Thursday, 29 April 2010

Archaelogical evidence for and against God

It fascinates me that christians think that it's OK to use science to provide evidence for God on their terms. In the article, for example, the finders claim that they have discovered the remains of Noah's Ark. Yes, we've heard this before; there is an ark-shaped and ark-sized anomaly on Mount Ararat that we've been aware of for a while now. This is a new "find". This one is slightly more convincing because it contains actual wooden beams (and straw!), whereas the other "find" is apparently fossilised. Now, if you know anything about fossilisation and the conditions it requires (damp, quick burial, a few million years, etc.), then the stone ark can't be the real thing because it would not be fossilised, and it isn't buried, and it's not damp; Mt Ararat is quite dry apart from snow. The latter find, which is more promising, however, has the anomaly of straw. The straw would definitely have decayed after 6000 years!

The reason I say that this fascinates me is that these "discoverers", like the guys who punt the much-vaunted "irreducible complexity" of a bacterial flagellum, seem to want to use scientific empirical evidence to prove that God exists.

I have four problems with this Noah Story, and with using science for the purposes of religion.

1. I'm pretty sure the noah story had an element of truth in it, after all, it appears in the epic of Gilgamesh from a hundreds or thousands of years before the OT was written.

2. Proof of some element of a story isn't proof of the whole story. Imagine I write a book about JFK in which he has a secret advisor, say an old school teacher. The secret advisor tells him to go on a parade in an open car. Turns out the secret advisor was in on the plot to kill him. Did that secret advisor exist? No, he's a figment of my imagination. So just because JFK existed and went on a parade in an open car, doesn't mean that my secret advisor existed. Ditto God. Just because there's a book which contains some facts about some actual characters, e.g., perhaps King David, and that same book mentions a fictional character, God, it doesn't prove that just because some of the fictional characters (David) are not fictional, that all the fictional characters (God, Jesus, etc.) are not fictional. In ancient times, they didn't separate narrative history and narrative fiction. Legend was believed to be "fact".

3. There are many purported sites of the Ark, including purported fossilised full-length sites that are ship-shaped and match the measurements given in the bible. Problem is, fossilisation takes millions of years, not merely 6000 years. If fossilisation took 6000 years, we'd have partially-fossilised Roman and Egyptian remains.

4. Why is it OK to use science to prove religion but not OK to use science to disprove religion? Surely if the method of science is acceptable when proving religion, the method of science should always be acceptable? And if the method of science is always acceptable, then how is the story of Adam and Eve a morally acceptable story at all?

Let's think about it. The bible, Nietzsche says, begins with a story of hatred for knowledge; it starts with the ultimate sin of humanity being the quest for knowledge; eating the fruit of the tree of knowledge! It starts with humanity taking the knowledge of good and evil, i.e., free-will, for herself! Huh! And I thought free-will was a gift from God! Apparently not; it is a gift from Satan! So free-will and knowledge, according to the bible, are the ultimate sins! Why? Because "it will make man like US", says the Bible. Who is us? Well, it is Elohim, (Hebrew for "the Gods"). The GODS? Yes: Elohim is plural.

On the other hand, I happen to presently be consulting for the Origins Museum at Wits University. This very week, they have Australopithecus Sediba on display in their museum. it is 1.95 million years old. If you want to feel humble before the might of something, go see that. I personally was called in to talk about it; fortunately, one of the researchers was there so I got to go and have my birthday lunch instead. (Yes, I, the person who most doubts that we have free-will, was born on South Africa's Freedom Day holiday!).

Here's Sediba:

This is also not proof that God does not exist; it is merely proof that Genesis is a fairy tale. So just as finding Noah's ark can't prove that God does exist by verifying Genesis, finding Sediba does not prove that God does not exist by refuting Genesis.

I fondly believe that in the end, information will prevail. Information is corrosive to religion. This is why the book of Genesis opens with a story about how the worst sin of all time is to seek knowledge. This is why in St. Paul's writings he says (Corinthians) "Beware lest any man spoil you through philosophy".

Saturday, 3 April 2010

Why Greylisting is WAY better than Spamassassin

Having run my own ISP/hosting company for a while now, it has struck me yet again how much more effective greylisting is than Spamassassin. I get a system log every night, and I check the results of the accuracy of the spam filters, so I can say this with confidence.

The reason I say greylisting is more effective is:

a) It gets fewer false-positives (i.e. it doesn't often discard an email from a legitimate person) - typically around 0.3% - 1.0% false-positives, or an accuracy of about 99-99.7%
b) It uses less CPU time - one process, generally, is present, and the contents of the email don't have to be downloaded, uploaded or accepted for inspection at all, before the filter makes its decision.

By contrast, at any time on my server, there can be as many as 20 copies of spamassassin processing incoming messages. Furthermore, its accuracy is dreadful; it typically has two or more false-positives every day, especially since many of my subscribers run small companies and send out mail that may look like spam. I had to explicitly tell spamassassin to not score my local users' mail! Surely that should be a given? Surely, by default, spamassassin should do that, or at least have a clearly signposted option? It was rejecting my own users' mail and letting 419 scams through! I had to add a whole bagful of extra filters to it, to catch images with spams written in the image, 419s which had different from and replyto addresses, and dialup-relayed mails. Furthermore, Spamasssassin got a LOT of false-positives from MS Outlook. It seems that because Outlook does not (surprise surprise!!) adhere to SMTP standards, Spamassassin scores any mail from Outlook, by default, very high: as spam. I had to explicitly lower the scores of all the Outlook-related tests because my legitimate users were experiencing mail rejections as a mere result of using Outlook. Of course, this is Microsoft's fault, but the guys who wrote Spamassassin should just accept that Microsoft and Outlook are not going away anytime soon, so they'd best not presume that a Microsoft email is by default, a spam.

Another thing that baffles me is that there seems to be no way to recognise spammy-looking email addresses, by default. You have to tinker with from-address-contains-numbers rules to get this to even work. Fortunately, milter-greylist catches most of them before they even get to Spamassassin!

Spamassassin, as you're probably aware, is a content filter. That means that the mail has to actually arrive on the server before it is scanned for spam-like features. This not only uses up your bandwidth, but your CPU time. On the other hand, greylisting just looks at who the mail is from, who it is to, and what its source IP address is. If the source IP has been blacklisted, the mail is rejected. If the from and to addresses have not been involved in a previous exchange, the mail is temporarily rejected. If the source IP address is not a known server, the mail is also temporarily rejected. If the server sending the mail re-sends it a second time, the mail is accepted. If the server sending the mail does not re-send the mail, then the mail has effectively been dropped. As I mentioned above, this simple test is about 99.7% effective and accurate. Most days I have maybe one or fewer false positives, out of thousands of emails. Greylisting is also particularly effective at deleting spams from botnets - automated spam delivery networks - because they don't use legitimate SMTP servers.

The trouble with greylisting is that many well-known ISPs or email sources do not understand the RETRY request that greylisting sends. A suprisingly many large companies use subcontracted ISPs to relay their email for them. Facebook, Hotmail, Gmail, Apple, are all guilty. Which means that you have to explicitly whitelist these relay servers to allow mail through. This is obviously a problem, because then anyone in those companies, or anyone on the network that those companies relay through, can then send spam that gets through greylisting. I'd like to appeal to all companies to refrain from doing this. Please do not outsource your mail sending/relaying. Please keep it in-house and deploy SMTP-compliant servers, because currently your ISPs and downstream relays are NOT SMTP-compliant. Yes, Gmail, Apple, Facebook - I'm talking to you. You ought to know better. I expect it of Hotmail, after all, Hotmail is a chief source of spam. But the rest of you?? What gives?

Greylisting is the future of spam eradication. Please will EVERYONE use a proper email server program - i.e. Sendmail - so we can get rid of spam for once and for all?