taint.org: Justin Mason’s Weblog

Words: ‘Pharming’. I recently came across this line in a discussion document:

‘Wait, isn’t this exactly the kind of attack pharmers mount?’

I was under the impression that ‘pharming’ was a transgenics term: ‘In pharming, … genetically modified (transgenic) animals are
mostly used to make human proteins that have medicinal value. The protein encoded by the transgene is secreted into the animal’s milk, eggs or blood, and then collected and purified. Livestock such as cattle, sheep, goats, chickens, rabbits and pigs have already been modified in this way to produce several useful proteins and drugs.’

Obviously this wasn’t what was being referred to. So I got googling. It appears the sales and marketing community of various security/filtering/etc. companies, have been getting all het up about various phishing-related dangers.

The earliest article I could find was this — GCN: Is a new ID theft scam in the wings? (2005-01-14):

”Pharming is a next-generation phishing attack,’ said Scott Chasin, CTO of MX Logic. ‘Pharming is a malicious Web redirect,’ in which a person trying to reach a legitimate commercial site is sent to the phony site without his knowledge. ‘We don’t have any hard evidence that pharming is happening yet,’ Chasin said. ‘What we do know is that all the ingredients to make it happen are in place.’

Oooh scary! The article is short on technical detail (but long on scary), but I think he’s talking about DNS cache poisoning, whereby an attacker implants incorrect data in the victim’s DNS cache, to cause them to visit the wrong IP address when they resolve a name. This Wired article (2005-03-14) seems to confirm this.

But wait! Another meaning is offered by Green Armor Solutions, who use the term to talk about the Panix and Hushmail domain hijacks, where an attacker social-engineered domain transfers from their registrars. There’s no date on the page, but it appears to be post-March 2005.

Finally, yet another meaning is offered in this article at CSO Online: How Can We Stop Phishing and Pharming Scams? (May 2005): ‘The Computing Technology Industry Association has reported that pharming occurrences are up for the third straight year.’ What?! Call Scott Chasin!

Steady on — it appears that the ‘pharming’ CSO Online is talking about, has devolved to the stage where it’s simply a pop-up window that attempts to emulate a legit site’s input — no DNS trickery involved. (This trick has, indeed, been used in phish for years.)

So right there we have three different meanings for ‘pharming’, or four if you count the biotech one.

It may be impossible to get the marketeers to stop referring to ‘pharming’. But please, if you’re a techie, don’t use that term, it’s lack of clarity renders it useless. Anyway, the biotech people were there first, by several years…

Tags: article, attack, attacker, cache, dns, domain, line, pharming, site, term, words

Patents: One of the key arguments in favour of the new EU software patenting directive as it’s currently worded, from the ‘pro’ side, is that it doesn’t ‘allow software patents as such’, since it requires a ‘technical’ inventive step for a patent to be considered valid.

Various MEPs have tried to clarify the meaning of this vague phrase, but without luck so far.

Coverage has mostly noted this as meaning that ‘pure software’ patents are not permissible, for example this Washington Post article, FT.com,and InformationWeek.

But is this really the case, in pragmatic terms? What does a ‘technical inventive step’ mean to the European Patent Office?

Well, it doesn’t look at all promising, according to this report from the Boards of Appeal of the European Patent Office from 21 April 2004, dealing with a Hitachi business method patent on an ‘automatic auction method’. The claims of that patent application (97 306 722.6) covered the algorithm of performing an auction over a computer network using client-server technology. The actual nature of this patent isn’t important, anyway — but what is important is how the Boards of Appeal judge its ‘technical’ characteristics.

The key section is 3.7, where the Board writes:

For these reasons the Board holds that, contrary to the examining division’s assessment, the apparatus of claim 3 is an invention within the meaning of Article 52(1) EPC since it comprises clearly technical features such as a “server computer”, “client computers” and a “network”.

So in other words, if the idea of a computer network is involved in the claims of a patent, it ‘includes technical aspects’. It then goes on to discuss other technical characteristics that may appear in patents:

The Board is aware that its comparatively broad interpretation of the term “invention” in Article 52(1) EPC will include activities which are so familiar that their technical character tends to be overlooked, such as the act of writing using pen and paper.

So even writing with a pen and paper has technical character!

It’s a cop-out, designed to fool MEPs and citizens into thinking that a reasonable limitation is being placed on what can be patented, when in reality there’s effectively no limits, if there’s any kind of equipment involved beyond counting on your fingers.

The only way to be sure is to ensure the directive as it eventually passes is crystal clear on this point, with the help of the amendments that the pro-patent side are so keen to throw out.

(BTW, I found this link via RMS’ great article in the Guardian where he discusses software patenting using literature as an analogy. recommended reading!)

Tags: appeal, article, board, computer, european, meaning, network, patent, patents, software, step

Patents: Børsen: Bill Gates threatened to kill 800 Danish jobs if Denmark opposed software patent directive:

Danish financial newspaper Børsen reports that Microsoft founder Bill Gates threatened the Danish government in connection with software patents. According to the article, Gates told Rasmussen and two Danish ministers in November that he would kill all 800 jobs in Navision, a Danish company acquired by Microsoft in 2002, unless the EU were to quickly decide to legalize software patents through a directive. Denmark is a country with only 5 million inhabitants and a relatively small high-tech sector to which the loss of 800 jobs would have significant implications.

Lovely — a blunt blackmail attempt. The article goes on:

It would not be the first threat of its kind. A group of large corporations including Philips is reported to have previously threatened European governments to outsource all of their European software development jobs to low-wage countries unless the EU were to allow patents on software through the directive that is currently being worked on.

In January, leading Polish daily Gazeta Wyborcza reported on a letter addressed by the Polish subsidiaries of Siemens, Nokia, Philips, Ericsson and Alcatel to Poland’s prime minister Marek Belka … it is said to have indicated that the respective companies would reconsider making investments in Poland if the Polish government upheld its resistance to the legalization of software patents in the EU.

Again, note the FUD-busting on this point. I notice that Florian Mueller of NoSoftwarePatents.comhas a a good one-liner response along the same lines — ‘The country in which you develop a technology has nothing to do with where you can take out patents.’ He goes on:

If they move jobs to Asia, they won’t get a single additional patent, neither in Asia nor in Europe. If you warn politicians of consequences that are directly related to a legislative issue, that’s acceptable. If you threaten with causing damage that has no factual connection whatsoever, then it’s blackmail. Plain and simple.

Tags: article, brsen, country, directive, government, microsoft, newspaper, patent, patents, philips, software

Spam: eWeek recently published an article entitled ‘Spammers’ New Tactic Upends DNS’ , which notes that:

One .. technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning.

By doing this, spammers hope to avoid stiff CAN-SPAM fines through minimal exposure and visibility with a given domain. The ruse, they hope, makes them more difficult to find and prosecute.

The scheme, however, has unintended consequences of its own. During the interval between mailing and registration, the SMTP servers on the recipients’ networks attempt Domain Name System look-ups on the nonexistent domain, causing delays and timeouts on the DNS servers and backups in SMTP message queues.

This had me stumped when I read it, since an email from a nonexistent domain is a pretty reliable spamsign (it’s used in the NO_DNS_FOR_FROM rule in SpamAssassin, for example, which hits about 2% of spam), has been a rule in the default ruleset for several years, and there’s no sign of that behaviour in our spam traps.

After some discussion, Suresh Ramasubramanian came up with this explanation of what’s really happening:

Verisign now allows immediate (well, within about 10 minutes) updates of .com/.net zones (also same for .biz) while whois data is still updated once or twice a day. That means if spammer registers (a) new domain he’ll be able to use it immediatly (sic) and it’ll not yet show up in whois (and so not be immediatly identifiable to spam reporting tools) - and spammers are in fact using this “feature” more and more!

That does sound a much more likely explanation, and matches what’s been seen in the traps.

So: WHOIS, not DNS.

Tags: article, dns, domain, eweek, explanation, rule, smtp, spam, spammer, spammers

Patents: oh, this is painfully ironic.

patents4innovation.org is a PR site set up by EICTA, a consortium of several pro-software-patent multinational companies, to put some PR money into lobbying for the legalisation of swpats in the EU. I’ve mentioned it before in the context of another boo-boo. Well, here’s the next one.

According to FFII, they recently took a Creative-Commons-licensed article from another website, and:

• republished it without the required attribution to the author
• translated it, creating a ‘derived work’, against the terms of the license
• and then failed to notify readers of the licensing terms, as required

In other words, they managed to infringe the terms of its copyright-based licensing in multiple clauses.

No wonder they claim that patents are required to protect people’s inventions. It seems they just don’t understand how copyright-based licensing works ;)

(The article’s been taken down from the p4i site, but not before the boo-boo was spotted by an eagle-eyed FFII’er.)

Tags: article, consortium, eicta, ffii, innovation, legalisation, licensing, money, org, patents, site

Green: Wow — UC Berkeley’s Lab Notes newsletter this month includes an article noting the benefits to the environment of reading your news on a PDA instead of getting a delivered newspaper. Check this out:

In a new study, UC Berkeley researchers report that receiving your news wirelessly on a PDA instead of delivered to your door requires up to 140 times less carbon dioxide, several orders of magnitude less greenhouse gases, and the consumption of 26 to 67 times less water.

…

To tease out the truth, Horvath and graduate student Michael Toffel dissected nearly all of the environmentally-relevant processes involved in both wireless news delivery and teleconferencing. In the case of newspapers, the researchers focused on the environmental effects of reading the New York Times in Berkeley, California, from the manufacture of newsprint and ink to the delivery from a nearby printing press to disposal of the newspaper. This data was then compared to such factors as the energy used to manufacture a PDA, including its microprocessor and battery, and the electricity required by wireless and Internet service providers to deliver news content to the device.

Sitescooper is therefore a WorldChanging tool!

Tags: article, delivery, environment, green, lab, month, news, newsletter, newspaper, pda, study

Security: good ;login: preprint article on the ‘Witty’ worm. ‘Conclusion: Witty represents a new generation of malcode: written by a motivated, skilled, and malicious individual. Witty’s author is the first to combine both skill and substantial malice. The author had some motive which lead, for him, to desire a destructive effect. Witty was written by an expert and, unless caught, he could do it again.’

However, there’s one point where I think the authors have slipped up:

The use of previously compromised machines (for seeding) requires that the attacker either obtained access on 110 machines using a different tool, already had access to 110 machines, or took control of these machines from a third party. Thus Witty’s author probably possessed some ties to the attacker underground, to gain these machines in the short timeframe.

IMO, that’s not necessarily the case. Given that current estimates are that 80% of spam emanates via open proxies, and that those in turn are generally insecure machines that have been taken over, I would surmise that someone with access to a reasonable amount of spam and an off-the-shelf Windows vulnerability scanner could quickly amass 110 machines to launch the attack with — simply by scanning for the vulnerabilities those machines were r00ted with in the first place.

Good article otherwise, though…

Tags: access, article, attacker, author, login, preprint, security, spam, the, witty, worm

Spam: Good Salon article on the new forms of spamming, such as Wiki and referrer-log spamming etc. Here’s a good quote:

‘The adult industry will likely be married to spam and its attendant distribution methods long past the evolution of man into beings of pure energy,’ jokes Domenic Merenda, vice president of business development for Edge Productions, a company that operates adult-media properties.

There’s a good deal of crossover — I’ve seen both email and referrer-log spam advertising the same porn sites.

Tags: adult, article, attendant, distribution, good, industry, quote, salon, spam, wiki

Health: USDA orders silence on mad cow in Texas: ‘The U.S. Department of Agriculture has issued an order instructing its inspectors in Texas, where federal mad cow disease testing policies recently were violated, not to talk about the cattle disorder with outside parties … The order … was issued in the wake of the April 27 case at Lone Star Beef in San Angelo, in which a cow displaying signs of a brain disorder was not tested for mad cow disease despite a federal policy to screen all such animals.’

Great idea — if you want to avoid finding mad cow cases, just don’t bother looking for them! The beef rendering plant in question supplies beef to MacDonalds, reportedly.

Press: LWN: A look at SpamAssassin 3.0 (article is subscriber-only until next week).

OSes: Kernelthread.com: Making an Operating System Faster. Great article on some OS-level optimisations Apple used in MacOS X — including a nifty boot-time read-ahead system which reportedly more than doubles the speed of OS X reboots. nice!

Wildlife: here’s another critter we encountered last weekend — a baby Western Diamondback rattlesnake, hiding in a crevice.

Tags: agriculture, article, beef, cow, disease, disorder, health, order, silence, system, usda

Language: So, here’s a word worth noting — ‘Neverendum’. This Guardian article notes:

(Quebecois politician Mario Dumont’s) meteoric ascent is a sign of how weary voters in the French-speaking province have become about what has been dubbed the ‘neverendum referendum’, the debate over whether Quebec should become a country. It has dominated Quebec politics for three decades.

It looks like Ireland’s ever-recurring referenda (motto: ‘if at first the Government fails to get their desired result, try, try again’) have driven the word into usage over there too, judging by this Irish Family Planning Association press release:

‘The idea of holding another pro-life neverendum is clearly ludicrous and serves only to distract from the daily reality of Irish Abortion.’

And there’s even a song, referring to the Nice referendum:

‘The Government should not patronise us but should respect the views of the people,’ he said. Or, as he puts it in verse, ‘What part of our No don?t they understand?’

Tags: article, ascent, government, guardian, irish, language, neverendum, politician, quebecois, referendum, word

Patents: The pro-software-patent lobby has frequently stated that TRIPS — the Treaty on Trade Related Aspects of Intellectual Property Rights (TRIPs), signed on 1993-12-15 as a constituting document of the World Trade Organisation (WTO) — requires that software be patentable. For example, here’s one from the International Chamber of Commerce:

ICC believes that the directive should follow current practice in the EPO and a number of EU member states and make it clear that computer program products can be claimed. To disallow such claims in the directive would create great legal uncertainty for holders of such patents already granted. Prohibiting product claims would also render enforcement of patents difficult and raise questions with respect to TRIPS compliance. TRIPS requires patents not only to be available, but also to be ‘enjoyable’ in all areas of technology.

Well, it actually appears that the treaty may state exactly the opposite! Christian Beauprez, a UK-based consultant, has taken a closer look at the details, and come up with this:

TRIPS Article 10.1, ‘Computer programs, whether in source or object code, shall be protected as literary works under the Berne Convention (1971).’

WIPO Copyright Treaty Article 4, ‘Computer programs are protected as literary works within the meaning of Article 2 of the Berne Convention. Such protection applies to computer programs, whatever may be the mode or form of their expression’.

This includes the execution or processing of a program, as demonstrated in the EEC software copyright Directive 1991, ‘the permanent or temporary reproduction of a computer program by any means and in any form, in part or in whole. Insofar as loading, displaying, running, transmission or storage’

They also stipulate that exceptions to exclusive rights of authors are to be limited to ’special cases’ which do not conflict with a normal exploitation of the work and cannot be prejudicial to the author’s rights. (e.g. the rights to sell,rent,broadcast,give away,translate, and generally enjoy.).

… Authors cannot own underlying ideas, but inventors can as part of their ‘invention’. When the field of software (aka data processing) is opened up to ‘inventors’, they can block authors from exploiting their works on the grounds that they own the ‘underlying ideas’. Therefore this is prejudicial to the rights of authors and illegal under all these Treaties.

There’s lots more at Christian’s site. FFII, one of the main anti-software-patenting players in Europe, have agreed that this is a key point in their TRIPS analysis:

In summary it can be said that the European patent establishment is 1. refusing to clarify and concretise the meaning of the TRIPs treaty; 2. wrongly equating the TRIPs treaty with ‘US practise’, using threats of alleged TRIPs-incompatibility for purposes of fostering Fear, Uncertainty and Distrust (FUD); 3. trying to impose a sui generis software patent regime on Europe which is incompatible with the TRIPs treaty.

Tags: article, berne, computer, copyright, directive, patents, program, software, trade, treaty, trips

Spam: Guardian: Incredible Bulk, by Danny O’Brien. A great article from the
‘Spam and the Law’ conference. ‘This is why people such as Richter are appearing from the shadows. They have a choice: turn legit, or risk an increasingly criminal lifestyle.’

Also spam-related: Code Fish Spam Watch, which lists and dissects phishing attacks, in great detail. Some of those trojans are exceptionally sophisticated – such as this trojan targetting Barclays online banking, which actually takes screenshots of a CAPTCHA-style login protocol. Scary!

Tags: article, bulk, choice, conference, guardian, incredible, law, richter, spam, the

Patents: FFII: Conferences and ‘Patent Riots’ in Brussels 2004-04-14
: ‘The Foundation for a Free Information Infrastructure (FFII) calls on its 50.000 European supporters and on 300.000 petition signatories, including more than 2000 CEOs of European software companies, to take to the streets in Brussels on April 14 and in national capitals around 1st of May, and to temporarily block access to their websites, in protest against new moves by the EU Council and Commission to legalise patents on computerised calculation rules and business methods’.

Last year, the European Parliament voted to exclude software and business methods from patentability. Now, it appears the EU Council is secretly planning to push that through regardless — so FFII are planning another round of protest for 2004-04-14.

In other news — the European Patent Office and other pro-patent bodies have always insisted that the WTO Trade-Related Intellectual Property (TRIPS) treaty required that software be patentable. However, this poster thinks not:

Article 10 of said treaty clearly states: a.. ‘Computer programs, whether in source or object code, shall be protected as literary works under the Berne Convention (1971).’

This is the strange thing you see, the statement doesn’t seem to mean that much on first glance. It is only when reading it closely that one realises that it does not simply say that ‘computer programs are automatically copyrighted under the Berne Convention’, it specifies they ’shall be protected as literary works’.

Literary works cannot be patented because they are not inventions. Indeed if literary works could be patented one would have to concede that books, screenplays, and music could be patented as well although according to my research there is no provision for this in law. We would also have to apply patent laws to these areas since we are not allowed, apparently under article 5 to restrict on the basis of the field of technology.

On reflection, it’s actually a very interesting comparison. Like literary works, it’s not the idea of what software does (the plot summary) that makes it valuable, it’s all the fiddly details of its implementation (the full story). Hmm! Maybe TRIPS got that right after all…

Tags: article, business, computer, council, european, ffii, patent, patents, protest, software, treaty

Net: Great NYTimes article interviewing Bram Cohen about BitTorrent (u: sitescooper p: sitescooper). Good to see that it landed him a job with Valve, but let’s hope that’s not the last piece of free software from Bram…

One of the best things about the article, BTW, is that it does take notice that BT isn’t a tool for piracy. Refreshing, given how these things are often covered.

Tags: article, bittorrent, great, hope, job, net, nytimes, piece, sitescooper, software, valve

Sport: Observer: Football, blood and war: an insane article about the
crossover between Serbian nationalist paramilitaries and football hooliganism:

The crowd watched as a group of Serbian paramilitaries (the self-styled ‘Tigers’), dressed in full uniform, took up positions in the north stand. There were about 20 of them and, one by one, they held aloft road signs: ‘20 miles to Vukovar’; ‘10 miles to Vukovar’; ‘Welcome to Vukovar’. More road signs were brandished, each one bearing the name of a Croatian town that had fallen to the Serbian army. From high up in the stand, Arkan, the notorious commander-in-chief of the Tigers and director of the Red Star supporters’ association, emerged to receive the delighted applause of supporters who were no longer fractious but united in hatred of a common enemy - the Croats.

Mind you, that was 1992. Still, very scary. (Via the ie-rant mailing list)

Tags: article, blood, football, observer, road, serbian, sport, stand, tigers, vukovar, war

Funny: Getting Even With Nicorettes (NYTimes): a very funny article about giving up smoking by taking up a full-time nicotine gum habit.

‘I’ll be at a party,’ he said, ‘and someone will say, `Oh, is that Nicorette?’ and I’ll say, `Yes, do you want some?’ They’ll say, `Oh, I don’t smoke,’ and I’ll say, `Try it anyway.’ There’s this excitement and curiosity, and then on about the fourth chew, this look comes over their face that says, `Oh God, why are you giving me lead?’

‘It’s like prank gum. It’s like going to kiss your grandmother and finding her tongue in your mouth.’

Tags: article, funny, gum, habit, nicorette, nicorettes, nicotine, nytimes, party, smoking, someone

Code: OOP over the top: a hilarious dissection of some of the most monstrous ‘how to rewrite OO-style’ I have ever seen — take a 15-line if/elseif/else clause and rewrite as a thoroughly over-engineered unmaintainable 7-class, 15-method disaster, using the Singleton and Factory patterns. The rewrite in the original article is intended seriously, as far as I can tell.

As the xmldatabases.org article says: ‘this is really a general problem with OO development. Fancy object oriented architectures have become the goal and this article maybe makes that point more clearly then anything I could ever say. It’s representative of the thinking from a few years ago (written in 2000), and shows us just how much damage we now have to undo. It basically says that the simple solution that just works is wrong and will be unmaintainable. Maybe that’s true, maybe it’s not, nowhere does the article consider the question of whether or not that code actually needs to be that generic. It simply says that the simple solution is bad and that the seven class monster they came up with is the right solution. Talk about doing a disservice to students trying to learn how to build solid computer systems.’

(Found via sourcefrog.net – Martin Pool’s weblog, great for Linux and code bits).

WebMake: linux.com: An introduction to building sites with WebMake. W00t! Let’s hope nobody asks any questions while I’m away for xmas ;)

Tags: article, class, code, dissection, line, linux, oo-style, oop, solution, webmake

Politics: Hey, Sarge, Why Are They Shooting At Us with American Guns? (Three-Toed Sloth).

An interesting article, with one central thesis that had never occurred to me before; why should exports of guns, automatic weapons, and landmines be as free and easy as they are now?

In recent weeks, small arms have brought down several U.S. helicopters in Iraq, killing dozens of soldiers. Given the historically unprecedented military strength of the American armed forces, it doesn’t make a whole lot of sense to be flooding the world with weapons that could someday be used in guerilla warfare — arguably the only kind of war that an enemy can successfully wage against the U.S. military.

Sanchez cited Afghanistan as a perfect example of this phenomenon. ‘No sale of weapons is ever completely safe,’ he said, ‘as yesterday’s allies become today’s terrorists.’

Environment: excerpts from Markers to Deter Inadvertent Human Intrusion into the Waste Isolation Pilot Plant (via NTK). Eek! Check this out…

Tags: american, article, hey, lot, politics, shooting, sloth, strength, thesis, three, toed

Spam: Great NYT article; well worth a read.

‘For the spammers to actually manufacture and release a worldwide virus specifically to attack you, you’re probably making quite some impact on them,’ Mr. Linford said.

Tags: article, great, impact, nyt, read, spam, virus, worldwide

Bizarre: Given some historical context, it’s funny how absolutely insane this sounds: Guardian: At Home with the Fuhrer.

My discovery was an article headlined ‘Hitler’s Mountain Home’ - a breathless, three-page Hello!-style tour around Haus Wachenfeld, Hitler’s chalet in the Bavarian Alps. In it, the author, the improbably named Ignatius Phayre, tells us that ‘it is over 12 years since Herr Hitler fixed on the site of his one and only home. It had to be close to the Austrian border’. It was originally little more than a shed, but he was able to develop it ‘as his famous book Mein Kampf became a bestseller of astonishing power’.

The great dictator, it seems, was quite the interiors wizard: ‘The colour scheme throughout this bright, airy chalet is light jade green. The Führer is his own decorator, designer and furnisher, as well as architect… has a passion about cut flowers in his home.’

And he is seldom alone in his mountain hideaway, as he ‘delights in the society of brilliant foreigners, especially painters, musicians and singers. As host, he is a droll raconteur… ‘

Oh, and look who’s practising his archery in the garden: ‘It is strange to watch the burly Field-Marshal Göering, as chief of the most formidable airforce in Europe, taking a turn with the bow-and-arrow at straw targets of 25 yards range.’

And on it gushes, all accompanied by various photos of Hitler and friends admiring the view, examining plans for the house, and one delightful shot of Adolf relaxing on a deckchair with ‘one of his pedigree alsatians beside him’.

Next time you read an over-excited ‘inside the home of’ article, bear in mind that the subject might be a psychopathic dictator bent on world domination and mass murder.

(The article then descends into a convoluted mess of copyright claims and counterclaims, BTW, in case you’re interested. But the bizarre stuff is what got me ;)

Tags: article, bizarre, chalet, context, dictator, discovery, fuhrer, guardian, hitler, home, mountain

Software: Great LWN weekly edition last Friday; not only is there a very nice article about SpamAssassin, debunking the ‘open spam filtering rules considered harmful’ myth, but there’s a great tool tip: Meld, a new graphical merging tool.

Basically, when you have two pieces of text, and want to merge them together into one, you need a merge tool. This is a tricky job; most people just get the tool to stick them all in one file, CVS-style, and try to figure it out visually. It’s fraught with problems.

Hence the idea of using a GUI to ease the task. There have been other graphical merge tools before; I know of the proprietary one bundled with ClearCase, and tkdiff. However, both of these just aren’t very good — it’s quite simply too hard to figure out exactly what direction which piece of text came from.

Looks like meld is a fantastic effort to fix this; take a look at the screenshots. The key is the approach they’ve taken of having a drawable area in the middle between the two differing texts; this is used for lines and graphical indications of what came from where. It really seems to work, from what I can see.

Tags: article, edition, friday, great, lwn, software, spam, spamassassin, text, the, tool

Science: Fantastic article in New Scientist volume 180 (4 Oct 2003), covering how science is beginning to identify the keys to a happy life, and perform studies measuring people’s happiness.

That’s a subscribers-only link unfortunately, but I’ll excerpt a few choice snippets:

First off, money:

Can money buy happiness? The short answer is, yes - but it doesn’t buy you very much. And once you can afford to feed, clothe and house yourself, each extra dollar makes less and less difference. … In the past half-century, average income has skyrocketed in industrialised countries, yet happiness levels have remained static (see Graph). It seems absolute income doesn’t make much difference once you have enough to meet your basic needs. Instead, the key seems to be whether you have more than your friends, neighbours and colleagues.

Looks:

First the bad news: good-looking people really are happier. When Diener got people to rate their own looks, both with and without make-up, there was a ’small but positive effect of physical attractiveness on subjective well-being’.

But don’t compare your looks with what the media puts out:

In a new study, Laurie Mintz and her colleagues from the University of Missouri-Columbia found that women who saw advertisements featuring lithe and flawless young models for just one to three minutes rated their own bodies more negatively and showed an increase in depression. Mintz was alarmed how quickly the women’s self-esteem was undermined. And she believes people are becoming more dissatisfied as new technology allows the media to create ever more unrealistic images.

Mintz recommends less drastic steps to contentment: avoid unrealistic media images; understand that such pictures are airbrushed and ‘Photoshopped’ to perfection; appreciate your body for what it does rather than how it looks.

Friends:

It is hard to imagine a more pitiful existence than life on the streets of Calcutta or in one of its slums, or making a living there as a prostitute. Yet despite the poverty and squalor they face, such people are much happier than you might imagine. ‘We think social relationships are partly responsible,’ says Diener.

And a global comparison:

The latest global analysis of how levels of satisfaction and happiness vary from country to country shows that the most ’satisfied’ people tend to live in Latin America, Western Europe and North America. Eastern Europeans are the least satisfied.

… There is plenty more about national happiness levels that has researchers scratching their heads. One of the most significant observations is that in industrialised nations, average happiness has remained virtually static since the second world war, despite a considerable rise in average income (see Graphic). The exception is Denmark, where people have become more satisfied with life over the past 30 years - no one is quite sure why.

and the effects of consumerism:

A growing number of researchers are putting the static trend down to consumerism. Survey after survey has shown that the desire for material goods, which has increased hand in hand with average income, is a ‘happiness suppressant’.

One study, by Tim Kasser at Knox College in Galesburg, Illinois, found that young adults who focus on money, image and fame tend to be more depressed, have less enthusiasm for life and suffer more physical symptoms such as headaches and sore throats than others (The High Price of Materialism, MIT Press, 2002). Kasser believes that people tend to embrace material values when they are feeling insecure (retail therapy, anyone?). ‘Advertisements have become more sophisticated,’ says Kasser. ‘They try to tie their message to people’s psychological needs. But it is a false link. It is toxic.’

Lots of good bits. Pity it’s subscribers-only!

Tags: article, difference, fantastic, happiness, income, life, money, new, science, scientist, volume

In this article by Salam Pax, about how he got into weblogging, he says:

While the world was moving on to high-speed internet, we were being told it was overrated.

Heh, sounds like an Eircom quote ;)

Tags: article, eircom, heh, internet, pax, quote, salam, world

Wired: Turn Back the Spam of Time. An article about the time-travel spammer, now fingered as Robert ‘Robby’ Todino:

The anonymous e-mail offered $5,000 to any vendor capable of promptly delivering a collection of far-fetched gadgets for conducting time travel. Among the mysterious devices sought by the message’s author were an ‘Acme 5X24 series time transducing capacitor with built-in temporal displacement’ and an ‘AMD Dimensional Warp Generator module containing the GRC79 induction motor.’

He’s genuinely interested, it seems — but has a few psychological difficulties. (Thanks to Gary Stock for spotting it.)

Tags: article, collection, spam, spammer, time, todino, travel, turn, vendor, wired

The Dublin Flash Mob. All went off very well, from the sounds of it. However, this picture contains some wierdness — who the hell is that guy, second from the left, who’s stolen my haircut circa 2 years ago?! Those are my sideburns, give ‘em back!

(ObSoCalJoke: they tried to organise a flash mob in southern CA, but couldn’t find anywhere with a big enough parking lot for all those single-occupant SUVs. Ba-dum-tish!)

Telecoms: The Communications Workers of America union have released some figures on Verizon’s profit margins etc. Interesting to note some figures — like they charge 4 dollars for call waiting, a service which costs them 0.82 of a cent to provide — that works out at a 48,680% profit margin, which must be nice. In addition, Verizon use ’splitters’, which result in a copper pair being unusable for DSL — just like Eircom do in rural Ireland. Interesting to note that, even after deregulation, LLU and general introduction of competition, the same problems still arise.

Science: BBC: Scientific research put under spotlight. Terrible article from the Beeb, who should know better.

Basically the article pins some of the blame for recent absurd claims of scientific breakthroughs, like the Raelian’s claims they cloned a human, on the peer review process.

What they’re missing is that, in most cases of these absurd claims, the research had not been peer reviewed — instead a press release was put out in advance. Peer review remains the most effective way to demolish bad science. However, the news media shows no sign of being willing to sit around and wait for other scientists to analyse the latest claims, before publishing them.

Spam: Salon: Meet The Spam Nazi. More on the bizarre story of the Jewish leader of a Nazi party, who now peddles ‘make penis fast’ pills.

Politics: Ian ‘Freenet’ Clarke says he’s leaving the US.

Linux: I’ve given up on blogging the SCO-v-everyone thing, it’s getting too absurd. GrokLaw is covering it much better than I could anyway. Plus: You say po-TAY-to, I say po-TAH-to.

Movies: I concur with Waider — Pirates of the Caribbean is great. Best summer blockbuster in years; Hollywood can still pull off a good big movie now and again (by using young directors it seems). Buckle those swashes! Aarrr!

Tags: article, flash, mob, peer, profit, research, review, science, spam, verizon

Good Wired article on the subject:

A security flaw at a website operated by the purveyors of penis-enlargement pills has provided the world with a depressing answer to the question: Who in their right mind would buy something from a spammer? An order log left exposed at one of Amazing Internet Products’ websites revealed that, over a four-week period, some 6,000 people responded to e-mail ads and placed orders for the company’s Pinacle herbal supplement. Most customers ordered two bottles of the pills at a price of $50 per bottle.

And check this out for bizarre:

An investigation … last month revealed that Bournival’s mentor and business partner is Davis Wolfgang Hawke, a chess expert and former neo-Nazi leader who turned to the spam business in 1999 after it became public that his father was Jewish.

Tags: answer, article, business, flaw, good, question, security, website, wired, world

NYT: Diverging Estimates of the Costs of Spam. The article points out how the analyst company estimates of the cost of spam widely diverge. That’s reasonable — in fact, that’s analysts for you. Some great data in there, too.

But then we get to this glorious quote:

Peter S. Fader, a marketing professor at the Wharton School who has studied e-mail, says the research firms’ estimates vastly overstate the actual cost of spam. … He also argues that the computers and networks that are being installed to deal with spam will be a powerful resource for processing legitimate e-mail, once spam filters and economic Darwinism tame the spam epidemic.

‘Spam, although it is a bad thing per se, is fostering the growth of the e-mail infrastructure,’ he said.

Yeah — in the same way that arson ‘fosters the growth’ of the firefighting infrastructure. Wow.

Ireland: I’ve just heard about the ‘no fares’ day of protest by CIE’s unions. It seems the unions, rather than closing up shop for the day as would be traditional, decided to take a much more consumer-friendly approach; instead of shutting down the normal public transport services, they ran them for free. Genius.

RTE reported that ‘tens of thousands of people’ travelled for free, and Iarnrod Eireann said that ‘there has been a notable rise in passenger numbers on some inter-city trains to Dublin as people take advantage of free travel.’ Now that’s an effective way to strike…

Tags: analyst, article, cost, day, diverging, growth, infrastructure, nyt, spam, way

A good OCWeekly article about Irvine Meadows West — UC Irvine’s trailer park. The trailer park brings a little grit to UCI, and — bonus! — is apparently a good, fun place to live. Super-cheap too, at 130 dollars a month.

Unfortunately it’s going to be closed and replaced with a parking lot:

To the students, many completing their doctoral theses, the trailer park is their private refuge from the master-planned sterility beyond. They see the housing department’s decision to raze the park not as a bow to parking pressures, but a calculated strategy to destroy something ‘outside the master plan’–a phrase that’s become the residents’ motto.

Tags: article, bonus, grit, meadows, ocweekly, park, parking, trailer, uci, west

Scary stuff — the techie details of the trojan discussed in the NYT article today — Reverse-Proxy Spam Trojan - Migmaf (LURHQ):

LURHQ was able to obtain a copy of the trojan - detected from suspicious activity originating from a VPN user on a firewall on a network we monitor. What we found was the trojan was not a webserver at all, but instead: a reverse proxy server. Instead of hosting the content on the victim’s computer, the spammer instead maintained a ‘master’ webserver. We have dubbed this trojan ‘Migmaf’.

Tags: article, lurhq, migmaf, nyt, proxy, scary, stuff, techie, trojan, webserver

BBC: Spam peddlers hijack computers. A great article from the Beeb, following the trail of a single spam, all the way back to the person they believe to be the sender — via a hacked British Airways server!

Tags: article, bbc, beeb, british, hijack, person, sender, spam, trail, way

The Times: The secret city is a great reservoir of urban myth. Great article about the urban legend fodder that is ‘the city beneath the city’.

Date: Mon, 09 Jun 2003 15:19:37 +0100
From: “Martin Adamson” (spam-protected)
To: (spam-protected)
Subject: The secret city is a great reservoir of urban myth

The Times

June 09, 2003

The secret city is a great reservoir of urban myth

Richard Morrison

YOU know what worries me most about London? It’s how the buildings stand up. It seems miraculous that they aren’t wobbling like a contralto’s bosom. So many tunnels, bunkers, sewers, stations and vaults have been dug beneath the capital that the famous clay on which London is built must now resemble a Swiss cheese. Last week the Post Office closed its Mail Rail, the underground train that sped our epistles from Whitechapel to Paddington, or vice versa, for 75 years. Most Londoners were vaguely aware of its existence. But what else is down there? The answer is that nobody knows the whole truth, and most of us don’t know a hundredth of it. But that’s fine with me, because in the absence of hard facts this secret city-beneath-the-city is a wonderful reservoir of urban myth. And that’s much more entertaining.

Some things I do know. The Bank of England also has its own underground railway, presumably to cart sackfuls of dosh to fat cats in the Square Mile. So does Harrods, presumably to cart the sackfuls back to the Bank. Also lurking below ground are no fewer than 40 ghost stations: disused Tube stops, their eerily empty platforms briefly glimpsed from passing trains.

Or are they deserted? Some had — perhaps still have — very active afterlives, if rumour can be believed. The Down Street station, between Green Park and Hyde Park Corner, was used as an underground Cabinet Room during the war.

The never-officially-opened Bull and Bush, its entrance half-concealed on Hampstead Heath, is said to be the nerve centre controlling the floodgates that would be swiftly closed if the Thames ever broke into the Tube. But at one time it was also claimed to be the mysterious “Paddock”, the Government’s subterranean control room in the early 1940s. Two things fuelled this enduring urban myth: the reference in Churchill’s memoirs to a bunker “near Hampstead” (which would be a strange description of the well-known bunker at Dollis Hill, near Neasden); and the odd story of a man, walking on the Heath during the war, who was startled to see the unmistakable figure of the great Winnie emerging from what seemed to be a bush.

What’s certainly true is that some Tube stations were equipped at that time with deep-level “parallel” platforms, designed as bomb shelters on the understanding that London Transport would be allowed to convert them into express Tube lines later. Mysteriously, this plan was abandoned. Or was it? Again, urban myth declares that there is indeed a parallel, express Northern Line, but that commuters will never be allowed on it. It is reserved for when VIPs have to be whisked out of London quickly and stealthily. (The urban myth doesn’t reveal what they would do when they reached Morden.)

As for these deep-level parallel stations themselves, their fates are equally intriguing. Eisenhower’s secret wartime headquarters, a vast, 32-storey inverted skyscraper under Goodge Street Tube Station, is now used as secure storage — allegedly for confiscated pornography, among other things. The fate of the wartime shelter under Chancery Lane Tube Station is even more intriguing. During the Cold War it was apparently converted into a very unusual telephone exchange — one with a six-week supply of food, its own well, and 12 miles of tunnels extending across London. That would have withstood an atom bomb attack, but not an H-bomb, so it was scrapped. The saloon-bar experts tell me that something even vaster, deeper and spookier lies under Ludgate Hill. But the Chancery Lane “cavern” still remains off-limits.

So does the bulk of underground Westminster and Whitehall. Buildings such as the Ministry of Defence are said to resemble icebergs: seven-eighths below the surface, and all connected by a warren of tunnels stretching to Buck Palace, Charing Cross and God knows where else. Or so a man told me at a party.

Not all of underground London is secret. You can wade into the cathedral-like caverns of Joseph Bazalgette’s sewers if you want. And some resolute aesthetes do, admiring what is said to be the world’s best Victorian brickwork.

Unsurprisingly, however, there is no comprehensive map of subterranean London. Not in the public domain anyway. The engineers building the Jubilee Line Extension reputedly had to submit their proposed route under Parliament Square time and time again, never being told the reasons for its rejection, until by a process of elimination they found the one passage that (presumably) didn’t send trains crashing into Blair’s war room or MI5’s interrogation cells.

But what’s to become of the tunnel we do know about — the now mothballed Mail Rail? Call me biased, but I think it should be converted into a dedicated cycle track, providing us Lycra loonies with a safe, fast, dry route across London. Either that, or it will have to become the world’s longest, deepest bowling alley.

Tags: article, bank, cart, city, date, fodder, legend, myth, reservoir, times

Jeremy Kister on the SpamAssassin-talk mailing list notes:

In an article written by Randy Cassingham, Randy describes ‘why e-mail abuse should be a crime’ and suggests ways to stop spam. His fifth suggestion states Ensure that your ISP is taking steps to combat the problem, such as installing SpamAssassin…

This is in Playboy July 2003 pg 53 (bottom). (and no, i usually dont read it for the articles ;) )