Skip to content

Category: Uncategorized

Bonuses for bankers: business as usual

Published October 23, 2008

Wall Street banks in $70bn staff payout:

Financial workers at Wall Street's top banks are to receive pay deals worth more than $70bn (£40bn) [equivalent to 10% of the US government bail-out package], a substantial proportion of which is expected to be paid in discretionary bonuses, for their work so far this year - despite plunging the global financial system into its worst crisis since the 1929 stock market crash, the Guardian has learned.

Lloyds chief tells staff: you'll still get bonuses:

The chief executive of Lloyds TSB, one of the banks participating in the [UK] £37bn bank bail-out, has promised staff they will receive bonuses this year despite Gordon Brown's promise of a crackdown on bankers' pay following the investment by taxpayers.

In a recorded message to employees, Daniels stressed that the bank faced "very, very few restrictions" in its behaviour despite the injection of up to £5.5bn of taxpayers' funds. "If you think about it, the first restriction was not to pay bonuses. Well Lloyds TSB is in fact going to pay bonuses. I think our staff have done a terrific job this year. There is no reason why we shouldn't."

Now that takes nerve.

Links for 2008-10-21

Published October 21, 2008

Links for 2008-10-17

Published October 17, 2008

Links for 2008-10-16

Published October 16, 2008

Closed phish data costing $326mm per year

Published October 16, 2008

Richard Clayton posted a very interesting article over at Light Blue Touchpaper; he notes:

Tyler Moore and I are presenting another one of our academic phishing papers today at the Anti-Phishing Working Group’s Third eCrime Researchers Summit here in Atlanta, Georgia. The paper “The consequence of non-cooperation in the fight against phishing” (pre-proceedings version here) goes some way to explaining anomalies we found in our previous analysis of phishing website lifetimes. The “take-down” companies reckon to get phishing websites removed within a few hours, whereas our measurements show that the average lifetimes are a few days.

When we examined our data [...] we found that we were receiving “feeds” of phishing website URLs from several different sources — and the “take-down” companies that were passing the data to us were not passing the data to each other.

So it often occurs that take-down company A knows about a phishing website targeting a particular bank, but take-down company B is ignorant of its existence. If it is company B that has the contract for removing sites for that bank then, since they don’t know the website exists, they take no action and the site stays up.

Since we were receiving data feeds from both company A and company B, we knew the site existed and we measured its lifetime — which is much extended. In fact, it’s somewhat of a mystery why it is removed at all! Our best guess is that reports made directly to ISPs trigger removal.

They go on to estimate that 'an extra $326 million per annum is currently being put at risk by the lack of data sharing.'

This is a classic example of how the proprietary mindset fails where it comes to dealing with abuse and criminal activity online. It would be obviously more useful for the public at large if the data were shared between organisations, and published publicly, but if you view your data feed as a key ingredient of your company's proprietary "secret sauce" IP, you are not likely to publish and share it :(

The anti-phishing world appears to be full of this kind of stuff, disappointingly -- probably because of the money-making opportunities available when providing services to big banks -- but anti-spam isn't free of it either.

Mark another one up for open source and open data...

(thanks to ryanr for the pic)

solid Python queueing?

Published October 15, 2008

OK, message queueing has become insufferably trendy. You don't need to tell me, I've known it's the bees knees for 4 years now ;)

The only problem is, there doesn't seem to be a good queue broker written in Python. They're in Java, Perl, more Perl, or Erlang, but a solid, reliable, persistent queueing backend in Python is nowhere to be found, as far as I can see. Work is a mainly-Python shop, and while we can deploy other languages to our production, staging and test grids easily enough, it's a lot easier to do developer-desktop testing if we had an all-Python queue backend.

Am I missing one?

Links for 2008-10-14

Published October 14, 2008

Dublinr Exhibition

Published October 14, 2008

Dublin is a city that, photographically at least, can be reduced to a set of clichés, but a new exhibition offers a fresh, vibrant perspective of the Irish Capital. Dublinr is organised by a group of photographers that came together through the photo sharing website Flickr.

The exhibition opens at 6.00pm on Wednesday 5 November, runs until Sunday 9, from 11:00am – 6:30pm daily, and admission is free.

The Joinery Gallery | Arbour Hill | Stoneybatter | Dublin 7.

Some fantastic local photographers, including Andy Sheridan, whose work I've been following for a couple of months now; and a good location. D7 is full of good stuff nowadays -- in fact, ever since I moved out ;)

IWA post-mortem

Published October 13, 2008

I didn't win a Web Award -- but then, given the competition from a couple of very professional news organisations, I really wasn't expecting to ;) Silicon Republic won, and rightly so. Good on 'em.

I had a great night nonetheless, hanging out with Vishal, Walter (who won his category!), Conor O'Neill, Jason and a bunch of others.

Thanks to Moviestar.ie and BH Consulting for their sponsorship of a great event -- marketing money well-spent, I suspect. Extra thanks to Moviestar for the freebie DVD player. And thanks of course to the mighty Mulley for organising the whole thing -- at this stage he's a finely-honed events machine!

Links for 2008-10-10

Published October 10, 2008

Links for 2008-10-09

Published October 9, 2008

Want to eat on RTE’s HEAT?

Published October 9, 2008

Here's an interesting offer -- be a restaurant critic/reviewer for RTE's cooking reality show, HEAT:

Ireland's top amateur chefs battle it out in our kitchen, each preparing a three course meal to impress the hardest critics; the paying diners. Mentored by Kevin Thornton and Kevin Dundon, these amateurs have a chance to shock or shine. Who wins, who looses (jm: sic), its all down to you. Come eat in the Heat Restaurant and decide who is Ireland's newest culinary talent.

The restaurant is located in Ely HQ, on Hanover Quay. All three course meals, inc teas and coffees are €30 pp. Drinks are separate.

To dine at Heat, please email diners /at/ loosehorse.ie or call 01 613 6052 with your contact details and your preferred evening. Heat is open for business on Sunday the 19th of October, Sunday the 26th of October, Sunday the 2nd of November, Sunday the 9th of November, and Sunday the 16th of November.

Please note: The evening is being recorded for RTE so if you want to keep a low profile, please consider. Vegetarians, strange allergies and odd requests may or may not be accommodated as Heat has a limited menu and may not always be able to accommodate specific food requirements.

Bon Appetit!

Links for 2008-10-08

Published October 8, 2008

Links for 2008-10-07

Published October 7, 2008

MPLC fail to shake down Irish playschools

Published October 7, 2008

Oh, the irony. According to The Sunday Times, a body called the Motion Picture Licensing Company sent letters to 2,500 Irish playschools (aka kindergartens), demanding payment for children watching DVDs on their premises -- a fee of EUR 3, plus 17.5% VAT, per child per year:

Playschools have been given an unexpected lesson on copyright law after a company representing Hollywood studios demanded that each child pay a fee of €3 plus 17.5% VAT per year to watch DVDs in their playgroup.

The Motion Picture Licensing Company (MPLC), which collects royalties on behalf of companies such as Walt Disney, Universal and 20th Century Fox, wrote to 2,500 playschools last month warning that it is illegal to show copyrighted DVDs in public without the correct license.

The letter was sent with the approval of the Irish Preschool Play Association (IPPA), which represents the schools and their 50,000 children. The MPLC had wanted €10 plus VAT per year for each child, but the IPPA negotiated for the lower fee.

Unsurprisingly, playschool owners are freaking out:

“To be honest, when I got the letter with the IPPA newsletter I laughed and binned it,” said Paula Doran, manager of Kiddies Korner, a community playschool in Shankill, south Dublin. “If we brought in something like that the parents would have to pick up the costs. But I don’t like the way they went about it — once you signed up they’d automatically take money out of your account every year.”

“I don’t think too many judges would come down hard on a playschool over this,” she said. “We would rarely show DVDs anyway because it’s frowned upon — kids get enough TV at home. The odd time we would pretend to go to the cinema. We give the children tickets and they watch 20 minutes of Snow White, Fireman Sam or SpongeBob.”

Here's the funny part -- it appears the MPLC failed to take note of its own legal requirements, and is not legally licensed to issue shakedown demands for fees in Ireland:

The MPLC had failed to register with the Irish Patent Office as a copyright licensing body. Under the 2000 Copyright Act, royalty collectors such as the Irish Music Rights Organisation (IMRO) and Phonographic Performance Ireland (PPI) are required to register before they can collect fees. A spokesman for the Patent Office said that if an organisation collects money but hasn’t registered it may be fined or staff may be jailed if a complaint is made and it is found guilty.

Crazily, it sounds like the IPPA didn't find this out from their own legal advisors:

Irene Gunning, IPPA’s chief executive, said she was disappointed with the MPLC. “We acted in good faith with this organisation and felt we were doing our members good by negotiating them down from €10 per child,” said Gunning. “I feel misled by them now. It is only through an alert mother that we became aware that they need to be registered.”

oh dear. Let's hear it for alert mothers, I guess. Anyway, expect more similar shakedowns once the MPLC get their little licensing oopsie sorted out:

The MPLC only began operating in Ireland in recent months, after setting up in Britain in 2003. It is also targeting other sectors such as coach operators, which occasionally show movies in public.

More coverage at Techdirt, Ars Technica, and TorrentFreak.

(Image credit: smithco on Flickr. thanks!)

Links for 2008-10-06

Published October 6, 2008

Links for 2008-10-02

Published October 2, 2008

Links for 2008-10-01

Published October 1, 2008

Links for 2008-09-29

Published September 29, 2008

Switch ep. 2: the keyboard

Published September 28, 2008

Well, some bits of this are easy: here's a MacOS X version of GVim and Vim, which works nicely, is easy to install, and is simply vim/gvim. Great stuff!

But some bits are harder. Remember I was complaining about that silly ± / § key in the top corner of UK/Irish MacBook Pro keyboards? Some investigation reveals that I'm far from alone in this:

'it fucks up application switching'

'I hate my MacBook Pro'

a forum post looking for help

another forum post

There are a number of apps that offer key remapping, but for no apparent reason they limit themselves to "popular" remappings only, such as swapping the Control and Caps-Lock keys etc. I presume this is because that was easy to code ;)

The one that does work fully is Ukelele. Watch out though -- it comes with a raft of caveats. It's buggy, at least dealing with my MBP keyboard under OSX 10.5.5; the "Copy Key" functionality doesn't work, and you need to start using a key mapping file from the Ukelele package, not a system one or one you've downloaded, otherwise it'll silently produce an output file that doesn't recognise any keys at all. On top of this, each time you make changes, you need to log out and log back in again for them to try them out. (Small mercies: at least you don't need to do a full reboot, I suppose.)

I'm not impressed by this whole keyboard issue. If you look at photos of the US MacBook Pro keyboard, it's clear that it doesn't have the stunted tetris-style Enter and Left-Shift keys that the UK/Irish one does. It also has the tilde key in the normal place, the top left, instead of some bizarre symbol that isn't even used in this keyboard's locale, and as Ash Searle noted, when you're a developer, the # is a hell of a lot more useful than the £ symbol. They've basically screwed with a good US keyboard design to bodge in a few extra keys they needed to deal with the tricky European corner cases.

All that would be relatively minor, however, if I could remap the keys to suit my tastes -- but it was pretty damn tricky to do that. Key remapping needs to be an easy feature!

I'm still working on the fixed key layout file, but I may post it here once it's finished to save other Googlers the bother...

Update:: here's the fixed key layout file:

Irish Fixed.keylayout

Save that to ~/Library/Keyboard Layouts/ , then open System Preferences -> International, select Input Menu, and choose Irish Fixed from the list, and ensure “Show input menu in the menu bar” is on. Close that window, then select “Irish Fixed” from the input menu left of the clock on the menu bar. Log out, and log back in again, and the keys should be sane…

(thanks to Sonic Julez for the MBP key image)

Links for 2008-09-26

Published September 26, 2008

Links for 2008-09-24

Published September 24, 2008

My Trial Switch, ep. I

Published September 23, 2008

As previously noted, I've just bought myself a nice shiny MacBook Pro, to replace an old reliable 5-year-old Thinkpad T40, which ran Linux.

Initially, I was contemplating installing Linux on this one too, and dual-booting. But right now, I've decided to give MacOS X a go -- why not? I find it's worthwhile updating aspects of my quotidian computing environment every now and again, and it seems everyone's doing it. ;) I'll log my experience on this blog as I go along.

(Worth noting that this isn't my first Mac; back in 1990, I was the proud owner of a free Macintosh Plus for a year, courtesy of TCD's "Project Mac" collaboration with Apple Ireland. I wrote a great Mandelbrot Set explorer app.)

First off, the good news: the hardware is very nice indeed. It's light in weight, esp. compared to my T61p work laptop, the screen clarity is fantastic, and the CPU fairly zooms along -- unsurprisingly, given that the T40 was 5 years old.

In addition, the multi-touch touchpad is wonderful; I'm looking forward to lots more multi-touch features.

Unfortunately, some of the other hardware design decisions were pretty wonky. By default it's quite tricky to keep the laptop running with the lid closed -- it seems a decision was made to use passive cooling via the keyboard, so once the lid is closed, that heat cannot escape, causing overheating. There's a third-party extension I can install to allow it anyway, but it's festooned with warnings to overclock the fan speed to make up for it... ugh. Since I need the ability to be able to remotely login to my laptop from work if I should happen to forget something, or to kick off a long transfer before I come home, this means I have to leave the laptop open permanently, which I didn't want to do.

In addition, I initially thought my brightness control was broken, since the laptop screen fluctuates in brightness continually. Turns out this is a feature, responding to ambient light -- a poorly-documented one, but at least it's easy to turn off in System Preferences once you know it's there.

(Unfortunately, a lot of MacOS seems to consist of poorly-documented features that are hidden "for my own good". The concept of switching seems to involve me abdicating a good deal of what I'd consider adult control of the machine, to the cult of Steve Who Knows Better. This is taking some getting used to.)

On to the software... what's getting my goat right now are as follows:

Inability to remap keys (CapsLock key, the useless "+-" key, a lack of "spare" keys for scripted actions)

Up in the top left corner of "international" MacBook keyboards, there's a useless key with a "+-" and double-S symbol on it. I don't think I've ever typed those symbols in my entire life. I want a ~ there, since that's where the ~ key lives, but for some reason, MacOS doesn't include keyboard-remapping functionality to the same level as X11's wonderful "xmodmap". It seems this third-party app might allow me to do that, or maybe something called 'KeyRemap4Macbook'?

This Tao Of Mac HOWTO seems helpful on how to support the "Home"/"End" keys, for external keyboard use.

Focus Follows Mouse

This is a frequent complaint among UNIX-to-Mac switchers. It seems that some apps do a hacky version of it, but then you've got this inconsistent thing where you lose track of which apps will automatically pick up focus (Terminal, iTerm) and which ones need a click first (Firefox, indeed everything else). Unfortunately, it seems an app called CodeTek VirtualDesktop would have fixed it, but seems to have been abandoned. :(

Programmable Hotkeys

I use a few hotkeys to do quick window-control actions without involving the mouse; in particular, F1 brings a window to the front, F2 pushes it to the back, F12 minimizes a window, Ctrl-Alt-LeftArrow moves a window half a screen left, and Ctrl-Alt-RightArrow moves a window half a screen to the right. Those are pretty simple, but effective.

This collection of Applescript files, in conjunction with Quicksilver, look like I may be able to do something similar on the Mac. Here's hoping. LifeHacker suggests that the default for minimize is Cmd-M, so that's what I need to remap from, at least...

This is a big issue -- Dan Kulp had a lot of hot-key-related woes, and wound up going back to Linux as a result. Evan reported the same. I like the idea of MacOS, but my tendonitis-afflicted wrists need their little shortcuts; I'm not willing to compromise on avoiding mouse usage in this way.

(by the way, in order to get F1/F2/F12 back, check the "Use the F1-F12 keys to control software features" box in the Keyboard control panel. Thanks to this page for that tip; it has a few other good tips for UNIX switchers, too.)

Upgrades and Software

So, there's two main contenders for the "apt-get for Mac" throne -- Fink vs MacPorts. Fink takes the Debian approach of downloading binary packages, while MacPorts compiles them from source, BSD/Gentoo-style, on your machine. Since I'm not looking at the source, or picking build parameters, or auditing the code for security issues there and then, I don't see the need to build it -- Fink wins.

One thing though -- the installer for Fink informed me that I needed to run "Repair Permissions", which took a while, and found some things that had somehow already been modified from their system defaults, I'm not sure why. This left me slightly mystified. I then was later told that this is now considered 'voodoo'. wtf.

Mind you, Daring Fireball suggests that the Mac software update are so poorly implemented that they require essentially rebooting in single-user mode, which sounds frankly terrifying. I hope that's not the case.

BTW, it's worth noting that IMO, AWN is as nice as -- possibly nicer than -- the Dock. ;)

Anyway, that's post #1 in a series. Let's see how I get on from here. (thanks to Aman, Craig and Paddy for various tips so far!)

Links for 2008-09-22

Published September 22, 2008

Links for 2008-09-19

Published September 19, 2008

Links for 2008-09-18

Published September 18, 2008

teh new shiny

Published September 17, 2008
new MacBook Pro

now to install Ubuntu ;)

Update: here's the first bug, spotted in Apple's "thank you for registering your Mac" mail:

Hi. 

Welcome to Apple.
We're just as excited as you are.

........................................................................... 

Thanks for registering your new Mac. We have the following on record in your name:
[[IREG_PRODUCT_HTML]]

Templates are hard!

Links for 2008-09-16

Published September 16, 2008

Links for 2008-09-15

Published September 15, 2008

Links for 2008-09-12

Published September 12, 2008

Links for 2008-09-11

Published September 11, 2008

Links for 2008-09-05

Published September 5, 2008

AWS event in Dublin’s Digital Hub

Published September 4, 2008

Brian Scanlan mailed me with this blurb, worth blogging for any AWS users in the Dublin area:

  • Are you a software developer or IT professional working in the Dublin area?

  • Would you like to learn more about Amazon Web Services?

Amazon spent over ten years developing a world-class technology and content platform that powers Amazon web sites for millions of customers daily. Most people think "Amazon.com" when they hear the work; however developers are excited to learn that there is a separate arm of the company, known as Amazon Web Services or AWS.

Using AWS, developers can build software applications leveraging the same robust, scalable and reliable technology that powers Amazon's retail business.

Amazon Data Services Ireland are delighted to welcome Simone Brunozzi (simoneb at amazon.com), AWS Evangelist for Europe, to Dublin, where he will give an overview of Amazon Web Services, including S3, EC2 and EBS, SimpleDB and more.

Tuesday 16th September 2008 at 7pm, The Digital Exchange Auditorium, Crane Street, Dublin 8

Maps and directions to the venue are here. Refreshments will be served.

All welcome - but places are limited, so please sign-up by mailing aws-dublin-event at amazon.com before Thursday 11th September.

I have no connection to this; not even sure if I'll be going, as I went to the last one anyway and it was a bit short on technical tips ;) . But worth blogging anyway.

Links for 2008-09-03

Published September 3, 2008

Another POS skimming fraud in Galway

Published September 1, 2008

This is a little late, since I was off on holliers when it came to light -- Galway News reports 'hundreds hit by skimming scam':

The account details of shoppers who used credit or laser cards to pay for their groceries and other items in a number of Galway shops and supermarkets were illegally skimmed by a gang who apparently managed to interfere with the Chip & PIN terminals at the stores’ check-out counters.

The Irish Times story:

However, it has emerged some cardholders had several thousand euro taken from their accounts overseas before they realised what was happening and alerted their card provider. And it is feared that thousands of other customers do not yet realise their cards have been cloned. Garda sources have confirmed the case involves thousands of cards.

The Galway investigation is centred on one large shop in the county. Gardaí believe several thousand cards have had all of their details skimmed, including pin numbers, over the past month. Some of the cards have already been cloned and used in Canada and other countries where, unlike Ireland, chip and pin protective technology is not in use.

In the Galway case [...] Detectives are working on the theory that somebody in the Galway shop may have facilitated the card skimming for an Eastern European crime syndicate.

Gardaí do not believe the payment terminals were tampered with. Gardaí have recovered CCTV images of suspects from in-store cameras.

In the past, cards have been copied using very small hand held devices through which a card is quickly and discreetly skimmed at the point of payment. The information is then copied, or cloned, onto a blank card which is then used like a regular payment card.

Skimming devices around the size of a cigarette lighter can store details from thousands of cards.

The payment terminals from the Galway shop have been taken by gardaí for technical examination as a precaution. The Garda Bureau of Fraud Investigation is leading the inquiry.

This Boards.IE thread is a real eye-opener, containing lots of reports from victims of this scam -- many reports saying that they suspect it was in Joyces' Supermarket in Knocknacarra, although one poster reckons 'there are now over 20 suspect premises in Galway City and outskirts'. blimey.

On a related note -- while shopping in my local supermarket at the weekend, I was pleased to note that when I paid with my credit card, I was asked to sign the slip, instead of using Chip-and-PIN. So it looks like at least one retailer is taking additional care.

On the other hand, the thread also notes many cases of skimming which took place from in-store ATMs in small convenience stores -- those are very widespread now. eek. :(

GoDaddy’s spam filter is broken

Published August 29, 2008

GoDaddy is rejecting mail with URLs that appear in the Spamhaus PBL. As this thread on the Amazon EC2 forum notes, this is creating false positives, causing nonspam mail to be rejected. Here's what GoDaddy reportedly said about this policy:

Unfortunately, our system is set to reject mails sent from or including links listed in the SBL, PBL or XBL. Because the IP address associated to [REMOVED] is listed in the PBL, any emails containing a link to this site will be rejected. This includes plain-text emails including this information.

If this is true, it's utterly broken.

Spamhaus explicitly warn that this is not to be done, on the PBL page:

Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.

And more explicitly in the Spamhaus PBL FAQ:

PBL should not be used for URI-based blocking! Consider the false positive potential: legitimate webservers hosted with services such as dyndns.com or ath.cx! Or consider that ISPs and other networks are encouraged to list any IP ranges which should not send mail, and that could include web servers! Use SBL or XBL (or sbl-xbl.spamhaus.org) for URI blocking as described in our Effective Spam Filtering section. Use PBL only for SMTP (mail).

Critically, the PBL now lists all Amazon EC2 space, since Spamhaus interpret Amazon's policy as forbidding email to be delivered via direct SMTP from there. (Note -- email, not HTTP.)

With this filter in place at GoDaddy, that now means that if you mail a URL of any page on any site hosted at EC2 to a user of GoDaddy, your mail won't get through.

Note: this is much worse than blocks of SMTP traffic from EC2. In that case, an EC2 user can relay their legit SMTP traffic via an off-EC2 host. In this case, there is no similar option in HTTP that isn't insufferably kludgy. :(

Links for 2008-08-28

Published August 28, 2008

The real reason cycling is such a pain in Dublin

Published August 28, 2008

Cian Ginty at the Irish Times writes:

As clunky helmets, yellow reflective gear, and Lycra could be used as a stereotype for Irish cyclists, it might come as a surprise that women wearing high heels are a common sight on bicycles in Copenhagen.

The general image of cycling here is vastly different to so-called bicycle cultures where cycling is normalised and there is talk of a "slow bicycle movement".

"Among thousands and thousands of cyclists on my daily routes, I think I see one or two reflective vests a week, if that," says Mikael Colville-Andersen, a cycling advocate living in Copenhagen.

With Denmark, the Netherlands and Germany - where bicycle usage is high - the helmets and reflective clothing we think of as "a must" for cyclists are far from standard.

It then goes on to rehash some of the stuff that has cropped up recently on cycling blogs about cycling safety, helmets, etc.

The only problem with casualization of cycling, removing gear like helmets, is that without corresponding changes to the road and cycleways to make them safer, it will increase accidents and fatalities. I looked this up a couple of weeks back when I came across an anti-helmet site. Chasing up the figures and doing some research, it became clear that if you simply want to cycle without hurting yourself, the facts were not on their side -- helmets save lives, especially when dealing with shared roadways as we have here.

Copenhagenization is a result of a better, safer road environment for cyclists, as seen in Denmark and the Netherlands, which makes safety gear not as much of a requirement. But on the other hand, Ireland's roads are designed mainly for cars, and Dublin Council have done little to help -- that makes safety gear a requirement, unfortunately :(

However, I think this is the real reason why people don't cycle in Dublin:

Let's take a fictional person, let's call her Kassandra. Kassandra lives a little north of Copenhagen and rides every to work every day between 07:25 and 07:55 and back again between 15:35 and 16:05. Kassandra doesn't mind a little light showers, but if the intensity increases to over 0.4 mm over 30 minutes (light rain), then she thinks it is too wet. Kassandra works five days a week and has weekends and holidays free. That gives her 498 trips between September 2002 and the end of August 2003.

How often does Kassandra get wet either to or from her job that year? The answer is, in fact, rarely. On those 498 trips it was only 17 times. That is only 3.5% or on average 1.5 trips a month.

3.5%. Compare that with what's happened in Dublin this month -- I'd estimate that's meant that at least half of my rides have involved some degree of rainfall, occasioning many cries of woe.

It takes dedication -- and lots of wet-weather gear -- to ride a bike here...

(Of course, having said that, I look out the window and it's immediately sunny ;)

Update: Ryan Meade corrects me in the comments:

Justin, you need to take a look at Owen Keegan’s paper to Velo-City 2005, “Weather and Cycling in Dublin : Perceptions and Reality”. The probability of getting wet is actually pretty comparable to the Copenhagen scenario detailed above - 5.5% for a 30 minute journey if you take 0.2mm per hour at the threshold for “getting wet”. On the other hand the vast majority of both cyclists and motorists think it’s more than 15%, with half thinking it’s above 30%.

Amazing how the psychological, "glass half-empty" factor influences my thinking on this. I had no idea!

How tightly linked are the top spam botnets?

Published August 28, 2008

I was away on holidays last week, and when I got back, I found my feed reader full of some good discussion as to whether today's bigger spam botnets -- Srizbi, Rustock, Mega-D, Cutwail/Pushdo -- are sharing components, such as "landing" sites, exploits, customers, and even command and control networks. It started with this post on the FireEye Malware Intelligence Lab's blog noting:

'Some malware researchers have described Srizbi and Rustock as rival botnets, our data indicates that this apparent rivalry is a sibling rivalry at best. Srizbi and Rustock seem to be supported (controlled) by the same parent (bot herder).'

and in this followup:

'We can clearly see that Srizbi, Pushdo and Rustock are using same ISP, and in many cases, IPs on the same subnet to host their Command and Control servers. It seems extremely unlikely to our research team that three previously "rival" Botnets would share nearly consecutive IP space, and be hosted in the same physical facility. Of all the data centers and IPs in the world, the fact that they are all on the same subnet is very intriguing. This fact makes the FireEye research team conclude that either the Botnets are operated by the same organization, or that the datacenter (McColo) is a shell corporation that leases out it's IP space and bandwidth for nefarious actions.' [...]

'IPs at a typical datacenter are leased out in a /30 or more commonly, a /29 block. However, here we can see that in a given succession of IPs, the three Botnets have C&C servers dispersed throughout. This gives us an impression that same Bot herder leased out a larger range and then distributed it amongst its different Botnets.'

Marshal say: 'at the very least, the major botnets have common customers.'

Dark Reading cover it like so:

Rustock, which recently edged Srizbi for the top slot as the biggest spammer mostly due to a wave of fake Olympics and CNN news spam, and Srizbi, known for fake video and DVD spam, have been using the same Trojan, Trojan.Exchanger, to download their bot malware updates, researchers say. “This is the first time” we had seen this connection between the two botnets, says Fengmin Gong, chief security content officer for anti-botnet software firm FireEye. “That’s why when we saw it, it was surprising. They definitely have a relationship,” he says. “There’s not the rivalry we used to think about.” [...]

Joe Stewart, director of security research for SecureWorks, says the Srizbi-Rustock connection is most likely due to a spammer using both zombie networks -- not that the operators of the two botnets are actually collaborating. “What is confusing people is that you’re seeing Rustock bots sending out emails that essentially infect people with Srizbi, so they think it must be Srizbi that’s sending it, but it’s not,” he says. “Srizbi is not just one big model. It’s rented out to lots of different spammers."

A major spammer may be trying to diversify by using the two botnets, he says. “It could be because they want to separate their malware-seeding operation from their spamming operation,” Stewart says. “Maybe their bots are getting blacklisted faster when they’re sending out URLs with fake video files because they’re easy to spot, so their spam doesn’t get through. So they send malware from this botnet, and spam from this one, to keep out of the blacklists longer.”

I agree that Joe's scenario is very likely; the spammers aren't always the same people who operate the botnets, and it only makes sense that some of them would spread their business among multiple nets, to minimize the risk that all of their output would be blocked if one 'net runs into trouble (or indeed, good filtering ;). But seeing C&C servers sharing LANs also strikes me as unusual. One to watch.

Anyway, it's good to see that the malware research blogs are now actively tracking and posting updates when the botnets change topics and format; this info is very valuable for us in anti-spam, as it allows us to map from the received spam mails back to the sending botnet, and determine which rules are good at detecting each botnet. Thanks, guys.

(image credit: cobalt123, used under CC license)

Links for 2008-08-21

Published August 21, 2008

My Omnivore’s 100

Published August 21, 2008

Here's my results for The Omnivore's Hundred, a silly foodie "purity test". Bold are items I've eaten; crossed-out items are ones I wouldn't eat again. I score 70 out of 100, and clearly need to eat less Asian and more European cuisine ;)

  1. Venison
  2. Nettle tea
  3. Huevos rancheros
  4. Steak tartare
  5. Crocodile
  6. Black pudding
  7. Cheese fondue
  8. Carp
  9. Borscht
  10. Baba ghanoush
  11. Calamari
  12. Pho
  13. PB&J sandwich
  14. Aloo gobi
  15. Hot dog from a street cart
  16. Epoisses
  17. Black truffle
  18. Fruit wine made from something other than grapes
  19. Steamed pork buns
  20. Pistachio ice cream
  21. Heirloom tomatoes
  22. Fresh wild berries
  23. Foie gras
  24. Rice and beans
  25. Brawn, or head cheese
  26. Raw Scotch Bonnet pepper
  27. Dulce de leche
  28. Oysters
  29. Baklava
  30. Bagna cauda
  31. Wasabi peas
  32. Clam chowder in a sourdough bowl
  33. Salted lassi
  34. Sauerkraut
  35. Root beer float
  36. Cognac with a fat cigar
  37. Clotted cream tea
  38. Vodka jelly
  39. Gumbo
  40. Oxtail
  41. Curried goat
  42. Whole insects
  43. Phaal
  44. Goat's milk
  45. Malt whisky from a bottle worth $120 or more
  46. Fugu
  47. Chicken tikka masala
  48. Eel
  49. Krispy Kreme original glazed doughnut
  50. Sea urchin
  51. Prickly pear
  52. Umeboshi
  53. Abalone
  54. Paneer
  55. McDonald's Big Mac Meal
  56. Spaetzle
  57. Dirty gin martini
  58. Beer above 8% ABV
  59. Poutine
  60. Carob chips
  61. S'mores
  62. Sweetbreads
  63. Kaolin
  64. Currywurst
  65. Durian
  66. Frog's Legs
  67. Beignets, churros, elephant ears or funnel cake
  68. Haggis
  69. Fried plantain
  70. Chitterlings or andouillette
  71. Gazpacho
  72. Caviar and blini
  73. Louche absinthe
  74. Gjetost or brunost
  75. Roadkill
  76. Baijiu
  77. Hostess Fruit Pie
  78. Snail
  79. Lapsang souchong
  80. Bellini
  81. Tom yum
  82. Eggs Benedict
  83. Pocky
  84. Tasting menu at a three-Michelin-star restaurant
  85. Kobe beef
  86. Hare
  87. Goulash
  88. Flowers
  89. Horse
  90. Criollo chocolate
  91. Spam
  92. Soft shell crab
  93. Rose harissa
  94. Catfish
  95. Mole poblano
  96. Bagel and lox
  97. Lobster Thermidor
  98. Polenta
  99. Jamaican Blue Mountain coffee
  100. Snake

(thanks to this generator and mordaxus at Emergent Chaos for the link.)

Links for 2008-08-20

Published August 20, 2008

Links for 2008-08-19

Published August 19, 2008

Links for 2008-08-18

Published August 18, 2008

Irish gang skims 20,000 bank cards through retail POS terminals

Published August 18, 2008

Wow, this is pretty massive. The Irish Payment Services Organisation has again released details of a credit-card breach, this time on retail Point-of-Sale card terminals. Quoting the Irish Examiner story:

Una Dillon, head of card services at the Irish Payment Services Organisation, said the criminals went into the shops pretending to be doing maintenance work on behalf of the banks.

“We have discovered only in the last 48 hours that a number of retailers have been affected by a point-of-sale compromise,” she said. “We are in the lucky position that it was discovered quickly and the gardaí are working on it.

“Gardaí have uncovered a lot of the devices and CCTV footage. We have a list of all the card numbers that have been used. They have either been blocked or restrictions put on those cards.

“With the devices recovered it may just be that the cards were only saved and the criminals did not have a chance to get hold of the card numbers.”

“There will be an emergency meeting today with the gardaí, the terminal vendors and the banks to try and close down on this,” she said, adding the gardaí were in pursuit of the gang.

Insufficient authentication of maintainance staff is being blamed:

“The criminals have been going into shops claiming to be engineers working on the terminals. Staff are used to their bank officials coming to update terminals so unfortunately they have been able to do that.

Bank of Ireland estimated 3,100 of its debit and credit cards were affected and Ms Dillon said the other eight card providers could have similar numbers.

Bank of Ireland said, as a temporary measure, it had reduced the daily withdrawal limit on all its debit cards for ATM transactions outside Ireland to just €100 to protect customers from fraud.

They haven't released the names of the affected shops yet; 20,000 cards, though, sounds like it's been going on for while, on a large scale. Yikes.

The SiliconRepublic story claims that the gang 'plugged in wireless devices that pushed the data to the internet and allowed the card numbers to be used overseas.' However, in the past, these 'wireless devices' didn't use the internet; instead they use parts from mobile phones, which relayed PINs, card numbers and CVV security codes via SMS text messages to Romania. That model seems more likely here, I would guess, due to the reliability of phone networks.

Update: last night's RTE Six-One news bulletin (viewable as streaming RealVideo or transcoded 5MB AVI file), made it clear that the hardware used phone components and SMS. It had some pretty good pics of what appears to be a sample subverted POS terminal:

VISA have been warning about attacks on petrol-pump-based POS terminals since 2006, e.g. this story, but they're more easy to attack since there's few or no staff present by the pumps when the POS terminal subversion takes place. This has resulted in most petrol stations in Ireland disabling POS credit-card payment systems, requiring customers to pay at the counter; we lose convenience, but at least we're probably not being skimmed. But these in-store POS terminals seem to be increasingly under attack; there are reports from Livigno, Italy, Rhode Island, and Canada.

The tamper-proofing of POS terminal hardware is unreliable; it'd be nice to see them made harder to tamper with. I would guess the gang used secondhand, hacked POS terminals, which supposedly should be tamper-evident (ie. easy to spot modifications).

Better yet, if Chip-and-PIN cards used end-to-end crypto between a crypto smartcard and the bank's central systems, POS hacks would be impossible. But there's no sign of that happening.

Most importantly, IPSO has promised that 'banks will refund any customers whose details have been used to make fraudulent transactions.' That's key. It's interesting to note that IPSO have been hammering home this point repeatedly in their stories -- they're worried about customer confidence, I'd guess.

Links for 2008-08-14

Published August 14, 2008

Links for 2008-08-13

Published August 13, 2008

Links for 2008-08-12

Published August 12, 2008

Links for 2008-08-11

Published August 11, 2008

Links for 2008-08-10

Published August 10, 2008

On Threading

Published August 10, 2008

Luis Villa, in a post to FoRK:

I have found that [mail] threading is overrated, in part because I've realized that any conversation so baroque as to actually require threading probably isn't worth following.

Even though I wrote a threader for MH, I have to admit by now that he has a point ;)

AppEngine — only useful for toys

Published August 8, 2008

Noted on Twitter:

simonw: So apparently http://www.news.com.au/ used json-time for their Beijing countdown widget and blew my App Engine quota! They've stopped now.

uh, great. That's useful.

Google -- how are we supposed to host useful services with those limits?

Links for 2008-08-07

Published August 7, 2008

Links for 2008-08-05

Published August 5, 2008

Why San Francisco's network admin went rogue an "eyewitness account" with allegations about the SF network admin in question -- no documentation, passwords kept to himself instead of shared with his team, the entire network maintained by 1 person, never took holidays, bad tempered and stubborn -- sounds like a recipe for classic BOFH disaster

Yehrin Tong Illustration cool, hyper-detailed hand-drawn tiling patterns

working around installation bug in File::Scan::ClamAV running the test suite results in "ERROR: Can't open/parse the config file clamav.conf"; looks like File::Scan::ClamAV is now unmaintained :(

ALIFE Conference to reveal bio-inspired spam detection 'this bio-inspired spam detection algorithm, based on the cross-regulation modeal of T-cell dynamics, is equally as competitive [sic] as state-of-the-art spam binary classifiers and provides a deeper understanding of the behaviour of T-cell cross-regulation systems.'

Aaaand we’re back

Published August 5, 2008

Due to unfortunate scheduling, taint.org had some downtime there as it moved to a new server. It's back now though.

Some of the other services running on taint.org, jmason.org, yerp.org, twit.ie, planet.spam.abuse.net and so on, are still intermittently offline as I bring them back up in their new home... so have patience, they'll be back soon. ;)

Links for 2008-07-31

Published July 31, 2008

Del.icio.us 2.0 goes live yay! I've been waiting for this for yonks

10 years of Boards.ie massive ~50GB RDF/XML dump, for open crunching, to generate interesting "SIOC Semantic Web" apps

Postmaster.comcast.net how to get mail delivered successfully to Comcast, the usual stuff

Why we'll never replace SMTP 'The reason that e-mail is uniquely useful is that you can exchange mail with people you don't already know. The reason that spam exists is that you can exchange mail with people you don't already know.' +1

"Bikes-for-Billboards" scheme exposes major planning flaws 'what was initially hailed as "free bikes" has become one of the biggest planning controversies to hit Dublin in years.' No shit. 70% of sites are on the Northside, rather than the richer Southside; and each bike will cost over EUR300k in ad revenue!

Rob Enderle's page on Wikipedia detailing this analyst's hilariously wrong pro-SCO, anti-Apple/Linux predictions over the years. John Gruber: 'the only way it would be worthwhile for reporters to [quote him] would be if they were willing to describe him as "almost always utterly wrong"'

Links for 2008-07-30

Published July 30, 2008

soc.culture.irish on "Cuil" meaning knowledge 'eagerness, fearsomeness, a gnat, a horsefly, a beetle, a bluebottle, and (with the addition of a fada) a rear end, a reserve or backup, a corner, and an arse. The one thing it isn't, according to the four dictionaries I just checked, is knowledge.'

Neocon search terms

Published July 30, 2008

I'm back from a week in Cornwall. I'd like to say I was rested, but chasing after an 11-month-old baby in a caravan isn't all that restful. Still, it was sunny, and good for a change of pace ;)

Via b1ff.org, here's the Nexis search that US Department of Justice White House liaisons ran on job candidates to determine their political leanings:

[first name of a candidate] and pre/2 [last name of a candidate] w/7 bush or gore or republican! or democrat! or charg! or accus! or criticiz! or blam! or defend! or iran contra or clinton or spotted owl or florida recount or sex! or controvers! or racis! or fraud! or investigat! or bankrupt! or layoff! or downsiz! or PNTR or NAFTA or outsourc! or indict! or enron or kerry or iraq or wmd! or arrest! or intox! or fired or sex! or racis! or intox! or slur! or arrest! or fired or controvers! or abortion! or gay! or homosexual! or gun! or firearm!

This Nexis reference says the "w/n" keyword searches for 'words .. within 5 or 10 words of each other, Ex: "Enron w/5 investigation"'.

This is just a smidgen away from the concept of a SpamAssassin-style scoring filter. Crazy stuff.

Best of all, it's buggy and over-sensitive, according to one librarian: 'If that is really their search string, they were going through 99% unrelated citations. There need to be a very nested set of parentheses to make the terms work, starting with one after the w/7. Fired and sex are OR’ed twice and need to be nested, at least in the case of Fired and the OR’d terms immeadiately following.'

Update: good Slashdot comment thread here. This comment indicates that the above librarian might be off-base regarding the w/7 parentheses, since the OR operator has higher priority. Here is an even better walkthrough of the query statement logic. Finally, here's an explanation of the "spotted owl" curiosity...

Links for 2008-07-22

Published July 22, 2008

ZSFA -- I Want The Mutt Of Feed Readers Zed recommends Newsbeuter. must take a look

We Want A Dead Simple Web Tablet For $200. Help Us Build It. having worked on a project to do just this, believe me, this is doomed. DOOMED

Science Clouds 'compute cycles in the cloud for scientific communities .. allows you to provision customized compute nodes .. that you have full control over using a leasing model based on the Amazon's EC2 service.' Wonder if they'd like to give SA some time ;)

Links for 2008-07-21

Published July 21, 2008

O2 Leaking Customer Photos (updated) the JBoss/Tomcat install leaks the "secret" URLs through it's default status page. this is the 3rd helping of FAIL for O2's web team; 2 previous occasions in the last year exposed customer data through "secret" URL manipulation

Avant Window Navigator "a 'dock-like' (cough) navigator bar for the Linux desktop" (via Danny, again!)

trickle 'user-space bandwidth shaper', ie. like nice(1) for network bandwidth (via Danny)

RFC 5218 - What Makes For a Successful Protocol? 'Based on case studies, this document identifies some of the factors influencing success and failure of protocol designs.' (via spicylinks)

“Roommate” 419 Scam

Published July 10, 2008

Here's an interesting form of advance fee fraud I hadn't heard of before; it's a good example of 419 scammers ruining yet another casual online marketplace.

Let's say you have a room you want to rent. You put up a "housemate wanted" ad on Craigslist or wherever. Here's the the reply you'll get:

Hi There,

How re you doing? I hope all is well. I'm martha Robot , am 26 yrs old and Am originally from chester united Kingdom . Graduate of I have a master degree in fashion design and I work as a professional fashion designer. I'm am not in the united kingdom right now, i am presently in West africa . I am currently working on contract for a company call (African Family Home Fashions) here in West Africa which the contract will be ending soon. I will be returning to your place soon. I enjoy traveling, It is very interesting to get more knowledge about the new countries, new people and traditions. It's great to have such a possibility. As i was searching through the web i saw the advert of your place . I would like to know maybe it's still available becasue i'm extremely interested in it. Here are the questions i would like to know about the room before planing to move in to the following questions below:

A}I will like to know the major intersection nearest your neighbourhood.like shopping mall,Churches,bus line e.t.c

B}I will like to know the total cost for the my initial move as in first month rent and if you accept deposit.

C}I will like to know if there is any garage or parking space cos I will have my own car come over.

D}I will like to have the rent fee per month plus the utilities.

E}I will like to have the description of the place, size, and the equipments in there.

F}I will also like to know Your payment mode.

G}I will like to know if I can make an advance payment ahead my arrival that will be stand as a kind of commitment that I am truely coming over and for you to hold the place down for me.

I will be very glad to have all this questions answered with out leaving a stone unturned...You can Call my Landlord for more references in UK ..+447024046815.

Email me back:

Thanks. Martha.

Needless to say, this is a scam. Here's how it works (courtesy of this post): The interested "applicant" will send a cashier's check or money order for the deposit, the value of which greatly exceeds the actual amount requested. They will then claim the overpayment to be an honest error based on their confusion about how these things work, and ask the victim to send back a money order refunding that amount, or to send it on to a "travel agent" who is supposedly booking the scammer's flight. The payment will be made via a non-refundable mechanism like the 419er's favourite, Western Union. It will be a matter of great urgency, as they will claim to need the funds to make the trip over. Her money order will clear, their's will not -- and there's no way to refund the payment, so it's gone. This is a classic advance-fee fraud trick, it seems.

Got to love that nom de plume, though -- "Martha Robot". GREE-TINGS MAR-THA RO-BOT!

Googling for 'major intersection nearest your neighbourhood' churches bus finds plenty more:

Finally, a Washington-based realtor has written up a good walkthrough of the scam. He notes:

I recently ran an ad on craigslist.com to see if they were still working it. Craigslist has posted many warnings against responding to such solicitations and I was curious if the scammers had moved on to more fertile ground. They have not; I received 16 such inquiries in one day to a simple ad offering a room for rent in Bellevue. I used a fictitious identity and a newly created email address. I'll use the emails from just one of them as an example. This particular scammer managed to have a check on my doorstep by the next day!

(thanks to nimbus9 for the headsup)

links for 2008-07-09

Published July 10, 2008

links for 2008-07-08

Published July 9, 2008

links for 2008-07-07

Published July 8, 2008

links for 2008-07-04

Published July 5, 2008