This is just silly. I have 50 – yes, count ’em – 50 GMail invites. Nope; 49, now. If you want one, shout. And yes; Becky, I’ll sort one for you as soon as you tell me where to e-mail it to.
Tag: technology
Sam’s Spam
I just got swamped by about 150 bits of trackback spam. Not a problem – I know how to deal with it and I was able to get rid of it all in line of SQL code… and it was also interesting to see that I rank highly enough in common searches to find ‘open’ blogs that I was swamped by so much of it, so quickly.
I’ve been spam-free for months, since I implemented my solution to blog spam, which (as you’ve probably seen) involves answering simple (to a human) questions when you place a comment. But this most recent horde of spam worked by using trackback, a system whereby weblogs tell each other if people write relevant “follow-up” content. And, unlike the comments-spam, which I was able to easily prevent, trackback spam is more difficult, and I’m yet to devise a suitable solution (although I have a clever idea).
I wonder if it was the man interviewed by The Register yesterday who was responsible for this attack?
Flash MX 2004 Data Integration/XML Features
Geeky post.
I’ve just been playing with the data integration and XML-parsing features offered by the new version of Macromedia Flash (traditionally used for animation on the web, but nowadays used for all kinds of things, like those silly games at Shockwave.com). They’re actually quite impressive – here’s the result of my fiddling this evening (requires Flash Player 7 – not worth downloading just to see it, though):
It’s an RSS reader, connecting to the Scatmania web site – or, more simply – it connects to this web site and picks up the summaries of the most recent posts and provides them in a compact browser (with a little ‘Go…’ button to take you to the full article).
Why’ve I posted it here? Because it impressed me to see what Flash is capable of these days. Apologies to the non-geeks who are by now going “La la, la la…”
Freedom Sport And Surf
There’s a lesson here for any business with a web site:
I’m sure that you may be familiar with Freedom Sport & Surf, the sports goods shop on Alexandra Road (opposite the carpet shop formerly known as Rumbletums Cafe). Well; they had a website – FreedomSportAndSurf.com. But they let the domain name expire, and it’s been picked up by a porn site: take a look.
In any case, the owners of the store aren’t internet-savvy, and had completely forgotten they had a web site. Similarly, most of the staff weren’t aware of it, either, until a lady came in, recently, and informed the staff member at the counter they she thought it was “disgraceful” that the shop had “things like that” on it’s website, where “children could view it”.
Today, staff at the shop are frantically scrubbing the web address from their carrier bags. Hilarity.
Geeky Humour – The Concatenator
String c = a.concat(b); has never been so violent.
More Geeky Fun – Hack Security Cameras
This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:
- The Ten Weirdest Sex Toys I’ve ever seen (2009)!
- A dirty-looking calendar I found at work (2011).
- My beliefs about why it’s wrong to lie to children about Santa (2009), complete with pictures of naughty elves.
- An argument I had (2011) with the Office of National Statistics about nonmonogamy and the census.
- Open Source Shaving (2009).
Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:
- Night-time right now; looks like some kind of highway-cam
- Night-time: all black – haven’t tried the motor controls yet (could be looking at a wall)
- Terrifyingly, looks like it’s pointed at a cash machine or wall safe
- Daytime when I checked – a car park: a good place to play with the controls
- Outside a building
- My favourite – some guy’s office!
Update 17th August 2011: fixed broken link to Panasonic website!
Three More “Extremely Critical” Internet Explorer 6 Vulnerabilities
Three more “extremely critical” Internet Explorer vulnerabilities are being reported today. Secunia‘s advice – Use another product.
First Look At Microsoft Ani-Spyware
Microsoft have released a beta-test version of their new Anti-Spyware program (based on technology they gained during their recent acquisition of Giant Company Software). As a happy little curious bunny, I decided to download it and give it a go on one of the computers laying about at work.
Installation of Anti-Spyware is the typical InstallShield-driven wizard interface.
Interesting to see that this product comes “with SpyNet technology”. Sounds like a buzzword if ever I heard one.
Having finished the installation, the “Setup Assistant” launches.
The setup will be divided into four stages – although, in actual fact, the first three stages consist each of answering one question and the fourth can take a long, long time (scanning the computer for spyware).
Questions first:
With inspiring titles like “Keep Your Computer In The Know”, “Meet Your Computer’s New Bodyguards”, and “SpyNet: The Anti-Spyware Community”, one can’t fail to feel safer almost immediately, hmm? I leave everything as the defaults – turned on. Reading it’s description, I’m left wondering what ‘SpyNet’ actually does. Sounds a little like spyware to me. I can only hope it’s not as innefectual as the “submit a bug report” feature already common in Windows.
The setup wizard (which, it turns out, has no presence in the taskbar and can not be alt-tabbed to, which means that I have to minimize my other windows to dig my way back to it) suggests that I run a “SpyWare Scan” now. I don’t have all day, so I select to run “an intelligent quick scan”. It estimates that this will take “less than 2 minutes”. Okay, that sounds fair.
After a quick check of the running processes on the PC, the scan begins looking at the files on the computer. There’s no progress bar, so the only indicator of how far it’s gone is based on which file it’s currently scanning, and my knowledge of the layout and content of this hard disk. 2 minutes later, it’s broken it’s promised, as it doesn’t seem to have made great progress – but it does claim to have detected two pieces of spyware: TightVNC, a piece of computer remote control software I installed a few days back – not spyware – and WinPCap, a set of drivers for capturing network traffic, used by most Windows-based packet sniffers (a network protocol analysis tool) – also not spyware. Hmm.
Confusingly, the scanner at this point claims to have detected 2 infected registry keys, despite also claiming to have not yet scanned any registry keys.
After about 8 minutes, the second part of the scan begins – scanning the system registry. The flickery little animation is changed from little yellow folders to little green building bricks, and the list of infections increases. See below for the complete list of “spyware” that it found.
Finally, after about 13 minutes, the scan is complete (a little longer than the estimated 2 minutes for a ‘quick scan’), and I’m presented with the results:
The report detects the following:
- TightVNC and RealVNC – two remote control programs that “allows full control of the machine it is installed on”. The spyware report kind-of makes it clear that these two “moderate threats” are legitimate remote control software, but that they could be exploited to take control of the computer remotely, by an unseen attacker! Interestingly, it doesn’t detect that I have Remote Desktop, Microsoft’s remote control software, activated. Nor does it detect pcAnywhere, another remote control program I’d put on for the purpose of this scan.
- WinPCap – this, as mentioned above, is a network capture driver. The spyware scanner lists it as a “low threat”, and points out that while not dangerous in itself, it could be used by a spyware program to capture my network traffic, which is correct. I’m not aware of any spyware that takes advantage of WinPCap, but it’s at least a theoretical possibility, and it’s fair to warn me about it.
- eDonkey 2000 and Grokster – the program incorrectly detects an installation of eDonkey and Grokster – two file-sharing programs. These are listed as “low” and “medium” threats, respectively, not because they are spyware… but because they are often bundled with spyware (in the latter case, nasty stuff like Cydoor). In actual fact, this computer has Shareaza installed – a free, open-source, spyware-free file-sharing program that is capable of connecting to the eDonkey and Grokster networks.
- EasySearchBar, a known piece of spyware that sits in Internet Explorer and feeds information about browsing habits back to the makers, and allows pop-up ads to appear. I’m not even sure how that got onto this computer (people shouldn’t be using Internet Explorer here at SmartData at all), but it can be removed using the tool, so I let it go ahead and do so.
Conclusion
Microsoft Anti-Spyware is currently in a very early release and buggy stage. It successfully detected all the spyware that Ad-Aware did (although it doesn’t also pick up on tracking cookies and data miners harboured by IE, as Ad-Aware does). However, it also detected several completely safe pieces of software, which – had I been an amateur user – could have alarmed me
into accidentally deleting them. The time estimates given by the program are way-out.
I haven’t tried (to any great level) any of the other tools provided by the program – such as the cache cleaners and the live protectors – however, the live protector that was supposed to “prevent unauthorised programs from editing the hosts file” (a common way for adware programs to take over your internet connection) didn’t work. When I wrote a program to (in a very suspicious manner) add entries to the hosts file, it didn’t even notice, prevent it, or even log that it had occurred.
I am concerned that, if Microsoft do start charging for this product or for updates to it, this could be an opportunity for Microsoft to make money out of a problem that they helped to create. And if they give it away for free, I’m concerned that it will be ineffectual and lull users into a false sense of security (like Microsoft Anti-Virus before it). However, on the up-side, at least Microsoft are beginning to take spyware and adware seriously.
Links
- Microsoft AntiSpyware First Impression, by Nathan Weinberg
- Microsoft Anti-Spyware?, by The Register
The Stigma Of The Amiga
LiveJournal Sells
Following up yesterday’s rumours, it can now be seen that, officially, LiveJournal has been sold to SixApart. The details look pretty good – the service will remain much as-it-is, nobody will be ‘migrated’ to TypePad or MoveableType, and – better yet – LiveJournal might actually (finally) get some much-needed new features, such as trackback (which can be seen in effect right here, on my post yesterday – this post will be linked as a ‘trackback’ comment, because this post follows it up – with trackback, this kind of thing can be posted cross-journal, too).
Ah; Computers
Heh! Celoxis, a web-based project management tool we‘ve been experimenting with, e-mailed me twice today – just past midnight, and half an hour later – to remind me that it will be my birthday on Saturday (in case I didn’t know). Better yet, our mail server picked up on these e-mails and flagged them as ‘spam’. Wonderful.
LiveJournal May Be Sold
I hear that LiveJournal – one of the world’s biggest blogging communities (and home to most of the blogs syndicated by Abnib) – is to be sold to SixApart, a TypePad/MoveableType-based blog-host.
What effect this will have on holders of existing LiveJournal accounts – particularly paid accounts – is as yet unknown. Nonetheless, I think this could be a very interesting year for LJ bloggers.
Completed Half-Life 2
(don’t worry – no spoilers) Well – I’ve finished Half-Life 2. I must say, it just got more and more stunning. The weapon you’re left using for the last two chapters is simply wonderful (think: gravity gun v2.0). The finish is… simply stunning, and suddenly the G-Man seems even more mysterious than ever… it’s just… wow.
There’s this empty space I need to fill with Half-Life 3.
The downside: it was too short – I was hoping for about another three hours of ‘gametime’ from it. Plus, there are things I’d have liked to have seen but didn’t (monsters I saw but never got to fight, mysteries left unanswered [including most of the ones from the prequel], etc.), and I found the final fights a little too easy (although I have the option to just replay any chapter at any difficulty level, so I can crank it up to Hard and try again). That, and, I feel a major lack of closure – despite a very deliberate ‘build-up’, that game ended in a way that felt quite abrupt and ‘unfinished’ (perhaps the last challenge was a little obvious to me, or something).
In any case – it’s well worth playing, and pretty much anyone I know is welcome to play through it on Duality, if they so wish. Now I’m going to go browse the forums for easter eggs and tips about what’s coming in Half-Life 3.
Half-Life 2
Half-Life 2. The most immersive first-person shooter I’ve ever played. From it’s “throw you in at the deep end” beginning – chased around the streets of the overpowering City 17 by Combine agents, rushing through apartments as raids go on all around you – to it’s immensely clever, multi-faceted puzzles – how do I get past that guard? I could creep by him: I wonder if he’s paying attention… or throw that can to make a noise… maybe I could knock him in the back of the head before the security camera sees me… can he swim? – it’s a thrilling game. In the Half-Life tradition, very little is given away, and the player is left to make many of their own assumptions about the way the world around them works; I find this a little frustrating (I’d like to hear more back-story), but this is soon taken away when I’m drawn into another firefight. The game is gorgeously detailed – the characters around you frown, smile, wink, raise an eyebrow… and genuinely look relieved, scared, upset, etc. Meanwhile, explosions outside are rendered beautifully, water reacts like it should, and the ‘Havok’ physics engine means that if you can imagine it, you really can build it out of the myriad small items around you.
Despite Paul and my complaints about the Steam distribution system, it’s all seemed very good – owing to it’s modular design, I was able to start playing the game when it was just 69% downloaded (and when I ‘caught up’ with it, I only had to wait a few seconds for more content to be downloaded). Paul may be relieved to hear that once the game is downloaded (or activated, if it’s store-bought) it can be played in “offline mode”, and never accesses the internet without permission, it won’t auto-update unless you let it, and there is an option to back up the version you currently have installed – to CDs, for example – so that you could, if you wished, reformat and reinstall Windows and re-install the game without having to download it again. In addition, the modular design meant that my download was ready sooner than it might otherwise be, as it took advantage of the files I’d already downloaded as part of the demo version. I’m still not sure of any way to install to a different drive, which I’d particularly like to be able to do, but nonetheless I’m more impressed with Steam than I expected to be.
I managed to play Half-Life 2 for four hours… before I began to feel motion sick (I’d recently had a plasma cannon installed on my hovercraft, and driving it [with my left hand] while aiming and firing the weapon [with my right] left my poor eyes sufficiently confused that I’m now taking a quick break). I’ll probably go in again and blast some more Combine scum before I go to Sian and Andy‘s New Year’s Party. Yeah!
Update: Fixed link to Paul’s new blog after he moved it, breaking a universe of links. Old content was at http://www.livejournal.com/users/thepacifist/202607.html
Internet Explorer Exploit Of The Day
There’s yet another killer Internet Explorer bug out there, which is manifesting itself in the form of a new trojan, Phel.A. This one only affects Windows PCs updated with SP2 (the supposedly ‘safe’ people) and works by confusing the ‘trusted’ and ‘untrusted’ zones.
I always find reports like this interesting, so I’ve written an exploit of my own. If you’re still using Microsoft Internet Explorer, and you’d like to see why you shouldn’t be:
- Click here to look at a web page I’ve set up [update: link long-dead]. It looks kinda boring, I know, but – if you’re using Internet Explorer, it will slyly put a tiny application in your Startup group.
- Next time you log into Windows, the tiny application will download and install a bigger application.
- Next time after this that you log into Windows, the bigger application will run, and tell you why you shouldn’t be using Internet Explorer.
The information on how to use this exploit is easily available on the web. Before long, we’ll be seeing another wave of web sites that can install software on ant Internet Explorer users’ computer.
If you’re still using Internet Explorer, take a look at BrowseHappy.