YouTube - THE HUNGER Music Video : classic "so bad it's brilliant" YT
(tags: the-honger funny excruciating youtube tat egypt vampires bad-acting music-videos awful sports-bra)Sophos say Rustock botnet is back on the air : "Starting yesterday, the amount of spam coming to our traps has gone up 3 times (a 200% increase)." Other sources saying similar
(tags: sophos rustock botnets spam spam-weather)Google decide that GMail account thefts are due to phishing : 'Attackers sent customized e-mails encouraging web domain owners to visit [phish sites ...] Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers.'
(tags: google gmail accounts phishing security)Values of n bought out by Twitter : Small software company (run by ex-ORA Rael Dornfest) is bought out; immediately gives 2 weeks notice of shutdown of their webapp products. Cue massive trainwreck as users freak out. Release the code as open source! It can't be worse than it is now...
(tags: twitter m&a acquisitions rael-dornfest stikkit iwantsandy web-apps web2.0 trainwreck cluetrain)
Category: Uncategorized
The Digital Depot is 'an innovative, state-of-the-art building specifically designed to meet the needs of fast growing digital media companies [...] developed as a joint initiative of Enterprise Ireland, Dublin City Council and The Digital Hub Development Agency.' Generally, it's a pretty nice place to work, and a great resource for startups and small tech companies.
However, recently, it looks like they've been embarking on some innovative, state-of-the-art cost-cutting exercises.
There's a little canteen area, for companies to make tea and coffee, wash up their mugs, etc. Check out this snapshot from the canteen this morning, courtesy of JK's phone cam:
Notice anything odd about that bottle of washing-up liquid?
Yum yum! Nothing nicer than washing your mug with a dash of toilet cleaner.
Do Your Cloud Applications Need To Be Elastic? : answer: no. ;) IMO there's useful applications of EC2-like elastic hosting services that don't require a fully-elastic horizontal scaling app
(tags: ec2 hosting aws scalability elastic servers scaling horizontal-scaling)
Tim Bray on the Storage Hierarchy in 2008 : Registers > Cache > DRAM > DHT (ie memcached) > SSD > Disk > Tape
(tags: memcached via:jzawodny memory disk storage io performance tim-bray)good deal on a Bodum burr coffee grinder and 2 bags of coffee : EUR72.08 for grinder and 2 bags of beans from Dublin-based Java Republic's online shop. good xmas pressie methinks ;)
(tags: coffee presents toget wishlist xmas gifts kitchen)
441-year-old bitmap font rendering : wow, so cool. A serif typeface from '"La Vera Perfettione del Disegno di varie sorte di ricami", an embroidery guide by Giovanni Ostaus, published in 1567.' Plus ca change... (via waxy)
(tags: type fonts books renaissance history embroidery typography pixels giovanni-ostaus 1567 lace via:waxy)The Septic's Companion : 'A mercifully brief guide to British culture and slang', aimed primarily at the USAnian. Now with book, just in time for xmas!
(tags: usa uk europe culture slang language books)
o2sms v3.11 : oh thank god for that; scripty, scrapey access to O2.ie's web-SMS system without having to use their now-broken website. yay for Mackers
(tags: o2 sms texting ireland mobile-phones)Mozilla Foundation's non-profit status in question : under audit by the IRS; it receives 88% of its revenues from one source, Google. 'While the Foundation did not automatically qualify as a public charity with public support at 33% of total support, it believes that it qualifies as a public charity under the facts and circumstances test with public support over 10%.'
(tags: google mozilla non-profits foundations revenue irs techcrunch open-source)CBL on the McColo outage's effects on botnets : great article, with lots of good facts and figures. Best bit: 'if you noticed a steep decline in spam in your inbox as a result of the McColo disconnection, this is an indication that you need better spam filters.' heh
(tags: mccolo spam anti-spam botnets cutwail cbl xbl ozdok mega-d asprox rustock bobax srizbi warezov)
MS To Offer Free Anti-Virus Software : about time! This has been necessary for ages. It will, of course, eat McAfee/Symantec/et al's lunch on a huge scale; I guess that was probably the issue
(tags: microsoft windows malware viruses mcafee symantec av anti-virus)Twixenate : Walter's Twitter profile pic editing tool; enter your username and use the Pixenate image-editing tools to hack at your profile pic, then re-upload -- all from the browser. great demo of Pixenate
(tags: pxn8 pixenate twitter avatar images editing image-macros)boards.ie has second-highest unique visitor count in Ireland : ahead of the Irish Times & Myhome.ie and the Irish Independent sites, just short of RTE.ie. Web forums are certainly mainstream in Ireland now
(tags: boards.ie web stats ireland irish-times newspapers irish-independent rte forums)
New Scientist have a great article up this week entitled 'Dumb eco-questions you were afraid to ask', including:
Q: Does switching from bus to bike really have any effect? After all, cycling isn't completely carbon neutral because I've got to eat to fuel my legs.
A: You are much better off cycling. A 12-kilometre round commute on a bus or subway train is reckoned to generate 164 kilograms of carbon per commuter per year. Somebody cycling that distance would burn about 50,000 calories a year - roughly the amount of energy in 22 kilograms of brown bread. A kilo of brown bread has a carbon footprint of about 1.1 kilograms, so switching from public transport to a bike saves about 140 kilograms of carbon emissions per year -- although this only really works if enough people cycle to allow public transport providers to reduce the number of buses and trains they run.
Also included: 'How clean does the pizza box/can/bottle have to be for it to be recyclable?'; 'Are laminated juice cartons recyclable?'; 'What's worse, the CO2 put out by a gas-fuelled car or the environmental effects of hybrid-car batteries?'; 'Can I put window envelopes in the paper recycling?' and many more. Check it out...
Amazon CloudFront : Amazon's new CDN enhancement to S3; 17c per GB (plus an initial 10c/GB "origin fetch" charge), vs 10c/GB with basic S3. no upfront setup required, beyond S3 itself. Uses HTTP cache-control headers. nice! looking forward to playing with this
(tags: cdn aws cloud hosting amazon cloudfront web http caching)Ordnance Survey Ireland map viewer : woo, new Google-Maps-style UI for the OSI maps. not great resolution or Google-style eye candy, but it has pretty good mapping of structures (via IIU list)
(tags: mapping ireland osi ordnance-survey maps)
Pixenate on Demand : if you want to add image editing for user-contributed images to your webapp, this is the way to do it -- low-cost, on-demand, zero-setup! nice one Walter, this is a great idea
(tags: pxn8 pixenate images editing user-contributed-content saas)Ireland Metrix Top Irish Sites : assuming these numbers mesh with Google Analytics, taint.org is just behind moviestar.ie and ahead of redfm.ie
(tags: metrics blogging taint.org analytics statistics visitors ireland irelandmetrix)
I think I just got my first spam from a government body! Specifically, VisitWicklow.ie spam from Wicklow County Tourism. It says:
Wicklow County Tourism is launching its sparkling 2008 Christmas campaign this month, with an extensive festive section on our website www.visitwicklow.ie/xmas . Here you will find all the information you need about what is happening in the Garden County this season including Christmas parties, seasonal events, carol singing, festive markets, Santa visits, great accommodation packages etc.
It was sent to a spamtrap address, scraped from an old mail archive. This address is a dedicated spamtrap; I've never used it for non-spam-trapping purposes, nor has it ever opted-in to receive mail. So there was no question that I granted permission to anyone to mail it.
The address delivers mail to my personal account -- that's what I do with my spamtraps, until their volumes get too high. So it still qualifies as a "personal email address". Here's the full spam with all headers intact.
It appears the message originated at IP address 87.192.126.62:
inetnum: 87.192.126.32 - 87.192.126.63 netname: IBIS-PA-NET descr: BreezeMax-KilpooleHill-Comm-E 3MB 24:1 (2) country: IE admin-c: IRA6-RIPE tech-c: IRA6-RIPE status: Assigned PA remarks: Please do NOT send abuse complaints to the contacts listed. remarks: Please check remarks on individual inetnum records for abuse contacts, or remarks: failing that email abuse reports to abuse@irishbroadband.ie. mnt-by: IBIS-MNT source: RIPE # Filtered
Kilpoole Hill appears to be south of Wicklow town, just the right spot for a wireless tower used for Irish Broadband access from The Murrough, Wicklow Town (mentioned as the address for Wicklow County Tourism in the mail).
Suggestions? Did anyone else get this? How do I report spam sent by the Wicklow County Tourism Board?
Update: they also hit the Irish Linux User's Group submission address. I wouldn't be surprised if they scraped the addresses of other ILUG subscribers, then...
Wooden Brain : MRI scan, pasted onto a block of wooden bricks. want
(tags: mri scans bricks wood infoviz 3d want)objgraph.py : generates nice DOT graphs of the Python memory arena, looks like a good memory-leak diagnosis tool
(tags: objgraph python coding memory-leaks memory-cycles debugging bugs)S3 Copy Support : now on general release. another S3 shortcoming rectified
(tags: s3 amazon aws copy files storage cloud-computing)
perl v5.8.9 : New stable release of perl 5.8.x. Useful new bundled script: "perlthanks -- a variant of perlbug, but for sending non-bug-reports [to the] authors and maintainers of Perl. Getting nothing but bug reports can become a bit demoralising." aww! we love you p5p!
(tags: perl thanks open-source coding changelog)world of goo coming to wiiware in europe! : yay! "hopefully late December"
(tags: world-of-goo goo wii wiiware games console)"Where The Deep Ones Are" : book mashup of "Where The Wild Things Are" and Lovecraft's "The Shadow Over Innsmouth". yeah, pretty sure I _won't_ be buying this for Bea (via Alex)
(tags: via:alex geek parody cthulhu lovecraft books kids)The End of Wall Street's Boom : article by the author of "Liar's Poker" on the sub-prime crash -- chock full of insane details about just how stupid and greedy the Wall Street bankers are. lock 'em up!
(tags: wall-street banking corruption banks bubble cds finance money economy subprime)
James Tauber just mentioned on Twitter:
“is it bad that I just saw a photo of Stockholm and immediately recognized a stretch of road from PGR2, rather than when I was actually there?”
This is something I've been thinking about recently. As game graphics improve, the realism levels become close enough to fool our brains into creating something like "real-world" memories for the worlds we're experiencing in gameplay.
For example, when I visited California for the first time, I was stunned by the feelings of familiarity I felt in response to stuff I'd experienced while playing the super-realistic Grand Theft Auto: Vice City; little things like the way traffic lights were mounted above the road, the design of the curbs, etc., the level of detail for which Rockstar received a "Designer of the Year" nomination -- because of this, the streetscape of a typical Californian street was instantly familiar to me.
The same thing happened this weekend, watching footage on TV of Arizona's Monument Valley. Naturally, I've driven a dirt bike around Grand Theft Auto: San Andreas' version of this. ;)
Update: another one is the Pripyat level of Call of Duty 4, which would be extremely familiar to anyone viewing these photos from a real-life visit.
I think this phenomenon needs its own name. "déjà vu" is similar, but different -- that phenomenon occurs when the memory feels erroneously that an experience has previously happened, whereas in this case, the experience has happened -- albeit virtually.
I've come up with a phrase to describe this: "déjà joué". (In French, that's "already played", analogous to the "already seen" of "déjà vu".)
What do you reckon? If you like it, feel free to use it ;)
Irish CERT Goes Live : announcing the Irish Reporting & Information Security Service (IRISS). excellent news!
(tags: iriss ireland security cert internet)Maldives seek to buy a new homeland : "We can do nothing to stop climate change on our own and so we have to buy land elsewhere. It's an insurance policy for the worst possible outcome."
(tags: maldives climate-change disaster environment asia land science)P'Ta Mon - "The Thugs Lawyer" : ever wonder, "what if lawyers did blinged-up flyers with 8 fonts and lensflare effects"? wonder no longer. "Toll Free: 1-888-88NOTME"
(tags: funny flyers law lawyers police legal advertising reggae bling)
Storm Worm estimated to net $7000 per day : at one point; that worked out as 900 million spams per day, resulting in just 72 sales each day
(tags: sales spam money storm-worm malware)RTÉ 2 FTA : "looking for free-to-air digital TV in Ireland". campaigning blog
(tags: dtv digital-tv ireland rte fta free-to-air free sky cable upc)
Obama promises new era of scientific innovation : seriously: yay ;)
(tags: science funding obama us-politics tech green usa newscientist)
IBM Zone Trusted Information Channel (ZTIC) -- 'a banking server's display on your keychain'.
IBM has introduced the Zone Trusted Information Channel (ZTIC), a hardware device that can counter [malware attacks on online banking] in an easy-to-use way. The ZTIC is a USB-attached device containing a display and minimal I/O capabilities that runs the full TLS/SSL protocol, thus entirely bypassing the PC's software for all security functionality.
The ZTIC achieves this by registering itself as a USB Mass Storage Device (thus requiring no driver installation) and starting a "pass-through" proxy configured to connect with pre-configured (banking) Websites. After starting the ZTIC proxy, the user opens a Web browser to establish a connection with the bank's Website via the ZTIC. From that moment on, all data transmitted between browser and server pass through the ZTIC; the SSL session is protected by keys maintained only on the ZTIC and, hence, is inaccessible to malware on the PC [...].
In addition, all critical transaction information, such as target account numbers, is automatically detected in the data stream between browser and ZTIC. This critical information is then displayed on the ZTIC for explicit user confirmation: Only after pressing the "OK" button does the TLS/SSL connection continue. If any malware on the PC has inserted incorrect transaction data into the browser, it can be easily detected by the user at this moment.
This seems like quite a nice implementation, I think.
However, key management will be problematic. Each server's public key will need to be stored on the ZTIC, and not be writable/modifiable by the possibly-infected PC, otherwise the "bad guys" could simply insert a cert for a malware proxy server on the PC and perform a man-in-the-middle attack on the TLS session. But for that to be viable, the SSL certs need to change very infrequently, or some new secure procedure to update the certs from a "safe" machine needs to be put in place. Tricky....
Zero Punctuation reviews 'Dead Space' : sadly turning out to be spot on the money
(tags: zero-punctuation games dead-space ea xbox360 reviews)"MP3 - 100% Compatible" logo : Britain's largest music download sites come up with something useful -- an official tick-mark to indicate that a file is DRM-free
(tags: music mp3 uk compatibility drm consumer)
Bank of Ireland leak data on another 900 customers : clowns. Also, the deputy Data Protection Commissioner gets a massive FAIL: 'While the loss of the data was a concern he said the likelihood of a fraud was "relatively remote".' Since the likelihood of me crashing my car driving at high speed is similarly "relatively remote", I'll ignore speed limits, then
(tags: relatively-remote clowns bank-of-ireland inept data-protection privacy identity-theft via:waider security banking ireland fraud)Jail Sentences For Fake Reviews : under new EU legislation, due to come into force next year, it will be illegal for businesses to "falsely represent oneself as a consumer" by, for example, writing a fake review of their own service
(tags: reviews law ireland eu europe consumer-rights)Gnip giving up on XMPP (for now) : 'XMPP is causing us pain and eating cycles' ... 'too many scattered implementations, leaving it in the "immature" bucket.' it seems Jabber.org and Google are throttling Gnip traffic
(tags: gnip xmpp jabber google twitter drama protocols microblogging via:ssethi)EMEW : 'Enhanced Message-ID as Email Watermark'. basically similar to how SpamAssassin's VBounce ruleset detects bounces by spotting mailserver fingerprints in the Received: header, but using the Message-ID: header instead
(tags: backscatter headers rfc-2821 smtp rfc-2822 message-id barricademx mdn dsn)
Doctor finds spiders in ear of boy with earache : ha! This actually happened to *me* when I was a kid, believe it or not (although with only 1 spider, not 2)
(tags: spiders ear orifices scary kids medical)A state-by-state guide to election night : even by midnight GMT, we should have some interesting results
(tags: election us-politics voting realtime drama polling states usa tv)
Here's a nice little (totally subjective!) story for Linux users.
At home, I have a HP Laserjet 1018 printer; it's a dinky little USB laser. When I was setting up my Mac running OSX, I attempted to use it.
A common refrain from Mac users is that MacOS X just works -- attempt to get something working, and the Mac will do the right thing with little friction, compared to the Linux situation which will involve complex config file editing and what-not. If this experience is anything to go by, that's not entirely the case anymore. In fact, the exact opposite applied; when I plugged the printer into the Linux box and ran System -> Administration -> Printing -> New Printer, it "just worked" and I wound up with a working network printer within seconds. No such luck with OSX. Some googling revealed the problem:
- "I kinda found what I need to install, but I can't understand what to do"
- A thread at macosxhints.com
- And at macrumors.com
- And at discussions.apple.com
In summary, the LJ1018 is just not supported on MacOS X. In order to get it working you need to install a third-party port of the Linux printing components foo2zjs, Foomatic, and Ghostscript, ported to MacOS X, and then get busy with the config file editing and undocumented tweaking and what-not. Ouch.
So there you go. Linux: it just works! ;)
(By the way, I was able to work around it by printing from the Mac to the Linux print server in Postscript; the CUPS print server will transcode PS to the native format.)
De-anonymizing Tor and Detecting Proxies : discover a Tor user's real IP address using Java or Flash, both of which apparently do not enforce proxy usage correctly from the browser
(tags: tor security java javascript flash privacy hack web)
Checks: The Most Dangerous Transaction : well-researched post on how checking account security is non-existent in US banking
(tags: checks cheques banking security fraud danger)Donald Knuth victim to repeated check fraud : US banks have an absurd policy of not authenticating check transactions, and this is now being actively exploited by fraudsters. As a result, Knuth will no longer mail reward checks to people who discover errors in his books :( (via adulau)
(tags: checking checks cheques banking fraud crime donald-knuth computing books security via:adulau)
SecureWorks analysis of the "Antivirus XP 2008" affiliate program : one Russian spammer appears to be earning over $5M/year by hawking fake antivirus apps via spam to gullible victims
(tags: russia spam av malware secureworks affiliates dodgy)Karl Rove's IT guy ran the Congressional firewalls and mail servers : Wonder if Democrats in the Congress are using GPG? sounds like they should be. incredible (via b1ff.org)
(tags: encryption privacy karl-rove bush us-politics incredible security snooping wiretapping firewalls)JSSpeccy : A ZX Spectrum emulator in Javascript. awesome. unplayably slow in FF3, but I have high hopes for the new JS interpreter in FF3.1. open-source, too, with a public SVN repository!
(tags: firefox spectrum javascript emulation zx-spectrum nostalgia)
nice Kiva.org testimonial : 'With the money that’s been paid back so far, including one loan in full, I was able to lend $25 each to two women in Peru to purchase animals. Which means I’ve been able to make $150 worth of loans, even though I’d only “invested†$100. Put another way: my $100 has done $150 worth of good in the world. This makes me really happy. '
(tags: kiva microloans charity testimonials loans developing-world)Code: Flickr Developer Blog » Counting & Timing : great blog post from Cal @ Flickr about their system-monitoring graphing backend, using custom RRDTool daemon and UDP notifications. very nice indeed
(tags: rrdtool flickr sysadmin graphing monitoring stats udp)Operation Digout - Anti Gov Builder Bailout Action : bananas. Members of an Irish web forum are lobbying the EC to intervene in the Irish govt's planned bailout of the construction industry through (more!) cheap home loans. I wish them luck
(tags: property-pin ireland housing bubble builders bailout budget eu ec europe lobbying via:mulley)
Dead Space came out last week, just in time for Hallowe'en. It's a survival-horror first-person shooter, set in space:
In the bold and often-bloody Dead Space, gamers step into a third-person sci-fi survival horror experience that delivers psychological thrills and gruesome action. Set in the cold blackness of deep space, the atmosphere is soaked with a feeling of tension, dread and sheer terror. In Dead Space, players step into the role of engineer Isaac Clarke – an ordinary man on a seemingly routine mission to fix the communications systems aboard a deep space mining ship. It is not long before Isaac awakes to a living nightmare when he learns that the ship's crew has been ravaged by a vicious alien infestation. He must fight through the dead silence and darkness of deep space to stay alive.
I absolutely love this genre. If you ask me, Resident Evil 4 is one of the best games ever written; perfectly paced, with some truly terrifying villains, plot twists and tension-laden surprises along the way. There's no experience in computer gaming quite so viscerally terrifying as the first time you hear Dr. Salvador's chainsaw revving up in the distance, while trapped in a farmhouse under siege from an army of blood-crazed cultists...
So I got Dead Space last Friday, and have been playing it over the weekend; it's good. Problem is, it's not as good as RE4, but then, when you're up against the best game ever, that's going to be hard to avoid. Actually, to be honest, the first couple of stages feel very reminiscent of RE4, tending towards derivative. Stage 3, however, comes into its own, with flavours of Aliens. Fingers crossed the upward trend continues...
Reading the comments on a Slashdot thread about the game, I came across this tip:
Call of Cthulhu (Score:5, Informative)
I'd say this is the last game that scared the shit out of me. The fact that you don't have any health bar, and that your vision, hearing, and even your heartbeat and breathing pace are affected by the situation can really frighten you. I don't think this game got enough credit. I still haven't finished the game yet.
Here's a nice 10 minute video that gives you the general feeling of the whole game. (minus the 320x240 resolution and lossy quality of course). If you get bored skip to the middle.
The video is pretty compelling, so I did some research. It seems the game is still playable on XBox360, albeit with some wonky sound samples during dialogue. Sounds ok to me. I went onto eBay, and was able to find a copy for 8 UK pounds. bargain!
When I twittered about this, I got these responses:
Me: "Call of Cthulhu" 2005 Xbox title, apparently one of the most terrifying games ever written: 8 UK quid on eBay. woot.
Myles at 2:00pm October 23: You won't be saying woot when your sanity dwindles and you gnaw off your own fingers in an attempt to protect yourself from the Great Old One. [a fair point]
Andrew at 6:56pm October 23: Have you ever played Eternal Darkness for the Gamecube? Really really creepy, and as close to Cthulhu as you can get without paying royalties.
Síofra at 9:06pm October 23: Eternal Darkness - feckin' brilliant. My first videogame addiction and I remember it fondly. The darkness comes....
So I looked up Eternal Darkness: Sanity's Requiem, too. check this review out:
Resident Evil, this game is most absolutely not. What it is, however, to dedicated players who fully explore its length and intricacies, is one of GameCube's absolute best games, and indeed one of the greatest titles we've ever played. [...]
There are insanity effects -- hallucinations that have a major role within the game. [...] if a character's sanity bar drops too low, strange things will begin to happen. Very strange things sometimes. These occurrences are sure to set the dark mood of the adventure and have an impact on the play experience. Going insane too much can create unwanted obstacles for players and in doing so may also endanger one's health and magick supplies. Some of the insanity effects we've encountered have proven very disturbing. Some even attempt to pick at the mind of the player outside of the game universe.
Apparently the walls drip with blood when you start losing your mind. Awesome! IGN gave the game 9.6 out of 10, Metacritic gives it 9th position, 92/100, "universal acclaim", on the all-time high scores list for the Gamecube, and of course, it's playable on the Wii.
Rosco has already promised I can borrow his copy. Sign me up! Looks like I'll be scaring the crap out of myself for a while to come...
Irish Times "Pricewatch" column on cycling to work : makes good money sense: 'the Sutton-based cyclist will save themselves EUR2,329 over the course of three years while the person living in Goatstown will find themselves with an extra EUR2,611 at the end of year three, enough to pay for a couple of holidays to the Caribbean.'
(tags: pricewatch cycling dublin commute money)Ubuntu 8.10 Server Edition announces support for SpamAssassin : 'SpamAssassin [is] now available from the main repository providing a supported solution for spam detection'. you've got to be kidding! Canonical took this long to get this supported?! wtf
(tags: canonical anti-spam filtering mail linux spamassassin)
Net::Mosso::CloudFiles - search.cpan.org : there's already a CPAN module to access CloudFiles, thanks to Leon "Net::Amazon::S3" Brocard
(tags: cloudfiles s3 storage backup mosso cpan leon-brocard)86% of UK users don't understand their broadband limits : '86% of UK broadband users still don’t understand the usage limits on their service and nearly one million have reached or exceeded their ISPs limit in the last year alone. [..] 6.2m people believe they have an "unlimited" service with no restrictions [..] just 22% of the major broadband providers are transparent and advertise the true limits of their packages' (via /.)
(tags: via:slashdot bandwidth broadband uk ireland bandwidth-caps isps asa advertising)
A few days ago, Amazon announced that they would be supporting Windows on EC2. IMO, you'd have to be mad to dream of running a server on that platform, so I was totally like "meh".
However, James Murty pointed out the perfect use case that I'd missed:
Although I much prefer “Unixy” platforms for my own development, I can imagine situations where it would be very handy to have a Windows machine easily available — such as for running those vital but irritating programs that are only made available for Windows. Australian Tax Office, I’m looking at you...
He's spot on! This is a great use case. If you need to do a little 'doze work, a quick recompile, or a connect to another stupid platform-limited service -- indeed, like the Irish tax office's Revenue Online Service, for that matter -- simply fire up a 'doze instance, do your hour's work, SDelete any private files, and shut it down again. All of that will cost 12.5 cents.
This will save me a lot of pain with VMWare, I suspect...
More techie details at RightScale; a trial run.
So, that OSX thing. I'm afraid I've given up on the switch; I'm back on Linux. :(
I got the keyboard mapping working, but Focus-Follows-Mouse and the couple of window-management hotkeys I rely on were impossible to work around.
Focus-Follows-Mouse is emulated by iTerm, but every time you switch to an X11 app or to Firefox, a click is required. This app-specific behaviour is jarring and inconsistent.
For some reason, the window-management hotkeys had a tendency to break, or to be disabled by other hotkeys or apps. I never figured out exactly why.
In addition, OSX has a built-in tendency to hibernate once the laptop's lid is closed. I wanted to disable this, for a number of reasons; most importantly, I tend to leave the laptop closed, leaning beside a chair in the TV room, while I'm at work, but there's frequently something I want to SSH in for. I tried Caffeine.app to avoid this, but it failed entirely on my hardware. InsomniaX generally works, but for some reason it tends to turn itself off occasionally for rather random reasons (such as switching to battery power, no matter how briefly, then back again). This was the final straw.
So just over a week ago, I installed Ubuntu on the MacBook Pro, following the documentation on the Ubuntu Wiki. Everything worked!
The Wiki's suggestions were a little hairy to configure -- but then, the OSX experience had been, if anything, less easy. Plus, I know my way around a Linux /etc.
On the Linux side, the Avant Window Navigator is truly excellent, and rivals the Dock nicely, and the Baghira kwin theme gives a pretty good OSX sheen to KDE 3. It's not quite as pretty as OSX, but I'm happy to lose some prettiness for better usability.
Regarding the interface -- the current version of the Linux Synaptics driver supports multi-touch (Apple's patents be damned, seemingly), and all the nice multi-touch tricks supported by most OSX apps work with it too. I'm still working out the optimum settings for this, but it's very configurable, and quite open.
It's fantastic ;) I feel like I'm home again. Sorry, Mac people.
(image: CC-licensed, thanks to Dr Craig)
Eternal Darkness: Sanity's Requiem : another Cthulhu-influenced game, tipped by Andrew -- Gamecube, so could probably pick it up on eBay and play it on the Wii
(tags: cthulhu games gaming eternal-darkness wii gamecube toget horror)Energy rating cert will cost up to €500 : 'Owners wishing to sell or rent residential property will have to pay an estimated fee of €300-€500 to comply with new building regulations from next year'. why? is it expected that renters will refuse houses that are inefficient? not impressed, strikes me as typical Irish Green Party half-baked tokenism
(tags: greens politics ireland rip-off-ireland rip-offs inflation regulation renting crap)Sarkozy Falls for Phishing Scam : the French president fell for a phish, providing the auth details for his bank account. possibly untrue; there seem to be a lot of differing reports
(tags: sarkozy phish funny security crime france)Monterey Bay Aquarium’s Seafood Watch Sushi Guide : sustainable sushi: avoid Oz/Japan-farmed yellowtail tuna, farmed salmon, octopus, and unagi (NOOO!)
(tags: unagi sushi sashimi food sustainable eating cuisine green)Rackspace Acquires JungleDisk, Slicehost : wow, they must be feeling flush. Slicehost: EC2-like Xen hosting, JungleDisk: S3-backed online backup. JungleDisk is to be transitioned off S3 onto Rackspace's own "CloudFS" storage cloud (via Michele)
(tags: cloudfs rackspace jungledisk backup online-backup slicehost via:mneylon cloud-computing internet hosting ec2 s3 aws)
Wall Street banks in $70bn staff payout:
Financial workers at Wall Street's top banks are to receive pay deals worth more than $70bn (£40bn) [equivalent to 10% of the US government bail-out package], a substantial proportion of which is expected to be paid in discretionary bonuses, for their work so far this year - despite plunging the global financial system into its worst crisis since the 1929 stock market crash, the Guardian has learned.
Lloyds chief tells staff: you'll still get bonuses:
The chief executive of Lloyds TSB, one of the banks participating in the [UK] £37bn bank bail-out, has promised staff they will receive bonuses this year despite Gordon Brown's promise of a crackdown on bankers' pay following the investment by taxpayers.
In a recorded message to employees, Daniels stressed that the bank faced "very, very few restrictions" in its behaviour despite the injection of up to £5.5bn of taxpayers' funds. "If you think about it, the first restriction was not to pay bonuses. Well Lloyds TSB is in fact going to pay bonuses. I think our staff have done a terrific job this year. There is no reason why we shouldn't."
Now that takes nerve.
Brad Fitzpatrick <3's Android : 'SDK is lovely. Great command-line tools' ... 'near-perfect emulator' ... 'using a production T-Mobile G1'. sounds fun
(tags: android google t-mobile phones mobiles reviews brad-fitzpatrick hacking gadgets)No 'World Of Goo' For Europeans : its EU publishers have delayed digital release until sometime next year, when the physical-media version is ready, by which time the release PR will have evaporated. idiotic
(tags: goo games releases europe distribution idiotic stupid via:techdirt)
Amazon.com: Customer Reviews: Uranium Ore : you can buy uranium ore on Amazon, it seems. review hilarity ensues
(tags: uranium radioactive amazon lulz pranks reviews funny)Jeff Atwood's EDC : "everyday carry" -- ie. microoptimization of your keychain. this is excellent, and a whole new way to waste time and money on gadgets (via Russell Davies)
(tags: edc gadgets geek jeff-atwood leatherman keys keychain lifehacks)
the Leatherman KeyMan : turning a Leatherman Micro into a combo multi-tool keyholder. nifty
(tags: keys multitool leatherman gadgets metalwork hacks via:ttt)
Qwitter: Catching Twitter quitters : be notified when someone unfollows you, along with the last tweet you sent before they dropped you. "was it something I said?" brilliant!
(tags: qwitter twitter social-networking microblogging funny)new US Visa Waiver Program authorization site : from Jan 2009, visitors from many countries including Ireland need to register at https://esta.cbp.dhs.gov before travelling to the US
(tags: waiver us visa travel usa via:simonw)Opera now warns about short RSA/DH keys : Opera 9.60 now issues a warning if you connect to an SSL site which has an RSA/DH public key shorter than 900 bits in length
(tags: opera web ssl tls rsa diffie-hellman security https browsers ui)
mogilefs.py threading coredump patch : avoid coredumps due to pycurl's use of a non-thread-safe signal
(tags: mogilefs threading coredumps bugs fixes python pycurl hacks)FriendFeed - Real-time : aka CrackFeed
(tags: crack friendfeed realtime live comet push http)Dead Space (xbox360: 2008): Reviews : 88/100: 'step into a third-person sci-fi survival horror experience that delivers psychological thrills and gruesome action. Set in the cold blackness of deep space, the atmosphere is soaked with a feeling of tension, dread and sheer terror.' sounds right up my street
(tags: dead-space games xbox360 reviews toget)Spamwiki : wiki tracking a few of the major botnet spammers
(tags: spam wikis databases anti-spam)details on the GenBucks/SanCash/Affking takedown : wow, these spammers were responsible for the VPXL, Canadian Pharmacy, *and* Hoodia spam runs. sounds like virtually _all_ the pharma spam for the past few years! massive result for the FTC
(tags: spam spammers takedowns ftc busts genbucks sancash affking)
Richard Clayton posted a very interesting article over at Light Blue Touchpaper; he notes:
Tyler Moore and I are presenting another one of our academic phishing papers today at the Anti-Phishing Working Group’s Third eCrime Researchers Summit here in Atlanta, Georgia. The paper “The consequence of non-cooperation in the fight against phishing” (pre-proceedings version here) goes some way to explaining anomalies we found in our previous analysis of phishing website lifetimes. The “take-down” companies reckon to get phishing websites removed within a few hours, whereas our measurements show that the average lifetimes are a few days.
When we examined our data [...] we found that we were receiving “feeds” of phishing website URLs from several different sources — and the “take-down” companies that were passing the data to us were not passing the data to each other.
So it often occurs that take-down company A knows about a phishing website targeting a particular bank, but take-down company B is ignorant of its existence. If it is company B that has the contract for removing sites for that bank then, since they don’t know the website exists, they take no action and the site stays up.
Since we were receiving data feeds from both company A and company B, we knew the site existed and we measured its lifetime — which is much extended. In fact, it’s somewhat of a mystery why it is removed at all! Our best guess is that reports made directly to ISPs trigger removal.
They go on to estimate that 'an extra $326 million per annum is currently being put at risk by the lack of data sharing.'
This is a classic example of how the proprietary mindset fails where it comes to dealing with abuse and criminal activity online. It would be obviously more useful for the public at large if the data were shared between organisations, and published publicly, but if you view your data feed as a key ingredient of your company's proprietary "secret sauce" IP, you are not likely to publish and share it :(
The anti-phishing world appears to be full of this kind of stuff, disappointingly -- probably because of the money-making opportunities available when providing services to big banks -- but anti-spam isn't free of it either.
Mark another one up for open source and open data...
(thanks to ryanr for the pic)
[PATCH 4/4] UML - Fix FP register corruption : fix for that FP register corruption bug in UML
(tags: user-mode-linux uml fp floating-point bugs linux bugfixes)UML kernel corrupts floating-point registers : manifests as occasional NaN values in running processes (via Mark Martinec)
(tags: uml user-mode-linux bugs linux floating-point sunspots NaN)
OK, message queueing has become insufferably trendy. You don't need to tell me, I've known it's the bees knees for 4 years now ;)
The only problem is, there doesn't seem to be a good queue broker written in Python. They're in Java, Perl, more Perl, or Erlang, but a solid, reliable, persistent queueing backend in Python is nowhere to be found, as far as I can see. Work is a mainly-Python shop, and while we can deploy other languages to our production, staging and test grids easily enough, it's a lot easier to do developer-desktop testing if we had an all-Python queue backend.
Am I missing one?
The situation in Iceland right now : 'The world is treating us like we’re dead. Bank accounts frozen. No business without cash payments in advance. No currency can be bought. [..] Imports have stopped because of closed currency markets and diapers, flour, sugar and other necessities are selling out in the shops.'
(tags: iceland scary economy recession society)Trinity Rescue Kit : a linux boot CD to perform recovery and repair on malware-infested Windows setups; features 4 different virus scanners with online updates. essential for dealing with Windows-loving relatives
(tags: trk rescue recovery viruses malware sysadmin family bootcd linux livecd av)The Man Behind the Whispers About Obama : so the McCain campaign are letting racist psychoceramics lend a hand? nice
(tags: mccain campaigns us-politics racism obama religion intolerance fox-news)Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm : 'DarkMarket.ws, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month.' omg that's awesome
(tags: cybercrime security darkmarket stings fbi carding credit-cards ncfta)
Dublin is a city that, photographically at least, can be reduced to a set of clichés, but a new exhibition offers a fresh, vibrant perspective of the Irish Capital. Dublinr is organised by a group of photographers that came together through the photo sharing website Flickr.
The exhibition opens at 6.00pm on Wednesday 5 November, runs until Sunday 9, from 11:00am – 6:30pm daily, and admission is free.
The Joinery Gallery | Arbour Hill | Stoneybatter | Dublin 7.
Some fantastic local photographers, including Andy Sheridan, whose work I've been following for a couple of months now; and a good location. D7 is full of good stuff nowadays -- in fact, ever since I moved out ;)
Caffeine : a more reliable way to inhibit sleepy-Macbook syndrome than InsomniaX (via Conall)
(tags: via:conall macbook hibernation laptops osx energy)
I didn't win a Web Award -- but then, given the competition from a couple of very professional news organisations, I really wasn't expecting to ;) Silicon Republic won, and rightly so. Good on 'em.
I had a great night nonetheless, hanging out with Vishal, Walter (who won his category!), Conor O'Neill, Jason and a bunch of others.
Thanks to Moviestar.ie and BH Consulting for their sponsorship of a great event -- marketing money well-spent, I suspect. Extra thanks to Moviestar for the freebie DVD player. And thanks of course to the mighty Mulley for organising the whole thing -- at this stage he's a finely-honed events machine!
Dublin bikes delayed again : the JC Decaux scam continues. the bikes have been delayed again -- until next summer -- and the 40 sites don't even extend to Stoneybatter or all the way to the Royal Canal. ripoff
(tags: bikes jc-decaux dublin scams dublin-council rental)
Hitwise and Compete: the user data ISPs do sell : it's true, the "clickstream" companies are getting away with almost the same shit that Phorm, NebuAd et al are being pilloried for. use HTTPS where you can
(tags: clickstream privacy nebuad phorm hitwise compete http security web)Hochbahn U4 : explore the innards of a gigantic tunnel-boring machine in plan projection, using an astonishingly good Flash visualization. brilliant, in a very German-engineering way
(tags: german engineering projection plan technical-drawing flash visualization tunnel boring machines cool ui)Dr. Nicholas and Mr. Hyde : the insane bacchanalia of Broadcom CEO Henry Nicholas, who built a massive hookers-and-coke-filled dungeon under his Laguna Hills mansion, and spiked his customers with Es. great article from Vanity Fair (via My Pepys)
(tags: dungeons broadcom omgwtfbbq bizarre laguna-beach orange-county bros ecstasy dot-com)
Here's an interesting offer -- be a restaurant critic/reviewer for RTE's cooking reality show, HEAT:
Ireland's top amateur chefs battle it out in our kitchen, each preparing a three course meal to impress the hardest critics; the paying diners. Mentored by Kevin Thornton and Kevin Dundon, these amateurs have a chance to shock or shine. Who wins, who looses (jm: sic), its all down to you. Come eat in the Heat Restaurant and decide who is Ireland's newest culinary talent.
The restaurant is located in Ely HQ, on Hanover Quay. All three course meals, inc teas and coffees are €30 pp. Drinks are separate.
To dine at Heat, please email diners /at/ loosehorse.ie or call 01 613 6052 with your contact details and your preferred evening. Heat is open for business on Sunday the 19th of October, Sunday the 26th of October, Sunday the 2nd of November, Sunday the 9th of November, and Sunday the 16th of November.
Please note: The evening is being recorded for RTE so if you want to keep a low profile, please consider. Vegetarians, strange allergies and odd requests may or may not be accommodated as Heat has a limited menu and may not always be able to accommodate specific food requirements.
Bon Appetit!
So, the Irish Web Awards are happening on Saturday night -- I'm booked and looking forward to it! Say "hi" if you're there and spot my ugly mug ;)
Dabble DB : looks like a web-based version of good old Filemaker
(tags: dabble-db databases web db spreadsheets analytics groupware)retrocomputing hackers reminisce about the 1541 diskette drive : skip to the comment thread, it's fantastic. I used to know lots of this stuff (via Donncha)
(tags: via:donncha commodore-64 hacks 1541 disks copy-protection drm hardware hacking history retro c64)MPLC racketeering Irish playschools : the 'Motion Picture Licensing Company' sent a letter to 2,500 Irish playschools, demanding a fee of EUR3 per child to cover license fees for the kids watching DVDs. However, it seems they themselves hadn't registered as required by law, so were acting illegally in issuing demands... oh the irony
(tags: mplc racketeering law ireland dvds movies mpaa licensing copyright legal children kindergarten playschools)Komplett's new Dublin pick-up point is open : routing around the Irish couriers and An Post's brokenness by allowing customers to pick up their items directly. a shame this is necessary
(tags: an-post delivery couriers dublin ireland komplett components pc hardware)
Oh, the irony. According to The Sunday Times, a body called the Motion Picture Licensing Company sent letters to 2,500 Irish playschools (aka kindergartens), demanding payment for children watching DVDs on their premises -- a fee of EUR 3, plus 17.5% VAT, per child per year:
Playschools have been given an unexpected lesson on copyright law after a company representing Hollywood studios demanded that each child pay a fee of €3 plus 17.5% VAT per year to watch DVDs in their playgroup.
The Motion Picture Licensing Company (MPLC), which collects royalties on behalf of companies such as Walt Disney, Universal and 20th Century Fox, wrote to 2,500 playschools last month warning that it is illegal to show copyrighted DVDs in public without the correct license.
The letter was sent with the approval of the Irish Preschool Play Association (IPPA), which represents the schools and their 50,000 children. The MPLC had wanted €10 plus VAT per year for each child, but the IPPA negotiated for the lower fee.
Unsurprisingly, playschool owners are freaking out:
“To be honest, when I got the letter with the IPPA newsletter I laughed and binned it,” said Paula Doran, manager of Kiddies Korner, a community playschool in Shankill, south Dublin. “If we brought in something like that the parents would have to pick up the costs. But I don’t like the way they went about it — once you signed up they’d automatically take money out of your account every year.”
“I don’t think too many judges would come down hard on a playschool over this,” she said. “We would rarely show DVDs anyway because it’s frowned upon — kids get enough TV at home. The odd time we would pretend to go to the cinema. We give the children tickets and they watch 20 minutes of Snow White, Fireman Sam or SpongeBob.”
Here's the funny part -- it appears the MPLC failed to take note of its own
legal requirements, and is not legally licensed to issue shakedown
demands for fees in Ireland:
The MPLC had failed to register with the Irish Patent Office as a copyright licensing body. Under the 2000 Copyright Act, royalty collectors such as the Irish Music Rights Organisation (IMRO) and Phonographic Performance Ireland (PPI) are required to register before they can collect fees. A spokesman for the Patent Office said that if an organisation collects money but hasn’t registered it may be fined or staff may be jailed if a complaint is made and it is found guilty.
Crazily, it sounds like the IPPA didn't find this out from their own legal advisors:
Irene Gunning, IPPA’s chief executive, said she was disappointed with the MPLC. “We acted in good faith with this organisation and felt we were doing our members good by negotiating them down from €10 per child,” said Gunning. “I feel misled by them now. It is only through an alert mother that we became aware that they need to be registered.”
oh dear. Let's hear it for alert mothers, I guess. Anyway, expect more similar shakedowns once the MPLC get their little licensing oopsie sorted out:
The MPLC only began operating in Ireland in recent months, after setting up in Britain in 2003. It is also targeting other sectors such as coach operators, which occasionally show movies in public.
More coverage at Techdirt, Ars Technica, and TorrentFreak.
(Image credit: smithco on Flickr. thanks!)
great set of photos from Chernobyl : scary stuff. amazing how accurate some of the Pripyat sets in Call of Duty 4 were
(tags: chernobyl urban-decay pripyat nuclear-power accidents tragedy photos images tourism decay)Quantum Crypto Broken : 'The attack is brilliant in its elegance. They essentially jam the receiver. A bright pulse of laser light is sent and it blinds the receiver, which allows the eavesdropper, Eve, to decode the same photons that Alice and Bob are decoding, and thus get their key.' doh
(tags: quantum-crypto crypto security via:emergentchaos science physics papers)Bristol Traffic: entertainment and datamining : this is actually quite a nifty idea; extending a simple "crappy parking" complaint blog with datamining opportunities, by tagging with street names, districts, license plate numbers etc. and letting the blog engine (and Google) take care of the rest
(tags: datamining data bristol parking blogging cars driving)
McAfee to pay $465 million for Secure Computing : including anti-spam product Ciphertrust. wonder how this will affect their various AS product ranges (via Herkemer)
(tags: via:herkemer anti-spam mergers buyouts mcafee ciphertrust)
Vint Cerf interviewed on spam, malware etc. : pretty much the EFF party line, I think: "every man for himself". also talks about net neutrality
(tags: vint-cerf internet filtering spam malware abuse network-neutrality anti-spam eff)video of a fake e-Passport being accepted by airport security reader : an e-Passport for "Elvis Aaron Presley", no less, happily scanned by an Amsterdam passport security station. hahahaha!
(tags: elvis funny security e-passports video via:slashdot rfid)Facebook adds Ireland as a Friend : 'Dublin will be the centre for Facebook’s international operations and will provide a range of online technical, sales and operations support to Facebook’s users and customers across EMEA region.' good news
(tags: facebook dublin ireland web2.0 emea)RFC-5321 (Obsoletes: 2821) : The newest rev to the Simple Mail Transfer Protocol (via fanf)
(tags: rfcs rfc-2821 standards internet smtp email rfc-5321)RFC-5322 (Obsoletes: 2822) : the newest rev to the Internet Message Format for email (via fanf)
(tags: via:fanf rfc rfc-2822 rfc-5322 standards email internet)
Tech Bubble 1.0 Stars: Where Are They Now? : wow, who the hell are these people? totally forgotten
(tags: web1.0 interwebs via:nishad trivia history)YA Mac apps list : bookmarking for more crufting of the OSX laptop
(tags: macos mac applications todo)Franklin Street Statement on Freedom and Network Services : a definition of a "Free Service", an open-source form of SaaS. uses the Affero GPL
(tags: saas cloud-computing software open-source gnu gpl affero web floss fsf freedom free-software)The Risk of ePassports and RFID - THC Blog : hacker group THC release an RFID-passport cloning/modification tool, noting that e-Passports are fundamentally insecure due to their trust of self-signed certificates. Also raises the Smart-IED attack danger: 'A Smart-IED waits until a specific person passes by before detonating or let's say until there are more than 10 americans in the room.'
(tags: via:schneier security terrorism risks rfid e-passports certificates pki)
Vim (Vi IMproved) for Mac OSÂ X : tick another item off my switch to-do list
(tags: vim gvim macos editors)
Well, some bits of this are easy: here's a MacOS X version of GVim and Vim, which works nicely, is easy to install, and is simply vim/gvim. Great stuff!
But some bits are harder. Remember I was complaining about that silly ± / § key in the top corner of UK/Irish MacBook Pro keyboards? Some investigation reveals that I'm far from alone in this:
'it fucks up application switching'
There are a number of apps that offer key remapping, but for no apparent reason they limit themselves to "popular" remappings only, such as swapping the Control and Caps-Lock keys etc. I presume this is because that was easy to code ;)
The one that does work fully is Ukelele. Watch out though -- it comes with a raft of caveats. It's buggy, at least dealing with my MBP keyboard under OSX 10.5.5; the "Copy Key" functionality doesn't work, and you need to start using a key mapping file from the Ukelele package, not a system one or one you've downloaded, otherwise it'll silently produce an output file that doesn't recognise any keys at all. On top of this, each time you make changes, you need to log out and log back in again for them to try them out. (Small mercies: at least you don't need to do a full reboot, I suppose.)
I'm not impressed by this whole keyboard issue. If you look at
photos of the US MacBook Pro keyboard, it's clear that it doesn't have the
stunted tetris-style Enter and Left-Shift keys that the UK/Irish one does. It
also has the tilde key in the normal place, the top left, instead of some
bizarre symbol that isn't even used in this keyboard's locale, and as Ash
Searle noted, when
you're a developer, the # is a hell of a lot more useful than the £
symbol. They've basically screwed with a good US keyboard design to bodge in
a few extra keys they needed to deal with the tricky European corner cases.
All that would be relatively minor, however, if I could remap the keys to suit my tastes -- but it was pretty damn tricky to do that. Key remapping needs to be an easy feature!
I'm still working on the fixed key layout file, but I may post it here once it's finished to save other Googlers the bother...
Update:: here's the fixed key layout file:
Irish Fixed.keylayout
Save that to ~/Library/Keyboard Layouts/ , then open System Preferences -> International, select Input Menu, and choose Irish Fixed from the list, and ensure “Show input menu in the menu bar” is on. Close that window, then select “Irish Fixed” from the input menu left of the clock on the menu bar. Log out, and log back in again, and the keys should be sane…
(thanks to Sonic Julez for the MBP key image)
9li : Bruno 9Li -- cool Brazilian psychedelic, high-contrast art
(tags: bruno-9li art graphics psychedelia)
Neuros set-top box lets you crowd-subtitle TV : 'Neuros has a new technology to superimpose text from a dedicated chat room in real time on a TV set, allowing a sort of 'crowd narration' for events or shows.' 'crowd heckling' more like; this is a great idea that Danny O'Brien talked about a few years back
(tags: for:malaclyps tv set-top-box video chat irc discussion heckling backchannels)Is That Your Final Answer? : 'As Putin rears his head and comes into the air space of the United States of America, where do they go? It’s Alaska. It’s just right over the border. Some people out there in our nation don’t have maps.' it's like Frances McDormand in Fargo, channeling Dan Quayle
(tags: funny omgwtfbbq sarah-palin foreign-policy incomprehensible babbling gibberish via:mat)
Addictions, Think Amazon, not Google : Brian "Krow" Aker: 'Google's AppEngine is much closer to [...] "Digitial Sharecropping" [...] S3 and EC2 have little tie in to them. You can end up with a physical addiction to the services but the mental addiction to a framework does not exist. S3 is just storage and EC2 for most is just a hosted Linux image.' +1!
(tags: google gae aws ec2 amazon hosting s3)The Porterhouse to get a shiny new bottling line : hooray, great news for Irish beer drinkers sick of Guinness
(tags: porterhouse beer ireland brewing)
Crazy! Somehow or other, this blog has made the
shortlist for "Best Technology Site" at the Irish Web Awards
2008,
up against TechCentral,
Silicon Republic,
Camara, and Robin Blandford's
ByteSurgery blog. I have no idea how this happened,
given the quality of the sites I'm up against -- two of them are even proper news
sites, with journalists! ;)
I've registered for the Oct 11 event; looking forward to it now...
As previously noted, I've just bought myself a nice shiny MacBook Pro, to replace an old reliable 5-year-old Thinkpad T40, which ran Linux.
Initially, I was contemplating installing Linux on this one too, and dual-booting. But right now, I've decided to give MacOS X a go -- why not? I find it's worthwhile updating aspects of my quotidian computing environment every now and again, and it seems everyone's doing it. ;) I'll log my experience on this blog as I go along.
(Worth noting that this isn't my first Mac; back in 1990, I was the proud owner of a free Macintosh Plus for a year, courtesy of TCD's "Project Mac" collaboration with Apple Ireland. I wrote a great Mandelbrot Set explorer app.)
First off, the good news: the hardware is very nice indeed. It's light in weight, esp. compared to my T61p work laptop, the screen clarity is fantastic, and the CPU fairly zooms along -- unsurprisingly, given that the T40 was 5 years old.
In addition, the multi-touch touchpad is wonderful; I'm looking forward to lots more multi-touch features.
Unfortunately, some of the other hardware design decisions were pretty wonky. By default it's quite tricky to keep the laptop running with the lid closed -- it seems a decision was made to use passive cooling via the keyboard, so once the lid is closed, that heat cannot escape, causing overheating. There's a third-party extension I can install to allow it anyway, but it's festooned with warnings to overclock the fan speed to make up for it... ugh. Since I need the ability to be able to remotely login to my laptop from work if I should happen to forget something, or to kick off a long transfer before I come home, this means I have to leave the laptop open permanently, which I didn't want to do.
In addition, I initially thought my brightness control was broken, since the laptop screen fluctuates in brightness continually. Turns out this is a feature, responding to ambient light -- a poorly-documented one, but at least it's easy to turn off in System Preferences once you know it's there.
(Unfortunately, a lot of MacOS seems to consist of poorly-documented features that are hidden "for my own good". The concept of switching seems to involve me abdicating a good deal of what I'd consider adult control of the machine, to the cult of Steve Who Knows Better. This is taking some getting used to.)
On to the software... what's getting my goat right now are as follows:
Inability to remap keys (CapsLock key, the useless "+-" key, a lack of "spare" keys for scripted actions)
Up in the top left corner of "international" MacBook keyboards, there's a useless key with a "+-" and double-S symbol on it. I don't think I've ever typed those symbols in my entire life. I want a ~ there, since that's where the ~ key lives, but for some reason, MacOS doesn't include keyboard-remapping functionality to the same level as X11's wonderful "xmodmap". It seems this third-party app might allow me to do that, or maybe something called 'KeyRemap4Macbook'?
This Tao Of Mac HOWTO seems helpful on how to support the "Home"/"End" keys, for external keyboard use.
Focus Follows Mouse
This is a frequent complaint among UNIX-to-Mac switchers. It seems that some apps do a hacky version of it, but then you've got this inconsistent thing where you lose track of which apps will automatically pick up focus (Terminal, iTerm) and which ones need a click first (Firefox, indeed everything else). Unfortunately, it seems an app called CodeTek VirtualDesktop would have fixed it, but seems to have been abandoned. :(
Programmable Hotkeys
I use a few hotkeys to do quick window-control actions without involving the mouse; in particular, F1 brings a window to the front, F2 pushes it to the back, F12 minimizes a window, Ctrl-Alt-LeftArrow moves a window half a screen left, and Ctrl-Alt-RightArrow moves a window half a screen to the right. Those are pretty simple, but effective.
This collection of Applescript files, in conjunction with Quicksilver, look like I may be able to do something similar on the Mac. Here's hoping. LifeHacker suggests that the default for minimize is Cmd-M, so that's what I need to remap from, at least...
This is a big issue -- Dan Kulp had a lot of hot-key-related woes, and wound up going back to Linux as a result. Evan reported the same. I like the idea of MacOS, but my tendonitis-afflicted wrists need their little shortcuts; I'm not willing to compromise on avoiding mouse usage in this way.
(by the way, in order to get F1/F2/F12 back, check the "Use the F1-F12 keys to control software features" box in the Keyboard control panel. Thanks to this page for that tip; it has a few other good tips for UNIX switchers, too.)
Upgrades and Software
So, there's two main contenders for the "apt-get for Mac" throne -- Fink vs MacPorts. Fink takes the Debian approach of downloading binary packages, while MacPorts compiles them from source, BSD/Gentoo-style, on your machine. Since I'm not looking at the source, or picking build parameters, or auditing the code for security issues there and then, I don't see the need to build it -- Fink wins.
One thing though -- the installer for Fink informed me that I needed to run "Repair Permissions", which took a while, and found some things that had somehow already been modified from their system defaults, I'm not sure why. This left me slightly mystified. I then was later told that this is now considered 'voodoo'. wtf.
Mind you, Daring Fireball suggests that the Mac software update are so poorly implemented that they require essentially rebooting in single-user mode, which sounds frankly terrifying. I hope that's not the case.
BTW, it's worth noting that IMO, AWN is as nice as -- possibly nicer than -- the Dock. ;)
Anyway, that's post #1 in a series. Let's see how I get on from here. (thanks to Aman, Craig and Paddy for various tips so far!)
Linux x86_64 frozen by heavy I/O on Dell PowerEdge 2950 : starting to think we may be running into this on our build machine; annoying. bookmarking for future reference
(tags: poweredge dell hardware linux drivers performance sysadmin)Wikipedia:Articles for deletion/Deletionpedia : hahaha. WP deletion gnomes argued that Deletionpedia should not have an entry due to non-notability, just 24 minutes after that entry was created
(tags: wp wikipedia funny deletion processes bureaucracy deletionpedia)Atrivo/InterCage depeered : the ISP's AS (AS27595) is now offline, due apparently to coordinated lobbying of its upstreams
(tags: atrivo isps abuse intercage spam malware hosting)
baltic-avenue: An open source clone of S3 : built on top of Google App Engine. interesting hack!
(tags: gae s3 aws amazon baltic-avenue google)
THE FOURTH QUADRANT: A MAP OF THE LIMITS OF STATISTICS By Nassim Nicholas Taleb : 'Statistics can fool you. In fact it is fooling your government right now. It can even bankrupt the system (let's face it: use of probabilistic methods for the estimation of risks did just blow up the banking system).' (via Gary Stock)
(tags: banking probabilistic-methods probability statistics investment black-swans nassim-nicholas-taleb via:gstock essays the-edge)International Expert Group - Report - The Innovation Partnership : 'the findings and recommendations of the International Expert Group on Biotechnology, Innovation and Intellectual Property'. Very anti-Bayh-Dole and the "old IP" patent-everything regime as it pertains to biotech. great stuff (via Techdirt)
(tags: via:techdirt bayh-dole ip patents biotech canada reports)Greg Kroah-Hartman rips Canonical a new one : over allegations that they do not contribute enough development effort to the Linux ecosystem; in all major components, they push a truly miniscule amount of patch code upstream
(tags: canonical linux greg-kroah-hartman code open-source free-software distros packaging upstream debian)
A unique place for creating and preserving knowledge : swan song for Iona Technologies. as an ex-Ionian, all I can say is +1; great place to work in the '90s
(tags: iona dublin ireland software business 1990s)Deletionpedia : 'an archive of about 63,556 pages which have been deleted from the English-language Wikipedia.'
(tags: wp:vfd deletion wikipedia archives web)Michelle Malkin » The story behind the Palin e-mail hacking : Yahoo!'s password recovery feature is pretty trivial to defeat: 'seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)'
(tags: yahoo passwords security web sarah-palin 4chan)
valhenson: Focus follows mouse on Mac OS X: Only $14.95! : more on the OS X FFM mess
(tags: focus-follows-mouse focus x11 macos mouse ui)Stevey's Blog Rants: Settling the OS X focus-follows-mouse debate : if I'm to consider using OS X, this needs to work; I'm a FFM zealot
(tags: zealotry focus-follows-mouse focus ui osx mac x11 window-management)
now to install Ubuntu ;)
Update: here's the first bug, spotted in Apple's "thank you for registering your Mac" mail:
Hi. Welcome to Apple. We're just as excited as you are. ........................................................................... Thanks for registering your new Mac. We have the following on record in your name: [[IREG_PRODUCT_HTML]]
Templates are hard!
Build a Web Page Monitor with Google Docs : incredible. the GDocs spreadsheet supports getting a remote URL, extraction using XPath, and RSS output, making it a pretty credible scraping platform
(tags: google-docs google xpath rss feeds scraping)PayPal phishes their own customers : 'Your monthly account statement is available anytime; just log in to your account at https://SECURE.UNINITIALIZED.REAL.ERROR.COM/au/HISTORY.' doh
(tags: paypal phish phoul funny errors anti-spam via:risks)laptopsdirect.ie crappy reviews : wow. I dodged a bullet when I bought my work Thinkpad T61p last year; since then they've accumulated a truly atrocious customer service reputation. avoid
(tags: laptopsdirect.ie laptops shopping ireland boards.ie reviews customer-service cluetrain)
Groklaw - Anonymous Speech in Email Upheld in Spammer Case : Groklaw goes into the detail of how and why the Virginia anti-spam law could be overturned. Ugh. I strongly believe that spam = UBE, not UCE, and political spam is still spam, so this is particularly disappointing for me
(tags: ube uce spam law legal virginia jeremy-jaynes groklaw anti-spam)VMware server tweaks : ugh. quite a lot of voodoo here, need to investigate to see if any of these improve performance on our little build farm vmware server
(tags: vmware performance linux tweaks kernel)consumer tips in response to the XL Airlines collapse : tour operator/airline went bust, leaving its customers well in the lurch. Those who booked flights directly on their website, using a debit card, have lost their money. Most travel insurance doesn't cover airline collapse. Moral: use a credit card
(tags: credit-cards safety consumer xl-airlines travel-agents atol flights travel)
Commtouch Plug-in for SpamAssassin : SA plugin to add the proprietary Commtouch filter to an existing SpamAssassin system; nifty
(tags: commtouch spamassassin anti-spam filtering plugins)
Va. Supreme Court Strikes Down State's Anti-Spam Law : argh! IMO the judge has confused misleading forged headers with anonymous speech
(tags: anonymity legal law jeremy-jaynes spam anti-spam virginia)Watch out for that Dropbox Public Folder : Joe has a good point: 'you hereby grant all other Dropbox users a non-exclusive, worldwide, royalty-free, sublicensable, perpetual and irrevocable right and license to use and exploit Your Files in your public folder.' wtf
(tags: dropbox ip backup legal terms-and-conditions legalese)Microsoft Open Source inside Google Chrome : namely the Windows Template Library, now distributed under the (OSI-approved) Microsoft Public License. strange days (via reddit)
(tags: microsoft open-source osi google chrome wtl windows)Irishmen buy up island of England : 'an Irish consortium has emerged as the buyer of the island of England in The World development, a man-made scheme off the coast of Dubai.' hahaha!
(tags: funny ireland england dubai unintended-consequences property the-world)
Techdirt: How Patents Have Harmed University Research : the majority of university technology transfer offices have never made money, according to this. mind-boggling
(tags: bayh-dole patents ip universities academia tech-transfer techdirt)VTun - Virtual Tunnels over TCP/IP networks : 'The easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression and encryption'. looks like it. UDP-based, no Windows support, but in Ubuntu's "universe" apt repository
(tags: vtun tunneling linux unix networking ip tcp udp security)Perl Best Admin Practices : good advice to those of us running systems built on perl. Every interpreted language needs a document like this
(tags: perl wiki advice sysadmin best-practices guidelines fhs unix)
Four Tweaks for Using Linux with Solid State Drives : good tips (via Jeremy)
(tags: for:hughescr linux ssd disks optimization performance tmpfs kernel)VW Should Bring Back The Microbus And Make It Electric : and a pony! (via fergusb)
(tags: want electric-vehicles cars volkswagen techcrunch over-ambitious and-a-pony)
Twitter API Rate Limiting : 'Clients are allowed 70 requests per 60 sixty minute time period, starting from their first request. This is enough to make just over one request per minute, per hour, which should meet the needs of most applications.' Fingers crossed this can be lifted for twit.ie
(tags: aggregation rate-limiting api http twitter twit.ie)Pipes: BBC AOD filter : select a BBC radio show, get an RSS feed of "Audio on Demand" RealAMRadio files as they are posted. ("radio4" works as the station ID for that station)
(tags: bbc radio4 radio realaudio via:hublog)Work at Home . . . for a Criminal? : good round-up of how those "work at home" scam spams work
(tags: work spam scams fraud teleworking telecommuting)
EC2 hack: make metadata visible in 'ec2-describe-instances' output : by creating one-off security groups to hold the metadata. hack, will be deprecated by AWS in a future release, but hey it works right now
(tags: ec2 via:elasticgrid hacks patterns aws)
Brian Scanlan mailed me with this blurb, worth blogging for any AWS users in the Dublin area:
Are you a software developer or IT professional working in the Dublin area?
Would you like to learn more about Amazon Web Services?
Amazon spent over ten years developing a world-class technology and content platform that powers Amazon web sites for millions of customers daily. Most people think "Amazon.com" when they hear the work; however developers are excited to learn that there is a separate arm of the company, known as Amazon Web Services or AWS.
Using AWS, developers can build software applications leveraging the same robust, scalable and reliable technology that powers Amazon's retail business.
Amazon Data Services Ireland are delighted to welcome Simone Brunozzi (simoneb at amazon.com), AWS Evangelist for Europe, to Dublin, where he will give an overview of Amazon Web Services, including S3, EC2 and EBS, SimpleDB and more.
Tuesday 16th September 2008 at 7pm, The Digital Exchange Auditorium, Crane Street, Dublin 8
Maps and directions to the venue are here. Refreshments will be served.
All welcome - but places are limited, so please sign-up by mailing aws-dublin-event at amazon.com before Thursday 11th September.
I have no connection to this; not even sure if I'll be going, as I went to the last one anyway and it was a bit short on technical tips ;) . But worth blogging anyway.
eircom advertising on ThePirateBay.org?! : oh dear, someone really screwed up there
(tags: piracy pirate-bay eircom ads doubleclick google oops funny via:damien)Cheney Waits Until Last Minute Again To Buy Sept. 11 Gifts : pure Onion genius
(tags: cheney 9/11 theonion onion humor us-politics)We haven't changed the name of the conference to 'Over Quota' : moral: don't try hosting anything useful on Google App Engine until it's ready -- which it decidedly isn't yet
(tags: app-engine google quota fail bandwidth hosting via:simonw)
Atari 800 "Donkey Kong" source code review : retrogaming fans find source for 1983 game cartridge, then original developer appears with commentary. hooray for internets!
(tags: atari history retrogaming retro donkey-kong assembler coding 8-bit programming)
prescription swim googles : for $28. woo
(tags: glassyeyes glasses prescription goggles swimming beach want)Design By Humans : great tees on this US site
(tags: shirts tee-shirts apparel shopping want t-shirts)
This is a little late, since I was off on holliers when it came to light -- Galway News reports 'hundreds hit by skimming scam':
The account details of shoppers who used credit or laser cards to pay for their groceries and other items in a number of Galway shops and supermarkets were illegally skimmed by a gang who apparently managed to interfere with the Chip & PIN terminals at the stores’ check-out counters.
The Irish Times story:
However, it has emerged some cardholders had several thousand euro taken from their accounts overseas before they realised what was happening and alerted their card provider. And it is feared that thousands of other customers do not yet realise their cards have been cloned. Garda sources have confirmed the case involves thousands of cards.
The Galway investigation is centred on one large shop in the county. Gardaí believe several thousand cards have had all of their details skimmed, including pin numbers, over the past month. Some of the cards have already been cloned and used in Canada and other countries where, unlike Ireland, chip and pin protective technology is not in use.
In the Galway case [...] Detectives are working on the theory that somebody in the Galway shop may have facilitated the card skimming for an Eastern European crime syndicate.
Gardaí do not believe the payment terminals were tampered with. Gardaí have recovered CCTV images of suspects from in-store cameras.
In the past, cards have been copied using very small hand held devices through which a card is quickly and discreetly skimmed at the point of payment. The information is then copied, or cloned, onto a blank card which is then used like a regular payment card.
Skimming devices around the size of a cigarette lighter can store details from thousands of cards.
The payment terminals from the Galway shop have been taken by gardaí for technical examination as a precaution. The Garda Bureau of Fraud Investigation is leading the inquiry.
This Boards.IE thread is a real eye-opener, containing lots of reports from victims of this scam -- many reports saying that they suspect it was in Joyces' Supermarket in Knocknacarra, although one poster reckons 'there are now over 20 suspect premises in Galway City and outskirts'. blimey.
On a related note -- while shopping in my local supermarket at the weekend, I was pleased to note that when I paid with my credit card, I was asked to sign the slip, instead of using Chip-and-PIN. So it looks like at least one retailer is taking additional care.
On the other hand, the thread also notes many cases of skimming which took place from in-store ATMs in small convenience stores -- those are very widespread now. eek. :(
Independent group's trigger-happy copying : allegations that Irish newspapers have copied content from blogs. There's been a lot of cases of this recently. good round-up from Cian Ginty
(tags: plagiarism ireland newspapers independent)
Review of bicycle helmet effectiveness studies : quite a few case-control studies consistently demonstrating the protective effects of bicycle helmet use on shared roadways
(tags: cycling helmets safety health statistics)Spammer-X's numbers on spam profitability : he claimed that he made net $336k per year from spamming in 2004
(tags: via:tzink spammer-x spam money pay profit motives)
GoDaddy is rejecting mail with URLs that appear in the Spamhaus PBL. As this thread on the Amazon EC2 forum notes, this is creating false positives, causing nonspam mail to be rejected. Here's what GoDaddy reportedly said about this policy:
Unfortunately, our system is set to reject mails sent from or including links listed in the SBL, PBL or XBL. Because the IP address associated to [REMOVED] is listed in the PBL, any emails containing a link to this site will be rejected. This includes plain-text emails including this information.
If this is true, it's utterly broken.
Spamhaus explicitly warn that this is not to be done, on the PBL page:
Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.
And more explicitly in the Spamhaus PBL FAQ:
PBL should not be used for URI-based blocking! Consider the false positive potential: legitimate webservers hosted with services such as dyndns.com or ath.cx! Or consider that ISPs and other networks are encouraged to list any IP ranges which should not send mail, and that could include web servers! Use SBL or XBL (or sbl-xbl.spamhaus.org) for URI blocking as described in our Effective Spam Filtering section. Use PBL only for SMTP (mail).
Critically, the PBL now lists all Amazon EC2 space, since Spamhaus interpret Amazon's policy as forbidding email to be delivered via direct SMTP from there. (Note -- email, not HTTP.)
With this filter in place at GoDaddy, that now means that if you mail a URL of any page on any site hosted at EC2 to a user of GoDaddy, your mail won't get through.
Note: this is much worse than blocks of SMTP traffic from EC2. In that case, an EC2 user can relay their legit SMTP traffic via an off-EC2 host. In this case, there is no similar option in HTTP that isn't insufferably kludgy. :(
Dublin's new M50 electronic toll tags : what a mess! there are no less than 8 tag operators and a bewildering array of prices and penalties. typical
(tags: ireland dublin m50 tolls roads pricing)Sustained IO on EBS == No Bueno : worrying stats for Amazon EBS data throughput, dropping from 160 MB/s to a rather paltry 42.4 MB/s
(tags: amazon ebs ec2 speed networking hosting benchmarks)MXLogic on the economics of spam : Sam Masiello of MXLogic works out that phishers may be netting a 7300% profit margin; this is why spam's not going away. mind you he does this by believing Gartner figures, which is never a good idea
(tags: sam-masiello mxlogic via:tzink phishing spam money)
Cian Ginty at the Irish Times writes:
As clunky helmets, yellow reflective gear, and Lycra could be used as a stereotype for Irish cyclists, it might come as a surprise that women wearing high heels are a common sight on bicycles in Copenhagen.
The general image of cycling here is vastly different to so-called bicycle cultures where cycling is normalised and there is talk of a "slow bicycle movement".
"Among thousands and thousands of cyclists on my daily routes, I think I see one or two reflective vests a week, if that," says Mikael Colville-Andersen, a cycling advocate living in Copenhagen.
With Denmark, the Netherlands and Germany - where bicycle usage is high - the helmets and reflective clothing we think of as "a must" for cyclists are far from standard.
It then goes on to rehash some of the stuff that has cropped up recently on cycling blogs about cycling safety, helmets, etc.
The only problem with casualization of cycling, removing gear like helmets, is that without corresponding changes to the road and cycleways to make them safer, it will increase accidents and fatalities. I looked this up a couple of weeks back when I came across an anti-helmet site. Chasing up the figures and doing some research, it became clear that if you simply want to cycle without hurting yourself, the facts were not on their side -- helmets save lives, especially when dealing with shared roadways as we have here.
Copenhagenization is a result of a better, safer road environment for cyclists, as seen in Denmark and the Netherlands, which makes safety gear not as much of a requirement. But on the other hand, Ireland's roads are designed mainly for cars, and Dublin Council have done little to help -- that makes safety gear a requirement, unfortunately :(
However, I think this is the real reason why people don't cycle in Dublin:
Let's take a fictional person, let's call her Kassandra. Kassandra lives a little north of Copenhagen and rides every to work every day between 07:25 and 07:55 and back again between 15:35 and 16:05. Kassandra doesn't mind a little light showers, but if the intensity increases to over 0.4 mm over 30 minutes (light rain), then she thinks it is too wet. Kassandra works five days a week and has weekends and holidays free. That gives her 498 trips between September 2002 and the end of August 2003.
How often does Kassandra get wet either to or from her job that year? The answer is, in fact, rarely. On those 498 trips it was only 17 times. That is only 3.5% or on average 1.5 trips a month.
3.5%. Compare that with what's happened in Dublin this month -- I'd estimate that's meant that at least half of my rides have involved some degree of rainfall, occasioning many cries of woe.
It takes dedication -- and lots of wet-weather gear -- to ride a bike here...
(Of course, having said that, I look out the window and it's immediately sunny ;)
Update: Ryan Meade corrects me in the comments:
Justin, you need to take a look at Owen Keegan’s paper to Velo-City 2005, “Weather and Cycling in Dublin : Perceptions and Reality”. The probability of getting wet is actually pretty comparable to the Copenhagen scenario detailed above - 5.5% for a 30 minute journey if you take 0.2mm per hour at the threshold for “getting wet”. On the other hand the vast majority of both cyclists and motorists think it’s more than 15%, with half thinking it’s above 30%.
Amazing how the psychological, "glass half-empty" factor influences my thinking on this. I had no idea!
I was away on holidays last week, and when I got back, I found my feed reader full of some good discussion as to whether today's bigger spam botnets -- Srizbi, Rustock, Mega-D, Cutwail/Pushdo -- are sharing components, such as "landing" sites, exploits, customers, and even command and control networks. It started with this post on the FireEye Malware Intelligence Lab's blog noting:
'Some malware researchers have described Srizbi and Rustock as rival botnets, our data indicates that this apparent rivalry is a sibling rivalry at best. Srizbi and Rustock seem to be supported (controlled) by the same parent (bot herder).'
and in this followup:
'We can clearly see that Srizbi, Pushdo and Rustock are using same ISP, and in many cases, IPs on the same subnet to host their Command and Control servers. It seems extremely unlikely to our research team that three previously "rival" Botnets would share nearly consecutive IP space, and be hosted in the same physical facility. Of all the data centers and IPs in the world, the fact that they are all on the same subnet is very intriguing. This fact makes the FireEye research team conclude that either the Botnets are operated by the same organization, or that the datacenter (McColo) is a shell corporation that leases out it's IP space and bandwidth for nefarious actions.' [...]
'IPs at a typical datacenter are leased out in a /30 or more commonly, a /29 block. However, here we can see that in a given succession of IPs, the three Botnets have C&C servers dispersed throughout. This gives us an impression that same Bot herder leased out a larger range and then distributed it amongst its different Botnets.'
Marshal say: 'at the very least, the major botnets have common customers.'
Dark Reading cover it like so:
Rustock, which recently edged Srizbi for the top slot as the biggest spammer mostly due to a wave of fake Olympics and CNN news spam, and Srizbi, known for fake video and DVD spam, have been using the same Trojan, Trojan.Exchanger, to download their bot malware updates, researchers say. “This is the first time” we had seen this connection between the two botnets, says Fengmin Gong, chief security content officer for anti-botnet software firm FireEye. “That’s why when we saw it, it was surprising. They definitely have a relationship,” he says. “There’s not the rivalry we used to think about.” [...]
Joe Stewart, director of security research for SecureWorks, says the Srizbi-Rustock connection is most likely due to a spammer using both zombie networks -- not that the operators of the two botnets are actually collaborating. “What is confusing people is that you’re seeing Rustock bots sending out emails that essentially infect people with Srizbi, so they think it must be Srizbi that’s sending it, but it’s not,” he says. “Srizbi is not just one big model. It’s rented out to lots of different spammers."
A major spammer may be trying to diversify by using the two botnets, he says. “It could be because they want to separate their malware-seeding operation from their spamming operation,” Stewart says. “Maybe their bots are getting blacklisted faster when they’re sending out URLs with fake video files because they’re easy to spot, so their spam doesn’t get through. So they send malware from this botnet, and spam from this one, to keep out of the blacklists longer.”
I agree that Joe's scenario is very likely; the spammers aren't always the same people who operate the botnets, and it only makes sense that some of them would spread their business among multiple nets, to minimize the risk that all of their output would be blocked if one 'net runs into trouble (or indeed, good filtering ;). But seeing C&C servers sharing LANs also strikes me as unusual. One to watch.
Anyway, it's good to see that the malware research blogs are now actively tracking and posting updates when the botnets change topics and format; this info is very valuable for us in anti-spam, as it allows us to map from the received spam mails back to the sending botnet, and determine which rules are good at detecting each botnet. Thanks, guys.
(image credit: cobalt123, used under CC license)
30% Of Internet Users Admit To Buying From Spam : ugh. we need a reminder of the Boulder Pledge. Mind you, Marshal have put out what appear to be inaccurate figures in the past regarding the Rustock botnet, so apply a pinch of salt
(tags: marshal spam boulder-pledge commerce shopping statistics via:techdirt)more details on EC2 Elastic Block Store : achieves 70MB/s on an m1.small instance; 'performance exceeds what we’ve seen for filesystems striped across the four local drives of x-large instances'. pretty good for a network filesystem, although not great compared to fast local SATA disks. also: snapshots are incremental and perform nicely compared to local S3 copy-and-upload
(tags: ebs amazon performance benchmarks s3 ec2 disks snapshotting filesystems)Amazon Elastic Block Store (EBS) : 'Prior to Amazon EBS, block storage within an Amazon EC2 instance was tied to the instance itself so that when the instance was terminated, the data within the instance was lost. Now with Amazon EBS, users can chose to allocate storage volumes that persist reliably and independently from Amazon EC2 instances.' -- can even snapshot to S3
(tags: amazon ebs ec2 aws s3 cloud-computing hosting)
Here's my results for The Omnivore's Hundred, a silly foodie "purity test". Bold are items I've eaten; crossed-out items are ones I wouldn't eat again. I score 70 out of 100, and clearly need to eat less Asian and more European cuisine ;)
- Venison
- Nettle tea
- Huevos rancheros
- Steak tartare
- Crocodile
- Black pudding
- Cheese fondue
- Carp
- Borscht
- Baba ghanoush
- Calamari
- Pho
- PB&J sandwich
- Aloo gobi
- Hot dog from a street cart
- Epoisses
- Black truffle
- Fruit wine made from something other than grapes
- Steamed pork buns
- Pistachio ice cream
- Heirloom tomatoes
- Fresh wild berries
- Foie gras
- Rice and beans
- Brawn, or head cheese
- Raw Scotch Bonnet pepper
- Dulce de leche
- Oysters
- Baklava
- Bagna cauda
- Wasabi peas
- Clam chowder in a sourdough bowl
- Salted lassi
- Sauerkraut
- Root beer float
- Cognac with a fat cigar
- Clotted cream tea
- Vodka jelly
- Gumbo
- Oxtail
- Curried goat
- Whole insects
- Phaal
- Goat's milk
- Malt whisky from a bottle worth $120 or more
- Fugu
- Chicken tikka masala
- Eel
- Krispy Kreme original glazed doughnut
- Sea urchin
- Prickly pear
- Umeboshi
- Abalone
- Paneer
- McDonald's Big Mac Meal
- Spaetzle
- Dirty gin martini
- Beer above 8% ABV
- Poutine
- Carob chips
- S'mores
- Sweetbreads
- Kaolin
- Currywurst
Durian- Frog's Legs
- Beignets, churros, elephant ears or funnel cake
- Haggis
- Fried plantain
- Chitterlings or andouillette
- Gazpacho
- Caviar and blini
- Louche absinthe
- Gjetost or brunost
- Roadkill
- Baijiu
- Hostess Fruit Pie
- Snail
- Lapsang souchong
- Bellini
- Tom yum
- Eggs Benedict
- Pocky
- Tasting menu at a three-Michelin-star restaurant
- Kobe beef
- Hare
- Goulash
- Flowers
- Horse
- Criollo chocolate
- Spam
- Soft shell crab
- Rose harissa
- Catfish
- Mole poblano
- Bagel and lox
- Lobster Thermidor
- Polenta
- Jamaican Blue Mountain coffee
- Snake
(thanks to this generator and mordaxus at Emergent Chaos for the link.)
White Noise - An Electric Storm : 1969 album by David Vorhaus and Delia Derbyshire of the BBC Radiophonics Workshop: 'one of the freakiest, most frightening, far out and forward thinking albums you may ever get to hear'
(tags: 1969 sixties music psych white-noise delia-derbyshire bbc radiophonics-workshop electronic)vim-flymake.vim : hooray! Flymake, on-the-fly compilation & error checking, for VIM. bit kludgy though, would be better if it integrated with vim 7.1's "compiler" support
(tags: vim flymake compilers error-checking editors vi software)