Skip to content

Justin's Linklog Posts

Challenge-Response: Patent Fireworks!

Published June 2, 2003

A timely reminder for the European Commission, while it considers permitting software patents.

In the US, software patents have been permitted for years, with hilarious results. Here’s a good example.

Back in 1997-98, spam was a minor irritant, but the practice of ‘listbombing’ (forge-subscribing one’s enemies to lots of mailing lists) was more troublesome. As a result, several mailing-list manager programs like Majordomo added challenge-response to their subscription process; this is why, when you sign up for a list, you have to click on a link in the mail you get, to ‘confirm’ you really asked to be signed up. (Here’s a mail detailing how LISTSERV had this feature in March 1996.)

All very clever, and it solved the problem nicely.

Some bright sparks then noticed this, and decided it was non-obvious somehow to apply this to spam filtering. They overlooked the prior art (more listed here) and registered some patents.

Fast-forward to 2003, and we see that there are now no less than three pretty-much-identical anti-spam C-R patents which have been granted:

Oops! Where’s the popcorn?

(Thanks to this posting from RFG for spotting this.)

Google News Censors Indymedia

Published May 30, 2003

Google News has been forced to remove IndyMedia from Google News’ feed of sources, by an email campaign.

I’m in two minds about this — I can see Google News’ point. If an unmoderated feed allows crap like the Protocols of the Elders of Zion to get through, then GN obviously doesn’t want that turning up in their ‘news’ search results. But removing IMC altogether seems suboptimal; I would assume the front page newswire — or at least the features — is a bit more moderated, and therefore trustworthy.

Getting balanced news — and that means lefty IMC along with neocon Fox — is key, and Google News was doing a pretty good job up ’til that point.

Interview with nmap author

Published May 30, 2003

a good interview with nmap’s Fyodor on /. Snippet:

  1. During your time running Honeypots, you’ll have seen a lot of compromised systems. Is there any incident that’s really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin?

  2. On the humorous front, one attacker was was running a public webcam during his exploits, so we were able to watch him crack into our boxes in real time :). I will resist the urge to link a screenshot. His rough location was determined when we noticed Mrs. Doubtfire playing on his TV and correlated that with public schedule listings. He was working with a Pakistani group, but was actually on the US East Coast.

    In the ‘disturbing audacity’ front, this year we found that a group of crackers had broken into an ecommerce site and actually programmed an automated billing-sytem-to-IRC gateway. They could obtain or validate credit card numbers by simply querying the channel bot! Expect a more detailed writeup soon.

Depleted Uranium

Published May 29, 2003

temporary politics break. ;) This story was big news in the UK a few weeks ago, but never made it into the news over here. Dr. Asaf Durakovic, a former US Army advisor, sent a team to Afghanistan to test civilians for uranium contamination after the war there:

Without exception, every person donating urine specimens tested positive for uranium internal contamination. … the donors presented concentrations of toxic and radioactive uranium isotopes between 100 and 400 times greater than in the Gulf veterans tested in 1999. (jm: also on average 26 times the maximum permissible level in the US)

‘If (the) findings are corroborated in other communities across Afghanistan, the country faces a severe public health disaster… Every subsequent generation is at risk.’

Also, a very interesting interview with Major Doug Rokke, who worked on the cleanup procedures during the first Gulf War, dealing with DU and other contaminants.

Slashdot, and Electric Vehicles

Published May 28, 2003

current /. poll: what SpamAssassin setting do you use? Cool! (but who are the nutters voting ‘less than 0’?)

Tech: Danny blogs about fuel-cell vehicles, linking to the DrivingTheFuture site. I met Doug Korthof of DTF a month or two ago — a nice guy with a persuasive case, namely that electric vehicles work, and the current concentration on fuel-cell and hybrid vehicles is a diversionary tactic.

The facts of the matter really are quite wierd, as the OC Weekly interview notes:

  • When (Doug) first got the (GM) EV1, the lease allowed for unlimited mileage. But the car came with something else: a defective lead-acid Delco battery that took a couple of trips to the mechanic to get replaced. GM wound up replacing all the Delcos with Panasonic lead-acid batteries. But there was an unanticipated consequence: the Panasonics got such dramatically better range than the Delcos that GM took all its EV1s that had not been leased off the market and forced existing drivers into new leases that did limit mileage.

  • Korthof experienced even better mileage with a nickel-metal hydride battery that allowed his 1997 Honda EV-Plus to run for 140 miles without a recharge. Honda took the car back in 2002 and junked it. No subsequent electric cars had nickel batteries, and Chevron Texaco Corp. since acquired the worldwide patent to nickel-metal hydride batteries, which the company is partly using to satisfy the burgeoning hybrid-car market.

I took a look at the EV1 myself, and talked to Doug about the recharging system he uses. He recharges their 2 EVs directly from a plug socket in his garage, and with his house fitted with solar panels, it costs about 25 bucks a month to keep them charged. Of course, there’s a lot of up-front cost to install the solar panels and buy the EVs, but IMO it would be worth it.

A moot point anyway — most EVs (with the exception of the Toyota RAV4-EV) can no longer be bought, even second hand. Instead, there’s a recall in operation, and existing EVs are being recalled and dismantled. Even purely from a ‘cool tech’ POV, this is a shame.

e-voting in Ireland ‘poses a threat to our democracy’

Published May 28, 2003

Margaret McGaley has been investigating the Nedap/Powervote e-voting system that’s recently come into use in Ireland, as part of her undergrad thesis, and the conclusion is not good: ‘E-voting poses a threat to our democracy’. She goes on:

I hope to mount a campaign over the next few months with the following goals:
  • to prevent the use of the Nedap/Powervote system in Irish elections,
  • to prevent the purchase of any more equipment or software from
    • Nedap/Powervote by the Irish government, and
  • to convince the government that any electronic voting system used in this country should be developed here, using formal methods and the Mercuri method, and should be open source.

More info at the the report site.

The Nedap/Powervote e-voting system is the one that the Irish government never bothered getting a copy of the source for, instead doing a basic under-NDA source audit. Reportedly, there were comments in the resulting review doc along the lines of ‘The source code and comments for this section is in Dutch, so we’re not sure exactly what it does’. And if that’s not bad enough, it runs on WinCE, with the votes tabulated in an Access database. ;)

Let’s hope Nedap/Powervote use their election-fixing powers purely for good, and not for evil! ;)

BTW, myself, I’m surprised the Irish government (a) went to a Dutch company for the technology to do this, and (b) didn’t get hold of the entire system’s components and source, or at least do a stronger audit, given their experience of imported computing devices including some ‘bonus functionality’ in the past.

Eurovision Scandal

Published May 27, 2003

No, not the supposedly politically-motivated nul points for the UK, the much more scandalous way that RTE ignored democracy and the popular vote in favour of their own autocratic ‘Star Chamber’ jury. Outrage! Boo!

‘Voters had a five-minute slot in which to register their selections after all of the songs had been performed. Because Ireland was third of the entries to disclose its voting, the phone lines could not be kept open for any longer than the five-minute slot. Eircom, which operated the phone lines, had agreed with RTE’ that it would collate all of the votes within nine to 10 minutes of lines closing. While the company fulfilled its obligation, RTE’ decided to use a jury verdict rather than phone votes. …

(My emphasis.) Hmm… methinks the journo doth protest too much.

Eircom said its decision not to charge voters for their calls was a goodwill gesture and should not be interpreted as an admission of failure on its part regarding its role in the voting. ‘The system and the technology on our part worked as it should have on the night,’ a spokeswoman said.’

Aaaaah. I get the picture.

GTA3: Vice City secrets

Published May 26, 2003

Hmm. I don’t remember spotting a tiki bar in GTA3:VC… must go searching when that VGA adapter turns up. ;)

I’ve been repeatedly struck, while in California, what an incredible job the GTA3:VC designers did with the graphics and level design. It evokes so many visual aspects of US cities, perfectly, and this is pretty impressive when you consider they’re a Scottish games house. This interview details how they did it:

GS: Did you do any on-location studies of any areas to help with the design of Vice City? If so, where did you go, and how helpful was it?

AG: After the near-death experience that was the development of Grand Theft Auto III, the entire team flew out to Miami to recover and soak in the atmosphere of the area. While the rest of the team sunbathed or propped up the News Bar, the ever-industrious art team headed out onto the baking hot Miami streets armed with digital cameras. We split up and covered every area we were interested in using for Vice City. The animation team armed with digital camcorders spent time examining exactly how women in bikinis and roller skates moved, and the city modelers braved both the seediest, scariest parts of Miami and got kicked out of all the best places. By the time we returned to sunny Scotland, we’d amassed countless hours of video and close to 10,000 digital photos. When scouting locations, we tried to get a cross-section of shots — a good few were wide angle to remind us how the place fit together, and the rest were details to aid in modeling and texture usage. The guys in the New York office also sorted out some professional location scouts from the film industry for us who provided us with some really excellent locations for any areas we hadn’t managed to get enough detail on. I can’t imagine capturing the feel of a city without all this resource material, never mind actually spending time in the place. Sending the entire team rather than a few leads allows everyone to understand what it is they are trying to make. We couldn’t have done it any other way.

PAL vs. NTSC: a maze of twisty turny passages

Published May 26, 2003

A cautionary tale of consumer electronics regional lockdown follows. Hopefully Google’ll pick it up and it’ll help someone else in the same boat.

So I brought my PS2 with me from Ireland, along with a few good games, figuring that it’d be cheaper, and simpler, to bring them and buy a few bits of converter hardware here, rather than buy the lot from scratch.

How wrong I was. :(

So I’ve already spent about 50 bucks on a step-up transformer to convert US 110v to the 220v my European PS2 requires. Of course, the European PS2 outputs in PAL rather than NTSC, and most US TVs, including my one, accepts only NTSC input.

So the next step is a PAL to NTSC converter. Sounds like a pretty simple piece of equipment, right? Well, nope. Most pages out there that deal with this recommend either (A) buying a multi-region DVD player that’ll convert PAL to NTSC on the fly — which won’t work for me, as I’m not looking to play DVDs per se — (B) buying a converter like this one for about 280 dollars, (C) buying a new TV (even more expensive), or (D) buying a VCR that’ll convert on the fly, like the Samsung SV-5000W, for about 350 dollars. (forget it, that’s more than the price of the PS2!)

However, there does seem to be another option: a PAL-to-XGA converter, allowing me to display the PS2 output on my PC’s monitor. Still pricey at 152 dollars though.

One more: I could just buy a new PS2 over here for 180 dollars and install a multi-region mod chip. But my soldering skills are rusty, and license-wise, it’s iffy. :(

Finally, though, the winning option seems to be this: Lik-Sang.com sell a PS2-to-VGA output converter box for about 50 dollars plus shipping. Given that the display quality is improved — and my monitor is sharper and bigger than my TV anyway — I think I’ll go for this.

LPR as a general spooling and queueing mechanism

Published May 25, 2003

Good article on the use of LPR/LPD as a general-purpose distributed queueing mechanism for non-printing applications.

I maintained PLP (the predecessor of LPRng , which the author uses) for a while, and this kind of thing was one of the main featuresets I wanted to enable.

I know someone in (if I recall correctly) BASF was using it to generate movies, from frame-grabs individually LPR’d by a network of machines. As a result we had to add sub-second accuracy to the queueing; not sure if that made it into LPRng though ;)

What Shall We Do With The Drunken Sailors

Published May 24, 2003

The story of the U.S.S. Constitution and her drunkard sailors. A great story, so I forwarded it on, and what do you know, Ben debunks it thoroughly:

What a load of bollocks.

As to the alcohol detail, working it out on fingers and toes, it comes to over 3 gallons of liquor per person per day. 12 pints of rum would be a big day for me and I probably wouldn’t want to get up and do it all over again the next day. And by day 100 …

But the big honking red flag here is that the US was at war with FRANCE, not Britain, at the time. Ponder for a moment the concept of a US ship (when the US Navy was brand new and very small) sinking this many British ships and, ahem, sailing up the Firth of Clyde to — this gets good — raid a distillery. I think some response from the Royal Navy would have been considered …

And the ship was launched on the 22nd, not the 27th.

Of course, this wouldn’t stop, oh, the SECRETARY OF THE NAVY from repeating it as fact!

Ben, you should start your own blog.

Caelen and Barbara’s Adventures

Published May 24, 2003

Caelen and Barbara’s travelogue from Luang Prabang just fills me with reminiscence for Laos — I’d go back in a shot, it’s an amazing country (well, for tourists at least, not sure about the folks living there).

Also interesting to see that Caelen went for some minor surgery while in Bangkok. Great idea — 150 bucks is a hell of a lot cheaper than you’d get it pretty much anywhere else, and the Bangkok hospitals that cater for tourists are, by all accounts, super-swanky. Great idea!

Small World

Published May 23, 2003

wow, this is wierd.

So I did a quick blog-hop, as you do. First, I visited Bernie’s interim weblogs.com blog (thanks for the link B! BTW, this looks cool).

From there, I hopped to Micheal O’Foghlu’s site, and finally settled the question — yes, he is related to Cormac O’Foghlu, who I used to work with ;)

On to Sean McGrath’s blog, where I came across an interesting link to DemoTelco — a nifty site where anyone can set up a blog and write entries via SMS messages. Set up by a Dublin company, Newbay.

Cool. To check it out, I took a look at one of the blogs on the ‘most popular’ sidebar, and what do you know — it’s Caelen King’s foneblog!

Lots of (er, frankly bizarre) pics of Caelen and Barbara. Given the shots of Euro coins and crappy Dublin weather, I guess they’re back from their round-the-world trip, then…

Sure enough, it notes:

We are back in Ireland and back at work – Our Really Big Adventure is over

Know that feeling. :( Still, at least they went to the bother of finishing up their travelogue. I think I’ll take a read over that in full when I get a chance…

The ‘One Bite Of The Apple’ Problem

Published May 23, 2003

Ray Everett-Church of CAUCE writes regarding the latest US Senate anti-spam bill.

This bill simply creates a set of baseline standards for truthfulness, which if the spammer can meet, they can send as much spam as they wish. This characteristic, common to all the leading spam bills, makes it a gross misnomer to call them ‘anti-spam.’ ‘Anti-consumer,’ sure. ‘Pro-spam,’ even. But not ‘anti-spam.’

Any legislation that permits all of America’s estimated 23 million small businesses to legally send everyone at least one email cannot be considered anti-spam. And any bill that limits a consumer’s recourse to clicking an opt-out link 23 million times isn’t going to make our lives any better. By limiting enforcement to Attorneys General or the FTC, with no recourse for consumers, these bills virtually guarantee the status quo: extremely limited enforcement. Even the FTC and state AGs have said giving them more enforcement power without commensurate resources is a waste of time.

A good example of why opt-out does not work as a basis for anti-spam action; it permits every single potential sender to still spam you once, in full legality — what’s been called the ‘one bite of the apple’ problem.

Given that (as Ray says) there’s 23 million small businesses in the US, that’s a potential 23 million spams to your email address, and 23 million ‘remove’ requests you’d have to send to unsubscribe — every three years, to boot. Full open letter from CAUCE here.

Cat Murderer

Published May 23, 2003

My cat has turned into a murderer. For the last week, he’s been going out and bagging 1-2 wild animals per day; mostly rabbits, but some voles and a finch too.

It’s really wrecking my head. I don’t have the nuts to kill a half-dead rabbit in cold blood, so I wind up leaving them in the bushes to die; and I’m sure that’s exactly what happens to most of ’em. The other day I had to fish out a dead baby rabbit, put it in a plastic bag, and dump it in the bin.

Maybe I should leave them out for the hawks. There’s a pretty big peregrine and red-tailed hawk population around here.

Alternatively, maybe some cat transformation sets would help… at least around the house: ‘The cat which became a hood figure is likely to have a broom at any moment, and is likely to begin cleaning.’

Bonus: via jwz:

‘Shooting The Messenger’

Published May 23, 2003

Yoz does a great job rounding up some Plan For Spam links. First off, he links to a great essay, Shooting The Messenger, which nicely rebuts the idea that to deal with spam, we need an SMTPng. Recommended. (He goes a bit overboard with some hard-ass filtering recommendations at the end IMO, though…)

Secondly, Yoz links to a couple more posts. The first is a friendly-fire incident involving the SpamCop DNS blacklists, illustrating the dangers of peer-to-peer ‘this is spam’ reporting. There’s a related issue with the SpamCop DNSBL, in that it’s over-sensitive; one report can sometimes be enough to get a site BLed, which is not good. The problems with SpamCop’s hair-trigger thresholds are well-documented, and — hopefully — Julian will fix them soon.

The second is a mail from John Gilmore to Politech. He says ‘a simple rule for anti-spam measures that preserves non-spammers’ freedom to communicate is: No anti-spam measure should ever block a non-spam message. But there isn’t a single anti-spam organization that actually follows this rule.’

Wrong. That’s exactly the SpamAssassin angle. If the user says it’s not spam, it’s not spam — and we have to figure out a way to get our scoring system to return that result, if at all possible. And yes, it gets it wrong about 0.1% of the time — and that’s why we never tell users to block, bounce or delete spam if at all possible; just mark it ‘possible spam’ and divert to another folder, and always let a human take a look to verify that decision.

Given the nature of the spam problem, and the nuisance it poses to virtually everybody trying to use email, that’s the best that can be done at this point.

And yes, something has to be done. Spam is a massive problem. If it’s not dealt with somehow, and kept out of our day-to-day inboxes, people will stop using mail. Before spam filters became ubiquitous, I talked to many casual internet users who (a) closed down their email address every 6 months to escape the flood, or (b) gave up reading their mail because of it. (And why did spam filters become ubiquitous?)

It comes down to: what’s better for the internet — a mislabelled email in your ‘spam bucket’ folder — or no email at all?

valid reverse DNS now required to mail an AOL user

Published May 22, 2003

Given that something like 8.13% of of the hosts that have sent non-spam mail to me do not have reverse DNS information recorded, the fact that AOL have just switched this on as a requirement will be interesting: 

: jm ftp 1019...; dig aol.com mx
aol.com.                3559    IN      MX      15 mailin-01.mx.aol.com.
mailin-01.mx.aol.com.   92      IN      A       152.163.224.26
...
: jm ftp 1020...; telnet 152.163.224.26 25
Trying 152.163.224.26...
Connected to 152.163.224.26.
Escape character is '^]'.
220-rly-za01.mx.aol.com ESMTP mail_relay_in-za1.6; Thu, 22 May 2003
15:09:54 -0400
220-America Online (AOL) and its affiliated companies do not
220-     authorize the use of its proprietary computers and computer
220-     networks to accept, transmit, or distribute unsolicited bulk
220-     e-mail sent from the internet.  Effective immediately:  AOL 
220-     may no longer accept connections from IP addresses which 
220      have no reverse-DNS (PTR record) assigned.
^]
telnet> q
Connection closed.

Breakthrough in photonics

Published May 22, 2003

New Scientist: Alchemy with light shocks physicists:

Claims of ‘unexpected and stunning new physical phenomena’ are rare in the abstract of a reputable scientific paper. But the latest report by photonics crystal pioneer John Joannopoulos and his group at MIT, soon to be published in Physical Review Letters, does not disappoint.

The researchers document the ultimate control over light: a way to shift the frequency of light beams to any desired colour, with near 100 per cent efficiency. ‘The degree of control over light really is quite shocking,’ comments photonics expert Eli Yablonovitch at the University of California, Los Angeles.

If the effect can be harnessed, it will revolutionise a range of fields – turning heat into light, for example, or prized terahertz rays. Right now, the only way to shift the frequency of a light beam involves sending an extremely intense light pulse – with a power of many megawatts or even gigawatts – along next to it.

This interacts with the first beam and alters its frequency, but the technique is expensive, requires high-power equipment, and is generally pretty inefficient. But when Joannopoulos and his colleagues Evan Reed and Marin Soljacic investigated what happens when shock waves pass through a device called a photonic crystal, they discovered a completely unexpected effect.

I’m just posting this because I like the word ‘photonics’ ;) But this is apparently really cool new tech.

Escher Meets The Flower Show, Little Elves, and W3C on Patents

Published May 22, 2003

BBC: How does Dyson make water go uphill? A very cool hack from a Dyson engineer for the Chelsea Flower Show — an M. C. Escher-influenced water feature which gives the illusion that the water is flowing uphill.

A set of four glass ramps positioned in a square clearly show water travelling up each of them before it pours off the top, only to start again at the bottom of the next ramp.

It is a sight which defies logic, and has become probably the most memorable image of this year’s show.

Mr Dyson says his inspiration was a drawing by the Dutch artist MC Escher (he of Gothic palaces where soldiers are eternally walking upstairs, and of patterns where birds turn into fish).

Privacy: Danny forwards this post which discusses what the poster calls the ‘little elves’ problem. Very good point and contains this great real-world example:

Peter Wright in ‘Spycatcher’ … describes one of the problems arising out of the Berlin Tunnel Operation thus: ‘So much raw intelligence was flowing out from the East that it was literally swamping the resources available to transcribe (and translate) and analyse it. MI6 had a special transcription center set up in Earl’s Court, but they were still transcribing material seven years later when they discovered that George Blake had betrayed the Tunnel to the Russians from the outset’.

Funnily enough, I have the same problem — a lack of processing power to deal with the raw incoming volume — with my spamtraps from time to time. Now I can describe it in terms of ‘little elves’.

Patents: W3C announce patent policy. They’ve decided on Royalty-Free as a requirement, good news. TimBL’s comments on the decision:

Many participants in the original development of the Web knew that they might have sought patents on the work they contributed to W3C, and that they might have tried to secure exclusive access to these innovations or charge licensing fees for their use. However, those who contributed to building the Web in its first decade made the business decision that they, and the entire world, would benefit most by contributing to standards that could be implemented ubiquitously, without royalty payments.

This decision on the W3C Patent Policy coincides almost exactly with the tenth anniversary of CERN’s decision to provide unencumbered access to the basic Web protocols and software developed there, even before the creation of W3C. In fact, the success of technical work at the World Wide Web Consortium depended significantly on that decision by CERN. The decision to base the Web on royalty-free standards from the beginning has been vital to its success until now. The open platform of royalty-free standards enabled software companies to profit by selling new products with powerful features, enabled e-commerce companies to profit from services that on this foundation, and brought social benefits in the non-commercial realm beyond simple economic valuation. By adopting this Patent Policy with its commitment to royalty-free standards for the future, we are laying the foundation for another decade of technical innovation, economic growth, and social advancement.

Quite. I remember seeing Mosaic for the first time — my first thought was ‘wow, it’s like those commercial hypertext systems, but it’s free’. Initially, the free-ness was a lot more important than the network transparency it also offered.

There had already been several commercial hypertext systems, with expensive licensing terms. I’d only ever seen them bundled with other products (like the AIX documentation viewer) or used in kiosk systems.

They pretty much foundered when HTTP and HTML became available. But there’s no question to my mind that if CERN had made HTTP/HTML a commercial, licensed, or royalty-paying proposition, we wouldn’t even be talking about the web (or should I say the ‘WWW’?) nowadays.

The national ‘Do Not Call’ list

Published May 20, 2003

(of the phone variety). I’ve been driven mad by telemarketers; one of the more irritating local innovations (thankfully ‘sales cold calls’ are pretty hard to operate with European privacy laws, so it wasn’t a problem back home).

Well, Congress over here recently passed a ‘do not call’ list, so you could ring up the maintainers and ask for your number to be added, and hey presto, no more phone spam. Well, CalPundit writes:

The federal law doesn’t cover banks, airlines or phone companies or calls made within a state.

Wow. That’s like saying ‘the law doesn’t cover calls made on a day ending in ‘y’.’ In my experience, those companies make 95% of the calls. Great.

Think I’ll stick with the tried-and-trusted ‘ring through to answerphone during the afternoon and early evening’ filter…

DMCA: IP: Using treaties to lock in DMCA enforcement:

On May 6, President Bush and Prime Minister Goh of Singapore signed the U.S.-Singapore Free Trade Agreement (the ‘FTA’). President Bush has termed the FTA ‘the first of its kind’ – apparently meaning that it is the first free trade agreement between the United States and an Asian nation.

But the FTA is also the first of its kind in another sense, as well. It is the first international trade agreement to demand that the signatories implement anti-circumvention provisions similar to those of the hotly controversial Digital Millennium Copyright Act (‘DMCA’).

It’s Naomi Klein meets Slashdot ;) Hopefully it’ll be blocked though, since it has serious domestic results too:

This step will have international, as well as domestic consequences: If Congress approves the FTA, it will not able to alter the DMCA without violating its obligations to Singapore.

Of course, according to some correspondents, Ireland’s copyright regime (reformed in 2000) quietly inserted its own DMCA provisions. Of course, nobody noticed, except for the legal lobbyists who were hoping this would happen. Doh. Is nowhere safe for freedom-to-tinker these days?

The 419ers Meet Their Match

Published May 19, 2003

Scam-O-Rama: Absolutely incredible. These guys have taken the art of 419er-baiting to the ultimate extreme — they’re successfully extracting money from the ‘Lads from Lagos’:

Wow. Also this IDG.NET story notes:

There’s an odd battle building in the dark alleys and byways of the Internet, being fought by diverse characters such as Dr. Sigmund Freud, Kris Kringle, the late Princess Margaret, a German-Hungarian gypsy called Hans Gneesunt-Boompsadazi, a Chinese restaurateur called Hu Flung Dung, and the Patagonian Liberation Front. ….

In what is regarded as the Titanic of the genre … three bogus explorers called Captain Stabbin, Lonslo Tossov and Ilichy Miracsky, in their equally fictitious boat ‘The Lucky Lad’, kept a gang of Lads on the run for several months with clowning exploits describing their supposed passage up and down the West African coast, failing to meet the Lads on several occasions for a variety of improbable reasons.

Eventually the good captain pulled the plug on the reverse scam, informing the lads in no uncertain terms that they were ‘mugus’ — a word used in Nigeria to denote an utter idiot.

I came across this while looking for info on the practice of signing guestbooks as Mugu Guyman. One theory I’ve heard is that means a 419er has visited the guestbook, scraped the email addresses for 419 fraud, and it’s a sign for other 419ers to keep away from those addresses as they’re already ‘taken’. As the quote says above, ‘Mugu’ is apparently a term meaning something along the lines of ‘gullible idiot’. Most of the comments seem to support this:

  • ‘me i done here mugu mugu off’
  • ‘TOGO GUYMEN KEEP OFF FROM THIS SITE I DEY HERE LAGOS ?TOGO GHANA GUYMEN MUGU NO DEY HERE’
  • ‘Avary good site pls all guyman keep off,oooooooooooooooooo.’

Then, a few seem to indicate that it’s a sign to other 419ers not to spam those addresses while a scam is in progress:

  • ‘south africa, jo bong, mugu guyman kindly keep offoooooooooooooo someone have visitedooooooooooooooo and still waiting for reply ok’
  • ‘VERY HICE ALL MUGU GUYMAN KEEP OFF IT HAS BEEN DONE PLEASE DON,T SPOIL JOB FOR I DONO DO ALL0000000000000000000000000000000000000’

Dunno what all the oooooooooing is about though… ;)

Guinness Really IS Good For You

Published May 16, 2003

New Scientist: The Last Word: ‘Q: I have heard that it is possible to live on Guinness and milk alone. Is this true, or even partially true?’

A: This is not quite true. Guinness does contain many vitamins and minerals in small quantities, but is lacking vitamin C, as well as calcium and fat. So, to fulfil all of your daily nutritional requirements you would need to drink a glass of orange juice, two glasses of milk, and 47 pints of Guinness. — Nigel Goodwin , University of Nottingham’

No problem!

The ‘Private Jessica Lynch’ Spectacle

Published May 16, 2003

Karlin posts a good story on the whole ‘rescue of Private Jessica Lynch’ story. Great quote:

Further, British military Group Captain Al Lockwood, the British Army spokesman at central command in Iraq, says that the British could not believe the pandering way in which the US military dealt with the US media, culminating in the Lynch episode, and the gushing, unquestioning acceptance of same by the US media. ‘In reality we had two different styles of news media management,’ said Lockwood. ‘I feel fortunate to have been part of the UK one.’

Guardian story here:

The American strategy was to concentrate on the visuals and to get a broad message out. Details – where helpful – followed behind. The key was to ensure the right television footage. The embedded reporters could do some of that. On other missions, the military used their own cameras, editing the film themselves and presenting it to broadcasters as ready-to-go packages. The Pentagon had been influenced by Hollywood producers of reality TV and action movies.

One interesting result is that, while the US media (or TV at least) is happy to spew this pabulum, for some reason, these days, most other media outlets world-wide are a bit more likely to apply a critical eye, suspecting spin.

No matter whether it’s true or not, excessive media management (or filming of action movies ;) over flimsy stories is quickly exposed. This promulgates the impression world-wide that the wool is being pulled over the viewers’ eyes, and that the source of the news is fundamentally telling fibs.

SCO’s strong-arm tactics

Published May 15, 2003

In case you missed it — SCO’s letter to Linux customers. Executive summary:

  • open-source code development methodology bashing, to start with
  • SCO will ‘suspend their own Linux-related activities’, whatever they were
  • all users of Linux are vaguely threatened in a ‘cartooney’ fashion
  • ‘Similar to analogous efforts underway in the music industry, we are prepared to take all actions necessary to stop the ongoing violation of our intellectual property or other rights.’

Classy! And a bonus good point from a comment on this LJ article: ‘According to this article, SCO Linux 4.0 contains version 2.4.19 of the Linux kernel. … By the act of distributing the Linux 2.4.19 kernel, SCO has irrevocably released any and all of their intellectual property present in the 2.4.19 kernel under the (terms of the) GPL.’

Chris Horn back on top in Iona

Published May 15, 2003

my ex-employers, IONA Technologies Announces Chris Horn as CEO — again:

In a series of further moves, Mr. Barry Morris, CEO since May 2000, Mr. Steven Fisch, COO, who joined the company in August 2002, and Mr. David James, Executive Vice President Corporate Development, who joined in 1997, have resigned.

‘The Board of IONA Technologies is responding firmly to the challenges and opportunities of the changed marketplace, to position the company for profitable growth and to take advantage of market opportunities through business and new product development. I want to thank Barry, Steven and David for their enormous contributions to IONA and I wish them well in their next challenges,’ said Dr. Chris Horn.

Good to hear it!

Microsoft using cloak-and-dagger tactics to fend off Linux

Published May 15, 2003

Ah, some good old-fashioned sleazy MS stuff:

Chris O’Rourke, a Microsoft employee, described attending LinuxWorld, a trade fair in California, where he ‘purported to be an independent computer consultant’ working with several public school districts, according to an e-mail message he sent on Aug. 20, 2002. ‘In general, people bought this without question,’ Mr. O’Rourke wrote. ‘Hook, line and sinker.’

He said his goal was to glean intelligence about the competition. His guise, Mr. O’Rourke said, ‘got folks to open up and talk.’ Mr. O’Rourke did not respond to a fax and voice mail message seeking comment.

Hilarious — if you can’t beat ’em, send in the clowns. Via the NYT.

Telecoms sans Frontieres

Published May 14, 2003

Salam Pax blogs about an interesting NGO:

I have heard today that a NGO called Communication sans frontiers has arrived in Iraq and will help. They will probably be doing what the Red Cross is doing, a center in Baghdad and a team moving around Iraq. The Red Cross has been moving its phone service, if you can call it that, around Baghdad. Two days for each district and they depend on the word of mouth to spread the news, usually they end up with huge lines and waiting lists but everybody is grateful. Many people have no way telling their relatives abroad how they are doing. A couple of Arabic TV stations, mainly Jazeera, has been putting their cameras in the street and allowing people to send regards to their relatives abroad, tell them they are OK hoping that they would be watching at the time. So what the Red Cross has been doing, and I think what Communication sans frontiers would ultimately be doing is much appreciated.

According to this comment on the command-post.org blog, it’s actually called Telecoms Sans Frontieres:

Telecoms sans Frontieres has created a new humanitarian aid concept: the humanitarian telephone system. TSF’s mission is to operate anywhere in the world, in the heart of military conflicts or in the wake of natural disasters, in order to enable the local population to simply say: I’m alive.

Now there’s a cool idea for any BOFHs who fancy doing some interesting volunteer work for a year… ;)

Ali G in the NYT

Published May 14, 2003

A classic Ali G moment, via Maureen Dowd in the New York Times (username: sitescooper/sitescooper):

  • YOUNG MAN: How does you make countries do stuff you want?
  • MR. BAKER: Well, the way you deal with countries on foreign policy issues . . . is you deal with carrots and sticks.
  • YOUNG MAN: But what country is gonna want carrots, even if it’s like a million tons of carrots that you’re giving over there—-
  • MR. BAKER: Well, carrots — I’m not using the term literally. You might send foreign aid — money, money.
  • YOUNG MAN: Well, money’s better than carrots. Even if a country love carrots and that is, like, their favorite national food, if they get given them—-
  • MR. BAKER: Well, don’t get hung up on carrots. That’s just a figure of speech.
  • YOUNG MAN: So would you ever send carrots? You know, is there any situation—-
  • MR. BAKER: No, no.
  • YOUNG MAN: What about if there was a famine?
  • MR. BAKER: Carrots, themselves? No.

Beautiful.

Initially, there were a lot of media reports in the UK and Ireland, about how negatively it was taken in the US; this interview with the director reckons that was rubbish put about by UK media:

‘I’ve got a theory about this: In Britain, we’re no longer world leaders in anything. … Yet the one thing we still maintain, and cling on to jealously, is that we’ve got the best sense of humour in the world. So we don’t like the idea that people in other countries get our sense of humour. We prefer to cling to the idea that our comedy is too sophisticated for the Americans And yet the truth is rather different. If you look at sitcoms, with a couple of exceptions, all the best ones come from America, like Friends, Frasier, Seinfeld and so on.’

‘I actually think Americans get the undertones of satire almost better than the British. It can’t be coincidence that the best comedies on our TV are all imported from America.’

But then even the bad reviews never said that Ali G was too sophisticated, complaining instead that the satire wasn’t subtle enough. Maybe the Americans are the more comedy-literate, after all.

More on C-R

Published May 14, 2003

TidBITS weighs in. They cover the issues very well, and also have noticed the problem that arises when a C-R system decides to challenge e-commerce notifications — like your air travel e-tickets, for example.

Found at Gary Robinson’s blog, where he also links a couple of taint.org items, cheers Gary ;)

Also, from /.: the House of Lords debates the etymology of ‘spam’. Quite funny:

Lady Saltoun of Abernethy: My Lords, do the Government have any plans to restrict unsolicited faxes? My fax paper is always being wasted by people who send me faxes I do not want. I do not know whether they could be called ‘corned beef’ or something, but I have had enough of them.

Plus another anti-spam Senate bill, from Rep. W.J. ‘Billy’ Tauzin (R-La.) and F. James Sensenbrenner Jr. (R-Wis.). This one is apparently riddled with loopholes: ‘this is yet another bill . . . attempting to get rid of the porn and the scams, but really clearing the way for legitimate companies to spam,” said John Mozena, co-founder of … CAUCE.’

The Perils of Challenge-Response hits PoliTechBot

Published May 13, 2003

As I’ve said before, C-R is not an acceptable way, alone, to deal with spam. You’re just pushing the work away from yourself, and onto your legitimate correspondents — and you won’t make any friends as a result. Things get worse when anything more complex than simple person-to-person mail intrudes, like internet mailing lists. (And come on folks — that particular innovation is only 24 years old ;)

Case in point this week: Declan McCullagh gets bitten:

My reluctant conclusion is that C-R systems with flawed implementations have the potential to end legitimate mailing lists as we know them today.

and Dave Farber says:

If I start getting a flood of challenges from earthlink ipers that require my response I will most likely declare them SPAM and you will stop receiving IP mail.

John Levine’s follow-up is well worth a read, as he predicts massive (and trivial) whitelist exploitation by spammers to avoid C-R — and then we’ll be worse off than we were when we started.

Finally, there’s quite a funny quote in John’s mail:

A relatively easy to solve problem with challenge systems is that most of them are written by dimwits who don’t understand the way that e-mail really works. In 1983 the 4.3BSD Berkeley Unix ‘vacation’ program correctly dealt with mail from lists and other mechanical sources, yet 20 years later I still see out-of-office replies from Lotus Notes and MS Exchange to list mail every day. (Is there really nobody at IBM or Microsoft who used 4.3BSD or knows the rules of thumb to recognize non-personal but legit mail?)

I have often wondered that myself ;)

Northern Ireland policing: imploding

Published May 12, 2003

Wow, the policing situation in Northern Ireland is undergoing meltdown (again).

First off, ‘Stakeknife’ has been named. He was a very high-up member of the IRA (‘head of security for the IRA’s northern command’ apparently), and a double agent for the British Army’s FRU division. The Sunday Herald coverage is here. This is seemingly due to some revelations by a double-agent turned whistleblower.

He’s not a nice character by all accounts:

‘It would be tantamount to being exposed as running a Latin American-style murder squad if the truth came out,’ one said. Unlike Nelson, Stakeknife sometimes did the killings himself. He is also supposed to have arranged for republican targets to be in the wrong place at the wrong time so loyalist hit teams could ‘take them out’. An intelligence source added: ‘This guy was licensed to kill and he killed very many people — or arranged their deaths.’

So, last week, Castlereagh barracks — where files on the agent were kept, and ‘supposedly the most secure security force barracks in western Europe’ — was broken into by a team from British Army intelligence. From that article, it seems pretty brazen; they used army passes, went directly to the room where the papers were moved, knew that security teams were not operational, took exactly the right files, and left:

One former FRU source said: ‘There was no way it was paramilitaries — they couldn’t pull it off. The branch couldn’t do it as they’d get spotted by their own pals in the RUC and MI5 just don’t do rough stuff like this. There’s no one except an intelligence corps CME team who could do this and there is no other motive for them doing it than protecting Stakeknife.’

More NI stuff: Martin McGuinness transcripts: Cryptome again. Surprisingly interesting, mostly for the relaxed chats with Mo Mowlam!

  • Mo: ‘Ahem, the second thing I was gonna say was that I was gonna go to AMERICA and if I’ve got it I’m still gonna go for a couple of days, this week. So I won’t be around much and then I’m on two weeks holiday.’
  • MM: ‘Right’.
  • Mo: ‘So, it was really if there was anything, ahem?’
  • MM: ‘Your holiday plans and mine are colliding then.’
  • Mo: ‘I’m going 26th for two weeks’.
  • MM: ‘So am I, 26th for two weeks.’
  • Mo: ‘Your not going to TURKEY I hope?’
  • MM: ‘No I’m going to Kerry.’
  • (Both laugh)

EMusic again

Published May 12, 2003

So I’ve signed up for EMusic. Just my luck — with perfect timing, they’ve instituted a new download policy, whereby one has to use a proprietary download application — and it doesn’t work on Red Hat versions after 7.3; to quote their install instructions:

The Linux version of the Download Manager 2.0 was developed for Red Hat 6.2, 7.3 and Mandrake 8.1. Any flavors of Linux outside of these may not support the EMusic Download Manager 2.0. If you are having issues, we recommend that you switch your Linux flavor or OS in order to download with the EMusic Download Manager 2.0.

There’s two workarounds: use the Red Hat 7.3 shared libraries for system libc and libnss, as described by John Anderson of genehack.org here; or apparently, a local proxy can be used as long as you use the IP address of the proxy in the emusicdlm app — not the hostname.

I’m conflicted now; I was about to go recommending this service to all and sundry, but

  • it really makes the Linux version a hell of a lot harder to run. (I hope they fix that, at least). Previously, it was simply ‘right click to download’, which is insanely easy and simple.

  • more worryingly — in my experience, this kind of ‘tightening up’ is often symptomatic of a company running out of cash and spiralling ’round the plughole, IMO. :(

On the good side, once I downloaded and set up the genehack hack^Wworkaround, it’s now working perfectly.

I’ve just downloaded an album from their service in about 3 minutes (at 400Kb/s), first try, and the tracks are all crystal-clear VBR MP3s. Now that’s nice…

(PS: -1 for whichever glibc genius decided to change the libnss API incompatibly.)

Horrific – when botfly larvae attack

Published May 10, 2003

Horror as maggots bore into game farmer’s eye (Saturday Star, South Africa):

‘I was in the veld hunting with a group of foreign tourists when I felt something flick into my eye. I thought it was just a miggie but that evening my whole face started to swell,’ he said.

Spangenberg went to his doctor and was given eye drops but the swelling got worse. ‘I started getting terrible migraines and at times I could see nothing but dark and light shadows out of my eye.’

His doctor sent him to eye specialist Bruce Staples in Bethlehem who suspected that the Bot fly was responsible but initially couldn’t spot the larvae – so he treated the inflammation.

When Spangenberg came in again, Staples spotted the worms in the retina and managed to hunt them down with the laser. Staples said by that stage they had begun to pupate and started to run and hide when he went after them with the laser.

This story notes that, in Africa at least, they generally attempt to infect sheep eyes rather than those of humans; but snopes has pictures (warning: extremely gross) from an earlier infestation in Honduras.

Botfly larvae are horrible, horrible little creatures. Urgh. This combines two of my pet neuroses — maggots and things happening to eyes — I think I’m going to get sick…

The FTC’s ‘Fridge’

Published May 9, 2003

wow, the FTC get so many reports of spam, they have to use this monster to deal with it! That’s serious volume.

(Image courtesy of spamNEWS and Neil Schwartzman — thanks Neil)

for posterity: the FormMail advisory

Published May 9, 2003

Myself and Ronald F. Guilmette co-wrote an advisory on vulnerabilities in FormMail. Here it is, archived from RFG’s bugtraq posting:

Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9

By manipulating inputs to the FormMail CGI script, remote users may abuse the functionality provided by FormMail to cause the local mail server on the same (web) server system to send arbi- trary e-mail messages to arbitrary e-mail destination addresses. Such e-mail messages may contain real or forged sender e-mail addresses (in the From: headers) entirely of the attacker’s choosing. In some cases, the envelope sender addresses of such messages may also be set to arbitrary values by the attacker.

I helped with a few cases where FormMail is vulnerable here, namely the injection of newlines attack.

When this came out, I was in Australia, packing in preparation for a month-long camping trip around Victoria ;) The Lake Catani campsite at Mount Buffalo was amazing. (whoa, compare that page with this e-commerce monstrosity — urgh)