Atari 800 “Donkey Kong” source code review
: retrogaming fans find source for 1983 game cartridge, then original developer appears with commentary. hooray for internets!
(tags: atari history retrogaming retro donkey-kong assembler coding 8-bit programming)
Tags: 8-bit, assembler, atari, coding, donkey-kong, history, programming, retro, retrogaming
prescription swim googles
: for $28. woo
(tags: glassyeyes glasses prescription goggles swimming beach want)
Design By Humans
: great tees on this US site
(tags: shirts tee-shirts apparel shopping want t-shirts)
Tags: apparel, beach, glasses, glassyeyes, goggles, prescription, shirts, shopping, swimming, t-shirts, tee-shirts, want
This is a little late, since I was off on holliers when it came to light — Galway News reports ‘hundreds hit by skimming scam’:
The account details of shoppers who used credit or laser cards to pay for their groceries and other items in a number of Galway shops and supermarkets were illegally skimmed by a gang who apparently managed to interfere with the Chip & PIN terminals at the stores’ check-out counters.
The Irish Times story:
However, it has emerged some cardholders had several thousand euro taken from their accounts overseas before they realised what was happening and alerted their card provider. And it is feared that thousands of other customers do not yet realise their cards have been cloned. Garda sources have confirmed the case involves thousands of cards.
The Galway investigation is centred on one large shop in the county. Gardaí believe several thousand cards have had all of their details skimmed, including pin numbers, over the past month. Some of the cards have already been cloned and used in Canada and other countries where, unlike Ireland, chip and pin protective technology is not in use.
In the Galway case [...] Detectives are working on the theory that somebody in the Galway shop may have facilitated the card skimming for an Eastern European crime syndicate.
Gardaí do not believe the payment terminals were tampered with. Gardaí have recovered CCTV images of suspects from in-store cameras.
In the past, cards have been copied using very small hand held devices through which a card is quickly and discreetly skimmed at the point of payment. The information is then copied, or cloned, onto a blank card which is then used like a regular payment card.
Skimming devices around the size of a cigarette lighter can store details from thousands of cards.
The payment terminals from the Galway shop have been taken by gardaí for technical examination as a precaution. The Garda Bureau of Fraud Investigation is leading the inquiry.
This Boards.IE thread is a real eye-opener, containing lots of reports from victims of this scam — many reports saying that they suspect it was in Joyces’ Supermarket in Knocknacarra, although one poster reckons ‘there are now over 20 suspect premises in Galway City and outskirts’. blimey.
On a related note — while shopping in my local supermarket at the weekend, I was pleased to note that when I paid with my credit card, I was asked to sign the slip, instead of using Chip-and-PIN. So it looks like at least one retailer is taking additional care.
On the other hand, the thread also notes many cases of skimming which took place from in-store ATMs in small convenience stores — those are very widespread now. eek. :(
Tags: atm, chip-and-pin, credit-cards, fraud, galway, ireland, pos, scams, skimming
Independent group’s trigger-happy copying
: allegations that Irish newspapers have copied content from blogs. There’s been a lot of cases of this recently. good round-up from Cian Ginty
(tags: plagiarism ireland newspapers independent)
Tags: independent, ireland, newspapers, plagiarism
Review of bicycle helmet effectiveness studies
: quite a few case-control studies consistently demonstrating the protective effects of bicycle helmet use on shared roadways
(tags: cycling helmets safety health statistics)
Spammer-X’s numbers on spam profitability
: he claimed that he made net $336k per year from spamming in 2004
(tags: via:tzink spammer-x spam money pay profit motives)
Tags: cycling, health, helmets, money, motives, pay, profit, safety, spam, spammer-x, statistics, via:tzink
GoDaddy is rejecting mail with URLs that appear in the Spamhaus PBL. As this thread on the Amazon EC2 forum notes, this is creating false positives, causing nonspam mail to be rejected. Here’s what GoDaddy reportedly said about this policy:
Unfortunately, our system is set to reject mails sent from or including links listed in the SBL, PBL or XBL. Because the IP address associated to [REMOVED] is listed in the PBL, any emails containing a link to this site will be rejected. This includes plain-text emails including this information.
If this is true, it’s utterly broken.
Spamhaus explicitly warn that this is not to be done, on the PBL page:
Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.
And more explicitly in the Spamhaus PBL FAQ:
PBL should not be used for URI-based blocking! Consider the false positive potential: legitimate webservers hosted with services such as dyndns.com or ath.cx! Or consider that ISPs and other networks are encouraged to list any IP ranges which should not send mail, and that could include web servers! Use SBL or XBL (or sbl-xbl.spamhaus.org) for URI blocking as described in our Effective Spam Filtering section. Use PBL only for SMTP (mail).
Critically, the PBL now lists all Amazon EC2 space, since Spamhaus interpret Amazon’s policy as forbidding email to be delivered via direct SMTP from there. (Note — email, not HTTP.)
With this filter in place at GoDaddy, that now means that if you mail a URL of any page on any site hosted at EC2 to a user of GoDaddy, your mail won’t get through.
Note: this is much worse than blocks of SMTP traffic from EC2. In that case, an EC2 user can relay their legit SMTP traffic via an off-EC2 host. In this case, there is no similar option in HTTP that isn’t insufferably kludgy. :(
Tags: anti-spam, broken, ec2, filtering, godaddy, pbl, spamhaus, sucks
Dublin’s new M50 electronic toll tags
: what a mess! there are no less than 8 tag operators and a bewildering array of prices and penalties. typical
(tags: ireland dublin m50 tolls roads pricing)
Sustained IO on EBS == No Bueno
: worrying stats for Amazon EBS data throughput, dropping from 160 MB/s to a rather paltry 42.4 MB/s
(tags: amazon ebs ec2 speed networking hosting benchmarks)
MXLogic on the economics of spam
: Sam Masiello of MXLogic works out that phishers may be netting a 7300% profit margin; this is why spam’s not going away. mind you he does this by believing Gartner figures, which is never a good idea
(tags: sam-masiello mxlogic via:tzink phishing spam money)
Tags: amazon, benchmarks, dublin, ebs, ec2, hosting, ireland, m50, money, mxlogic, networking, phishing, pricing, roads, sam-masiello, spam, speed, tolls, via:tzink
Cian Ginty at the Irish Times writes:
As clunky helmets, yellow reflective gear, and Lycra could be used as a stereotype for Irish cyclists, it might come as a surprise that women wearing high heels are a common sight on bicycles in Copenhagen.
The general image of cycling here is vastly different to so-called bicycle cultures where cycling is normalised and there is talk of a “slow bicycle movement”.
“Among thousands and thousands of cyclists on my daily routes, I think I see one or two reflective vests a week, if that,” says Mikael Colville-Andersen, a cycling advocate living in Copenhagen.
With Denmark, the Netherlands and Germany – where bicycle usage is high – the helmets and reflective clothing we think of as “a must” for cyclists are far from standard.
It then goes on to rehash some of the stuff that has cropped up recently on cycling blogs about cycling safety, helmets, etc.
The only problem with casualization of cycling, removing gear like helmets, is that without corresponding changes to the road and cycleways to make them safer, it will increase accidents and fatalities. I looked this up a couple of weeks back when I came across an anti-helmet site. Chasing up the figures and doing some research, it became clear that if you simply want to cycle without hurting yourself, the facts were not on their side — helmets save lives, especially when dealing with shared roadways as we have here.
Copenhagenization is a result of a better, safer road environment for cyclists, as seen in Denmark and the Netherlands, which makes safety gear not as much of a requirement. But on the other hand, Ireland’s roads are designed mainly for cars, and Dublin Council have done little to help — that makes safety gear a requirement, unfortunately :(
However, I think this is the real reason why people don’t cycle in Dublin:
Let’s take a fictional person, let’s call her Kassandra. Kassandra lives a little north of Copenhagen and rides every to work every day between 07:25 and 07:55 and back again between 15:35 and 16:05. Kassandra doesn’t mind a little light showers, but if the intensity increases to over 0.4 mm over 30 minutes (light rain), then she thinks it is too wet. Kassandra works five days a week and has weekends and holidays free. That gives her 498 trips between September 2002 and the end of August 2003.
How often does Kassandra get wet either to or from her job that year? The answer is, in fact, rarely. On those 498 trips it was only 17 times. That is only 3.5% or on average 1.5 trips a month.
3.5%. Compare that with what’s happened in Dublin this month — I’d estimate that’s meant that at least half of my rides have involved some degree of rainfall, occasioning many cries of woe.
It takes dedication — and lots of wet-weather gear — to ride a bike here…
(Of course, having said that, I look out the window and it’s immediately sunny ;)
Update: Ryan Meade corrects me in the comments:
Justin, you need to take a look at Owen Keegan’s paper to Velo-City 2005, “Weather and Cycling in Dublin : Perceptions and Reality”. The probability of getting wet is actually pretty comparable to the Copenhagen scenario detailed above – 5.5% for a 30 minute journey if you take 0.2mm per hour at the threshold for “getting wet”. On the other hand the vast majority of both cyclists and motorists think it’s more than 15%, with half thinking it’s above 30%.
Amazing how the psychological, “glass half-empty” factor influences my thinking on this. I had no idea!
Tags: cycling, dublin, flooding, helmets, ireland, rain, safety
I was away on holidays last week, and when I got back, I found my feed reader full of some good discussion as to whether today’s bigger spam botnets — Srizbi, Rustock, Mega-D, Cutwail/Pushdo — are sharing components, such as “landing” sites, exploits, customers, and even command and control networks. It started with this post on the FireEye Malware Intelligence Lab’s blog noting:
‘Some malware researchers have described Srizbi and Rustock as rival botnets, our data indicates that this apparent rivalry is a sibling rivalry at best. Srizbi and Rustock seem to be supported (controlled) by the same parent (bot herder).’
and in this followup:
‘We can clearly see that Srizbi, Pushdo and Rustock are using same ISP, and in many cases, IPs on the same subnet to host their Command and Control servers. It seems extremely unlikely to our research team that three previously “rival” Botnets would share nearly consecutive IP space, and be hosted in the same physical facility. Of all the data centers and IPs in the world, the fact that they are all on the same subnet is very intriguing. This fact makes the FireEye research team conclude that either the Botnets are operated by the same organization, or that the datacenter (McColo) is a shell corporation that leases out it’s IP space and bandwidth for nefarious actions.’ [...]
‘IPs at a typical datacenter are leased out in a /30 or more commonly, a /29 block. However, here we can see that in a given succession of IPs, the three Botnets have C&C servers dispersed throughout. This gives us an impression that same Bot herder leased out a larger range and then distributed it amongst its different Botnets.’
Marshal say: ‘at the very least, the major botnets have common customers.’
Dark Reading cover it like so:
Rustock, which recently edged Srizbi for the top slot as the biggest spammer mostly due to a wave of fake Olympics and CNN news spam, and Srizbi, known for fake video and DVD spam, have been using the same Trojan, Trojan.Exchanger, to download their bot malware updates, researchers say. “This is the first time” we had seen this connection between the two botnets, says Fengmin Gong, chief security content officer for anti-botnet software firm FireEye. “That’s why when we saw it, it was surprising. They definitely have a relationship,” he says. “There’s not the rivalry we used to think about.” [...]
Joe Stewart, director of security research for SecureWorks, says the Srizbi-Rustock connection is most likely due to a spammer using both zombie networks — not that the operators of the two botnets are actually collaborating. “What is confusing people is that you’re seeing Rustock bots sending out emails that essentially infect people with Srizbi, so they think it must be Srizbi that’s sending it, but it’s not,” he says. “Srizbi is not just one big model. It’s rented out to lots of different spammers.”
A major spammer may be trying to diversify by using the two botnets, he says. “It could be because they want to separate their malware-seeding operation from their spamming operation,” Stewart says. “Maybe their bots are getting blacklisted faster when they’re sending out URLs with fake video files because they’re easy to spot, so their spam doesn’t get through. So they send malware from this botnet, and spam from this one, to keep out of the blacklists longer.”
I agree that Joe’s scenario is very likely; the spammers aren’t always the same people who operate the botnets, and it only makes sense that some of them would spread their business among multiple nets, to minimize the risk that all of their output would be blocked if one ‘net runs into trouble (or indeed, good filtering ;). But seeing C&C servers sharing LANs also strikes me as unusual. One to watch.
Anyway, it’s good to see that the malware research blogs are now actively tracking and posting updates when the botnets change topics and format; this info is very valuable for us in anti-spam, as it allows us to map from the received spam mails back to the sending botnet, and determine which rules are good at detecting each botnet. Thanks, guys.
(image credit: cobalt123, used under CC license)
30% Of Internet Users Admit To Buying From Spam
: ugh. we need a reminder of the Boulder Pledge. Mind you, Marshal have put out what appear to be inaccurate figures in the past regarding the Rustock botnet, so apply a pinch of salt
(tags: marshal spam boulder-pledge commerce shopping statistics via:techdirt)
more details on EC2 Elastic Block Store
: achieves 70MB/s on an m1.small instance; ‘performance exceeds what we’ve seen for filesystems striped across the four local drives of x-large instances’. pretty good for a network filesystem, although not great compared to fast local SATA disks. also: snapshots are incremental and perform nicely compared to local S3 copy-and-upload
(tags: ebs amazon performance benchmarks s3 ec2 disks snapshotting filesystems)
Amazon Elastic Block Store (EBS)
: ‘Prior to Amazon EBS, block storage within an Amazon EC2 instance was tied to the instance itself so that when the instance was terminated, the data within the instance was lost. Now with Amazon EBS, users can chose to allocate storage volumes that persist reliably and independently from Amazon EC2 instances.’ — can even snapshot to S3
(tags: amazon ebs ec2 aws s3 cloud-computing hosting)
Tags: amazon, aws, benchmarks, boulder-pledge, cloud-computing, commerce, disks, ebs, ec2, filesystems, hosting, marshal, performance, s3, shopping, snapshotting, spam, statistics, via:techdirt
Here’s my results for The Omnivore’s Hundred, a silly foodie “purity test”. Bold are items I’ve eaten; crossed-out items are ones I wouldn’t eat again. I score 70 out of 100, and clearly need to eat less Asian and more European cuisine ;)
(thanks to this generator and mordaxus at Emergent Chaos for the link.)
White Noise – An Electric Storm
: 1969 album by David Vorhaus and Delia Derbyshire of the BBC Radiophonics Workshop: ‘one of the freakiest, most frightening, far out and forward thinking albums you may ever get to hear’
(tags: 1969 sixties music psych white-noise delia-derbyshire bbc radiophonics-workshop electronic)
vim-flymake.vim
: hooray! Flymake, on-the-fly compilation & error checking, for VIM. bit kludgy though, would be better if it integrated with vim 7.1’s “compiler” support
(tags: vim flymake compilers error-checking editors vi software)
Tags: 1969, bbc, compilers, delia-derbyshire, editors, electronic, error-checking, flymake, music, psych, radiophonics-workshop, sixties, software, vi, vim, white-noise
non-PC devices increasing browser share
: .5 – 1.5% of visitors to Warner music sites are now coming from games consoles and smartphones. bad news for Flash sites (via Torrez)
(tags: flash web browsers via:torrez warner-music os)
full(4): always full device
: ‘Writes to the /dev/full device will fail with an ENOSPC error. This can be used to test how a program handles disk-full errors.’ – that’s nifty. I can’t believe I’m still finding useful new UNIX features after 18 years
(tags: devices unix linux testing disks errors edge-cases enospc manual-pages)
Tags: browsers, devices, disks, edge-cases, enospc, errors, flash, linux, manual-pages, os, testing, unix, via:torrez, warner-music, web
2 Stage Transfer Drawing (advancing to a future state) on Vimeo
: some great performance art from Irish artist Joan Healy; the installation appears to be a kiosk with a screen, and a touch pad. The pad itself is supposed to have a warm, soft, fleshy feel that ‘adds to the bond between people and machines’. However — in reality, it’s the artist’s back; she’s inside the kiosk, Mechanical Turk-style. Super-creepy
(tags: art creepy cool ireland joan-healy performance-art touchpads ui interface hci video)
The Daily Show’s TiVo setup
: cool details on how TDS captures the news networks’ TV output every day; they use TiVos, not MythTV. what they have works well enough, and that’s good enough for them (via Waxy)
(tags: mythtv tv the-daily-show tivo via:lhl)
Tags: art, cool, creepy, hci, interface, ireland, joan-healy, mythtv, performance-art, the-daily-show, tivo, touchpads, tv, ui, via:lhl, video
Wow, this is pretty massive. The Irish Payment Services Organisation has again released details of a credit-card breach, this time on retail Point-of-Sale card terminals. Quoting the Irish Examiner story:
Una Dillon, head of card services at the Irish Payment Services Organisation, said the criminals went into the shops pretending to be doing maintenance work on behalf of the banks.
“We have discovered only in the last 48 hours that a number of retailers have been affected by a point-of-sale compromise,” she said. “We are in the lucky position that it was discovered quickly and the gardaí are working on it.
“Gardaí have uncovered a lot of the devices and CCTV footage. We have a list of all the card numbers that have been used. They have either been blocked or restrictions put on those cards.
“With the devices recovered it may just be that the cards were only saved and the criminals did not have a chance to get hold of the card numbers.”
“There will be an emergency meeting today with the gardaí, the terminal vendors and the banks to try and close down on this,” she said, adding the gardaí were in pursuit of the gang.
Insufficient authentication of maintainance staff is being blamed:
“The criminals have been going into shops claiming to be engineers working on the terminals. Staff are used to their bank officials coming to update terminals so unfortunately they have been able to do that.
Bank of Ireland estimated 3,100 of its debit and credit cards were affected and Ms Dillon said the other eight card providers could have similar numbers.
Bank of Ireland said, as a temporary measure, it had reduced the daily withdrawal limit on all its debit cards for ATM transactions outside Ireland to just €100 to protect customers from fraud.
They haven’t released the names of the affected shops yet; 20,000 cards, though, sounds like it’s been going on for while, on a large scale. Yikes.
The SiliconRepublic story claims that the gang ‘plugged in wireless devices that pushed the data to the internet and allowed the card numbers to be used overseas.’ However, in the past, these ‘wireless devices’ didn’t use the internet; instead they use parts from mobile phones, which relayed PINs, card numbers and CVV security codes via SMS text messages to Romania. That model seems more likely here, I would guess, due to the reliability of phone networks.
Update: last night’s RTE Six-One news bulletin (viewable as streaming RealVideo or transcoded 5MB AVI file), made it clear that the hardware used phone components and SMS. It had some pretty good pics of what appears to be a sample subverted POS terminal:
VISA have been warning about attacks on petrol-pump-based POS terminals since 2006, e.g. this story, but they’re more easy to attack since there’s few or no staff present by the pumps when the POS terminal subversion takes place. This has resulted in most petrol stations in Ireland disabling POS credit-card payment systems, requiring customers to pay at the counter; we lose convenience, but at least we’re probably not being skimmed. But these in-store POS terminals seem to be increasingly under attack; there are reports from Livigno, Italy, Rhode Island, and Canada.
The tamper-proofing of POS terminal hardware is unreliable; it’d be nice to see them made harder to tamper with. I would guess the gang used secondhand, hacked POS terminals, which supposedly should be tamper-evident (ie. easy to spot modifications).
Better yet, if Chip-and-PIN cards used end-to-end crypto between a crypto smartcard and the bank’s central systems, POS hacks would be impossible. But there’s no sign of that happening.
Most importantly, IPSO has promised that ‘banks will refund any customers whose details have been used to make fraudulent transactions.’ That’s key. It’s interesting to note that IPSO have been hammering home this point repeatedly in their stories — they’re worried about customer confidence, I’d guess.
Tags: banking, fraud, ipso, ireland, pos-terminals, skimming
The Evolution of Pre-Launch Gmail In Screenshots
: fascinating! They really did a good job improving the UI, early revs were quite uninspiring
(tags: gmail google history email web ui)
SealSkinz
: waterproof socks and gloves — come recommended by Dublin’s cycle-couriers to avoid wet feet in all this bloody rain. lots and lots of good testimonials
(tags: dryness feet comfort clothing rain weather cycling outdoors socks gloves)
Tags: clothing, comfort, cycling, dryness, email, feet, gloves, gmail, google, history, outdoors, rain, socks, ui, weather, web
Emergent Chaos: Certifiably Silly
: Adam Shostack tells the truth re Firefox 3’s stupid self-signed cert bug. ‘imposing yet another security tax, based on a static analysis of attackers and some certificate authority pixie dust, isn’t going to help things for very long.’
(tags: firefox firefox-3 security certificates ssl tls ca pki adam-shostack ui usability)
Image Cerberus: a SpamAssassin plug-in against image spam
: a new plugin, subject of a paper at this year’s CEAS conference it looks like
(tags: plugins spamassassin anti-spam image-spam images ceas conferences)
Twitter drops SMS-notification support for EU users
: interesting, I haven’t received the mail, and it claims to still be sending updates to my Irish mobile (update: I’m not actually *getting* any updates, though)
(tags: twitter phones mobile sms ireland eu uk)
Tags: adam-shostack, anti-spam, ca, ceas, certificates, conferences, eu, firefox, firefox-3, image-spam, images, ireland, mobile, phones, pki, plugins, security, sms, spamassassin, ssl, tls, twitter, ui, uk, usability
Federal Circuit Says Open Source License Conditions are Enforceable as Copyright Conditions
: ‘the conditions of the Artistic License are “enforceable copyright conditions.”‘ hooray (via Nat Friedman)
(tags: via:natfriedman open-source artistic license licensing software law us-law)
joshua confirms the “Yahoo dropped the del.icio.us ball with a pointless 3 year rewrite” story
: ‘The writer is accidentally correct – we were told that it had to be in PHP to get ops support.’ Incredibly stupid mistake by Y!; I’m thankful we in Deersoft fended off the same potential disaster
(tags: yahoo rewrites coding c++ php mod_perl perl ops timewasting waste del.icio.us via:dare)
“Anatomy of a Subway Hack” [PDF presentation, 87 slides]
: a fantastic prez by 3 MIT students working under Ron Rivest, successfully hacking the Boston subway system’s stored-value magstripe cards and MIFARE Classic RFID cards; really fantastic walkthrough of the process. I’m glad to see that my smartcard work on other systems a few years back would have defeated many of these attacks ;)
(tags: mifare rfid smartcards security pen-tests hacking defcon presentations mbta magstripe)
Anti-Virus Products Still Fail on Fresh Viruses
: shocking — the malware distributed by the Storm “CNN headlines” campaign, which has been ongoing for weeks, remains undetected by F-Prot, F-Secure, McAfee, Panda, Symantec and Trend, along with 16 other antivirus products. reactive AV simply doesn’t work anymore
(tags: antivirus fail mcafee f-prot f-secure panda symantec trend security worrying av broken)
removing outdated ssh fingerprints from known_hosts
: avoiding the annoying “REMOTE HOST IDENTIFICATION HAS CHANGED!” warning, using “ssh-keygen -R hostname”
(tags: ssh tips unix scp known_hosts)
Tags: antivirus, artistic, av, broken, c++, coding, defcon, del.icio.us, f-prot, f-secure, fail, hacking, known_hosts, law, license, licensing, magstripe, mbta, mcafee, mifare, mod_perl, open-source, ops, panda, pen-tests, perl, php, presentations, rewrites, rfid, scp, security, smartcards, software, ssh, symantec, timewasting, tips, trend, unix, us-law, via:dare, via:natfriedman, waste, worrying, yahoo
Dublin bike scheme billboards threat to drivers
: JC Decaux’ “free” bikes are now delayed another 6 months — to next spring. in the meantime, the ads are up all over Dublin. what a rip-off
(tags: jc-decaux bikes cycling dublin advertising spam civic ireland)
Return Path to Acquire Habeas
: that’s the two main legit-email whitelisting reputation dbs merged into one
(tags: return-path habeas ssc bsp bonded-sender spamassassin anti-spam dnswl dnsbl reputation deliverability)
scammers buying phones, then wardialing the nearby number-space to scam them
: this just happened to Simon Willison, pretending to offer to cancel extremely expensive insurance, but with a “cancellation fee”. great demo of why consecutive assigned numbering schemes are bad for security
(tags: phishing scams phones uk iphone via:simonw security numbering ids)
DRI calls for data-breach disclosure in Ireland
: +1
(tags: breach-disclosure security exploits social-welfare ireland identity-theft)
Tags: advertising, anti-spam, bikes, bonded-sender, breach-disclosure, bsp, civic, cycling, deliverability, dnsbl, dnswl, dublin, exploits, habeas, identity-theft, ids, iphone, ireland, jc-decaux, numbering, phishing, phones, reputation, return-path, scams, security, social-welfare, spam, spamassassin, ssc, uk, via:simonw
A friend writes:
‘I switched my Vodafone bill to “online”, to cut down on junk mail. When I tried to log in to view my bill, I was asked for a second level password, specifically:
“your password is the last 4 digits of your customer number (which appears at the top of your phone bill). “
So, I can’t see my phone bill because I can’t see my phone bill.’
Tags: billing, fail, inept, ireland, login, security, vodafone
The Trifecta of FAIL
: ah, the hazards of monkey-patching core classes illustrated perfectly; a Ruby point-release upgrade broke Rails (via chromatic)
(tags: ruby rails monkeypatching ouch programming coding oo subclassing apis)
best intranet form ever
: ‘The software my employer uses for booking holidays has recently been “upgraded” and we now need to specify an absence reason.’ there are several hundred reasons, including ‘Abortion’, ‘Stroke’, ‘Warts’, ‘Dementia’, ‘Rectal Problems’, ‘Manic Depression’ and, um, ‘Wax’. best of all, this is for booking time off in advance…
(tags: intranet funny inept hr wtf daily-wtf bureaucracy pto holidays)
Sup
: ‘a console-based email client for people with a lot of email [..] The goal of Sup is to become the email client of choice for nerds everywhere.’ Looks like they’ve nicked a few ideas from GMail, too (via Luis)
(tags: via:tieguy console linux unix sup mail mail-readers ui apps)
Tags: apis, apps, bureaucracy, coding, console, daily-wtf, funny, holidays, hr, inept, intranet, linux, mail, mail-readers, monkeypatching, oo, ouch, programming, pto, rails, ruby, subclassing, sup, ui, unix, via:tieguy, wtf
Cycle Helmets and Other Religious Symbols
: there appears to be a lack of published research suggesting that bike helmets help avoid serious injury and death — in fact, research seems to suggest the _opposite_.
(tags: cycling helmets safety research bikes equipment)
Clever method of near duplicate detection
: ‘SIGIR 2008 paper, “SpotSigs: Robust and Efficient Near Duplicate Detection in Large Web Collections”‘. may be useful, although we’ve pretty much stopped deduping in SpamAssassin nowadays
(tags: corpora dupes duplicates spotsigs collections sigir papers via:jzawodny)
HadoopStreaming
: ‘Using the streaming system you can develop working hadoop jobs with extremely limited knowldge of Java. [..] Hadoop basically becomes a system for making pipes from shell-scripting work (with some fudging) on a cluster.’
(tags: hadoop perl streams unix distcomp clusters mapreduce)
political zealot using GMail’s “this is spam” button to deliberately cause spamfilter problems for Obama’s campaign
: ‘Tablemate at benihana confided how he subscribes to Obama’s mailing list and marks it all as spam to train Gmail. Urge to kill rising.’ – Kevin Fox on Twitter
(tags: twitter kevin-fox foaf-story benihana obama anti-spam filtering this-is-spam us-politics moveon)
“Jake Leg”
: ‘large numbers of [adulterated Prohibition-era alcohol, Jamaican Ginger Extract] users began to lose use of their hands and feet. Some victims could walk, but they had no control over the muscles which would normally have enabled them to point their toes upward. Therefore, they would raise their feet high with the toes flopping downward, which would touch the pavement first followed by their heels. The toe first, heel second pattern made a distinctive “tap-click, tap-click” sound as they walked. This very peculiar gait became known as the jake walk and those afflicted were said to have jake leg’
(tags: jake-leg walking history prohibition alcohol odd bizarre adulteration poison 1930s)
Tags: 1930s, adulteration, alcohol, anti-spam, benihana, bikes, bizarre, clusters, collections, corpora, cycling, distcomp, dupes, duplicates, equipment, filtering, foaf-story, hadoop, helmets, history, jake-leg, kevin-fox, mapreduce, moveon, obama, odd, papers, perl, poison, prohibition, research, safety, sigir, spotsigs, streams, this-is-spam, twitter, unix, us-politics, via:jzawodny, walking
Luis Villa, in a post to FoRK:
I have found that [mail] threading is overrated, in part because I’ve realized that any conversation so baroque as to actually require threading probably isn’t worth following.
Even though I wrote a threader for MH, I have to admit by now that he has a point ;)
Tags: discussion, mail, threading
An Illustrated Guide to the Kaminsky DNS Vulnerability
: great guide to Dan’s most recent discovery. it really is quite nasty (via Jeremy)
(tags: via:jzawodny dan-kaminsky dns security exploits bind)
Tags: bind, dan-kaminsky, dns, exploits, security, via:jzawodny
Noted on Twitter:
simonw: So apparently http://www.news.com.au/ used json-time for their Beijing countdown widget and blew my App Engine quota! They’ve stopped now.
uh, great. That’s useful.
Google — how are we supposed to host useful services with those limits?
Tags: appengine, google, hacks, hosting, python, scalability, web-services
Hacking Mifare Transport Cards
: notable mainly because Schneier calls MIFARE Classic’s crypto ‘terrible’ and ‘kindergarten cryptography’. ‘Anyone with any security experience would be embarrassed to put his name to the design.’ ZING
(tags: ouch mifare cracks security zing crypto-cards smartcards oyster nxp)
some good AWS tips
: e.g. “upload files to S3 in lexically-sorted order”, apparently it’s faster. who knew!? (Sorry Joshua, gave you a bad tip y’day in that case)
(tags: amazon aws s3 sqs sdb web-services hosting for:joshua)
The Coreflood Report
: fascinating Joe Stewart post-mortem of a server run by a Russian malware group targeting online banking; one apparent Miami-based victim was defrauded of $90k, and it appears that the group would have had access to a combined $2.5m in all victims’ accounts
(tags: coreflood trojans joe-stewart secureworks malware banking online-banking autoproxy joe-lopez)
using “data=writeback” on your Ubuntu filesystems
: aha! This is the root cause of the crippling Firefox 3/VIM slowness; Ubuntu and Debian use a crappy ext3 option which sacrifices speed for correctness, by effectively turning every fsync() into a sync(). Here’s how to disable it
(tags: fsync sync unix linux ext3 ubuntu debian firefox vim grub annoying sysadmin)
Tags: amazon, annoying, autoproxy, aws, banking, coreflood, cracks, crypto-cards, debian, ext3, firefox, for:joshua, fsync, grub, hosting, joe-lopez, joe-stewart, linux, malware, mifare, nxp, online-banking, ouch, oyster, s3, sdb, secureworks, security, smartcards, sqs, sync, sysadmin, trojans, ubuntu, unix, vim, web-services, zing
Green Karma – Carbon-offset your colo box must-read post from Chris. If you run a colo box, you should think about offsetting the ~2 tonnes of CO2 output it generates per year
sorenragsdale: Building a Cheap ZFS Server good set of details on MrN’s new ZFS-based home disk server
Tags: carbon, carbon-dioxide, co2, colo, disks, drobo, environment, filesystems, green, hacking, hardware, home, hosting, offsetting, readynas, servers, solaris, sysadmin, via:iloaf, zfs
Why San Francisco’s network admin went rogue an “eyewitness account” with allegations about the SF network admin in question — no documentation, passwords kept to himself instead of shared with his team, the entire network maintained by 1 person, never took holidays, bad tempered and stubborn — sounds like a recipe for classic BOFH disaster
Yehrin Tong Illustration cool, hyper-detailed hand-drawn tiling patterns
working around installation bug in File::Scan::ClamAV running the test suite results in “ERROR: Can’t open/parse the config file clamav.conf”; looks like File::Scan::ClamAV is now unmaintained :(
ALIFE Conference to reveal bio-inspired spam detection ‘this bio-inspired spam detection algorithm, based on the cross-regulation modeal of T-cell dynamics, is equally as competitive [sic] as state-of-the-art spam binary classifiers and provides a deeper understanding of the behaviour of T-cell cross-regulation systems.’
Tags: admin, alife, antispam, art, bofh, bugs, clamav, conferences, cpan, graphics, illustration, immune-system, install, modules, networking, oh-dear, patterns, perl, presentations, san-francisco, southampton, sysadmin, t-cells, tiles, war-stories, workarounds, yehrin-tong
Due to unfortunate scheduling, taint.org had some downtime there as it moved to a new server. It’s back now though.
Some of the other services running on taint.org, jmason.org, yerp.org, twit.ie, planet.spam.abuse.net and so on, are still intermittently offline as I bring them back up in their new home… so have patience, they’ll be back soon. ;)
Malwebolence – The World of Web Trolling holy crap, those /b/tards are fucked up
TechCrunch UK campaigning for a “Digital Hub” I have to say, the Digital Hub is actually a great place to work; it’s well worth duplicating, if such a thing is possible
419eater anti-scammers fool 419ers into performing the Dead Parrot sketch “Possibly, he is pining for the fee-ords”
Google taking action against Nigerian/419 fraud spammers Good news. About time, too ;)
Tags: 419, anti-spam, charts, digital-hub, dublin, fjords, fraud, funny, google, ireland, mail, monty-python, pining, scams, spam, tech, work
Del.icio.us 2.0 goes live yay! I’ve been waiting for this for yonks
10 years of Boards.ie massive ~50GB RDF/XML dump, for open crunching, to generate interesting “SIOC Semantic Web” apps
Postmaster.comcast.net how to get mail delivered successfully to Comcast, the usual stuff
Why we’ll never replace SMTP ‘The reason that e-mail is uniquely useful is that you can exchange mail with people you don’t already know. The reason that spam exists is that you can exchange mail with people you don’t already know.’ +1
“Bikes-for-Billboards” scheme exposes major planning flaws ‘what was initially hailed as “free bikes” has become one of the biggest planning controversies to hit Dublin in years.’ No shit. 70% of sites are on the Northside, rather than the richer Southside; and each bike will cost over EUR300k in ad revenue!
Rob Enderle’s page on Wikipedia detailing this analyst’s hilariously wrong pro-SCO, anti-Apple/Linux predictions over the years. John Gruber: ‘the only way it would be worthwhile for reporters to [quote him] would be if they were willing to describe him as “almost always utterly wrong”‘
Tags: ads, advertising, analysts, anti-spam, apple, bikes, billboards, blogging, boards.ie, comcast, cycling, del.icio.us, dublin, email, enderle-group, funny, fussp, guidelines, history, internet, ireland, isps, jc-decaux, john-gruber, Links, linux, mail, microsoft, oh-dear, planning, postmaster, releases, rob-enderle, scandals, sco, semantic-web, sioc, smtp, spam, tech, urban, via:archiseek, wikipedia
soc.culture.irish on “Cuil” meaning knowledge ‘eagerness, fearsomeness, a gnat, a horsefly, a beetle, a bluebottle, and (with the addition of a fada) a rear end, a reserve or backup, a corner, and an arse. The one thing it isn’t, according to the four dictionaries I just checked, is knowledge.’
I’m back from a week in Cornwall. I’d like to say I was rested, but chasing after an 11-month-old baby in a caravan isn’t all that restful. Still, it was sunny, and good for a change of pace ;)
Via b1ff.org, here’s the Nexis search that US Department of Justice White House liaisons ran on job candidates to determine their political leanings:
[first name of a candidate] and pre/2 [last name of a candidate] w/7 bush or gore or republican! or democrat! or charg! or accus! or criticiz! or blam! or defend! or iran contra or clinton or spotted owl or florida recount or sex! or controvers! or racis! or fraud! or investigat! or bankrupt! or layoff! or downsiz! or PNTR or NAFTA or outsourc! or indict! or enron or kerry or iraq or wmd! or arrest! or intox! or fired or sex! or racis! or intox! or slur! or arrest! or fired or controvers! or abortion! or gay! or homosexual! or gun! or firearm!
This Nexis reference says the “w/n” keyword searches for ‘words .. within 5 or 10 words of each other, Ex: “Enron w/5 investigation”‘.
This is just a smidgen away from the concept of a SpamAssassin-style scoring filter. Crazy stuff.
Best of all, it’s buggy and over-sensitive, according to one librarian: ‘If that is really their search string, they were going through 99% unrelated citations. There need to be a very nested set of parentheses to make the terms work, starting with one after the w/7. Fired and sex are OR’ed twice and need to be nested, at least in the case of Fired and the OR’d terms immeadiately following.’
Update: good Slashdot comment thread here. This comment indicates that the above librarian might be off-base regarding the w/7 parentheses, since the OR operator has higher priority. Here is an even better walkthrough of the query statement logic. Finally, here’s an explanation of the “spotted owl” curiosity…
Tags: doj, lexis-nexis, neocons, republican, right-wing, searching, us-politics
Why Spam Can’t Be Stopped – Emailappenders And Others Sell Bogus Lists Marketing company buys list of addresses, 85% of the 100k addresses bounce, marketer gets booted by ISP for spamming, marketer issues complaining press release. Let’s say it again: opt-in permission can’t be sold, and address list vendors are spammers
Tags: address-lists, e-pending, marketing, spam, via:spamnation
ZSFA — I Want The Mutt Of Feed Readers Zed recommends Newsbeuter. must take a look
We Want A Dead Simple Web Tablet For $200. Help Us Build It. having worked on a project to do just this, believe me, this is doomed. DOOMED
Science Clouds ‘compute cycles in the cloud for scientific communities .. allows you to provision customized compute nodes .. that you have full control over using a leasing model based on the Amazon’s EC2 service.’ Wonder if they’d like to give SA some time ;)
Tags: appliances, apps, atom, cloud-computing, ec2, feeds, grids, hardware, linux, news, newsbeuter, oh-dear, open-source, rss, scaling, science, software, spamassassin, tablets, techcrunch, virtualization, web, zed-shaw
O2 Leaking Customer Photos (updated) the JBoss/Tomcat install leaks the “secret” URLs through it’s default status page. this is the 3rd helping of FAIL for O2’s web team; 2 previous occasions in the last year exposed customer data through “secret” URL manipulation
Avant Window Navigator “a ‘dock-like’ (cough) navigator bar for the Linux desktop” (via Danny, again!)
trickle ‘user-space bandwidth shaper’, ie. like nice(1) for network bandwidth (via Danny)
RFC 5218 – What Makes For a Successful Protocol? ‘Based on case studies, this document identifies some of the factors influencing success and failure of protocol designs.’ (via spicylinks)
Tags: bandwidth, collaboration, cool, dock, fail, gnome, http, jboss, kde, linux, mms, mod_jk, net, networking, nice, o2, protocols, rfcs, security, software, standards, tcp, tomcat, traffic-shaping, ui, urls, via:danny, via:spicylinks, web
trickle ‘user-space bandwidth shaper’, ie. like nice(1) for network bandwidth (via Danny)
RFC 5218 – What Makes For a Successful Protocol? ‘Based on case studies, this document identifies some of the factors influencing success and failure of protocol designs.’ (via spicylinks)
Tags: bandwidth, collaboration, net, networking, nice, protocols, rfcs, standards, tcp, traffic-shaping, via:danny, via:spicylinks
Here’s an interesting form of advance fee fraud I hadn’t heard of before; it’s a good example of 419 scammers ruining yet another casual online marketplace.
Let’s say you have a room you want to rent. You put up a “housemate wanted” ad on Craigslist or wherever. Here’s the the reply you’ll get:
Hi There,
How re you doing? I hope all is well. I’m martha Robot , am 26 yrs old and Am originally from chester united Kingdom . Graduate of I have a master degree in fashion design and I work as a professional fashion designer. I’m am not in the united kingdom right now, i am presently in West africa . I am currently working on contract for a company call (African Family Home Fashions) here in West Africa which the contract will be ending soon. I will be returning to your place soon. I enjoy traveling, It is very interesting to get more knowledge about the new countries, new people and traditions. It’s great to have such a possibility. As i was searching through the web i saw the advert of your place . I would like to know maybe it’s still available becasue i’m extremely interested in it. Here are the questions i would like to know about the room before planing to move in to the following questions below:
A}I will like to know the major intersection nearest your neighbourhood.like shopping mall,Churches,bus line e.t.c
B}I will like to know the total cost for the my initial move as in first month rent and if you accept deposit.
C}I will like to know if there is any garage or parking space cos I will have my own car come over.
D}I will like to have the rent fee per month plus the utilities.
E}I will like to have the description of the place, size, and the equipments in there.
F}I will also like to know Your payment mode.
G}I will like to know if I can make an advance payment ahead my arrival that will be stand as a kind of commitment that I am truely coming over and for you to hold the place down for me.
I will be very glad to have all this questions answered with out leaving a stone unturned…You can Call my Landlord for more references in UK ..+447024046815.
Email me back:
Thanks. Martha.
Needless to say, this is a scam. Here’s how it works (courtesy of this post): The interested “applicant” will send a cashier’s check or money order for the deposit, the value of which greatly exceeds the actual amount requested. They will then claim the overpayment to be an honest error based on their confusion about how these things work, and ask the victim to send back a money order refunding that amount, or to send it on to a “travel agent” who is supposedly booking the scammer’s flight. The payment will be made via a non-refundable mechanism like the 419er’s favourite, Western Union. It will be a matter of great urgency, as they will claim to need the funds to make the trip over. Her money order will clear, their’s will not — and there’s no way to refund the payment, so it’s gone. This is a classic advance-fee fraud trick, it seems.
Got to love that nom de plume, though — “Martha Robot”. GREE-TINGS MAR-THA RO-BOT!
Googling for ‘major intersection nearest your neighbourhood’ churches bus finds plenty more:
‘Melina Crawford, am 26 yrs old and Am originally from Sevilla, Spain‘
‘sanyo rose, am 28 yrs old and Am originally from Barcelona, Spain‘
Another ’sanyo rose, am 28 yrs old and Am originally from Barcelona, Spain‘
‘a warning about Cassandra Sanchez, am 26 yrs old and Am originally from Barcelona, Spain‘
‘Dawn Louise Jamison, presently in Amsterdam Holland on a business trip‘
‘daniella Pedro, am 26 yrs old and Am originally from Barcelona, Spain‘
Finally, a Washington-based realtor has written up a good walkthrough of the scam. He notes:
I recently ran an ad on craigslist.com to see if they were still working it. Craigslist has posted many warnings against responding to such solicitations and I was curious if the scammers had moved on to more fertile ground. They have not; I received 16 such inquiries in one day to a simple ad offering a room for rent in Bellevue. I used a fictitious identity and a newly created email address. I’ll use the emails from just one of them as an example. This particular scammer managed to have a check on my doorstep by the next day!
(thanks to nimbus9 for the headsup)
Tags: 419, advance-fee-fraud, craigslist, housing, scams, western-union
The weblog of Justin Mason; incoherent ramblings about Apache SpamAssassin, anti-spam, perl, software development, and the web, from an Irish software developer.
The opinions expressed on this web site are my personal opinions, and do not in any way represent those of my employer.
(archive)
