July 2006 Wayback

Script to find replace IP’s on local TCP/IP printer ports.

Our enterprise is going thru a domain wide IP migration and we needed a way to script out IP changes for printers mapped to local TCP/IP ports.

I found this post: Script to find replace Ip’s on local printer ports? and found a nice script from Kheldaroz. Which while it didn’t work correctly it was enough to get me going in the right direction. Take a look at the old script and then my changes here 1st, then the correct script below:

First create a ‘printerip.csv’ file with newIP in 1st column and oldIP in 2nd column. For some reason Kheldaroz has the Printer Name listed first. (?!)

Set WshShell = WScript.CreateObject(”WScript.Shell”)
If this line is not present you may receive and error if the script tries to make any changes.

During the following section of code, the script would point the printer to the new TCP/IP port, but on the 3rd line below it would change the old TCP/IP port to point at the new IP address, stranding the printer to an IP port that had not been created.

WSHShell.RegWrite print1 & “Port”, “IP_” & newip
WSHShell.RegWrite print2 & “PortName”, “IP_” & newip
WSHShell.RegWrite print4 & “IPaddress”, newip
WSHShell.RegWrite print5 & “Port”, “IP_” & newip
WSHShell.RegWrite print6 & “PortName”, “IP_” & newip

There was 2 ways to go to fix this, either remove all the lines above except for the print4 statement, or write the registry entries to create a new printer port altogether. I decided to go with the latter as it’s better than having an incorrectly named TCP port. I don’t know if all of the entries are neccessary but I figured it better to err on the side of caution.

WSHShell.RegWrite print3 & “IP_” & newip & “\” &”HostName”, “”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”HWAddress”, “”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”IPAddress”, newip
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”PortNumber”, “9100″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”Protocol”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Community”, “public”, “REG_SZ”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Enabled”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Index”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”Version”, “1″, “REG_DWORD”

Although the registry is updated the printer control panels are not until after a reboot. I added a line to this echo to make sure there’s no confusion.

WScript.Echo “Printers have been updated. A reboot is required before changes will take effect.”

Here’s the entire corrected script:

‘Printer IP Migration Script by Michael Wade 7.5.06
‘based on the Printer Update script posted by Kheldaroz on http://www.experts-exchange.com/Networking/Q_20830849.html
‘See also http://www.experts-exchange.com/Networking/Q_21908953.html
‘and http://dahifi.net/index.php/archive/71/

‘First create a ‘printerip.csv’ file with newIP in 1st column and oldIP in 2nd column.

Set WshShell = WScript.CreateObject(”WScript.Shell”)
Set WshNetwork = WScript.CreateObject(”WScript.Network”)
Set Printers = WshNetwork.EnumPrinterConnections

For i = 0 to Printers.Count – 1 step 2
Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objTextFile = objFSO.OpenTextFile (”printerip.csv”, 1)
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
arrServiceList = Split(strNextLine , “,”)
ip = arrServiceList(1)
newip = arrServiceList(0)
if Printers.Item(i) = “IP_” & ip then
print1 = “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\” & printers.item(i+1) & “\”
print2 = print1 & “DsSpooler\”
print3 = “HKLM\system\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\”
print4 = print3 & Printers.Item(i) & “\”
print5 = “HKLM\system\CurrentControlSet\Control\Print\Printers\” & printers.item(i+1) & “\”
print6 = print5 & “DsSpooler\”
WScript.Echo “Printer ” &Printers.Item(i+1) &” has been updated.”
WSHShell.RegWrite print1 & “Port”, “IP_” & newip
WSHShell.RegWrite print2 & “PortName”, “IP_” & newip
WSHShell.RegWrite print5 & “Port”, “IP_” & newip
WSHShell.RegWrite print6 & “PortName”, “IP_” & newip
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”HostName”, “”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”HWAddress”, “”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”IPAddress”, newip
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”PortNumber”, “9100″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”Protocol”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Community”, “public”, “REG_SZ”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Enabled”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”SNMP Index”, “1″, “REG_DWORD”
WSHShell.RegWrite print3 & “IP_” & newip & “\” &”Version”, “1″, “REG_DWORD”
end if
Loop
next
WScript.Echo “Printers have been updated. A reboot is required before changes will take effect.”

March 2006 Wayback

How to use Bittorrent

I wrote this up for a co-worker, and since I’ve got this wonderful Performancing plugin for Firefox I figured I’d post this up on the blog :) .

It’s pretty simple really. You can find info on it at Wikipedia (http://en.wikipedia.org/wiki/BitTorrent)
of course, there’s also a pretty good guide at http://slyck.com/bt.php. All you have to do is download a client and find some good tracker sites. I’ve been using Azureus (http://azureus.sourceforge.net) for some time now but I hear that http://utorrent.com is very good and has a miniscule footprint and memory usage. After downloading it and setting up maximum download/upload rates and the number of active
torrents you want to use, (my settings are unlimited for DLs, and I usually cap my UL speed at 20-40K /sec) it’s time to find a torrent. The only 3 I ever use are http://torrentspy.comhttp://isohunt.com and http://thepiratebay.org/.

You can download movies, music, TV shows and software off of BT currently, there’s an article here (http://www.engadget.com/2004/11/23/how-to-broadcatching-using-rss-bittorrent-to-automatically/
) that describes how to use RSS feeds to automatically download TV shows that I use on my media center PC in lieu of a DVR.

Lastly, I’ve only been served a copyright infringement notice from my ISP once, and that was for an XBOX Star Wars game torrent I had running off of my business’s account a year and a half ago. I usually seed my torrents for a week after I’ve completed them, removing the high profile ones to stay off the RIAA’s radar.

Hope this helps.

The Next Net 25

CNN.com has a great list of companies leading the next net revolution, ones that you should be aware of if not already. In addition to my favorites like DiggLast.fmYouTube and Skype there’s also a lot of others here that I’ll be checking out later like Iotum, Vivox30Boxes and Zimbra. I’ve been a member of the Backpack service for a while but I’ve neglected it for a while; this is my reminder to take another look at it.

HP iPAQ hx2490 review

The new iPAQ model from HP is a sturdy, powerful PDA with a ton of features that include Windows Mobile 5.0, dual wireless, an awesome display and great design. The phone is marketed toward the enterprise business user and is one of the best on the market.

While this model doesn’t see many serious changes from the previous model iPAQ on the market, the hx2490 sports a 520 MHZ processor, 128mb of RAM, wifi, Bluetooth, and SD slot, CF type II slot, and is priced at $399 retail. It big brother, the iPAQ hx2790 comes with a 624 MHz processor, more flash memory and a biometric fingerprint scanner for another hundred dollars, and there is also a lower model 2190 with 312 MHz for $349.

One of the biggest changes that is sure to please everyone is the persistent memory. No longer does one have to worry about losing all of their data when the PDA runs out of battery as the user data it stored in the non volatile flash memory along with the rest of the operating system and application files. The system uses RAM like a traditional computer, loading applications and operating system files into the RAM as needed, which reduces the amount of power used by the device and increases battery life. The disadvantage to this is that flash memory takes longer to access, meaning that there is a noticeable delay bringing up applications for the first time or when waking the device from standby. Also the device does not seem to close any applications after you open them; instead it suspends them when you click the ‘X’ within each app. To close an app you have to go within an icon on the home screen and manually do it.

This PDA is an ergonomic device that is a bit larger than its other PDA brethren and feels secure with its rubber side grips that keep you from dropping it. HP has also protected the PDA’s most fragile component, the screen, with a protective plastic flip cover that stays up when it’s supposed to and also allows you to see the screen with the cover down. In fact there’s really no need for a carrying case with this PDA if one has room in their pants or jacket pocket. The iPAQ is also more rounded than other PDAs and seems to fit my hand better. The button design is standard to most PDAs, 4 application mapped buttons at the bottom with a 4 way directional selection in the middle, as well as a voice record button on the top left side.

The screen is XVGA and is very bright, so bright in fact I never had to turn it up all the way, even with the cover down. It is very good with rich, saturated colors. This is probably one of the best screens I have ever seen on a mobile device.

The wifi built into the device is only 802.11b, and does not support high encryption networks natively. This is a limitation of the Windows Mobile OS and is easily remedied with a 3rd party program. The Activesync CD that came with the device came with a copy of Odyssey Client, which allowed me to connect the device to our open WEP EAP-FAST authenticated network. I was able to set the proxy up to browse the internet as well. Browsing the web was a bit of a pain, as even downloading a 128k website took over a minute. PDA friendly sites such as the ones listed on http://eboogie.com or http://winksite.com.

Bluetooth functioned well on the unit in the limited tests that I did. I was able to make a file transfer connection to my HP laptop in less than a minute with no trouble whatsoever.

Media playback on the 2490 is excellent. I was able to dump a movie and an mp3 on the unit thru the ActiveSync software easily and I was impressed with both the sound and video quality of the playback.

The 2490 came with the standard load of Windows Mobile apps, Word, Excel, and PowerPoint among them. I tried the various text entry methods: keyboard, block or letter recognizer and my personal favorite, transcriber. I also loaded a number of applications on the unit such as a voice recognition translation program, a version of the Mozilla web browser and the Skype VOIP client, all of which seemed to run well.

There was one problem that I ran into often enough that became quite annoying. Many times the unit failed to wake up after I turned it off while the wireless was active. I would have to do more testing to see whether this was because of the 3rd party wireless manager I loaded or a problem with the flash memory and using EAP-FAST encryption. A quick reset took care of the problem and it was back up and running.

All in all I was very pleased with the hx2490, both in its ergonomics and its performance. This iPAQ line is top notch, and it is doubtful that there is another stand alone PDA on the market today that justifies its price better than this. It is hard for me to find fault with this model as it is very well designed. It has everything one would need in a PDA and I recommend it to anyone who’s looking for one, and at $300 it won’t break the bank for the purchase either.

February 2006 Wayback

Review of T-Mobile SDA

While the new SDA phone from T-Mobile might have decent Exchange and contact synchronization and camera/ video functions, its slow data rate and cumbersome button setup making it a match for those users that need occasional web access on the road or need to view Exchange contacts, calendar or mail.

Initial impressions of the SDA were good at first, although it appeared a little bulky, the 240 x 320 screen really caught my eye, as a screen with this resolution has previously only been seen in the larger smart phones with a display twice as large. The phone runs a modified version of Windows Mobile, and while all of the programs are easily accessible through the Start button and the icons which appear at the top of the screen, the keypad buttons seem claustrophobic. The center joystick button seemed a little too willing to interpret my clicks as an up/down/left/right selection. There’s also a series of 4 buttons devoted to media playback which would be fine if one intended to load up this phone with a 1 gig miniSD card and play MP3s on it, but otherwise it just takes up space from the rest of the cramped number pad.

It took several tries to get the phone setup with my Outlook information but after that the phone functioned wonderfully. On sync the phone downloads message headers which you can tag to download the full message later, and while I didn’t test the SDA’s ability to open attachments, the calendar, contacts and reminders worked perfectly.

The camera and video functions on the phone worked very well. I was able to record and send video to an email address with little trouble. The phone has a handy button on the side of it which brings up the camera and allows you to snap pictures, videos or video messages, or take photos for your contacts. While the video quality seemed barely passable because of compression, the 1.3 megapixel camera did seem to take fairly decent photos at a resolution of 1280 X 1024.

Internet access on this device is very lacking. T-Mobile has not yet deployed their high speed data network, meaning that viewing anything but a PDA friendly website was excruciatingly slow. Viewing a site with a few hundred kilobytes of images took up to a minute or more. Connectivity was consistently good however and reception was great even while driving down the interstate or wandering around inside Norfolk scope. My tests of Wifi on this device were inconclusive as Windows Mobile has limited support for encrypted networks and I could not get the SDA to connect to our Open WEP EAP-FAST network.

The SDA also comes with a variety of instant messaging clients, and while I only tested its AIM functionality, there may be a possibility of using it with a corporate IM environment. The SDA’s IM capabilities, like its email ones, are more suited to reading email than writing it because of the T9 equipped numerical keyboard.

While I was impressed with some of the SDA features and speed, its cons added with T-Mobile’s slow data network leave me struggling as to whom to recommend this phone to. While I can think of some creative uses for its camera and video functions, I think its slow data speeds would frustrate the same type of person likely to use them. Also the media player buttons and keypad text entry seems more suited toward a text messaging, MP3 playing teenager rather than a business manager. That being said, for someone who needs a phone for contacts, reminders and email, this phone will work fine, so long as you can deal with the keypad for text entry. Otherwise I would stick with a Treo.

“To tell the truth … I’m sorta surprised they haven’t caught me yet.”

The Washington Post ran an interesting interview with a botmaster, a young man who made serveral thousands of dollars a month installing XXX spyware on machines that he controlled. He installed the software on the machines of people he did not know by hacking into them remotely. The lenghty article included a partial photo of the botmaster along with vauge descriptions of the small midwestern town where the man lives, and was published with the understanding that the man’s identity would be kept secret.

Someone should have told that to the person that manages photos at the Washington Post. An estute reader over at Slashdot was able to locate some extra information stored in the picture’s metadata including the photographer and the location the picture was taken, Roland, Oklahoma, a town of less than 3000 people. Whoops.

I’m posting this for 2 reasons, first cause I want people who have been hit by this kind of thing to understand how it happens, and just how bad the situation is, and also because I think the whole thing is hilarious. The guy is not a total sleazebag because he claimed not to have used the stolen password information he gleaned off of those machines, but to do an interview for the Post and say “to tell the truth … I’m sorta surprised they haven’t caught me yet,” is just asking for trouble.

I posted this up at Metafilter. Check the comments here: http://www.metafilter.com/mefi/49376

The Future of Wireless Computing

[This writeup stems from an assignment I had at work regarding our current mobile initiative. I was given free reign to draw up some thoughs on where wireless computing would be in the next few years. Here’s the results]

===Intro===

The next 2 years in wireless computing will shape up to be one of the most exciting times in technology. With the coming onset of broadband wireless, wearable computing, and intelligent agents the office will become obsolete as we have instant access to all of our information, everywhere.

===Decentralization and Web 2.0===

Computing has seen a shift over the past 40 years from large bulky mainframe servers with many users to personal desktop machines with a single user. We are now seeing the beginning of another shift of ubiquitous computing, or one person having many computers. back to shared servers accessed by many people simultaneously. Whereas before one needed to worry about what operating system and software one had on a system, now days it is only imperitive that one has a standards compliant web browser on the system and a web connection to have access to everything one needs such as email, word processing, data storage and audio/video capabilites.

Many people are envisioning a shift toward a web OS accessed on dummy terminals, relatively low powered inexpensive computers that serve only to display information stored on another server. This decentralized distributed computing environment makes deployment and management simple, as administration is done centrally and information is available globally. No where can this be seen better than with the advent of webmail systems such as Gmail, which offers gigabytes of storage space with integrated virus scanning and search capabilities, not to mention it’s ad-hoc use as a word procesor. There are other services that offer data storage, online calendars, content management, bookmark storing, project management, news aggregation, gaming and pretty much anything eles that you can do on a PC, all across the network. The web itself is becoming a computing platform of its own, serving web applications to end users.

This trend will be most important to businesses in the form of Enterprise Information Portals (EIP). Whatis.com defines a EIP as a “Web site that serves as a single gateway to a company’s information and knowledge base for employees and possibly for customers, business partners, and the general public as well.” Making this portal available to mobile users will have a decentralizing effect on the office itself as corporate documents, email and applications become available from handsets and PDAs

The name for these types of web pages has been termed web 2.0the definition of which varies depending on who you ask. It describes a variety of sites that utilize client server technology dubbed AJAX, collaborative content, or push technology that feeds information or subscription based content to end users.

Web 2.0 applications built on a framework called AJAX are already taking off, and are being touted as the end of the desktop application. AJAX allows desktop applications to be run straight from the web browser without load times as all data is stored on a central server.

===Bandwidth Explosion===

None of this is possible without bandwidth. We are currently seeing the deployment of 3rd generation cellular data networks which have surpassed the speeds of land based dial up networks, enabling streaming audio and video. These cellular networks will be superceeded in most cases by WiFi networks in the next few years, most notably 802.16 (WiMax). WiMax is similar to WiFi in concept but has several improvements which will increase it’s speed and effective distance. WiMax will make it possible to blanket an entire metro area with a few dozen access points spread out over miles compared to WiFi which has to be spaced ever couple hundred feet. WiMax networks which have been deployed in several cities such as Los Angeles, New York, Chicago, Boston, Tokyo and Bogata and Sprint has announced they will begin testing pre-certification testing equipment this year.

===Seamless connectivity between cellular and wifi and the convergence of data/voice networks===

As this wireless infrastructure improves we will see convergence between voice and data traffic with the continued deployment of Voice Over Internet Protocol (VOIP) services. Already services such as Skype are combining voice, video, chat and file transfer into one application that can be accessed anywhere on any platform to communicate with anyone, for free, all while providing end to end encryption. The Skype client runs on Windows, Macintosh, Linux, and Pocket PCs, and also has technology that allows users to make and recieve voice calls with land based users for a small fee.

Cellphones and PDAs will continue thier integration, being able to manage voicemails, emails and faxes from one location. Phones will switch from cellular to radio to WiFi networks automatically, swapping over to whatever signal is available. There are also phones on the market that will switch from a cellular signal to a land based line depending on thier location. Both of these features demonstrate what is known as Fixed-Mobile Convergence, which allows a handset to use wireless technologies such as bluetooth or 802.11 to make calls over the existing land line infrastructure. This will eliminate the need for users to have separate numbers for thier home, mobile, and office, as calls will automatically be routed to the desired person, no matter which network they might be on.

===Ubiquitous wireless and the Personal Area network===

As electronic devices continue to shrink as wireless technology continues to be included in more and more devices expect to hear more about short range networks called Personal Area Networks (PANs). Spontaneous networks will exist around a person as all of our devices that contain Bluetooth, IrDA, and RFID start to communicate with each other. A person’s cell phone will communicate with thier laptop and PDA to function as a modem uplink using Bluetooth. When you shake a person’s hand your PDA will exchange business cards with the other person’s via a network transmitted along your own skin. Bluetooth headsets and printers are also examples of PANs.

Your automobile will play a crucial part in this network as well. There are already vehicles that come with onboard computers and Bluetooth connectivity. Soon your personal computer will display a map route to your next appointment on the built in dashboard screen, which could also display incoming emails. Your car’s radio will turn off when you recieve an incoming cell phone call, which will come in thru the vehicle’s stero speakers.

Portable devices will also start functioning as identity tokens, providing building access keys and serving as credit cards. Already in most Asian markets people can use thier cell phones as cash to purchase items from vending machines.

Changes in input and output devices are expected to occur, the most important of which will be speech recognition. As the processing power of handhelds and portables increases expect to see more and more capabilites integrated into devices such as dictation and translation. A company called SpeechGear has been working on voice to voice translation software for portables that provides near instantanous translations from from a users spoken language to a computer spoken destination language.

Before we see the end of the keyboard era we will see alternate input devices such as projected keyboards that will allow us to do away with Blackberry type QWERTY keyboard implementations in favor of more comfortable input methods.Wearable computing will enable us to use a keyboard woven into the fabric of our clothing itself or activate commands based on movements.

The number of devices connected to the net will be come greater as Internet Protocol V6 is rolled out, granting us billions and billions of address for every device from refrigerators to toasters are connected to the net.

Advancements in battery life will mean that devices will stay on longer with less time spent charging.

Developments in electronic inkflexible displaystransparent OLEDs, and integrated heads up displays will also effect the way that we view information off of our electronic devices.

This immersive mix of networks and devices is known as ubiquitous computing and is expected to be the norm for most people in the next five to ten years. The barrier between what we see as the real and the virtual will continue to dissolve.

These upcoming advances have experts announcing the death of tethered internet connections, as having complete access to all of your information will make your office obsolete. Freedom of mobility and immersive telecommunting will lead us even further into an always on – always connected business environment.

===

[I pretty much stopped here after more pressing items came across my desk, but it was a fun exercise. I really didn’t get to finish it up like I really wanted to so I figured I’d put it here for others to see. I also wanted to talk about how becuase of iPods and the falling cost of data storage we’re also carrying all of our information with us as well.

Below are some of the other links I hadn’t worked into the main body yet. ]

===Other links===

* 10 Things to Look for This Year in Mobile Computing
*Gartner’s position on the 5 hottest tech trends of the year
* Mobile Communications
* Trends and Future of Mobile Computing
* More Predictions on the Future of Mobile/Wireless Computing
* The Bright Future of Mobile Computing
* Mobile Computing: Past, Present and Future

And finally a quote from Gartner on the upcoming telecommunications upheaval. The last paragraph was already integrated into my document.

Voice/data convergence based on IP telephony and VoIP will be under way in more than 95 percent of major companies by 2010. Convergence will drive additional classes of communications-enabled business applications and cause the greatest upheaval in the telecommunications industry since its inception. Every major organization should at least be testing a converged network. However, users should not replace/upgrade the established LAN infrastructure if no definitive IP telephony plans are in place. Voice and data organizations should be merged to a single group or, at a minimum, report to the same manager.

Companies will struggle in the short term to make the financial business case, match the reliability and security of the time division multiplexing PBX, and reorganize to use the technology. By 2010, 40 percent of companies will have completed the convergence of their entire voice and data networks to a single network, and more than 95 percent of large and midsize companies will have started the process. When examining business impact, do not look at IP telephony solely as a replacement for the established telephone system. Rather, consider it a foundation to unify communications applications and assess how business and communications processes can be changed or integrated with IP telephony and collaborative applications. With a move to VoIP, reliability and availability typically improve for data but fall for voice because of the distributed nature of the environment.

WAN convergence using VoIP and Multiprotocol Label Switching will drastically affect the telecommunications industry, overturning virtually every legacy telecommunications policy and regulation. Combined with low barriers to entry to VoIP, we expect significant changes to the network service provider (NSP) landscape, with plenty of mergers and acquisitions. By 2009, half of the Tier 1 NSPs will have merged or been acquired. Through 2010, price decreases of 15 percent per year for data services and 7 percent to 15 percent for voice services can be expected. However, traffic growth of 30 percent to 60 percent means network budgets will grow 5 percent to 10 percent per year.

January 2006 Wayback

Wireless security issues

Several vulnerabilities in Microsoft’s the Windows Zero Configuration Wireless utility (ZeroConf, also known as Wireless Auto Configuration) have come to my attention in the past few days which could cause serious ramifications for enterprise network security, namely the Microsoft Windows Silent Adhoc Network Advertisement, KARMA Probe Request Response and the WEP-Client-Communication-Dumbdown (WCCD) Vulnerability. Based on testing I believe that administrators should make some GPO changes to protect their users and network.

The first exploit has been named Microsoft Windows Silent Ad-hoc Network Advertisement. The exploit has been documented at http://www.nmrc.org/pub/advise/20060114.txt just in the past few days, although the method has been known for some time. The exploit works as follows:

John Doe brings his company laptop home and connects it to his home network, an unsecured open access Linksys router. The configuration details are stored in the ZeroConf program. John finishes his work at turns off his laptop.

Later, while on a business trip, John powers up his laptop to work on a report that he is doing. His laptop immediately begins to look for the Linksys router, and not finding it begins broadcasting an ad-hoc network using the SSID of his home access point.

Hacker Jane, also in the same airport terminal as John, is running one of many wireless discovery tools on her laptop, and sees John’s machine and its ad-hoc network come online. She initiates a connection to John’s SSID. The two machines then negotiate IP addresses using Microsoft’s Link Local addressing scheme 169.254.x.x. Jane now has a network connection to John’s laptop and can now start typical penetration attacks, SMB, dictionary attacks, etc.

I have also tested the same vulnerability just hours ago using a pair of laptops and an unsecured access point in the lab.

Join Laptop 1 to the access point with SSID ‘1234’
Power off Laptop 1.
Power off the access point.
Bring Laptop 1 online. Network ‘1234’ now shows up in Laptop 1’s network list as ‘Disconnected.’ At this time it is already functioning as an ad-hoc network client.
Bring Laptop 2 online. Network ‘1234’ now shows up in its available network list as an unsecured ad-hoc network.
Connect Laptop 2 to ‘1234’. The moment I pressed this button on Laptop 2 I watched as both it and Laptop 1 went from ‘disconnected’ to ‘acquiring network address’.

This is just one scenario that could be exploited. Given the number of tablets and laptops currently deployed the possibilities are endless. Just yesterday afternoon I was able to make an ad-hoc connection to a user’s laptop within our IS department and browse their hard drive. I believe it would also be possible to have done the same thing from outside of the building using unidirectional antennas. We must also be aware of the possibility that Windows internet connection bridging might also give a hacker direct access to our internal network once connected to vulnerable machines.

The second attack focuses on a probe request, a type of packet that Windows sends as it scans the ether for wireless networks it has connected to in the past. A hacker tool known as KARMA (http://www.theta44.org/karma/) can intercept these requests and automatically configure itself to reply as an access point for all clients. A presentation (http://www.theta44.org/software/iaw6.ppt) is available on the same page that details how this can be exploited to fool a laptop into connecting to an unsecured spoof network even when it is configured to connect to a WPA enabled secure network.

To guard against these exploits there are several steps adminstrators can take, the first being to configure ZeroConf not to connect to ad-hoc networks. There is a Wireless Network (IEEE 802.11) Policies Group Policy Extension available here: http://www.microsoft.com/technet/community/columns/cableguy/cg0703.mspx that we can use to set this and many other settings including disabling the ZeroConf service altogether. Windows does not natively support the type of encryption that we use within our HQ and the rest of our enterprise should not be using wireless at all. Disabling ZeroConf completely would enable us to maintain the security of our network by rendering a majority of rouge access points (unauthorized AP’s brought in by FEI employees) unusable.

The first argument against disabling ZeroConf that I hear is that it will interfere with persons that wish to use their access points at home. My response to this argument is that the vendor supplied software that we have, namely the Intel software for our HP clients and the Cisco 802.11 client software would allow users to use their home AP’s while providing us with the layer of security that we need. Initial reports state that the Intel software is not susceptible to this type of attack, although it has not been fully tested.

The final vulnerability that I am aware of has been dubbed the WEP-Client-Communication-Dumbdown (WCCD) Vulnerability (http://www.securitystartshere.net/page-vulns-wccd.htm). To put it briefly it describes how a certain wireless XP card drivers can be tricked into dumping a WEP enabled network connection and joining an attacker’s unsecured one. I have not tested this to see if we are vulnerable or not, but simply bring it to your attention as another example of the issues that we are facing.

Enterprises are susceptible to these attacks if they have decided to disable the MS firewall thru GPO. Once an attacker has gained wireless access they can attack a machine using any standard hacker / script kiddie attack tools known to man, as well as utilize any unpatched MS vulnerabilities that exist on the system. Once in they might utilize a persistent agent on the box to gain a foothold on an inside network when a user connects back to our hard wired or VPN network.

Internal network security is only as strong as the network attached to it. Some changes must be made to see that these wireless security issues do not go unresolved.

December 2005 Wayback

Getting Things Done Tiddly Wiki

Certain people I know snicker whenever I say the word ‘wiki’ but they really are helpful. Lifehacker has recently named the GTD Tiddly Wiki one of the best software apps of 2005. It’s a self contained 134k HTML file that you can put on your desktop or on a web sites. You can use it to store all your phone numbers, to do lists, shopping items, etc., etc. I just started using mine.

360Share is a scam

[update 02.15.06] So this 360 Share / Musicmembersarea is a big scam. If you gave them any money then you got ripped off. If you want to know how people who know get thier music/movies/games/etc, then head over to Slyck.com and read up on Bitorrent. Grab yerself a client like Azureus or uTorrent then go do your searches at TorrentSpy, the Pirate Bay, or ISO Hunt.

Sure torrents may take longer in some cases and be a bit more difficult to perform but keep in mind that clients like Limewire or Kazaa are more likely to have bogus or virus laden files, and because of thier popularity and ease of use are many time more likely to be targeted by the RIAA.

Keep in mind that downloading music via any of these sites is not exactly legal, and that if you are willing to pay for music and don’t want to face the possiblilty of lawsuits head over to Napster or Yahoo Music or iTunes.

[update 02.04.06] This 360 post has become the most popular post I have made since I wrote about the scams off of Yahoo Personals. If you are one of the many that have been scammed by 360 and are trying to get your money back I would recommend that you start with your credit card company first. You will not get your money back from 360. Please post your experiences in the comments for others to see.

[original post]

One of my duties at work is to deal with download requests. None of the associates at any of the branches are allowed to download any files, and all of the ones that contain applications are filtered by me. I have the pleasure of being the Soup Nazi of Downloads. ‘No iTunes for YOU!! No Google Earth for YOU!!’

Today I got one for http://www.themusicsmembersarea.com with the description of ‘MOTIVATIONAL TECHNIQUE’. Now I knew this was something that wasn’t going to get approved, but I couldn’t just send an email back to the user saying ‘Nice try, buddy,’ so I actually had to check the file out.

As I was installing it on a VM box that I have setup, I noticed the installer copied over a file named Limewire20.dll. Seems like TheMusicMembersArea was packaging a program from 360Share that was a renamed copy of Limewire. Further research turned up this Wikipedia page on eTomi, which seems to be the company pushing 360Share.

eTomi advertisments generally consist of deceptive search engine ads and typosquatting. The websites promise “legal” downloads for a certain fee. What they really offer are modified and renamed open source P2P programs. eTomi legally exists to offer “support” for these applications (This is usually hidden in the fine print). The support they offer is often just a copy of the wiki or other documentation from the original program’s website. In the members’ area, you can usually download several modified peer-to-peer applications.

I sent an email to the requester warning him that he had been scammed and that he should uninstall the software and get his money back from his credit card company.

I also submitted a change request that both sites be blocked by the company firewall. No P2P for YOU!!.

If you are thinking about downloading this 360Share software save yourself the $$ just go get Limewire.

Yuletide

So I’ve finally came back after a nice hiatus. I realized several months ago that this blog is over a year old and I made no commemeration of it, which is much the same way I celebrate most of my holidays. I believe that it is one of the stages of blogging that one becomes bored and escapes for a few months, in my case I let myself becomed so engrossed in work and playing Eve that I let my domain registration expire and stopped making any posts to the Googlewatch blog. I have given up on the Hot Coffee site altogether.

Anyways I have given a bit of thought to what I would like to give to you dear readers and will making some changes to ensure that content is regular and noteworthy.

First thing up will be reviews of the end of the year ‘best of’ lists. I spent a good majority of last Dec/Jan listening to all the great albums that I was introduced to thru last years lists. This year it seems like there’s 3 times as many, and I’ve got between 30 and 40 albums in the past few weeks to listen to. I’ll also be posting my reviews of all the books and video games that I come across, as well as the technical trends that have been too long absent from this site.

I hope you have enjoyed your Festivus so far and hope you have a great New Year.

Until then! :)

October 2005 Wayback

Open source del.icio.us

I’ve been using del.icio.us for some time now and I love it and all the tools that have been made for it. I was quite surprised that no one here at work has heard of it or Flickr. After spending all this time the past few weeks installing NetOffice on one of our boxes for project management, I decided to tackle my next project and install an open source version of del.icio.us for internal use. I found several, my favorite being de.lirio.us. Unfortunately it is built on top of a Perl app called Rubric which has a bazillion dependencies. After struggling around with it for a day or so I was able to get a PHP/SQL app called Scuttle installed on my box which is working quite nicely so far. I sent an email out to 30 people or so to let them know that it was available. I’ll give it a couple days and see how it goes.

Future of wireless tech

The following is from a whitepaper I was helping to write at work today in response to the question: Where do we see the technology going for handhelds?

It is likely that mobile devices will go thru the same accelerating rate of change that we have seen with computers as handsets becomes smaller, cheaper and more powerful.

As wifi enabled access points become more and more prevalent throughout the United States and the world, expect to see more and more carrier independent devices that will use wireless access and VOIP to make calls. Already eBay has purchased Skype, a free VOIP client that will run on Pocket PC, and wifi enabled handsets that make VOIP calls are already being sold. One such phone is the Zyxel Prestige 2000W which will allow you to make calls as long as you are connected to a 802.11 b or g access point. Right now there are problems with battery life and range on these phones, but expect that to become less of an issue as 802.16/WiMax hits the market in the next 12 months. Wimax increases the bandwidth to 78mps over 802.11g’s 54mps and the standard range of an access point from 300 ft to over 10 miles, making it feasible to blanket large metro areas with a network of wireless access point. While within these networks users will have high speed access to their data and will be able to make voice calls off of the cellular network.

As the cost of technology becomes cheaper and cheaper, expect to see more and more features crammed into smaller and smaller devices. Already you can get Pocket PC that combines a video camera, MP3 playback, web surfing and phone calls for around three or four hundred dollars. In the future screens will get larger, memory and storage capacity will increase, the processors will become faster and bandwidth will become faster, all the while staying in the current price range.

One of the most important and paradigm changing developments in mobile technology right now is speech recognition. Data entry on handhelds are cumbersome at best, although the inclusion of QWERTY style keyboards and handwriting recognition have made it somewhat easier to input information. Already many phones have built in voice recognition to facilitate hands free dialing and there is now software available that will allow user to take dictation, compose emails and translate words from one language to another just by speaking to thier phones.

Update

Ahh… so much has changed recently I don’t know where to start. I’ve gone from being a self-employed business owner with one partner to an employee in a very large IT department with over 13,000 people in the company. It’s amazing.

I’ve been there about 6 weeks and just got a new boss last week. He’s a great guy and we’ve been working on a content management system called NetOffice. It’s and open source project and I’m learning SQL and PHP to tweak it to suit our needs. I like it, it’s fun learning something complicated, tearing it apart and understanding how it works.

And did I mention how fast time is flying? It’s amazing. I suppose that is what happens when you get older.

Other than that I’ve started a new sub-blog called GoogleWatch. I stole the name from this wacko anti-Google website but as they haven’t updated thier site in over a year and a half (a century as far as the internet is concerned) I figure it’s OK. I love Google and I’m thinking of pumping a bunch of money into it and so I’m putting up the blog as a way to track everything that’s going on with them before I pump my retirement into them. I think they will be to Microsoft what Microsoft did to IBM. Of course the most important thing about playing the stock market is not what to buy, but deciding what to sell.

Other than that I’ve put a new theme on the site which I think looks nice. Maybe one day I’ll make one of my own.

Plantrics

Thermoformed Trays

This has the capability of transforming our world in so many ways. Biodegradable plastic made from biomatter; dissolvable in water.

Dr. Michio Kaku, Theoretical Physicist

The Physics of Extra-Terrestrial Civilizations

More total nerdness today. Anytime someone is discussing life on other planets and what civilization might be able to accomplish across millenia I get all warm and tingly inside. And he even ties in 2001!

This guys is a genious and has some great articles on his website for the nerd in you.

Googlewatch

Where does Google want to go today?

I swear as soon as I get enough money to open an eTrade account I’m dumping as much cash as I can in Google. I’ve been telling people for months to put there money in it and I have been watching it for a long time. This article is a really good round up about what’s been going on over at Google and thier upcoming fight with Microsoft.

Tim O’Reilly profile

The Trend Spotter

No, not Bill O’Reilly, but Tim O’Reilly, the tech manual publisher whose books are graced with those nice ink drawings of animals.

I know I’ve got a couple of his books on my shelf, and you can’t miss seeing them when you walk in a Barnes and Noble bookstore. Wired profiles one of the giants of the tech world, giving some great insight into the spiritual side of O’Reilly as well as his plans and goal for the future. This is probably the first thing I’ve ever read about the man himself, and I must say he is my hero now.

RIAA Countersuit

Oregon RIAA Victim Fights Back; Sues RIAA for Electronic Trespass, Violations of Computer Fraud & Abuse, Invasion of Privacy, RICO, Fraud

A woman is countersuing the RIAA for unlawful coercion, extortion, fraud, and other criminal conduct regarding thier practice suing people they’ve found to be file sharing.

The lawsuit alleges that once the RIAA has determined that a computer is responsible for file sharing, they file a ‘John Doe’ lawsuit that they use to subpoena the ISP for the subscriber’s information. After obtaining that information they use a 3rd party organization named Settlement Support Center, LLC, which was created by the RIAA and it’s member companies to “[coerce] payments from people who had been identified as targets in the anonymous information farming suits.”

I think the funniest thing in the brief is the statement that:

Settlement Support Center also falsely claimed that Ms. Andersen had “been viewed” by MediaSentry downloading “gangster rap” music at 4:24 a.m. Settlement Support Center also falsely claimed that Ms. Andersen had used the login name “gotenkito@kazaa.com.” Ms. Andersen does not like “gangster rap,” does not recognize the name “gotenkito,” is not awake at 4:24 a.m. and has never downloaded music.

Most people are settling out of court rather than fight it and take the chance that they might be found guilty, however some people are finding luck at fighting the cases. One of the other interesting thing in this page is that although a SSC rep claimed that he believed Ms. Andersen never downloaded music she was told that they would not drop the suit against her becuase it would encourage others to fight the lawsuits that the RIAA was bringing about.

September 2005 Wayback

Best trailer for The Shining EVAR

It’s the feel good movie of the year! The Shining

Longevity and singularity

Mighty Mice Regrow Organs 
Mice being genetically engineered to study immune system diseases were discovered to have mutant regenerative powers. The mice were able to pass the mutation onto offspring sired with non mutant mice. Researchers are hoping that they will be able to identify the genes responsible for the mutation and pass them on to humans.

Deciphering a brave new world
Ray Kurzweil talks about his latest book and backs up his claim for the coming symbiotic age of man and machine.

August 2005 Wayback

GoogleNet?

Ok so I’ve become a total World of Warcraft addict the past few weeks, having gotten my roommate hooked and now my old pal Eddie just this weekend. The servers are down for maintenence this morning so I’ve got no choice but to go thru all my newsgator feeds and behold!: Free Wi-Fi? Get Ready for GoogleNet.

Ryan the roommate had told me about some rumors he had been hearing about this lately, but I hadn’t been able to find any real news on this. I was expecting this to be the announcement Google made last week when then announced Google Talk.

I can’t wait to see how this plays out. I start the new job next Tuesday so hopefully I’ll make enough money to buy some Google shares before they hit $500.

What happened

I managed to get the old posts back up for posterity using the Google cache of my archive pages. After I did that I realized that the pages were still in my old web directory. Unfortunatly for me, WordPress stores everything in the SQL database, and Google doesn’t seem to cache that. So all of the content for HotCoffee and ComputerRenovators.com is gone. Woe is me.

So here’s what happened. We (Eddie and I) decided that we were going to close the store at the end of the month. Eddie had been planning on going on vacation for months and so him and his fiancee went on vacation to Canada about 10 days ago. I was handling the store just fine until the power went out. Turns out we had neglected Dominion Power for about 3 months and I had missed the cutoff date. Total bill? About $1200 rather than try to scrounge up the money, wait 3 days for them to cut it back on and then be broke again, I said screw it. I called the phone company to cut off our 800 number, fax line and rollover number, and had them transfer the other 2 lines (246-2222 and 872-6800) over to my cell phone. Eddie was MIA in Canada and I couldn’t get in touch with him.

I went back to the store the next day to retrieve the our main computer system (the one that houses the SQL data among other things,) the two hard drives from our web server and the company sales database. I got the main machine powered up to get some contact info for my resume tomorrow and shut it down to retrieve the data off of the other 2 drives onto my workstation. When I powered the main system up to retrieve the SQL data (which I had forgotten about earlier,) I got error messages indicitave of a hard drive failure. I tested the drive several times in my workstation, but it is dead. The machine it was in had not been turned off for more than 5 minutes in over 2 years, and I think that having it off and towing it around in my car might have finally killed the drive, which was more than 3 years old. Alas.

So here I am, given a fresh start in life on the web. I suppose I’ll get back to the HotCoffee website. It was just an experiment but I think it’s a nice niche for me and I suppose I’ll just start where I left off, pulling everything I can find about sex and violence in video games.

Here goes nothing.

Disaster strikes!

Disaster strikes!

So my worst nightmare has come true. The hard drive containing my SQL databases has gone dead. I’ve lost daHIFI, ComputerRenovators, and the new HotCoffee websites. Fortunatley Google has a cache of some of the front pages, but unless I can figure out how to hack the interface to browse the cached versions of the archive files I’ll never get that stuff back.

Right now I’ve got a lot of stuff going on but I’m working hard to get everything back to normal.

If you need to get in touch with me I’ll be available on my cell 757.358.0440.

See you!

Michael

August 2004 archive – preDisaster

[this is an archive post from our old database. Any links pointing back to daHIFI.net are probably broken.]

August 04, 2005

links for 2005-08-04

Posted by Michael at 11:21 AM
Comments (0)

GoogleNet?

Ok so I’ve become a total World of Warcraft addict the past few weeks, having gotten my roommate hooked and now my old pal Eddie just this weekend. The servers are down for maintenence this morning so I’ve got no choice but to go thru all my newsgator feeds and behold!: Free Wi-Fi? Get Ready for GoogleNet.

Ryan the roommate had told me about some rumors he had been hearing about this lately, but I hadn’t been able to find any real news on this. I was expecting this to be the announcement Google made last week when then announced Google Talk.

I can’t wait to see how this plays out. I start the new job next Tuesday so hopefully I’ll make enough money to buy some Google shares before they hit $500.

What happened

I managed to get the old posts back up for posterity using the Google cache of my archive pages. After I did that I realized that the pages were still in my old web directory. Unfortunatly for me, WordPress stores everything in the SQL database, and Google doesn’t seem to cache that. So all of the content for HotCoffee and ComputerRenovators.com is gone. Woe is me.

So here’s what happened. We (Eddie and I) decided that we were going to close the store at the end of the month. Eddie had been planning on going on vacation for months and so him and his fiancee went on vacation to Canada about 10 days ago. I was handling the store just fine until the power went out. Turns out we had neglected Dominion Power for about 3 months and I had missed the cutoff date. Total bill? About $1200 rather than try to scrounge up the money, wait 3 days for them to cut it back on and then be broke again, I said screw it. I called the phone company to cut off our 800 number, fax line and rollover number, and had them transfer the other 2 lines (246-2222 and 872-6800) over to my cell phone. Eddie was MIA in Canada and I couldn’t get in touch with him.

I went back to the store the next day to retrieve the our main computer system (the one that houses the SQL data among other things,) the two hard drives from our web server and the company sales database. I got the main machine powered up to get some contact info for my resume tomorrow and shut it down to retrieve the data off of the other 2 drives onto my workstation. When I powered the main system up to retrieve the SQL data (which I had forgotten about earlier,) I got error messages indicitave of a hard drive failure. I tested the drive several times in my workstation, but it is dead. The machine it was in had not been turned off for more than 5 minutes in over 2 years, and I think that having it off and towing it around in my car might have finally killed the drive, which was more than 3 years old. Alas.

So here I am, given a fresh start in life on the web. I suppose I’ll get back to the HotCoffee website. It was just an experiment but I think it’s a nice niche for me and I suppose I’ll just start where I left off, pulling everything I can find about sex and violence in video games.

Here goes nothing.

Disaster strikes!

Disaster strikes!

So my worst nightmare has come true. The hard drive containing my SQL databases has gone dead. I’ve lost daHIFI, ComputerRenovators, and the new HotCoffee websites. Fortunatley Google has a cache of some of the front pages, but unless I can figure out how to hack the interface to browse the cached versions of the archive files I’ll never get that stuff back.

Right now I’ve got a lot of stuff going on but I’m working hard to get everything back to normal.

If you need to get in touch with me I’ll be available on my cell 757.358.0440.

See you!

Michael

August 2004 archive – preDisaster

[this is an archive post from our old database. Any links pointing back to daHIFI.net are probably broken.]

August 04, 2005

links for 2005-08-04

Posted by Michael at 11:21 AM
Comments (0)

March 2005 Wayback

Was Bush Right?

I’ve been seeing a lot of articles about how those who opposed the Bush administration’s policy on Iraq are coming to terms with the fact that he might have been right to go to war. With Egypt’s President Mubarak announcing that multi party presidential elections will be held for the first time since `81 and the election of moderate Mahmoud Abbas as the new leader of the Palestinian people just being two examples, it seems that president Bush may be responsible for a wave of elections and demorcratic change all over the middle east.

Independent Online: Was Bush right after all?

Slate.com: Was George Bush Right About Freedom and Democracy?

Washington Post: Is Bush Right?

By Dawn’s Early Light: Could Bush Be Right (The Left Reconsiders)

National Review Online: When Good News Strikes

Stuff I meant to post yesterday

Can’t spend much time but wanted to post a couple of links.

First news that there’s no end in sight for Moore’s law. Looks like CPU’s will keep getting faster for the next decade or so. AMD’s top of the line cpu uses 90 nanometer dies, Intel’s CEO Craig Barrett says that they have developed the technology to bring it down to 5.

Disinfo has an article about nanotech food.

More info on spyware developers increasing their attention to Mozilla. One blog I read stated that it will be a test to see how well Firefox stands up to these attacks.

Personal ads and the great porn conspiracy

So I’ve been checking out a few personals sites in the past and have finally decided to plop down my $19.99 to get access to Yahoo’s site. I was looking thru all the ones in Newport News and picked one to contact. Here’s the chat log:

[17:35] [me]: hello
[17:35] [she]: What’s cookin, good lookin
[17:36] [me]: glad to see you’re in a good mood
[17:36] [she]: hehe
[17:36] [me]: i scoped you off the personals site. I hope you don’t mind
[17:36] [she]: What do you do for a living?
[17:36] [me]: i run a computer store
[17:36] [me]: computer renovators over in richneck. you?
[17:37] [she]: Figures, I get a good conversation going and I have to let my friend have her comp back. Can I have your email address, so I can email you later and we can pick up again..

[17:38] [me]: [my email removed] or just add me to your buddy list, i’ll be here till 8 tonight and from 10 to 6 tomorrow… c ya
[17:38] [she]: I will be sure to send pictures with my email too :) xx

So I say goodbye and go about my day. I notice that she never goes offline.

Sure enough today I’ve got an email from her that goes like this:
Hi! Sorry it took so long to get back to you. I am
sneaking a message off at work, my boss doesn’t get in
until later in the afternoon. How are you doing? I am
ok, just trying to get through the day, I am so tired

today for some reason. Anyways, I don’t know if you
remember me but we chatted the other day on Yahoo. We
had a really short conversation while I was at my
friends house. Sorry I logged off so quick, my friend
needed to use the computer. Anyways lets pick up where
we left off..

More about me: I have long brunette hair and green
eyes, I’m 5′7″ and 125lbs. Alot of people have told me

I have very soft skin. I also have a tattoo of a
butterfly on my back and my belly button pierced. I
play tennis (I’m very active) and I love to experience
new things and meet new people. I strongly believe
that intimacy is a very important part of a
relationship, along with honesty and trust. But, I
want to know someone before I become intimate. After I
get know the person I’m with…then I want it all the
time, hope I am not too much for you! :P

I have to admit that I feel a little weird looking
through personal ads to meet a guy, but the ones that
I’ve met at bars are usually just putting on an act.
Either that or they are too busy trying to act cool in
front of their friends. Don’t get me wrong, I’m an
outgoing and social person but that scene gets old
very fast.

Well, if you’re interested then we should get to know

each other better. Let’s get together sometime? Maybe
for drinks? I have been working alot lately, so I’m
not sure when I will have some free time, but whats
your schedule like? Maybe we can work something out..

Write me back soon! Oh and I attached a pic to the
email (I was on my friends profile when we talked. I
hope I’m still your type and that you are not mad, I
just didn’t have a chance to tell you), let me know if

you get it ok. I also have some pics on my site.. It
is kind of playground while I am taking this intro to
HTML class. Here is the link:
[link removed]
I was kind
of bored the other night, so I put some new pics up.
Please don’t give the site to anyone, it would be
really embarassing if someone from work or my family

saw it!

Hope to talk to you soon,
xoxo ~ Jenny

PS My yahoo name is the same as my email, message me
sometime!

ATTACHMENT part 2 image/pjpeg name=mepool.jpg error:
could not be displayed. File size exceeds limit.

Is it just me or does this seem a little generic?

So I check out the site. It starts out ok, a few pictures of her and her cat, a few links to some of her interests, and then this:
To see the rest of my pic gallery you have to verify you are over 18, my website host asked me to use the site below..
Sorry to make you do this, I know it is a hassle :(
and then a link to an adultfriendfinder (NSFW) type site called SweetHeartsConnection (NSFW).

Clicking around the site I became convinced that it was a fake. I ran a whois lookup on them to discover that they’re based out of Cyprus, and became convinced that the whole site is a scam for an all access porn portal called Adultbureau.com, which is based out of New Zealand which pays $15 to the referring webmaster.

By now I’m pissed. Taking a closer look at the picture of the personal that I replied to and the website from the email reveals that the pictures are from two different people. The domain hosting the page is a play on easyspace.com or webspace.com, the kind of site that offers people free web hosting. Going to the root domain for “Jenny’s” page however reveals a directory listing in which Ms. Jenny page is the only one hosted on the thing. The domain registrant is listed as someone in Chicago, IL. There’s no telling how far the rabbit hole goes on this one.

I fired off another IM to “Jenny”, asking me for some more information to clairify that she’s really who she says she is. Of course I expect no reply. I do expect to start seeing a lot of spam start coming to the email to which I gave her. I will also report the ad to Yahoo, and it will be interesting to see what they do about it.

I am just awestruck at the many levels of this thing. I can easily imagine someone signing up for several hundred screen names, creating fake personals ads to go along with them, and then creating a customized chatterbot to reply to incoming messages as above. The email gets sent out automatically and the person behind the scam gets rich off of those unfortunate enough to to fall for the scam.

Referrer spam whores and links for today

I recently added this site to Technocrati and blo.gs and ever since then I have been getting horrible referrer spam. It’s totally messed up any idea I have of how many people are actually coming to the site. Sex sites, personals sites, they’re all making me think that they’re linking people to this site but they’re just trying to get more traffic to thiers. Whores.

Anyways I’m looking for a new place to live right now, if anyone has a nice house in Newport News and they’d like to rent a room out, please let me know.

Anyway this is what I’ve found today:

This guy is a dick. He wrapped everything, I mean everything in his sister’s bedroom in aluminum foil while she was away.

How Many Names Hath God? My fave: The archangel Gabriel was summoned by the will of God. Gabriel bowed his head and replied, “How may I serve you, Jimmy? I mean, Lord?” Thus followed the awkwardest silence in the history of heaven.

It’s written all over your face . Using thermal imaging of bloodflow to the eyes, MRI’s of brain activity and eye tracking as the new polygraph.

Firefox spyware infects IE? A visit to a particluar website turns ugly for one person. A must read if you have Sun Java Runtime Environment installed. Also affects other web browsers.

Firefox extensions

One of the great things about Firefox is the extensions that you can add to it. I added Auto Copy to copy text to the clipboard just by selecting it, Foxy Tunes to control Winamp, JustBlogIt for easy posting to this site, and Tabbrowser Preferences , which allows you to edit some of the hidden options allowed within Mozilla.

Ah, the beauty of open source.

[update] Also check out Spell Bound, which allows you to run a spellcheck on forms within a webpage, so that you can check that message board or blog entry before posting it.

Bob Dylan and Johnny Cash

Found a great page that has mp3’s of Johnny Cash playing with Bob Dylan. I’m listening to it right now, but you have to download each song individually. I went ahead and made a zip file so you can download all the songs at once. Also a .torrent file here.

Check the rest of the site also, it’s got tons of other great stuff like Hendrix jamming with BB King and gossip and other news.

[update] I had to take down the .zip file becuase my server got overloaded, and I fixed the torrent file so that it actually works now.

Coltrane’s “Giant Steps” Flash animation

Just the thing to get me going this morning. Coltrane’s ‘Giant Steps’ set to animation by Michal Levy.

[update] Fixed the broken link.

Last few days links

Here’s all the stuff I’ve been clipping these past few days.

Researchers in Siberia have been trying to domesticate foxes thru selective breeding for the past 45 years. They are now at the point where the foxes wag thier tails and respond to human cues. Check out the pictures and you will want one.

How stuff works has a nice writeup on what’s so special about Firefox. I’ll be emailing it to a few people I know, as it clearly explains what I have so far been unable to articulate to everyone.

The music industry thinks it is winning the battle on file sharing becuase they’ve sued a bunch of people and Kazaa’s popularity has waned. Not to mention the fact that Kazaa sucks anyways and this is the reason why people aren’t using it anymore.

Vonage is having problems. Makes me wonder as my kit hasn’t come in the mail yet. There’s also the fact that they’re having problems handling 911 calls.

A Kent State student sold some Microsoft products on ebay and was then sued by MS. He’s representing himself and seems to be doing well. Here’s the details from TechDirt.

Interesting info on the current reversal of the Earth’s magnetic field and possible effects of it on our world.

The Seattle Times reports that Paul O’Neill is proposing a new Social Security plan that would give all newborns $2000 each year up to thier 18th birthday, which with the compounded interest on such an account would enable every American to retire a millionaire.

RSS Overload

I’ve been experimenting with RSS feeds lately, using Mozilla Thunderbird as an RSS feeder instead of Bloglines, as it doesn’t seem to be correctly keeping track of which feeds I’ve read. It seems to have some kind of problem remembering which articles I’ve already seen. Thunderbird downloads each entry as a separate mail message, and so I can ‘mark as read’ whenever I’m done with a particular feed. Thunderbird however, seems to have a problem downloading the feeds. For example on my Metafilter feed, the latest item is from the 5th of this month, whereas Bloglines correctly shows it up to date. Of course the best thing about Bloglines is that you can access it from anywhere, which is the main reason I’ve used it over Thunderbird. Bloglines also lets you clip an article or post it to a blog, and right now I’m trying how to set it up to post it to this blog here. There was an interesting hack on how to change the ‘post to blog’ link to ‘post to del.icio.us’ instead, but I havent’ found it yet.

Enter BlogBot. It syncs Bloglines with Outlook, or you can sub to any other feed that you want. It also has a ‘post to blog’ button that I haven’t quite gotten to work yet. I’m not sure how much I like working in Outlook, so I downloaded the trial version of FeedDemon, which has a much more elegant interface, and also will sync with Bloglines.

There’s also another site called NewsGator that is very similar to Bloglines. I’ll be testing it out here in the next few days.

Been a long time

Wow. what a week. I finally got around to my annual reinstallation of windows. My destop system became so unstable, and I had no choice. I used BartPE to copy everything on my root drive to a sub folder and then I reinstalled Windows. It’s something I recommend that everyone does after a year or longer; your system gets so bogged down otherwise.

It’s a real pain in the ass trying to get all of your stuff transfered back to the point where you can get some work done, but it ’s worth it. It’s nice seeing my computer running like it should again.

To help make things easier
I put together a folder of programs in one download that should be run right after reloading windows. It includes copies of AVG Antivirus, Mozilla Firefox and Thunderbird; Real Alternative and Quicktime Alternative, two installations removed of all the bloatware; Microsoft Antispyware; Winrar, a winzip alternative; the Java installer, Azureus bitorrent client, and the popular mp3 player Winamp. I also discovered Executive Software’s Diskeeper. It’s a ’set it and forget it’ defrag program. After almost 2 years it was amazing how messed up my drives were.

I’m going to try and post the package up soon. I’m need to create a self extracting .zip file and then it will be ready.

Somebody might have noticed that dahifi.net is now no-www compliant, meaning that all traffic to www.dahifi.net gets silently redirected to dahifi.net. It is annoying to type in a web address without the www. and get a 404 error. Just bad webmastering I say.

February 2005 Wayback

February 28, 2005

John Gilmore and the Search for the Mandatory ID Law

From this Slashdot post:

John Gilmore, the millionaire who co-founded the EFF, has been prohibited from travelling because he refused to show an ID while boarding an airplane. He’s been under this self-imposed ban since 2002. From the article: “The gate agent asked for his ID. Gilmore asked her why. It is the law, she said. Gilmore asked to see the law. Nobody could produce a copy. To date, nobody has. The regulation that mandates ID at airports is ‘Sensitive Security Information.’ The law, as it turns out, is unavailable for inspection. What started out as a weekend trip to Washington became a crawl through the courts in search of an answer to Gilmore’s question: Why?
Slashdot points to this Post Gazette article on Gilmore.
Gilmore’s the same person who got kicked off of a plane for wearing a ’suspected terrorist’ button back in 2003 and arrested for not turning on his laptop for airport security and showing ID. This last link from Declan McCullagh of Wired ends with the quote that “if Congress decides to sacrifice freedom for security, the country will ultimately enjoy neither.”

Posted by Michael at 08:01 PM
Comments (0)

TrackBack

Brain Implants

There’s a great article at Wired about Matthew Nagle and the BrainGate, an implant in Nagle’s head that allows him to control a computer cursor. Nagle, a quadriplegic paralyzed in a knife attack, has a chip embedded in his head which interfaces with the computer. Wired has an earlier article on how “if people with physical handicaps could control a computer by just thinking, they could also operate light switches, television, even a robotic arm,” and has a video of Matt using the BrainGate. (23MB .wmv file)

There was other news today on how researchers have developed a pacemaker for the brain to treat depression. The device uses deeply implanted electrodes to stimulate the brains of those with depression that has not been helped by traditional treatments. They basically stuck wires deep in the brain, ran them inside the back of the skull to the neck, and then around to the chest where a battery was implanted to provide constant electrical stimultaion.

Posted by Michael at 07:08 PM
Comments (0)

TrackBack

Our Founding Fathers: Deists and Secular Humanists

Not that I am an atheist, but the separation of church and state does mean something to me. Liberal magazine the Nation’s Brooke Allen reminds us that “In God We Trust” did not appear on our money until after the Civil War and “under God” was not part of the Pledge of Allegiance until McCarthy was doing his thing in 1954. He also quotes from the Treaty of Tripoli which contains the following:
As the Government of the United States…is not in any sense founded on the Christian religion–as it has in itself no character of enmity against the laws, religion, or tranquillity of Musselmen–and as the said States never have entered into any war or act of hostility against any Mehomitan nation, it is declared by the parties that no pretext arising from religious opinions shall ever produce an interruption of the harmony existing between the two countries.

He states that this treaty was ratified in the Senate in 1797, the 339th vote by them and only the 3rd unanimous.

He also talks about how most of the founding fathers were deists, that “if we define a Christian as a person who believes in the divinity of Jesus Christ, then it is safe to say that some of the key Founding Fathers were not Christians at all.” He quotes Franklin, who said “a man compounded of law and gospel is able to cheat a whole country with his religion and then destroy them under color of law.” He also quotes Jefferson as saying “no nation has ever yet existed or been governed without religion. Nor can be. The Christian religion is the best religion that has been given to man and I as chief Magistrate of this nation am bound to give it the sanction of my example.”

Allen closes with the remark that “though for public consumption the Founding Fathers identified themselves as Christians, they were, at least by today’s standards, remarkably honest about their misgivings when it came to theological doctrine, and religion in general came very low on the list of their concerns and priorities–always excepting, that is, their determination to keep the new nation free from bondage to its rule.”

We should keep this in mind today.

Posted by Michael at 01:12 AM
Comments (0)

TrackBack

February 27, 2005

Unreal 3 Engine announced

Unreal technology has revealed thier Unreal 3 Engine. Check the screen shots, especially the detail on this shot. Wow. Hopefully Unreal 3 will be better than Quake 3 and Half Life 2. (Not that either of those were bad, but I can’t wait.)

Posted by Michael at 02:37 PM
Comments (0)

TrackBack

Barbara Boxer unveils Count Every Vote Act

via DailyKos and Boxer’s website:
The Count Every Vote Act of 2005 will provide a voter verified paper ballot for every vote cast in electronic voting machines and ensures access to voter verification for all citizens, including language minority voters, illiterate voters and voters with disabilities. The bill mandates that this ballot be the official ballot for purposes of a recount. The bill sets a uniform standard for provisional ballots so that every qualified voter will know their votes are treated equally, and requires the Federal Election Assistance Commission to issue standards that ensure uniform access to voting machines and trained election personnel in every community. The bill also improves security measures for electronic voting machines.

To encourage more citizens to exercise their right to vote, the Count Every Vote Act designates Election Day a federal holiday and requires early voting in each state. The bill also enacts “no-excuse” absentee balloting, enacts fair and uniform voter registration and identification, and requires states to allow citizens to register to vote on Election Day. It also requires the Election Assistance Commission to work with states to reduce wait times for voters at polling places. In addition, the legislation restores voting rights for felons who have repaid their debt to society.

The Count Every Vote Act also includes measures to protect voters from deceptive practices and conflicts of interest that harm voter trust in the integrity of the system. In particular, the bill restricts the ability of chief state election officials as well as owners and senior managers of voting machine manufacturers to engage in certain kinds of political activity. The bill also makes it a federal crime to commit deceptive practices, such as sending flyers into minority neighborhoods telling voters the wrong voting date, and makes these practices a felony punishable by up to a year of imprisonment.

While it’s not quite the Votestation, this bill should be passed because of the prohabition on state election officials. Having the chief election officals of Ohio and Florida and Dieblold’s senior exec campaign for Bush in the last election never should have happened. Restoring felon’s right’s to vote kinda leaves a bad taste in my mouth and will be the main point that the right uses to squash this bill. I’m not sure that I believe that a person’s right to vote should be restored. I think that this provision of the bill should be dropped; you will never get conservatives to vote for this bill otherwise. Expect to hear a lot of talk about this in the coming week.

Posted by Michael at 11:48 AM

Comments (0)