« September 2004 | Main | November 2004 »
October 30, 2004
Quick note to Bob
who is no longer on IM: enjoy! Oh, and thanks again...
Posted by Dan at 04:22 PM | Comments (0)
October 28, 2004
Comment spammers are back!
This morning at 12.45 it appears the comment spammers have returned, originating from IP Address 203.113.29.1 it only took them 16 days to discover the name change. Oddly enough the piece of spam was actually posted to that article originally. I was half tempted to leave it there.
Scanning through the web server log files I find the IP address 62.252.128.15 regularly scanning the comment system on here. I'm wondering if banning that IP address range would provide any better coverage.
Posted by Dan at 09:07 PM | Comments (0)
Where to find
Anyone know where I can find a power supply for a HP ScanJet 5370C? I seem to have lost mine somehow in the recent shuffling and I've got an awful lot of pictures to scan.
Posted by Dan at 12:27 AM | Comments (1)
October 27, 2004
Cut Nose, Save Face
A little while back, NPR had a small segment on how the current crop of youth voter opinions are not being reflected in the polls. Unfortunately I have been unable find the article anywhere online. Up steps Wired with an article talking about much of the same thing, although leaning a bit more towards the youth voters.
The basic premise is traditional polling methods use telephone polls to query participants on their opinions during the election season. This helps create those nifty graphs seen all over the news that help to confuse and disorient the public (me opinionated? no!). It turns out that you cannot call a cellular telephone, only a traditional land line based phone. This works out nicely in the US, mainly due to the bizarre scheme of charging for incoming calls with no way to reverse the charges (even on 800 numbers). One of the hidden gotcha's in this scenario is that the youth of America have begun to leave traditional land lines and begun to only use cellular telephones. Hence the not having their opinions counted/heard for the poll.
The quote on the NPR segment that caught my attention went (roughly) something like "this doesn't impact the polls at all because that demographic typically doesn't vote." While the validity of this statement can be debated (I for one don't know any truth to it), I think the polling organizations have their large blinders on a little too tight. If this trend is starting now, what is to say that these upwardly mobile youth will be using a land line by the next election? As they become older, they're obviously going to stay happy with their current constant connectedness. What about those who move from actual telephones to VoIP communication over their computer?
I give the polling organizations one to two election years to adapt or perish unless cellular companies change their billing rules. But I don't see that happening anytime soon.
O'Doyle Rules!
Posted by Dan at 11:06 PM | Comments (0)
Discovery By Fire
It turns out that not everyone in the world is happy that you may keep a blog about some things, this set includes my current employer. Thankfully some cooler heads had prevailed and I was able to procure a statement of freedom to make my posts with the exception that I am not to post anything work related to it. Fine, so be it.
I was also able to discover how to get one of the barely known "Own Time" project certifications. Essentially the company realizes that they cannot own everything you do, and with this certificate they are releasing you to do whatever to said project. Basically it means I can work on PHP, ext2, and whatever else without question as long as it's after work.
Posted by Dan at 10:36 PM | Comments (0)
October 19, 2004
Power of the Internet
About a year ago I was really impressed with the Vonage technology and service. The general concept of being able to have a phone number anywhere in the US is still a relatively exciting concept that is still awaiting the rest of the phone industry to come up-to speed on.
While I'm not any less excited about this service, I've started to use a few other tools now a lot more. I've been using Skype to keep in touch with some friends dispersed around the world. The voice quality is significantly better than what can be achieved on a normal phone or even a cellular phone. The fact that you can use it to call traditional land lines (at significant savings cost) only adds to the impressive nature of this product. Unfortunately the OS X client is still very obviously a beta, as the client crashes regularly, but I expect this will be corrected in a new release. This is a product I would certainly love to work on and help change the way the world works. Too bad they never responded to any resume submissions.
The second tool I've been using significantly more is Apples iChat. Not just for standard IM practices, but also for it's voice and video capabilities. I'm told it integrates with AOL's Instant Messenger (v 5.5 or higher), but I've yet to test this theory with anyone. iChat is notably more stable then Skype's current client, and seems to correct for missed frames a little better (Skype would occasionally revert to robo-voice). The biggest thrill for me can be found in the video chat, a relatively real time conversation can be had despite the 1 second lag of the camera. My parents, sister, and I have been communicating regularly with this now and find it amazingly easy to use. I know I'm a little late coming to this conclusion (iChat AV is now ... 1 year old?), but I think it's had more of a chance to penetrate the market now resulting in more functional use. When it was just Apple users, video chat isn't as much fun. Now that I can realistically communicate with any AIM user (except those GAIM and and Fire.app users), it opens up a large number of new possibilities for use. My sister gave me a virtual tour of her apartment last night.
With cities like Philadelphia moving to drench their territories in wireless broadband, will this have a strong backlash against tele-cos? If you think I'm a little off my rocker, imagine the scenario where a one time investment of $500 for a PC is made. You can get both AIM and Skype accounts for free, and now use these to call anywhere in the world at a sound quality better than your cell phone (no confusion over B's and D's, or Y's and I's). Now put this in the hands of a lower income household, where basic telephone service costs around $24 a month. In just over 20 months, the PC connection will have paid for itself, provided you get no long distance service on your landline. Pretty cool concept.
The fallout of course is public projects funded by various taxes to your telephone line (i.e. 911). There is also the issue of the computer being non-functional when there is no electricity, or cases of network congestion in areas disrupting service. Finally there is the mental barrier many people have of talking to your computer. It took my parents a little while to get used to the idea, but they've now become a bit more accustomed to it that they don't complain about it.
Posted by Dan at 01:40 AM | Comments (0)
Comment Spam followup
Originally I had thought the turn around on the bots discovering the name change would actually take about two weeks. I based this idea solely on the amount of traffic this site receives on any regular basis, which isn't very much. It seems my initial guestimate was wrong though.
66.130.168.166 - - [14/Oct/2004:19:24:06 -0700] "GET /cgi-bin/cgiwrap/dank/mt-feedback.cgi?entry_id=233 HTTP/1.0" 200 4632 "-" "-"
and...
62.252.128.15 - - [15/Oct/2004:13:12:21 -0700] "GET /cgi-bin/cgiwrap/dank/mt-feedback.cgi?entry_id=233 HTTP/1.1" 200 4651 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
both were found in my web server logs from last week. None have tried making a posting yet, but I'm guessing that will be coming in a short bit now.
Posted by Dan at 01:17 AM | Comments (0)
October 12, 2004
Homogenous Environments
One realm of computer security research postulates that many of the effects of computer viruses could be lessened by creating a network with more heterogeneous mix of connected clients. The theory being that because N percent of the connected computers are all running a specific operating system (a variant of Microsoft Windows in this case), the effects of a virus attack crippling the Internet increase by some sliding scale. Something along the inverse of this argument is used in proclaiming other operating systems perceived security is really only a case of untested/unpopular targets. The problem with this sort of theory is that there really is no way to prove it. You can run simulations, where each client can be a mixed ratio of operating systems, but you won't ever really be able to model the true results given the nature of the beast (sysadmins disconnecting systems, possible cross-platform viruses etc). Enter blogs.
A blog? Yes, a blog. As the blogging phenomenon took off, the sheer number of blog authoring software grew, but there always tends to be a clear leader in each field. I would hazard a guess that most blogs took up the MovableType system judging by a cursory glance at a number of blogs on a blog scraper. This fits since I too run the MovableType software, and as such can run a test scenario even if it's completely wrong.
How does this relate to computer security? Well one of the problems with the MovableType system, just like predominant operating systems, is it's uniformity. Under the 2.x system, every piece of installed software is called mt-*.cgi where the * can be any number of words. This uniformity has greatly reduced the amount of effort required by blog comment spammers, who can generically attempt at writing to the mt-comments.cgi without having to actually look at the blog.
Herein lies my change. It's something simple, mostly a case of name obfuscation, but the point is to see how long it takes the blog comment spam community to re-act to something as easy as changing the name of the script. The hope being that if every MovableType installation could rename their commenting system CGI to unique values, what kind of slow down effect would this cause to comment spammers? I can't imagine the current database architectures or systems would work very well for adding in a second field of comment system name changes. Not that it would take very long to adapt to this, but what if a system could be generated to constantly obfuscate the script? Meaning it couldn't be called upon the same on a daily basis.
Starting today, I've renamed my comment script, and will be re-opening comments from this point on. I'll mark when the first comment spam arrives, and hopefully when the second and third happen. I'm planning on trying to pinpoint exactly how that gets distributed. Once the comments start returning, I'll implement phase two of the process, which is a small cron process to be run daily that changes the installed name of the commenting script based upon a hash of a secret key and some random values. At that point I'll also post the results, and the script so that others may implement a similar process and attempt.
To those that might argue that obfuscation isn't the answer, I disagree. In this case the minor amount of processing time that is required to enable an obfuscation based system pales in comparison to the number of cycles wasted each day as comment spammers attempt to post an entry to my blog. More importantly this will eventually, hopefully, increase the barrier to continuation of blog spam.
[EDIT: it would also be interesting to test this theory on various other installs as well. ]
Posted by Dan at 01:37 AM | Comments (0)
October 09, 2004
Web annoyances re-loaded
I've run into a few times now, that it's become enough of an issue to annoy me. DHTML popups that exist within the page you are viewing, often times covering up the content of the page. Since these are "virtual" popups, you can't use a popup blocker to keep them away, but they can certainly take over a large percentage of your viewing screen. What's worse, is closing your window closes the entire browser window (ugh), and you have no assurance that the little X used to denote a closing capability actually will close anything at all.
Why can't web advertisers realize their invasive usage of technology isn't working. That with each "new" and "innovative" method they discover, someone else will discover a way to dim these thing out. If they would keep to simple banner ads, I'm sure they'd get much more feedback.
Posted by Dan at 01:40 PM | Comments (0)
Happy Birthday...
... to me! Weeeeeeeee! And all the chimpmunks in the park go, weeeee!
Posted by Dan at 01:36 PM | Comments (0)
October 05, 2004
Protecting the Innocent
Politech has recently been spurred back to life, presumably by the return of Declans PowerBook. A recent posting talked about an effort in Ohio to remove the date of birth and address from the drivers license, under the guise of protecting domestic violence/stalking victims from being discovered via voting registration records.
While I like the general premise for the change (protecting victims of location based crimes), and I like the idea of being able to control what information is on a drivers license, I find this route of implementation to be rather ass backwards.
Having worked in a small town precinct on election day, the address of a potential voter often comes into play. It's easy to dismiss such a detail in an area where precincts are clearly defined, but let's use my hometown for an example where my house lies directly on the border line between two counties. This is clearly evident come every winter when snow plows from each county will approach and not clear the snow located directly in front of our house. But if you want to be more technical we have 4 addresses two from each county. Yes, 4 postal addresses for a single house not subdivided into multiple dwellings. Depending upon which address is used at registration time, I may or may not be able to vote in precinct A, but since all the voter ID cards look the same there is no reason to believe I can't just walk into a precinct and vote.
The simple solution of course is, change the voter registration cards to indicate which precinct you can or cannot vote in. Okay, but now you've essentially invalidated the reasoning behind the initial cause of this legislation, protecting the identity of a location based crime victim. How? Well you've limited the search radius for a potential repeat offender to locate their victim. How does that help? Any potential assailant will only need to wait at said precinct for their victim to arrive, follow them home, and continue about their way for another time.
The part about this that really throws me off though is accountability. By removing the addresses from the voter registration record, you can no longer verify that a voter was a legitimate voter. There is no way to identify the difference between John Smith next door and John Smith who died in 1870 and rests at gravestone D-14-3 at 100 Grassy Knoll St. By removing accountability, we now remove the ability of the American public to ensure/prove that their election process was {in}correct at any point in time, which in turn is a dramatic shift in power for the democratic process from the general public to those who try to rig an election.
This is bad.
I'd urge those in Ohio to vote against this legislation.
Posted by Dan at 01:22 AM | Comments (0)
Slowly down the pipe
Congratulations go out to Bob and Dia for finally deciding to make things official. Apparently I'm cool enough to even get an EVite. On an odd side note, this is also kind of a sad moment. I realize Bob really hasn't been single in about 5 years, but it wasn't official before. Now that it is going to be, this leaves Kevin, Pat, and myself as pretty much the outcasts from the undergrad days. Yeah yeah, Puzak (who spell check wants to call Muzak) hasn't signed on the dotted line yet, but he may as well give in at this point it's inevitable. What a very odd feeling...
[EDIT: fix the HTML code, close your tags f00!]
Posted by Dan at 12:58 AM | Comments (0)
October 03, 2004
Software Reliability
Dan Bricklin has written an excellent opinion piece on the current state of software design and reliability titled "Software that Lasts 200 Years". If you haven't seen this yet, I do suggest taking a few moments to read it.
Posted by Dan at 11:53 PM | Comments (0)