I know that we geeks tend to laugh at such things but PLEASE REMEMBER that just as many of us can't do open heart surgery or rebuild our car engines, so too is there many that don't have our experience with scams. Currently there are several "$1000 Gift Card" scams that are going around, Best Buy and Walmart are two of the biggest right now. Please warn your less tech savvy friends and family about such things and point out that a REAL winning entry in a contest would be contacted by something other than a txt. I have had to warn several older and less savvy customers in the past few weeks because of this scam so its going around pretty heavily. remember to use your computer savvy for good and help your fellow man keep from being ripped off.
Someone on Slashdot recently claimed I hadn't read Keep the Aspidistra Flying because I thought the ending was depressing. After I finished my PhD in 2007, I've managed to avoid the same fate and have successfully avoided having a real job for almost five years. I've done freelance programming and written four books, and had a lot of time to post on Slashdot (as you can tell from the fact that, so far, I've posted more than anyone else this quarter) and do open source stuff (Ohloh ranks me in the top 2,000 geeks with no life^W^W^W^Wopen source developers).
That's about to change though. I had two interesting job offers recently (I seem to get job offers from banks very often, but I have a very low tolerance for tedium, so I'd probably have been fired around day 3 if I'd taken any of them). One was from Google in Paris (yay!) but working on boring things (boo!). The other was from Cambridge University, which is about as well paid as you expect in academia (aww!) but basically involves working on the same stuff I do for fun (yay!) with some very intelligent people (yay!). Oh, and it's in a city where a quick search found four tango classes (yay!) and property prices not much lower than London (oops!) and which is both small and flat enough that I can cycle everywhere (yay!) and so does everyone else (look out!).
So, in a few weeks I'm moving to Cambridge. I'll miss looking out at the sea, but being able to dance tango more than once a week should be some compensation. There also seems to be a lively salsa scene, although having to learn yet another set of names for the same Rueda steps is going to be a little tiresome...
When I visited, I went for drinks with some of the makerspace guys the night before my interview (I have no idea how much I drank, but it didn't seem to affect my interview performance too badly...) and met someone who worked on the C++11 atomics spec (which I was in the middle of implementing at the time) and someone who had ported 2BSD to a 32-bit PIC with 128KB of RAM, so it definitely seems like a city with no shortage of geeks...
Lately there have been a number of accounts created for a short period of time that dump very large posts right after stories make the front page. The posts are usually very long, containing multiple links and having a clear Pro-Microsoft Anti-Google bias. I'm really only making this journal entry to keep a track record of the accounts I believe are sock puppets for this movement. I may get some of these wrong, but more likely than not, I feel this will be pretty accurate.
This weekend (I think, maybe earlier), Slashdot published some statistics about the most active people. Apparently I am in the top four most active commenters for the past month and the past quarter. This is quite depressing.
In happier, and unrelated news, my FreeBSD commit bit was approved this weekend, so I can now cause untold destruction on the Internet at large...
My current phone is a Nokia N80. I've had it a few years and I'm reasonably happy with it, but it has a fault with the charging circuit and it's pretty bulky, so I'm thinking about replacing it. Unfortunately, there seem to be about 3,000 different options with no competent way of way of working out which one is sensible.
I mainly use my phone as... a phone. So, the most important feature for me is the ability to make and receive calls. Because I am a cheapskate, this includes SIP (and WiFi), since my SIP provider charges a lot less than my mobile provider when calling landlines. I really like WebOS in terms of UI, but that seems to rule the Pre out because the only WebOS SIP client is alpha quality and doesn't integrate with the address book. This is something that Nokia does really well - the SIP client is fully integrated, so I can just select someone from my address book and select Internet Call to make the call. No extra skill required.
Beyond that, the only thing I really need is to be able to sync contacts via bluetooth and to use it as a modem via bluetooth - both pretty standard features, I'd assume, since my last three phones have had them.
In terms of smartphone features, I'm not that bothered. A programming environment that supports native code so that I can port my ObjC runtime would be nice - I have no interest in VM-based crap - but aside from that I don't have any strong requirements.
I would, however, like decent battery life and a small size, and ideally a nice camera. The bulk and poor battery life of my N80 means that I quite often leave it at home.
So, any suggestions?
I have a customer that surfs those "porntube" style sites and I kept getting emails from him consisting of a single link, obviously randomly generated. Now since I had just cleaned this machine and knew it to be good I asked "WTH?" and he swore up and down that the ONLY thing he had done was watch some videos on those porntube sites. So I figured he was probably lying, so I figured "I've just made a disc image, have AV and NoScript, lets experiement". So I went to several porntube style sites, DrTuber,XHamster, etc, just clicking links to bounce from one to the other when sure enough about an hour later I started getting emails from myself along with everyone in my address book!
Now since it was the yahoo account that I only use as a spam dump I didn't care about that, what I DID care about is it looks like every. single. person. that looks at any of the porntube sites is vulnerable to having their Yahoo addresses stolen! I tried Chromium and FF 4, I tried with NoScript enabled, no matter what I did after surfing those sites for an hour or less, even after using CCleaner first to make sure there wasn't any info in the cache, there it was.
Now all I can tell you is that it doesn't seem to affect GMail or Live Mail, just Yahoo, but with Yahoo Mail it seems to be pretty damned consistent no matter what the user does! So has anyone else run into this, know how it works, or know how to stop it? I wish I could tell you the exact site but I was looking for the effect more than the cause, but if you start at DrTuber and XHamster and start clicking on video links leading to affiliates you WILL end up seeing it first hand, just don't use a Yahoo account you care about! Although since I saw the effect WITHOUT logging into Yahoo and WITH private browsing on who knows if you'll be able to stop it? I'm starting to wonder if the new yahoo beta isn't storing your address book unencrypted in the browser somewhere for speed. If it is the case we are talking a serious security flaw here folks!
This ungrammatical ghost (either "win shakes" or "wins shake" would have been correct) was a clear duplicate of another story, so I knew it was doomed when I saw it.
Tea Party Win Shake Up Net Neutrality
Original link: http://politics.slashdot.org/article.pl?sid=10/11/04/1544211
Posted by CmdrTaco in The Mysterious Future!
from the tea-shake dept.
GovTechGuy found a story discussing the Republican and Tea Party congressional wins and what that means for Net Neutrality. Apparently most of the dems who signed the net neutrality pledge last week are now looking for work.
A little while ago, someone on Slashdot pointed me at the Sale of Goods Act in relation to purchased electronics. The act, for those unfamiliar with it, requires that goods be 'suitable for the purpose for which sold.' This is a fairly broad term, but it basically means that they must be able to do anything that the seller claims that they can do. Under this law, you have 6 years from the date of purchase to file a lawsuit if the item does not match the claims.
This was relevant to me because my MacBook Pro is now out of warranty and the battery is dying. Looking in the System Profiler, its full charge capacity was showing up as 1476mAh after 56 charges. When new, it was 5500mAh. These numbers don't mean anything by themselves, but Apple claims that their batteries retain 80% of their full charge capacity after 300 charge cycles. Claiming this means that a battery that does not retain 4400mAh after 300 charge cycles is not suitable for the purpose for which sold, and they are legally required to refund or replace it (irrespective of the time that has elapsed, although I can only sue them if they don't within 6 years of the time of sale).
I called their support line and was put through to an Indian woman, who explained that the warranty had expired. I quoted the relevant parts of law to her, and (after being kept on hold for a bit), was transferred to someone senior. He very quickly agreed to send out a replacement battery.
Interestingly, he did not ask that the original battery be sent out, nor that I provide a credit card number where I would be billed if the battery turned out not to be defective. I've had two batteries replaced in warranty, and this was standard procedure then, so apparently I get better service out of warranty. I don't have a great deal of use for a battery that only lasts about 35 minutes on a full charge, but I'll probably keep it as a spare.
As always, it pays to know the law. It's a shame that Apple, which claims to be a customer-focussed company, doesn't educate its support team about this though. Possibly the Indian call centre deals with people from everywhere English speaking, while the Irish one only deals with people in the UK and Ireland, so the people there are more familiar with British law, but if I had not quoted the relevant act then I would have been charged Â£99 for a battery, on top of the Â£1.50 it cost to call their support line for half an hour.
About a year and a half ago, my wife met a really cool lady while doing community theater. Her boyfriend turned out to be a computer nerd, like me. In that year and a half, my wife and this woman grew very close, having similar interests and character. Although I tried to befriend the boyfriend, he always seemed distant. We knew, from his girlfriend, that he had had a "bad" childhood. We just never knew how bad, I guess. Yesterday at six AM, their house was raided by a fifteen man task force including state police, the FBI, and the district attorney's office. Because they had been investigating him for a year, and had the house under observation for a month, they knew they did not need the SWAT team for a flash-bang entrance, as was common in these cases. They were looking for child pornography, and they found it. Not "barely legal" stuff, two to six year olds, in violent and incestuous situations. He admitted guilt, at least according to the police, who questioned him away from his girlfriend. Yes, I realize that could be an interrogation tactic, but he also never protested his innocence to her, and seemed to know exactly why the raid was happening.
The raid was professional and the police were amazingly courteous. They found about an eighth of pot and quite a bit of paraphernalia, and asked whose it was. She admitted that her mom is an old hippie and had left a bunch of bongs there, but the rest was hers, that she used to calm herself down because she had hyperthyroidism, which is true. They let her keep everything and joked that, after this, she'd probably need it. The police doing this kind of work probably look on pot like they look on jaywalking, technically illegal, but not worth their time. They had a list of specific files that had been downloaded and came prepared with the utilities to scan any electronic device or media on the premises. The fact that he used Linux didn't phase them for a second. She gave up all the passwords she knew. As soon as they found the first match, about an hour and a half into things, he was cuffed and taken away. The raid lasted another three and a half hours after that, as the police methodically searched for additional evidence.
She had class, and needed her laptop, so they scanned that and gave it back to her right away, but she couldn't go to class because, if you leave the scene of an investigation, you can't come back until they are done. Which meant she couldn't go buy cigarettes, either, she was out, and none of the police smoked, the poor thing. So she pulled some hair out, strand by strand. The police had a rookie with them they assigned to her, probably like "Watch what we do and make sure she doesn't freak out." They set up two tables in her driveway. Anything potentially dangerous was brought there, as well as electronics and media. Other things were opened, searched, and placed on the floor. They took all hard drives and electronic components. They searched stacks of blank CDs, looking for any hidden amongst the blanks. They took all hand labeled CDs. They felt all cushions carefully, but not finding anything, did not rip them open. They opened all boxes, jars, bags, etcetera, and searched them.
I know all this because we spent about five hours last night going over it with her. If you ever have a friend go through a traumatic experience, this is the best thing you can do for them. Just listen, as they say the same things over and over again. Heck, when they slow down, ask questions to get them going again. Encourage them to show their feelings about it, too, if they cry or rage or shake or whatever, so much the better. The earlier you can get them to do it, the better, because (according to some psychological theories as I understand them) during traumatic, emotional events, the rational mind shuts down and disassociates at least a little. The experience is stored in memory as an undifferentiated lump with heavy emotional triggers attached. If it isn't processed, anything associated with the event can trigger strong emotions, once again causing the rational mid to shut down a little. Having one's rational mind shut down all the time is sub-optimal. She is going to clean up, move all his stuff to storage, and smudge the place with sage, which normally would earn an eye-roll from me, but this is exactly the place for that ritual. It's not magic, it's psychology.
The thing is, she had broken up with him the week before, and it was under consideration for a long time, because he just couldn't get his shit together after his dad died two years ago. He hadn't worked in years, he didn't do anything around the house, he just didn't do anything. He never wanted to hang out with me, even though we have similar interests and had fun conversations at parties. She would come home and find him crying on the couch. He doesn't remember much of his childhood, what he does remember is terrifying. His dad was a hoarder, and they were divorced when he was very young. His mom treated him like a boyfriend. His girlfriend reported seeing his mother sit on his lap and stroke his hair. He's thirty five. He had not had sex with his girlfriend in six or eight months.
I knew some of this before the incident so if it seems I rushed to judgment yesterday it is only because so many things suddenly made much more sense in this new light. It is still possible he is innocent of everything. It depends on exactly what they found, I suppose, and they have a year long record of someone, using several different IP addresses which they can now connect securely to him, I believe, viewing a great deal of very disturbing things online. They read the titles and descriptions of all of them to my wife's friend. We had a large bust of a child pornography ring here last month, actual production of the stuff, and the police admitted that there were fifteen additional people being raided here yesterday. I believe he had also recently befriended a young autistic man of twenty four or so who has young children. The police asked if he he had had any contact with people with young children, and his girlfriend told them that he had, and who they were, so they could question them. In retrospect, I'm glad I didn't get closer to this guy. My cousin has young kids and they are over at our house a lot. Again, I'm not saying this man actually did anything to children himself or intended to. But I see a lot of data points that fit a certain class of patterns of human psychological illness here.
So that's about it. That's all I know at this point. My wife and I are glad that we can be there for her friend while she goes through this, it isn't over for her yet, not by a long shot. Her family owns the trailer park (no snickers, it's very nice) where she lives (in a three bedroom double wide that is as nice as my place, and why am I worried about class issues right now?) She may have to testify, that depends a lot on him, I imagine. We don't even know where he is being held. No local police were involved, it was all state and federal. He called and left a message for her, said not to believe anything they said, asked her to pray for him, and asked her to help bail him out. His bail is eighty thousand, so someone would have to some up with eight. There is no way in hell she is going to put up any money. Note that in his message, again he did not directly protest innocence, he said, "Don't believe them." I believe there is a high risk that if he did get out, he would kill himself, which is why I made the comment yesterday. I was empathizing with what I can only imagine a person in his apparent situation must be going through. That's one of my flaws, I can't really shut off my empathy. It makes it hard to be around people sometimes, or even watch certain kinds of movies or television, like the original British version of The Office took me a really long time to warm up to, I always felt too much empathy towards the character Michael Scott to laugh at him. But I'm babbling now, I guess I don't really have anything else to say at present.
My guess is that this Monday-morning submission turned out to be a duplicate of something that came in over the weekend. But I haven't had a chance to check.
BSA Inflate Their Piracy Losses
Original link: http://yro.slashdot.org/article.pl?sid=10/09/20/1525220
Posted by CmdrTaco in The Mysterious Future!
from the thats-just-marketing dept.
superapecommando noted that Glyn Moody reckons
"The IDC numbers turn out to be reasonable enough, the conclusions drawn from them are not. Reducing software piracy will not magically conjure up those hundreds of billions of dollars of economic growth that the BSA invokes, or create huge numbers of new jobs: it will simply move the money around â" in fact, it will send more of it outside local economies to the US, and reduce the local employment. And it certainly won't do anything to ameliorate the quotidian problems of poorly-written software..."
I was expecting this one to resurface -- it disappeared right about the time Slashdot posted a big political story -- but it hasn't come back yet. I'm guessing it's a dupe of a story over the weekend, but I haven't had time to go searching.
Your Rights Online: UK Government Refuses To Ditch IE6
Orig link: http://yro.slashdot.org/article.pl?sid=10/08/02/169202
Posted by CmdrTaco in The Mysterious Future!
from the good-plan-guys dept.
"The UK government has said it will not upgrade its departments computers from Microsoft Internet Explorer 6 because it would not be 'cost-effective'. A recent online petition posted to Number10.gov.uk received 6,223 signatures that called for the 'Prime Minister to encourage government departments to upgrade away from Internet Explorer 6' due to its alleged vulnerability to attack, and because it requires web developers to specially craft sites to support the browser. This raises the question, what is the cost of an upgrade compared to a massive security breach?"
This one was funny -- it was in red on the front page at the same time as the article that eventually posted for real, Talk On Chinese Cyber Army Pulled From Black Hat. Oops!
Black Hat Talk On China Cyber Army Pulled
Orig link: http://it.slashdot.org/article.pl?sid=10/07/15/1529241
Posted by CmdrTaco in The Mysterious Future!
from the nobody-ever-talks-about-the-purple-hats dept.
"A talk that would have given conference attendees a unique profile of China's secretive government-sponsored hacking efforts has been pulled from the Black Hat schedule. Wayne Huang, one of the presenters of the talk and CTO with Taiwanese security vendor Armorize, said that he decided to pull the talk after vetting it with several organizations that had contributed intelligence and getting pressure from several places, both in Taiwan and in China. Huang wouldn't say who complained or why, but he said that by pulling the talk Armorize will be able to maintain its good relations with the Asian security community. 'We ran the materials by some key people and they were not happy with it,' he said."
Some time around 2005, Slashdot ran an article about a new hosting company, MacMiniColo that was taking advantage of the new machines that Apple had just released to offer cheap hosting. I got in contact with them, and a little while later, I had a Mac Mini, sitting in a rack somewhere, running OpenBSD and acting as my dedicated server. A 1.42GHz G4 CPU, 512MB of RAM, and an 80GB disk was (and still is) more than adequate for my needs. The biggest load on it is eJabberd, and even that only used under 1% of the CPU.
I had really great service from these people. The hard drive failed a little under a year after I bought the Mini, and Apple refused to honour the warranty because they couldn't find the records of the sale (then, a few weeks later, they could, but by then it was out of the warranty period). MacMiniColo replaced the disk for me at their own expense.
After five years with them, however, I had a little look around and noticed that VPS hosting has gone down in price a lot. I've written a book on Xen, so I thought I might try a Xen-based VPS now that FreeBSD has Xen support.
GigaTux only claims to offer Linux, but I dropped them an email and they were happy to install FreeBSD for me. I still haven't tried the Xen-enabled kernel yet; they installed the stock x86-64 kernel in an HVM domain for me and performance has been fantastic.
I'm sharing a server with 64 other guests and in spite of that performance tends to be better than my ageing Mac Mini. I was getting 1000IOPS while untaring the ports tree, which is far more than the Mini's old 2.5" laptop drive could handle, and is amazing considering that it's going via the slow, QEMU-derived, emulated device, rather than the fast PV driver. I've been installing software from ports, so everything is compiled on the machine, and even that has been fast.
And my Mini? They found someone else who wants it, and offered me about a third of what I paid for it originally - not bad depreciation after five years of constant use. Shipping it back to the UK would have cost almost as much as buying one on eBay, so I sold it on. Hopefully someone else will get some good use out of it.
As an aside, I've been really impressed by how well OpenBSD works on Mac/PowerPC hardware. If you've got an old Mac Mini lying around, chuck OpenBSD on it and you've got a reasonable low-volume server. The newer ones, of course, are x86 hardware, so will run just about anything.
The codemonkeys of Slashdot have obviously been pounding randomly on their keyboards recently. Here's a thought, if you are going to hire monkeys to maintain your code, you should at least test it before deploying it to your live servers. This hasn't been Rob Malda's personal blog for years, it's a fricken' business. Do you Slashdot employees like your jobs? Do you want them to continue to exist? If so, perhaps you should start treating this like a business and not like a hobby. Quit breaking things.
They made me do it! It was the peer pressure! I... I'm on... Facebook now.