Idiotprogrammer Blog

Category: Privacy and Security

  • The Keys to the City are Yours

    I have many opinions about Wikileaks,  none of which are original or interesting (if you want that, try here, here, here, here, here, here and  here).

    What I find more interesting (and disturbing) is the reappearance of Anonymous to defend Wikileaks. Three  thoughts:

    1. If a bunch of anonymous hackers can take down several notable sites so easily, how can owners of smaller sites rest at night?
    2. Although I’m glad that the New York Times is finally tackling Anonymous, it would be harder for bloggers and smaller sites to speak with such candor (especially since Anonymous is so arbitrary about its targets).
    3. I have to wonder whether Anonymous will ever go legit (especially against such obvious targets like the Chinese government). How easily could an anonymous flashmob movement be manipulated to carry out an attack on behalf of a  well-funded  interest?

    Related: Tom Scott envisions a flashmob nightmare scenario.

  • Charleston Town Center Mall abuses private citizens!

    A few days ago an internationally known award-winning photographer was arrested for innocuous taking of photos (and allegedly resisting arrest). Gary Harki writes a great story of the incident.

    As it happens, this photographer was arrested once before – for taking photos of Bill Gates wedding from a public place. The photographer sued the major employer at the island and Bill Gates himself and ended up settling for a substantial sum about false arrest (which he donated to a local school to set up a scholarship fund). He ended up receiving an apology letter written by Bill Gates himself.

    Harki reports:

    Rensberger said he doesn’t know if he will sue the department over the incident.

    "I don’t think I have a choice," he said. "If this guy shows that kind of force to a guy who took a picture of a choir and of Santa and a uniformed police officer in the mall, then what kind of force is he going to show someone in a dark alley somewhere where no one was watching."

    That’s a lawsuit I’ll be watching for. Other professional photographers weigh in.

  • “There is just nothing left of her.”

    Karen de Sa reports a heartbreaking story of parental abuse and murder. The criminal father of a young girl received full custody during a divorce and ended up killing her. The method was particularly nefarious. Not only did he sexually abuse her, but he told everyone that the girl had run away.  The mother disagreed and thought something funny was going on, but she was unable to convince the police to investigate. Eventually, they did, and they later found the girl’s body in the backyard. image

    Here are some infuriating things about this story:

    1. the fact that a convicted & violent  criminal would gain full custody seems very scary. I realize that some divorce/custody hearings leave no good options, but this seemed to be a situation that begged for strict oversight. 
    2. Economic disparities played a role. “Allen, a former assembly worker now working for a restaurant, was deemed unfit by the court. She had made a frank admission to feeling depressed after what she described as years of persecution by her children’s father. Prior to Chiarello’s decision, records show, Allen told the court she had fled multiple states to get away from Mesiti and even to Canada, where she and the children stayed in battered women’s shelters." But while Mesiti’s court filings were formal, typed responses from his private attorney, Allen’s pleading letters to judges were hand-written. She reluctantly agreed to sign off on the custody order —in large part, she says, because she could not afford to raise the children without the child support payments Mesiti had been ordered to make.
    3. Lack of follow through about runaways. Apparently this was considered a cold case. The murderer/father claimed he received calls from the girl. (But did anyone look at phone records?). In this day and age, it would seem easier to verify someone’s existence.  Just keep in contact with her 20 best friend on a monthly basis. For heaven’s sake, she had a myspace page. It doesn’t add up that a young person like that would just stop communicating with anybody and never be seen. Everyone at some time or another is going to use a cell phone. That should make it easier to trace “legitimate runaways” and make it easier it identify the truly missing.
    4. Lack of neighbor involvement. From a discussion board: "(The residents in the neighborhood) didn’t even know a girl was missing," Charlton said Friday. That is unsurprising given that the father was allegedly the murderer.  But why not have a rule: if a person is missing in a neighborhood, all people in a 1 mile square radius should be notified?
    5. The ex-wife and mother notified the police repeatedly that the story was fishy. “When Alycia disappeared in 2006, Allen said she never believed the girl had simply run off. "I knew in my heart of hearts that she was gone, but no one would listen to me. I was fighting with police, saying ‘She’s not a runaway, she’s a missing person!’" Allen recalled. "But the police stopped taking my calls. They said, ‘She’ll come home, she’ll come home…’"

    Domestic violence expert Kathleen Krenek comments:

    Mark Mesiti was awarded unsupervised custody in 2005, even though he had a lengthy criminal history including a domestic violence conviction. He violated his probation and was sent to prison. For the seven years previous to gaining custody of his daughter, he amassed a variety of charges. All were red flags. Welfare professionals and Alycia’s mother raised them during the custody battle.

    The father was given custody after it was found that the mother was depressed — often the effect of battering — and therefore unfit to care for her daughter. As an alternative to this deadly decision, couldn’t we have wrapped the mom and her kids in supportive services and allowed them to heal together? Abuse is treatable. Homicide is not. Now healing will never happen for the remainder of this family.

    I’ve worked with domestic violence for 25 years, and I understand the complexity of family law cases. But the errors in this case are too obvious to use complexity as an excuse.

    Victims of domestic violence in family court often present their case without representation, while perpetrators often bring attorneys. The imbalance of power the perpetrators use at home to control the victims follows them into family court. When this imbalance exists, victims may not be able to effectively voice their concerns and articulate their needs. Often we don’t believe them. The myth that they are lying about their abuse to gain the upper hand continues to haunt the system.

    This story is both shocking and outrageous.  I don’t want to sound too mad at the social services people; it’s way too easy to second-guess their decisions after the fact. However, is our society so callous that the disappearance of a young teenager no longer sets off alarm bells?

    Thankfully, here’s a site called Help Find the Missing  that serves as a discussion board for missing people. If you go to the home page, you can see the current cold cases for your state (here is Texas). The problem with these cases is that the most vulnerable don’t get much media coverage unless there is something unusual about it. People die and disappear every day; so what! The people running this site  are amateur sleuths, but it serves a purpose of making it easy for strangers to find out information about this people and cases quickly. In some cases, a missing person may simply have decided to disappear or leave the country. It’s not impossible that the missing person himself or herself could be following the thread to see what the reaction is!  Each case reads like a mystery; unfortunately, the Alycia Mesiti story has a tragic ending. Before the net, it was next to impossible to follow these cold cases; now though a thread can lie dormant for weeks or months and suddenly become active. It’s reassuring to know that for many of the “solved mysteries,” the last page will contain the answer (good or bad).

    On the other hand, there are dangers running such a site. Privacy concerns. It’s easy for outsiders to point the finger at obvious suspect without appreciating the complexity of the cases. (But making guesses in public can be fruitful). Also once these bulletin boards attract the interest of the concerned party, it can start containing leads and nonpublic information (and perhaps even misleading lies)..

    I encourage people to follow missing person reports for their state. I looked at the faces on the Texas page and feel spooked (but glad someone is keeping track of them). You can look at the pages of “found safe” people and memorials,  The most frightening thing about  the Karen De Sa story was how traces of the dead person have disappeared:

    Mesiti was in jail when his daughter’s memorial was held last month in a Cupertino chapel. During the service, a lifetime of classic childhood moments beamed from photos spanning her short decade-and-a-half: Alycia mugging in an oversized T-shirt, stirring a pot of macaroni and cheese and hugging a Snoopy doll. In the last photos, she posed for her 8th grade prom, a fleeting brush with adolescence.

    For her part, Allen tosses endlessly most nights. She tries to stay focused on her last day with Alycia, when she and her daughter ate tuna sandwiches and splashed in a downtown San Jose fountain.

    Their next encounter would be three years later at the Stanislaus County coroner’s office.

    "I couldn’t even pick up her personal effects," Allen lamented. "There was nothing. There’s just nothing left of her.”

  • Thread to End all Threads

    (First posted December 4, 2008).

    Last Saturday I came across a single post on a forum. This forum was one I had never heard of, and the subject was something I had also never heard of. Someone had linked to it from another site, and I found the subject to be of immense interest.

    I am not going to mention the forum or the subject of the forum thread (for various reasons).  But I wanted to add that the forum thread consisted of 1311 different posts from maybe 100 different people. The forum post itself consisted of 130 pages, and the subject was so provocative and controversial and potentially embarrassing that I feel confident that –for the moment at least —  this forum thread was the definitive word on the subject in the world.

    Admittedly, I had more than just a passing interest in the subject, and not a subject with which I would like to be publicly identified (this was a common sentiment among forum posters). In fact, I never knew such a phenomena existed, although now that I saw the body of research about it, I now realized that it explained a lot of things about the world. (A wikipedia page was recently started on the subject, which though incomplete, would surely contain a more exhaustive treatment of the subject  as time went by).  I feel  confident that this little known subject will be more widely known in the next 10 years (maybe to the point of it being a household term). People of all educational backgrounds had posted something on the thread, from different parts of  the world. At first, only those directly involved in the matter started posting, but once the forum thread acquired momentum, all kinds of people were posting, including those only tangentially involved to the subject at hand.

    Many people had anecdotes to contribute, and experts provided lots of detailed analysis and commentary. Some even appeared to unmask the charlatans who had already posted previously on the thread; others merely provided links or more academic evidence. The single forum thread consisted of about four years of posts, and in fact, there were several links to several different forums discussing the issue in parallel, as well as forum threads which had started in response to this one.

    Many felt compelled to share personal experiences on the subject (some were entertaining; most were heart-rending); Others simply posted to express their gratitude at having found a bunch of like-minded individuals. Several posts inquired about people who had posted earlier in the thread (30 or 40 pages ago). Were they still following the thread? Or had they abandoned the thread altogether? One poster pointed to the disappearance of several frequent contributors as a positive indication that the individual was no longer seeking information or guidance.   Some reflected on the philosophical implications of the phenomenon; others claimed we needed to raise awareness and even insist on more public research on the subject; Some merely felt that the forum posters were making too much of a big deal about something. Some just misunderstood one another’s points and showed only a half-understanding.

    Some raised ethical questions; some expressed sympathy for those directly affected;  some proposed solutions (both impractical and commonsensical). Some expressed the hope that because this forum thread exists, a solution was possible..and even likely. Some indicated that a solution was still impossible, but the most one could hope for was greater understanding and steps to prevent the problem from becoming larger. Some gave reports about experiments they tried (with both positive and negative results). Some said the problem was too intractable for easy solutions. Some felt that government involvement was necessary and inevitable.   Others felt that naive and a little dangerous; they argued that this subject would continue to exist on the peripheries of the law.

    Some were starting an academic career to study this phenomenon; others were gathering evidence to suggest the problem was no longer an isolated one. Still others just wanted practical advice about what steps to take in response. Nobody in fact knew…although everyone had theories. On the same thread there were victims, perpetrators, professionals, amateurs, entrepreneurs, intellectuals and moralists. Several had been dealing with the subject for decades while others had only encountered it for the first time and were amazed to find others. Amazingly, because of the esoteric nature of the subject –but also because of the obscurity of the forum itself, everyone was polite to one another and willing to facilitate honest discussion. In fact, though, the subject matter itself was so inflammatory that it seemed only a matter of time before the discussion become less civilized and more insulting.

    It took me several days to read all 1300  posts (and  hyperlinks). In fact, the forum was so unwieldy and referred to so many previous posts that I ended up pasting the entire forum onto a single text file for easy reference.  I confess, I don’t really understand a lot about the subject, though after reading through,  my level of understanding had improved dramatically.  I certainly don’t regret stopping everything I was doing to read this forum from start to finish–though I wish there was an easier way to skip through posts.  I felt inclined to add my own opinion, though to be honest, my insights paled before those who had contributed before. Nonetheless, I probably will contribute at some point and will surely keep up with the thread over time.

    Because of the unwieldiness of the thread, some proposed breaking the single thread into several; others started entire blogs about the subject containing excerpts of the discussion; some people went off onto tangents (if only because the subject affected everybody and everything even in an insignificant way). Perhaps I will buy a book on the subject — though none currently exist. Still, academic journals were starting to cover the subject though not with any fresh insights (and certainly nothing that wasn’t already mentioned in the forum). After a while, it became clear that the amount of new insights by people were diminishing; people simply were updating with more information and links and anecdotes or simply to show how their viewpoints have evolved. After completing the 81 page thread in its entirety, I felt comforted and certainly not alone–although I just wasted half the weekend reading the thread from start the finish (with two naps in between). Even though it’s not a subject to dominate my mind (for now at least), I admit to having enough curiosity to keep up with this thread over time…at least until people stop adding to it.

    I know I’m being coy by not divulging the subject matter. Yes, this forum was for real, and that’s what this very post is about. Still, as I write this post, I realize that I’ve come across at least 5-10 forum threads of similar length over the last year–feeling the same shared perceptions and determination to unmask the truth. When surfing the Internet, you don’t wish to insert your public identity into a forum as provocative as this one; it is far easier to lurk or to post under pseudonyms. All of these were great discussion threads, full of insight into humanity and creative thinking–enough to make me optimistic about human inquiries.

    Yet, during all this time, I sat reading in the darkness,  thinking, wondering, dreaming.

    June 2010 Update. Checked the forum again. It was locked as of February 2009 (3 months after I posted this piece). Google shows 44,000 search results for the phenomenon.

    August 2012 Update.  200,000 search results for the subject, and Google shows that the original forum has dozens of threads about the same subject, while threads in other forums are beginning to show the subject as well.

    October 2015 Update. 487,000 search results, and now all the major media sites have written about this phenomenon, and the wikipedia page for it is fully fleshed out and annotated. Also, 4 books are for sale on Amazon about it.  5  youtube videos are now watchable about the topic.  You will probably laugh if I reveal the topic (chances are that most readers have still not heard of it), but really the topic is not so interesting as the way it has grown on the web without ever seeping into the public consciousness.

    March 2016 Update. I just wanted to mention that there are 20+ threads about this topic on the REDDIT discussion site and at least 10 web domains devoted solely to the topic.

    May 2017 Update #1.  Although the search results are the same, I see that the top results on the search engines are more informational and not terribly focused on the political/social/commercial implications. Amazingly, Google shows 4000  videos about the topic.

    May 2017 Update #2. Although I still think it’s better not to reveal the topic, I have no objection revealing it later — maybe 20 years from now.  So if anyone is reading this after May 2037,  feel free to contact me, and I’ll be happy to reveal it!

    July 2021 Update. Google now shows 627,000 search results, 38,900 videos (but alas no, Ted Talk). 140 search results on Amazon. The number of videos on the topic is truly remarkable — and yes, all seem to be legit. Aha, I see that there was a TED talk on a different but semi-related topic. As a joke, I googled the term with the additional word “song” and indeed, Youtube does have one song about the subject. (It’s hilarious; I’m dying to link to it! Alas, I’m sticking to my promise not to reveal the topic until 2037).

    October 2024 Update. Wow, the topic was covered by one of my favorite podcasts recently. Although Google no longer lists the number of search results, I noticed that the wikipedia page shows that it has been translated into 18 languages. Holy cow! I mentioned having found a funny song about the topic on YouTube on my last update. Now apparently I have found over a dozen songs — including a new one that is funnier and dumber than the one I originally enjoyed. There is also a heavy metal song and a punk song. I really have to create a playlist; it is so bizarre that anyone would make up a song about this topic. Now I see that there’s a (still small) subreddit on the topic. There are about 500-1000 products being sold on Amazon about the topic (depending on how you count).

    July 2025 Update. On a lark I asked two AI engines (Copilot and Perplexity) to analyze this post and make guesses about what the unspecified subject might be. I am not going to comment on the accuracy or relevance of these AI responses, but all of the possible answers are very interesting and plausible and consistent with the post’s timeframe. Some of the AI-generated guesses were hilarious!

  • Advertising vs privacy

    Wow, I knew about the trick of replacing your hosts file on your PC to block out adware/spyware/malware traffic. But last time I installed Windows I never got around to doing it. After I came across this site about blocking parasites from your PC, I got around to doing it.

    Yes, it works (you should run the install script as admin and (if you’re on XP) set the DNS service to manual (it’s explained on the page). Not only does it work, but pages load really fast. See also this slashdot question: are ad servers slowing down the Internet?

    I actually don’t have a real problem with advertising on the web and I’ve found ad blockers to be more trouble than they’re worth. My beef is with doublecheck and other data aggregators that compile profiles about individuals. I’m also curious about which publications/web applications will be disabled as a result.

    Oops, it also blocks webservers you run on your machine.

    Annoyingly, it filters out google adsense as well. What a pain. Why do I say this? I’m trying to implement ads on various websites and want to be able to see the ads. Looks like I’m going to have to comment out a few things. I have a feeling it filters out website trackers and other things.

    Several other thoughts:

    1. When you block out third party adservers, you are also  blocking out a major source of revenue for independent bloggers. This basically means that sites which contract directly to show ads will be preferred (hello CNN, NYTIMES, etc).
    2. The reason I haven’t bothered with setting a safe hosts file is that I run as a nonadmin on my PC. That pretty much wipes away any chance of getting infected with spyware/malware. (I can download them; I just can’t run anything to hurt my system). Actually, now that I think of it, probably the most serious security risk is when I run as admin to install something. I need to remember to run AVG Antivirus on the .exe file before I install anything

    On a related matter, I lost my discount key/card at Kroger (which gives me discounts on groceries). They gave me a form to fill out along with my card, but then I never turned in the form! I’ve been using the card for a few weeks without problems.

  • XSS, Privacy and Carnivals and Bandwidth penetration

    An anonymous slashdot poster on why XSS vulnerabilities occur

    Samidh Chaktrabarti on the Carnival Booth algorithm for defeating terrorists.

    Speaking of airline security, practical nomad gets harrassed for making sure an airport worker was affiliated with TSA.

    Kip Hawley is an idiot…or some think that.

    Richard Wray reports some remarkable statistics on broadband penetration:

    In terms of total broadband users, the US leads the pack with over 60 million broadband subscribers. But second-placed China is fast closing the gap. From 41 million broadband users a year ago, China now has more than 56 million and based on its current growth looks set to over-take America as the world’s largest broadband market later this year.

    Based on broadband penetration, South Korea is by far the world’s top broadband user with nearly 90% of households online. Several small, economically vibrant and densely populated states are also high on the list such as Hong Kong, Monaco and Macau. The US – with broadband penetration at just under 53% – is in 24th place. Penetration in China, meanwhile, is 14.35% while in India – often mentioned in the same breath as China in discussions of emerging markets – broadband penetration stands at just 1.15% of the country’s estimated 200 million households.

    This is astonishing to me. First, it means that broadband users in China will outnumber that in the US this year. Also, the dominance of China will increase at an exponential rate among broadband users.  That has implications on lots of things:   web server security, ecommerce, multilingual websites, internet spam.
    We’ve heard of the slashdot/digg effect. Imagine what would happen in 5 years if the entire websurfing population decides to visit your website.  What we’ve had so far just doesn’t compare. (Luckily there is little on my own website that would interest the Asian audience).
    I’ve written before about the India vs. China thing. We hear a lot about India because of the common language, but with that broadband penetration rate, India will never come close to the economic influence of China. On the other hand, I suspect China’s top-down method of planning probably will be damaging in the long term.

  • P2p the safe way

    Great digg forum about how to use p2p without getting hounded by the RIAA/MPAA. The consensus seems to be: 1)use usenet (you’ll have to pay $15 or so, but you’re not sharing anything, plus usenet servers don’t keep logs), 2)only use private torrent trackers (i.e., darknets like waste) and 3)use encryption methods like Tor, 4)put your p2p content on an external hard drive (which can be discarded–that raises the question of inconvenience/plus the problem of being accused of tampering with evidence), 5)use one click download sites like rapidshare, Megaupload and Yousendit (but do they save IP addresses on their logs?) Also, 6)if you download infringing content from major media companies, make sure to take things out of the shared queue as soon as possible and 7) use SafePeer azureus plugin to filter out IP addresses that might be dangerous or threatening. Also, 8 ) don’t use piratebay or limewire. Other quotes:

    Basically, if a teenage girl knows how to do it (i.e. teenie bopper on Limewire), than it will probably get broken up quickly.

    …There is currently development underway for a P2P system that does not break any laws, regardless of what is “stored”. The project is called the “OFF” or “Owner Free Filesystem“. Basically everything that is stored is literally randomized bits in the form of 128kb blocks, and the instructions on how to assemble these blocks into “useful” files are stored in a URL. Things really get interesting when you find multiple uses for the same blocks, and it turns out that you already have a certain number of blocks already needed on your harddrive before you begin downloading a certain file!

    A lot of the more renowned hosts now have encrypted downloading. The only way someone would get caught is if a subpoena was sent to the usenet host, and most don’t keep logs. On top of that, the majors (RIAA, MPAA) still don’t go after people for downloading, they get you for uploading. Usenet doesn’t require you to upload at all, just download. Granted, you’ll have to fork over ~$15/month, but the benefits are tremendous. I’m able to max out my 15Mbit connection; I’m lucky to get > 8 Mbit via torrents.

  • Incompetent Content Filters at school

    If you’ve been following the Amero case (about the substitute teacher who accidentally exposed her students to porn because of spyware), this analysis (7 pages long!)  by Mark Rasch is particularly thorough.

    Actually, given the fact that I am single, I am relatively ignorant about home solutions for content-filtering for PCs accessible to kids. Anybody have suggestions?

  • Bluesecurity calls it quits! Spam Problem Continues

    Slashdot forum on the announcement that bluesecurity is getting out of the spam-fighting business. Some of the juicier comments:

    Which brings us right back to a centralized server in the first place. As long as everything has to pass through a single choke point (or even a small number of them), they are susceptible to the same DDOS attack. If there is no authoritative verification, you essentially just created a P2P DDOS system that the spammers/organized crime/anybody can (and will) readily abuse. Therin lies the rub.

    ***

    Most of the ISPs are now large telcos and cable companies who hire support staff at would-you-like-fries-with-that wages. They don’t have the capacity or the incentive to disinfect a zillion Windows boxes. It’s much cheaper to buy a bigger pipe. Of course, Microsoft owns the root problem. They sold a supposedly consumer-grade operating system that consumers can’t maintain. Windows needs a dialog box that says, “You computer has been invaded by evil fuckwads. Would you like to kick them out?” where the two choices are “Yes” and “Ok”.

    ***

    The other co-dependent in spam are the credit card companies. They make a killing off of the tranaactions. If VISA were to pull the plug on any company that allows their account to be used by spammers we would see an instant end to spam. Call up your bank and ask why they allow their visa acounts to be used for spam.

    ***

    Personally I’m waiting for Google to step in, collect the pieces of Blue Security, then offer it as an automatic feature built into gMail. Spam gMail (x million accounts), someone checks that it really is spam, and then the spammer effectively gets a message saying “Stop spamming Google customers”. Ignore it, and that’s x million identical requests sent by one mother of a system.

    Finally, a sobering article by Mark Pilgrim. It’s old but still relevant:

    It’s a full-time job, and everyone will hate you, and it still won’t work. Spammers are smart and determined, and people are numerous and stupid, and spam pays. You can’t make it not pay. Going after their ISPs won’t help; they’ll auto-register somewhere else. (Already happening.) Going after their upstream provider won’t help; they’ll cut deals with the backbone providers and keep going. (Already happening.) Going after them in court won’t help; they’re already living under friendly governments. (Already happening.) You can’t stop them with Turing tests; they’ll hire child workers to read your images and manually register/post/ping/trackback/whatever. (Already happening.) Then they’ll attack you with the power of 100 million owned Windows boxes and knock you off the Internet. (Already happening.) They will keep coming and coming and coming until you give up, go home, cry uncle, take Prozac, get a regular day job to replace the one you quit when being an anti-spammer became your full-time job.

    I don’t know enough about the problem or the financial costs to have a serious opinion. However, I expect blue frog supporters to rise again, this time with a better plan of attack (or even a noncommercial motive). I worry about South Korea and China. I shudder to think of the hundreds of thousands of future zombie webservers coming online every year, most being run by amateurs like myself.

    I like the idea of ISP’s quarantines zombie servers into subnets that block smtp, although surely spammers could find more friendly ISP overseas. (It also boils down to Walmart-style cost-cutting: the lower cost a webhosting service is, the less likely you are to adopt zombie prevention measures.

    From a user perspective, perhaps the email spam problem may simply mean more reliance on web-based emails rather than desktop clients. As an aside, I’m interested in phishing techniques on the subject line: how do you get people to open an email purely on the basis of the subject line (The question of eye-grabbing headlines is important to any journalist as well).

    On another note, my apartment is being overrun by a different species of vermin: roaches!

  • Using Blue Frog to Fight Email Spam

    Email spam wars have begun!

    The spam fighters are under attack, but bluesecurity.com is where you can download blue frog, a tool that sends opt-out emails to spammers. A security expert summarizes:

    Blue Security’s approach to reducing unsolicited email is to combine a do not email registry with a mechanism that automates and simplifies the user’s process of complaining about violations. If messages are sent to Blue Security members, in violation of Blue Security’s do not email registry, Blue Security identifies the merchant advertised in the messages and issues an initial complaint. The initial complaint is sent to the merchant, the merchant’s domain registry technical contact, and the merchant’s Internet service provider. If the initial complaints are not resolved satisfactorily within a ten day grace period, Blue Security writes a script that guides the member’s desktop computer in submitting a complaint via the merchant’s web site. Each member who receives subsequent email in violation of the do not email registry may send an automated complaint. The total number of complaints sent will always be less than or equal to the number of messages received that violate the do not email registry. The fundamental economics of sending unsolicited emails change when this happens, because the sender now has to ensure that their site has the capacity to potentially handle hundreds of thousands of simultaneous complaints.

    At the risk of being called a Luddite, I use web-based email only, although I might be using my fastmail IMAP account to download mail (yes, keeping it on the server is the safest place for it to be!).

    Here’s a background discussion of Blue Frog/Blue Security on digg.  You have to give credit to the ingenuity of this project.

  • Statements and Contradictions (or Lies)

    George W. Bush, April 20, 2004 :

    Now, by the way, any time you hear the United States government talking about wiretap, it requires — a wiretap requires a court order. Nothing has changed, by the way. When we’re talking about chasing down terrorists, we’re talking about getting a court order before we do so. It’s important for our fellow citizens to understand, when you think Patriot Act, constitutional guarantees are in place when it comes to doing what is necessary to protect our homeland, because we value the Constitution.

    Tim Noah comments:

    White House spokesman Scott McClellan, asked at a Dec. 20 press briefing whether the president’s 2004 remarks might have been a wee bit misleading, said, “I think he was talking about [it] in the context of the Patriot Act.” In other words, Bush was reassuring his fellow Americans that he wouldn’t impose warrantless wiretaps under the Patriot Act because he was already imposing warrantless wiretaps with no legal authority at all. He just forgot to say the second part.

  • Falafel and Patriots

    The Onion’s scoop on the renewal of the Patriot Act: (See Dec 13)

    Bill Parker, Metal Fabricator
    “Dammit! I’m never going to be able to check that falafel cookbook out of the library.”

  • Is .xxx a bad idea?

    Why a .xxx is a bad idea. I summarize: 1)they’ll be pressured to allocate certain IP addresses for adult sites, and that would be admininistratively maddening. 2)they’ll be pressured to create different categories of content (i.e., somewhatdirty.dirtysite.xxx vs. reallydirty.dirtysite.xxx) which is ultimately self-defeating, 3)it’s a trivial task to redirect people from a .com site to an xxx site. 4)controversial content will be steered into .xxxx sites, and this is bad.

    The most interesting observation:

    An adult top-level domain could have negative legal repercussions by endangering free expression. U.S. Supreme Court Justice Sandra Day O’Connor has suggested that the presence of “adult zones” on the Internet would make a future Communications Decency Act (CDA) more likely to be viewed as constitutional. In her partial dissent to the Supreme Court’s rejection of the CDA in 1997 , O’Connor said
    that “the prospects for the eventual zoning of the Internet appear promising”.

  • Finding Rootkits on Windows/ Yum in Linux

    Rootkit revealers for Windows. From a slashdot forum on how to know if your machine is a zombie. The thought of this terrifies me.

    Here’s a list of valuable linux tools. Last night I made the switch to fedora (though I haven’t configured wireless or networking). I have to admit; I’m spoiled by gentoo’s emerge coolprogram commands. Which means I’m actually going to have to find and download various utilities (webmin, rsync, etc), to get them on my machine.

    I’ve been in rpm hell before, but hopefully the fedora yum/up2date solution will prove easier to manage. Aside from having a little more confidence in fedora than gentoo, I’m actually curious about how much RH/Fedora’s update solution has progressed. This time I’m a little wiser and more on guard. In RH I ended up installing/upgrading RPMs, installing binaries and then compiling things by source. The trick is making default paths the same for all your installs, which I was sloppy on before. Hopefully the linux standard base (LSB) will make this whole thing a lot less painless. Update: Here’s a how-to specifically on updating multimedia packages using Fedora. For example, you won’t have the mp3 codec unless you first obtain the specific package.

    I haven’t worked on a linux desktop in 2 years, although to be fair, almost all my tools are open source/platform neutral bits of software. So I might as well be running in linux. I can’t speak of hardware support or file explorers in linux, but I’ve been growing sick of them in Windows. To be fair though, USB support on Windows has been excellent, while linux has various hardware annoyances.

    Unfortunately, although linux-based synchronization solutions exist for a Pocket PC, in fact no good contact/calendaring application on linux is comparable to or compatible with Pocket Outlook. It’s one of those days when I really wished that Nokia 770 had arrived a year early.

  • Hotmail for Terrorists

    Steve Coll and Susan B. Glasser write an article about how al Queda used publicly available technology to run a base of operations.

    The movement has also innovated with great creativity to protect its most secret communications. Khalid Sheik Mohammed, a key planner of the Sept. 11 attacks later arrested in Pakistan, used what four researchers familiar with the technique called an electronic or virtual “dead drop” on the Web to avoid having his e-mails intercepted by eavesdroppers in the United States or allied governments. Mohammed or his operatives would open an account on a free, public e-mail service such as Hotmail, write a message in draft form, save it as a draft, then transmit the e-mail account name and password during chatter on a relatively secure message board, according to these researchers. The intended recipient could then open the e-mail account and read the draft — since no e-mail message was sent, there was a reduced risk of interception, the researchers said.

    They also used Houston-based Everyone’s Internet to share files.

  • Notes to the Guy Hacking my System

    Yesterday listened to the amazing audio talk by Clay Shirky, “Ontologies are overrated”. This talk (which later formed the basis for his article bearing the same title) is fascinating and important. I’ll respond when I have time.

    Handy list of computer security tools. Rootkithunter as was public key encryption and Monit was recommended to me yesterdayJust yesterday I learned about digg.com, which is a great resource for what’s hot on the Internet these days. (They have two categories in categories like security: all-time bests and then what’s hot now. As far as capturing memes, I usually check digg, delicious popular and blogdex (not to mention the usual suspects: Slashdot, boingboing, O’reilly, etc.). In the literary world we don’t have any decent aggregating service (and that’s probably for the best), though Maud Newton, Valve, Literary Saloon, Crooked Timber, Teleread, Scott (and probably 20 more equally insightful people) provide a good glimpse.

    Irritatingly, technorati is blocked by my company’s content filter. That’s really smart!

    Paul from melbourneit.com, leave me alone! (more…)