internet

Google Wants Your DIY Porn Videos

Got home videos? Send them to Google! That’s the message that Google co-founder Larry Page is trying to put out.

In anticipation of launching a “video search” system, Google wants a stack of material on which they can test their “video spider” – a program which will hunt for keywords (spoken, or on-screen) in video material, so that it’s searchable in much the same way as web pages already are.

Fucking weird.

Ceefax On Scatmania

Do you remember Ceefax, that wonderful service from the BBC that seemed so cool until you discovered the internet? Well I do. And so does a Dutch consultant who set up a system, on the web, for searching Ceefax pages.

Well; in any case; I thought that his site was fun (in a nostalgic kind-of way) but hard-to-navigate, so I’ve developed a sensible front-end that’s far more reminiscent of the way Ceefax works: Ceefax Browser On Scatmania. Give it a go.

Physical Device Fingerprinting Over TCP

A PhD student in San Deigo has written a fascinating paper which will spook internet anonymity freaks – Remote Physical Device Fingerprinting – which describes how a physical computer can be uniquely identified on the internet, regardless of operating system, IP address, or data sent, just by looking carefully at it’s TCP packets (which contain the data for a large amount – perhaps a majority – of the internet’s traffic, including all web and e-mail traffic).

The technique works by observing the deviation in the timestamps sent (in accordance with the widely-adopted RFC 1323: TCP Extensions for High Performance, specified back in 1992). Each computer’s hardware clock is made from a separate piece of quartz, and each quartz crystal is unique in it’s imperfections. By measuring these imperfections across the internet, it’s possible (with enough sample data) to identify a computer individually, which has implications both good (computer forensics) and bad (anonymity).

The paper itself [PDF] is well worth reading. And, for those that are paranoid about their anonymity online, here’s how to “turn off” this feature of TCP for Windows 2000, Windows XP, and Linux:

Windows 2000/XP – Run RegEdit; navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters; add (or edit, if already present) the DWORD “Tcp1323Opts” to 1. This disables TCP timestamps, but leaves Window Scaling (a really useful TCP/IP enhancement) enabled.
Linux – echo 0 > /proc/sys/net/ipv4/tcp_timestamps

Of course, the absence of timestamps from your machine may, if you’re in a small enough sample group, single you out even more, but at least you’re not globally unique any more; which from an anonymity perspective is a really good thing.

Opera 8’s Solution To IDN Exploit

I’m sure you’ve all seen the recent Internationalized Domain Name exploit, which affects most web browsers (except for Internet Explorer – shocker! – because it doesn’t yet have the power to support internationalized domain names): if you haven’t, why not visit paypal.com – looks just like the real thing; doesn’t it: the browser bar says you’re at PayPal’s real site, but you’re not. That first ‘a’ in the name is an international character (actually the letter ‘a’ from the Cyrillic character set, which is just slightly different from a Western ‘a’, if you look closely. Of course, this leads to potentially thousands of dangerous phishing exploits, tricking users into exposing their bank account details to random Nigerians.

Opera, makers of a stunning web browser that I’m not quite sure I should be abandoning yet, have announced their solution to this problem (which isn’t actually a web browser problem at all, but a specification problem): IDN domain names from outside of places which are expected to need then (e.g. dot-jp, etc.) will be displayed longhand, and secure sites (https) will display their certificate holder’s name – longhand – alongside the domain name in the address bar.

Of course, unless you’re using Opera 8 beta, the only way to be sure you’re safe from this exploit is to manually type in every link you follow.

This Has GOT To Be Anti-Trust/FUD

This screenshot taken from Microsoft Anti-Spyware:

[screenshot removed – later turned out to be a fake]

Firefox Finally Appeals

As you may all know, I’m a die-hard supporter of the Opera web browser, despite many of my friends now claiming that Firefox is superior. I’ve been following the Mozilla project for a long while (haven’t we all), and on the many occasions I’ve tried Firefox (and it’s grandparents) I’ve always been unimpressed. It’s always been the little things that Opera did that kept me coming back to it, time and time again.

With the full release of Firefox 1.0 (download Firefox here), there’s been an explosion in the number of Firefox extensions that have become available, so I decided to try to find a combination of extensions that would at long last give Firefox the capabilities that always kept me coming back to Opera. The theory is – if I can find enough extensions to give me the functionality I need in a web browser (which Opera very-nearly perfectly provides) in Firefox, it’ll make a convert out of me. Here goes –

- Mouse Gestures 1.0 – One of the great things about Opera is that it really pioneered mouse gestures (waving your cursor in strange patterns in order to facilitate shortcuts), and led the way for years thereafter. Mouse gestures are infectious – once you’ve used them and you get the hang of “doing things faster” (particularly mouse-intensive activities like web browsing), you end up trying to do it elsewhere – I’ve frequently used friends computers (with Internet Exploder, or similar) and tried to do a gesture before remembering that I can’t.The Mouse Gestures extension for Firefox is fully-featured and highly-configurable. I found the original settings a little unresponsive, and had to increase the “diagonal tolerance” (slippage permitted in a non-cardinal direction) to bring it back in line with the speed at which I execute gestures, and of course I’ve customised some of my own gestures. Apart from that, it’s wonderful.

Firefox Downloads Window In Sidebar

- Download Manager Tweak 0.6.3 – One thing I loved about my customised Opera configuration was that pretty much everything not directly related to browsing – my RSS-feed subscriptions (that let me keep an eye on all my friends’ weblogs in realtime), my downloads, etc. – were set up to all appear in the wonderful “sidebar”: a non-invasive way of keeping information “to hand”. Firefox’s download windows are chunky and ugly, only a little better than the hideous ones provided by Internet Exploder. This plugin allows you to move the download window to the sidebar – a far more sensible place for it – and manage all your transfers from there.
- Web Developer 0.8 and Nuke Anything 0.2 – As a web developer, I love the web developer tools in Opera. The ability to switch stylesheets, emulate other browsers, change and test content on the fly, and manipulate cookies is invaluable when debugging large, complex web projects. Combining these two excellent extensions gives me all of this, and more. The Web Developer tools can do things like manipulate form data on the fly, edit offline HTML and CSS on-the-fly, simulate different screen resolutions, and validate source code – it’s fantastic. Nuke Anything allows content to be ‘removed’ from the page: a great way of digging through complicated source code to find how a particular trick is being achieved.

Sage Extension For Firefox

Sage 1.3 – Now here’s a stunning piece of software. Thanks to Jon for suggesting this one.A great feature of Opera is it’s use as an RSS reader. RSS is a wonderful way to “subscribe” to news sources, weblogs, and the like, and be notified when they’re updated or even have the new content delivered directly to your desktop. It’s so good, that I rarely use Abnib or my friends page any more. Opera makes it easy to set up and manage your subscriptions, and delivers them in the way that suits you best.Now Firefox does natively support syndication, but it doesn’t do a very good job of it. It’s system – “Active Bookmarks”, relies on use of it’s bookmarks list, lots of scrolling, etc. Plus – and here’s the big problem – it doesn’t pass your browser cookies when picking up the feeds – this means that you can’t have it, for example, pick up restricted “friends only” feeds from your friends’ weblogs. Without this feature, there was no way I’d be leaving Opera behind.But Sage pulls it off. It pulls in the feeds and presents them in a brilliant way. It’s default options are a little weird, and it doesn’t support automatic “timed” feed collection, but it still does a great job of this newsfeed lark. I think everybody with Firefox should install Sage.
Session Saver – Simply put, this allows Firefox to remember what tabs you had open when it was last closed (even if it crashed or there was a power cut), and re-open them when you run it again, in a very Opera-esque way.
MiniT 0.4 – A pet annoyance, but one that would have really annoyed me, is the inability to re-order the tabs while using Firefox’s tabbed browsing. I mean: why wasn’t this included with the program? Most other programs that use the dynamic “document” tab metaphor allow the user to click-drag-reorder them, including my beloved Opera. But no, you need a plug-in like MiniT to do this. It’s good: not as “fluid” as Opera, but quite satisfactory.
TabBrowser Preferences 1.1.1 – It didn’t take long of playing with Firefox, particularly on the EasyNews web site, to find another thing which, to me, is a big problem. When people (very rudely) make hyperlinks that request to be opened in “a new window”, Firefox does exactly that: opens them in a new window, rather than in a new tab in the current window (fitting with the tabbed browsing metaphor). I tried a couple of plug-ins to prevent this from happening, but none of them worked consistently (for example, catching JavaScript pop-up windows and tabbing them, for example), as Opera does, until I found this lovely little extension. TabBrowser Preferences has all kind of options I don’t use, but for this one, which I do, it’s wonderful.
LastTab 1.1 – By this point, I had very few quirks left unsatisfied on my “web browser wish list”. One was that, in Opera, pressing CTRL-TAB takes you first to your most-recently used other tab, and then (if you keep pressing tab) through the others you have open. This makes sense to me, because you can then use CTRL-TAB as a two-tab “flicker” (like the “last channel” button on a TV remote): perfect for use as a “boss key” (if you don’t know, you don’t need to know). Satisfied.

This only leave one “big” niggle that still pisses me off – I can’t find a plug-in that will allow me to hold down a particular key (e.g. shift) and click on a tab, to close it (really useful for closing multiple tabs at once, after running and completing a multi-tab information seek). If anybody can suggest an extension that does this, let me know!

So; I guess I’m a Firefox convert. I knew it would happen someday, but I’m just surprised it happened so soon.

Freedom Sport And Surf

There’s a lesson here for any business with a web site:

I’m sure that you may be familiar with Freedom Sport & Surf, the sports goods shop on Alexandra Road (opposite the carpet shop formerly known as Rumbletums Cafe). Well; they had a website – FreedomSportAndSurf.com. But they let the domain name expire, and it’s been picked up by a porn site: take a look.

In any case, the owners of the store aren’t internet-savvy, and had completely forgotten they had a web site. Similarly, most of the staff weren’t aware of it, either, until a lady came in, recently, and informed the staff member at the counter they she thought it was “disgraceful” that the shop had “things like that” on it’s website, where “children could view it”.

Today, staff at the shop are frantically scrubbing the web address from their carrier bags. Hilarity.

More Geeky Fun – Hack Security Cameras

This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:

The Ten Weirdest Sex Toys I’ve ever seen (2009)!
A dirty-looking calendar I found at work (2011).
My beliefs about why it’s wrong to lie to children about Santa (2009), complete with pictures of naughty elves.
An argument I had (2011) with the Office of National Statistics about nonmonogamy and the census.
Open Source Shaving (2009).

Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:

Update 17th August 2011: fixed broken link to Panasonic website!

LiveJournal Sells

Following up yesterday’s rumours, it can now be seen that, officially, LiveJournal has been sold to SixApart. The details look pretty good – the service will remain much as-it-is, nobody will be ‘migrated’ to TypePad or MoveableType, and – better yet – LiveJournal might actually (finally) get some much-needed new features, such as trackback (which can be seen in effect right here, on my post yesterday – this post will be linked as a ‘trackback’ comment, because this post follows it up – with trackback, this kind of thing can be posted cross-journal, too).

Internet Explorer Exploit Of The Day

There’s yet another killer Internet Explorer bug out there, which is manifesting itself in the form of a new trojan, Phel.A. This one only affects Windows PCs updated with SP2 (the supposedly ‘safe’ people) and works by confusing the ‘trusted’ and ‘untrusted’ zones.

I always find reports like this interesting, so I’ve written an exploit of my own. If you’re still using Microsoft Internet Explorer, and you’d like to see why you shouldn’t be:

Click here to look at a web page I’ve set up [update: link long-dead]. It looks kinda boring, I know, but – if you’re using Internet Explorer, it will slyly put a tiny application in your Startup group.
Next time you log into Windows, the tiny application will download and install a bigger application.
Next time after this that you log into Windows, the bigger application will run, and tell you why you shouldn’t be using Internet Explorer.

The information on how to use this exploit is easily available on the web. Before long, we’ll be seeing another wave of web sites that can install software on ant Internet Explorer users’ computer.

If you’re still using Internet Explorer, take a look at BrowseHappy.

Google Of The Future

Google Suggest is the newest crazy invention from the guys at Google Labs… and it’s actually pretty cool! Go give it a go…

ATOM Feed Of Your GMail Inbox?

Checking my GMail account this morning, I noticed an unusual icon in the lower-right corner of the browser window:

It turns out that Google‘s GMail service seems to be testing an ATOM feed – a kind of syndication feed (similar to those used by weblogs and news sites – see Scatmania’s ATOM feed) that can be ‘subscribed’ to from your desktop computer.

Right now, the GMail feed looks pretty bare:

Nonetheless, this is an interesting turn of events – didn’t Google recently say that no other automated mail checking tools were to be used except for their own GMail Notifier (sorry, can’t find a news story to link)? But now it looks like they’re working on developing a format by which anybody can ‘subscribe’ to their own inbox (although probably only using a web browser – the non-browser-based XML readers seem to have difficulty with cookies, which are likely to be required.

It’s all interesting.

Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was receiving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all across the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.

Blogspam A Problem… No More

As I’ve mentioned in previous posts, I’ve been getting more than my fair share of blogspam of late. I’ve been spending about twenty minutes every three or so days clearing out the ‘moderation’ queue and updating my keyword lists. Worse still, some spam has been getting through nonetheless (hopefully I’ve always been quick to remove it, and so none of you – my readers – have had to see any of it).

So: I’ve implemented a new anti-blogspam solution: whenever you post a comment to my weblog from now on you’ll be asked a simple question. The answer is usually obvious… to a human… but very difficult to automate a computer to answer. I appreciate any feedback on this (why not leave a comment to this post), and I’ll let you know whether it fixes the problem. And, of course, if it does, I’ll offer my code snippet back to the WordPress development team in order to include it, perhaps, with a future version: or, at least, offer it to friends of mine who use similar blog engines and are troubled by spam.

I need sleep.

In other (almost equally geeky) news, I’ve been spending a good deal of time working on my new RockMonkey WikiGame – TromaNightAdventure. If I can keep up a reasonable development rate on it this weekend (which could be tough – I’ve lots to do, and Gareth is visiting and keeps distracting me with cool technology like GPS devices and VoIP telephones), it’ll be ready on Tuesday evening. Watch this space.

Popularity Of The Welsh Language

<ROFLMAO>

Want a giggle? Go to Google and type “old dead language” into the search box (with or without the quotes… either way), and hit “I’m Feeling Lucky!”.

This is the follow-up to my experimental googlebomb the other week. I’ve had my fun, now, and I actually believe it’s possible (I was skeptical when I first read about it, but it turns out that Google really is that easy to manipulate) to pull off a googlebomb of this scale with my limited resources.

In other (equally geeky) news, I’m starting to have trouble with blogspam, and my usual keyword/IP/link-count filters aren’t catching it all… might need a reprogram.