Rules engine/debugger as system service?

rules
I like to imagine new OS system services. Yesterday, it struck me that a rules engine, logger, and debugger would be an appropriate bundle of stuff to generalize as a standard system service. Two experiences that seemed quite different, but were really the same, led me to this conclusion. First, I wrangled with my Microsoft Outlook email filters. Second, I tweaked the ipfw firewall on Mac OS X. In both cases, the job boiled down to defining conditions and actions, thinking about the order in which rules fire, twiddling the rules, and trying to visualize the effects of the twiddling.

In Outlook, the rule-twiddling was motivated by further experimentation with anti-spam tools. I'm still a happy user of SpamBayes (1, 2, 3), but I've been exploring the use of other solutions too. Spam received on my InfoWorld account is tagged by SpamAssassin, so it's interesting to compare its judgements to what SpamBayes can do. And in order to compare the effects of an RBL (Realtime Blackhole List) solution, I've added SpamPal to the mix. It's pretty cool, actually -- runs as a local proxy, and makes it easy to try out combinations of RBLs.

It's gotten tricky, though, to use all these schemes in parallel. I have rules for SpamAssassin and for SpamPal that should, in theory, move those messages to appropriate folders and then exclude them from further rule processing. In practice that mostly happens, but there's some leakage. Sometimes a SpamAssassin message lands in the SpamPal folder, or a SpamPal message lands in the SpamBayes folder. How do you debug something like that? There's no easy way.

Meanwhile, over on Mac OS X, I was preparing to move the TiBook out from behind a NAT to do some videoconferencing tests. I'm no firewall expert, so I made a few of the classic saw-off-the-branch-you're-sitting-on kinds of mistakes before I got what I wanted. Now, of course, I'm reminded that there are loads of creative and useful things I could be doing with this firewall -- if it were easier to experiment with, and verify the effects of, more complex rulesets.


Former URL: http://weblog.infoworld.com/udell/2003/06/19.html#a727