than the same tracks from the "Greatest hits Volume I" CD that I've had for years. While it is likely a combination of factors, including not only the resolution and bit-depth of the recording, but also the engineering with little or no compression, etc. that makes the HD Audio recordings sound better than the CD recordings, I can tell a dramatic difference.

While I am still using iTunes to manage my music library, as it allows me to organize and synch my music with my iPod and iPad Air, I've switched to using the free music player VOX to listen at home, as it supports additional file formats, including FLAC and DSD or DFF, and support the high-resolution formats, and will synch the resolution of the TEAC's DAC to match the recording.

I think that the higher resolution and bit-depth capture more nuances in the sound than you get in the CD quality recording at 16/44. It's not just about frequency response, but the level of detail, provided that you have a high-quality sound system that is accurate enough to hear the differences. A good pair of headphones and an amplifier/DAC combination can be had for less than $500, allowing an audiophile listening experience without a lot of investment, which is still portable.

Noise-Cancelling Headphones

Submitted by Brad Tombaugh on 18 April 2015 - 2:25pm

Jeannette’s office is being remodeled, and will be moving to more “modern” open, low-walled cubicles. She’s already worried about the noise distraction, so I’ve been looking into noise-cancelling headphones/earbuds for her.

Since the dawn of time (or as long as they have been in business) I would say that I’ve not been a fan of Bose. Having worked in an audio shop while in college, we did some repairs to some of the original Bose 901 "direct/reflecting" speakers, which appears to be an array of 4" paper cone drivers like you would find in a clock radio... While the reflecting concept was interesting, they didn't seem to have a very full range. I preferred more open systems like the Magnaplanar or a time-phased array speaker like the Dahlquist DQ-10, upon which my home-built speakers are based.

I have an older pair of Yamaha YHD-1 orthodymanic headphones, which are open back, and have a nice airy sound. However, since they are open back, they aren't good at blocking ambient noises! When I decided that I needed noise-canceling headphones years ago, I bought a set of the original Bose Quiet Comforts, which I really liked. The sound wasn’t perfect from an audiophile perspective, but the noise-cancelling worked noticeably better than any others that I tried. After using those for several years, the sound on one side became intermittent, but I couldn’t tell if it was the cable or the electronics...

When I was moving into our new open office building a couple of years ago, with low walled cubicles, I realized that I was going to need good noise-cancelling headphones that worked properly. I looked at some other options like the Sennheisers, and also checked into getting my Bose QC fixed. I found that Bose doesn’t really do repairs, but they do trade-ins that cut the price of the new pair by almost half! That made a new pair of Bose less expensive than any of the other options, so I traded in the originals for a new set of Quiet Comfort 15.

I also have a set of earbuds that I really like. None of the Apple models seem to stay in my ears unless I'm sitting perfectly still, so I went looking for a better option. After some research several years ago, I decided on a set of Shure E3 in-ear monitors. I actually ordered them online from a pro audio shop, as their price was a bit lower than the E3c "consumer" models that they had begun packaging for the iPod or iPhone. After a couple years of use, one of cups became intermittent, so I sent them back to Shure for service. They actually just replaced them with a new set, which I'm still using today. They have good noise isolation, since they are in-ear, and are very small and portable to carry around, but I like the Bose QC better when flying. The in-ear fit is a bit snug, so I don't find them as comfortable for long periods of time.

After doing some research earlier this week on current offerings, and looking more at earbuds than headphones, it was pretty clear that the Bose Quiet Comfort 20i was the best choice. We picked up a pair at BestBuy on our way home from dinner last night, and Jeannette is very happy with them. I opened them up in the car before we left the parking lot, so that she could try them out on the drive home.

I found a couple of interesting review sites in the process. One of the best reviews was at WireCutter, which had some references to a site that specializes in headphones, InnerFidelity, which has very thorough reviews.

I hate SPAM, and GoDaddy is Useless!

Submitted by Brad Tombaugh on 12 April 2015 - 3:39pm

After the debacle with my CenturyLink DSL last summer, I had to make a quick decision on alternatives to hosting my own domain, email and web. I ended up being off the network for two weeks when CenturyLink couldn't figure out how to restore my DSL server when they did an upgrade that I had already cancelled.

Many years ago, I used a domain-hosting service called DomainDiscover that registered my domains and DNS, redirected web requests inside of a frame, and relayed email from a virtual domain to my ISP account. After I started running Apple's OS X Server, though, I realized that I could provide most of those services myself, on my own home server. My ISP, NeTrack, who was later acquired by Indra's Net, provided a static IP address, so hosting my own domain was fairly straight-forward.

Once I started running my own services locally, I decided that it wasn't necessary to be paying DomainDiscover for the other services that I wasn't using any longer. All I really needed was a domain registrar. Checking on pricing, it seemed that GoDaddy was about the least expensive, and while nobody had a great customer service record, GoDaddy was large and established, so I transferred my domain registrations to them.

So, when my DSL was down for an extended period of time, I did some quick checking, and discovered that GoDaddy had recently started using CPanel virtual Linux hosting, and had hosting plans on sale for half-price, so it was only about $5/month, as I recall. Since my domains were already at GoDaddy, it was easy to setup the hosting account, and I was able to get email service back up in a matter of minutes. Over the next couple of weeks, I was able to create MySQL databases and restore backups from my home server, and migrate all of the content for Drupal, so I had my websites backup in a couple of hours.

Since that time, however, the amount of SPAM that I receive has increased significantly. While cPanel includes SpamAssassin, it allows very little configuration, so its practically useless. What is worse that the SPAM is the backscatter. These are bounced messages from a forged sender that look like came from me, but didn't. When the SPAM can't be delivered, it sends the failure notice to the forged sender's address, which is mine in this case. I'm getting over 500 backscatter daily!

Let me say at this point that if you have looked up my name or email address on the web, because you're angry that I'm sending you SPAM about something seen on the Oprah show -- I'm not the one sending it, I haven't been hacked or infected with a virus or worm, and it didn't come from my computer!

My domain, or rather my domain's email server, is being spoofed by spammers, who are obviously sending huge quantities of SPAM from a variety of different sources, pretending to be my domain.

What does backscatter look like, and how can you tell where it came from?

Let's take a look at the headers from one of the messages. There different ways to do this in different email applications. In Apple's Mail, I choose "Message -> Full Headers" from the View menu.

------ This is a copy of the message, including all the headers. ------

Received: from [] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)
(envelope-from )
id 1YhKy8-0002yW-SZ; Sun, 12 Apr 2015 09:42:49 -0700
Subject: from: Brandon Tate
From: Brandon Tate
Content-Type: multipart/alternative;
X-Mailer: iPhone Mail (11D257)
Date: Sat, 12 Apr 2015 05:42:44 +0000
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Hi! How are you?

Have you seen this
Oprah had been using it for over a year!

First, let's look at the "From:" line

From: Brandon Tate

If a human were to look at this, its apparent that the name and address don't match. However, many email applications now hide the actual email address, and only show the sender's name, so many people aren't even aware that it has been faked.

Now, let's look at the "Received from" line:

Received: from [] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

This shows the IP address making the connection to the SMTP server. You can find who this address belongs to by doing a "whois" lookup, from a website, the terminal or command prompt, or the Network Utility on a Mac. I did a whois lookup, and see that address is assigned to Saudi Telecom:

Whois has started…

% This is the RIPE Database query service.

% Information related to ' -'

% Abuse contact for ' -' is 'registry@saudi.net.sa'

inetnum: -
descr: DSL HOME Subscribers
country: SA

role: Saudi Telecom Co. Registry Admin-C contact
address: STC complex, murslat, Riyadh
address: P.O.Box: 295997
address: Riyadh 11351
address: Saudi Arabia
phone: +966-11-4434970

% This query was served by the RIPE Database Query Service version 1.78 (DB-3)

I live in Colorado, and my domain is hosted by GoDaddy in Phoenix, so this definitely didn't come from me!

Next, on the same line, see the "HELO=" which shows the name that the sender proclaimed to be -- mail.tombaugh.org. If you lookup this host name in DNS, it shows:

dig mail.tombaugh.org all

; > DiG 9.8.3-P1 > mail.tombaugh.org all
;; global options: +cmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;mail.tombaugh.org. IN A

mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 600 IN A

;; Query time: 128 msec
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 65

;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;all. IN A

. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015041200 1800 900 604800 86400

;; Query time: 16 msec
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 96

The DNS query shows that the IP address for mail.tombaugh.org is, not In my opinion, this should cause the email to be blocked immediately! Unfortunately, it was accepted for delivery, but bounced, and sent the failure notice back to my account.

What can be done to prevent SPAM?

Unfortunately, it is obvious that the SMTP server that received the message isn't validating the reverse DNS lookup from the HELO, and they aren't checking the SPF record. Who's email server is that not checking these basic parameters? Lets look back at the received by line:

Received: from [] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

Oh my gosh! That's one of the servers in the secureserver.net domain operated by my hosting company, GoDaddy! So GoDaddy's cPanel virtual Linux hosting email servers are not checking that the senders name and address match, nor are they checking their own SPF records in their own DNS for the domains that they host for their customers!

The first line of defense against SPAM is in the SMTP server itself. The SMTP server bundled with CPanel is EXIM. Exim has the helo_verify option which will reject mail if the sender doesn't open with HELO or EHLO, or if the address verification fails. This is obviously NOT enabled. If it were the SPAM would get refused before it was sent.

The second line of defense is to use a blacklisting service such as SpamHaus to see if the sender has been identified as a spammer. I checked the address, and its in the SpamHaus Zen blacklist, and several other services as well. This leads me to believe that GoDaddy isn't using a blacklist to validate senders, either...

The next check that should be done would be to verify the authenticy of the sender using a certificate, Yahoo's DomainKeys or DKIM, or Sender Policy Framework. One of GoDaddy's own Support articles suggests creating SPF records in their DNS, which is ironic since their own servers don't seem to check SPF records!. This is what an SPF record looks like:

dig mail.tombaugh.org txt

; > DiG 9.8.3-P1 > mail.tombaugh.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;mail.tombaugh.org. IN TXT

mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 3600 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"

;; Query time: 154 msec
;; WHEN: Sun Apr 12 13:29:32 2015
;; MSG SIZE rcvd: 107

The SPF record is stored as text, and shows the names of the mail servers that are authorized to send for this domain. In this case, its including any mail server run by GoDaddy.

According to GoDaddy, after wasting an hour talking with their technical support, I should change my email account password, and create an "SPF" record in my DNS... The problem is, the mail didn't come from my account, so changing my password won't affect anything, and I already have an SPF record!

The technical support people at GoDaddy that I talked with today claim that since this email is being handled by cPanel that they can't change the settings to enable helo_verify, set a blacklist, or enable checking SPF records, which I think is bullshit! Even if GoDaddy weren't able to change the configuration for cPanel, they could (and should) relay their inbound email through their own gateway servers which ought to incorporate these kinds of basic filtering mechanisms.

I'm frustrated that not only is GoDaddy not helping to prevent or block SPAM, it appears to me that, in essence, they are enabling the spammers! Any combination of the three simple configurations that I outlined above would prevent this spam from being sent to thousands of recipients, and would eliminate hundreds of backscatter messages per day as well.

The only option that they were able to recommend is to move to a virtual Linux host, instead of cPanel, so that I could do all of the work to setup these things myself. This is what I was expecting to avoid by hosting my domains with a "professional" hosting organization. So, until I decide to host my own server again, I'm going to be deleting ~500 backscatter and a bunch of other SPAM every day...

New Horizons spacecraft to give clearest look at Pluto

Submitted by Brad Tombaugh on 15 December 2014 - 5:36pm

New Horizons launched in 2006 and it is finally closing in on some of the farthest reaches of the solar system. It came out of hibernation last week on December 6, 2014, and is now in active mode. It will make its closet pass by Pluto next summer.

Check out this story on 9news.com: http://www.9news.com/story/life/2014/12/15/new-horizons-spacecraft-to-g…

Here is a link to the mission page as NASA: http://www.nasa.gov/mission_pages/newhorizons/main/

And the Wikipedia article: http://en.wikipedia.org/wiki/New_Horizons

More Home Automation

Submitted by Brad Tombaugh on 11 December 2014 - 12:39am

After moving into our new house at the end of September, for my birthday in October I invested in some "Home Automation" stuff. I had been doing some research periodically over the past year or so, and had been following some of the INSTEON and Z-Wave news. I had decided that Indigo looked like the best option for Macintosh-based home automation, and it supported interfaces for X-10, INSTEON and Z-Wave, so it had lots of flexibility. I had been planning to go with INSTEON, but our new house came with a Schalge lock with a keypad entry that is Z-Wave enabled, so I went with Z-Wave devices instead.

I ordered a copy of Indigo Pro 6, along with an Aeon Labs Z-Wave USB stick interface, an Evolve plug-in lamp dimmer module and two GE/Jasco Z-Wave On/Off wall switches to get started. The Schalge/Nexia starter kit that came with the lockset included a Z-Wave lamp dimmer module as well, so I have two of them to work with now.

After my friend Jerry Nieman helped me install the wall switches to replace the front porch and patio light switches, I was able to install the Indigo software and drivers for the Aeon Labs USB stick on my MacMini server, and start up Indigo as a server process so that its always running. I can connect to Indigo from my MacBook Pro using a "client" installation of Indigo or from my iPad Air using their Indigo Touch app.

Once I had Indigo setup, I linked with each of the Z-Wave switches and modules, so that i could control them through the software. Initially I setup three schedules. The first turns the front porch and garage lights on 30 minutes before sunset. I setup Indigo's preferences with my actual latitude and longitude from a GPS app on my Droid, so its able to calculate the precise sunrise and sunset times for location of my house. The next schedule turns the porch lights off at 11pm, which I figured was late enough. I also created a schedule to turn the porch lights off 15 minutes after sunrise, so if we happen to turn them on in the morning, they will go off automatically after it is light enough outside.

After we got the fence put in around the back yard, I added another set of schedules for the patio light to do the same thing as the front lights. This basic setup works very nicely, especially after the end of Daylight Saving Time, so that the front lights are already on when we get home from work in the dark.

This week, I ordered a GE Z-Wave outdoor module so that I could control the outside Christmas lights. After dinner, I opened the package, and took the module out to the outside outlet on the front porch. I grabbed a 3-way plug block from the garage, as I had two cords to plug in. I also pulled out the Aeon Z-Wave USB stick from the MacMini Server. Once I plugged in the new module, I pressed the link button on the Aeon, then pressed the button on the module to link it.

I came back inside and plugged the Aeon back into the MacMini, and fired up Indigo on my MacBook Pro. I was able to add the new module, which I tested from my iPad Air using Indigo Touch. It let me turn the module on and off while walking around in the house. This let me control the outside Christmas lights through Indigo.

Next, I pulled out the Evolve lamp module out from the outlet behind my recliner that controlled my light. I plugged my lamp into the switched outlet for now, so that I could use the lamp module for some indoor Christmas lights. I took the lamp module to the front bedroom, and plugged it in for the snowflake lights in the front window.

Back at my MacBook Pro, I created a new “action group” in Indigo for “Front Lights Off” and added the light switch for the porch lights, the outdoor module, and my lamp module (temporarily). Then I defined the actions for each module to turn off. I duplicated the action group, renamed it for “On” and changed the actions to turn on each of the lights.

Once the action groups were created, I changed the schedule that turned the porch lights on and off to use the action groups instead of just the one light switch.This will now turn on all of the outside lights 30 minutes before sunset, and turn them off at 11pm. It will also turn them off 15 minutes after sunrise if we happen to have turned them on manually in the morning.

Now that I fixed the schedules, I also created a couple of “trigger” events in Indigo, using the state of the porch light switch. When the wall switch for the front porch lights is turned on, it calls the action group to turn all of the front lights on, and when the porch light switch is turned off, it turns off all of the front lights. There is a momentary delay, so I might need to adjust the polling interval for the switch… This setup lets me turn the Christmas lights on and off manually with the porch light switch!

I'm definitely going to be asking Santa for more Z-Wave switches for Christmas, so that i can automate more things throughout the house...

Apple released a BASH Shell Security Update for Shellshock, kinda...

Submitted by Brad Tombaugh on 17 October 2014 - 8:55am

While Apple has released a security update to address the "shellshock" vulnerability in the bash shell, they have not made it available through Software Update!

See the support page at: http://support.apple.com/kb/HT1222 for links to the downloads and installation instructions.

Update: Apple has rolled the bash shell update into Security Update 2014-005. See the details at: https://support.apple.com/kb/HT6531

Presumably, the fix is also included in OS X 10.10 "Yosemite" (https://support.apple.com/kb/HT6535) which was released yesterday.

Back Online!

Submitted by tombaugh on 25 July 2014 - 7:55am

I've been offline for a little over a week, after a botched Century Link DSL upgrade at home. I've moved to a GoDaddy web hosting plan, and have gotten all of my websites back up and running last night. I still have some fine-tuning to do, but the basic content is back up now.