K-Squared Ramblings

91% of PCs infected with spyware?

This has got to be a typo:

About 91 percent of PCs today are infected with spyware programs that send information from your PC to an unauthorized third party.

NCSA (National Cyber Security Alliance, not the National Center for Supercomputing Applications of Mosaic fame) Chairman Ken Watson quoted by CNET in Study: Consumers take cyberattacks lightly.

That’s a staggering number, and I hope it’s supposed to be 19. Even so, considering how many computers there are in the world, it’s still a staggering number.

Spyware, viruses and worse are out there, and they’re all over both business and home computers. It’s worth checking out the NCSA’s website, staysafeonline.info, as well as others like CERT’s page on Home Network Security, the US-CERT website, or the FTC’s guide to Consumer Information Security (though I can’t quite get past the turtle logo on that one).

Interesting substitution

Today’s recipe:

HUMMUS

1 can (14 oz) chickpeas, drained, rinsed well
2 T unsweetened peanut butter
1 garlic clove
sea salt to taste
1/4 c olive oil
1/2 t cayenne pepper
juice of 1 lemon
1 T sesame seeds, toasted lightly
fresh bread for serving, toasted

Put first four ingredients in blender and blend until smooth. Keeping blender on, slowly add oil and lemon juice. Stir in cayenne peppper. If mixture is too thick, add some cold water. Transfer to serving bowl. Sprinkle cooled sesame seeds over pureed mixture. Spread on toasted slices of bread for serving. Serves 4.

********

I’ve seen hummus made with cannellini beans, hummus with eggplant, hummus with yogurt, and hummus with extra parsley (think of a cross with tabbouli). But this is the first time I’ve seen hummus with peanut butter. I suppose if you’re not likely to find tahini in your area, it would make an acceptable substitute. Still, shouldn’t you try to find tahini first? I’d imagine that stores in a lot of areas might be more likely to carry that than unsweetened peanut butter in the first place. Or you could just blend a couple tablespoons of plain peanuts for a while before adding the chickpeas. But the real problem here is that nobody’s going to be expecting peanuts in hummus. And if you have someone who can eat chickpeas but not peanuts, that could be bad.

Ah, tech support!

I took an odd tech support call at work the other day. Someone called in asking about how quickly she could get a new IP address, because she didn’t want anyone to know where she lived. I tried to explain it was all about the network connection, not the physical location, and no, it wasn’t associated with her email address either, and how are you connected?

It transpired that she wasn’t even one of our customers, and that she wanted us to “block” her IP by putting X’s through everything “like you have on your website.”

Huh?

Well, Read the rest of this entry »

What’s your childhood trauma?

I was thinking about the series of “Rogue Profiles” we’ve been getting every once in a while in The Flash and realized that quite a few villains based their M.O. on a childhood trauma.

It’s been long established that Heat Wave was trapped in a walk-in freezer during a school field trip, and has had a life-long obsession with heat. So when he decided to go into crime, a flamethrower was a natural choice.

The Pied Piper is another one: he was born deaf, and his wealthy parents found a doctor who could give him hearing. Naturally he became obsessed with sound, so sonic tech was his weapon of choice.

The Trickster was born into a family of acrobats but afraid of heights. So he invented “air walker” shoes, which he later used to start his criminal career — by holding up and robbing airplanes. Read the rest of this entry »

Fallacious Arguments

In honor of the upcoming Presidential debates, here’s A List Of Fallacious Arguments. (Found via a comment on sclerotic_rings).

Things you can learn from server logs

I’ve known for a long time that Flash: Those Who Ride the Lightning is the most-visited section of this site. For the past few months I’ve mainly been interested in how this journal is being found, read, etc., but I recently went to look at the Flash traffic statistics.

Here are the most frequently-requested pages over the past month:

1. Teen Titans
2. The site’s home page
3. Raven
4. Random team-name generator
5. Starfire
6. Nightwing (the original Robin)
7. Cyborg
8. Justice League
9. Flash III: Wally West

Yes, you read it right: the Flash is #9 on his own website! And aside from the home page and a generator that encourages you to hit reload to get new names, every page ahead of him is someone who appears on the Cartoon Network. Read the rest of this entry »

Love is in the spam!

Via SpamBlogging

Rob Cockerham of Cockeyed.com (home of the fascinating How Much is Inside? series) noticed the same model showing up in a lot of his spam (often wearing the same dress). He collected the advertisements, and linked them together in what he calls An Unsolicited Commercial Love Story.

Since he first wrote it up, other people have spotted the same model on banner ads, MSN articles and even a kiosk at UCLA. Where will “Alicia” show up next?

(Aren’t stock photos fun?)

Bunny Xing

Across the street from the Irvine Civic Center:

This brings back memories of days in UCI’s student housing. There were rabbits everywhere. The complex was right next to a big empty field, and rabbits would hop through all the time. “Oh, look, a rabbit!” “Yeah, yeah, same old, same old.”

But this is the first time I’ve seen a road sign. Of course, given that even the people in Irvine can’t stick to crosswalks, I expect there will still be problems with jaywalking (jayhopping?) rabbits!

Gondor Found!

After four drive-bys, I finally managed to get a picture of the Gondor street sign. It was far enough away that it’s barely readable (this is the native resolution on a 5 megapixel image — it’s not shrunk, it’s just cropped). Eventually I ought to turn onto a side street, park the car, and walk to a nice vantage point instead of just holding the camera with one hand while zooming by and hoping I get an image.

I’ve updated Living in Middle Earth.

Sci-Firewire

You know how you see some numbers in one context so often that you think of that meaning when you see them somewhere else? Seriously: If you’ve spent a lot of time on the web and you notice the clock reading 4:04, or a price coming up as $4.04, etc., chances are you find it funny, right? It’s like realizing that someone’s initials are A.T.M.

Well, I was looking at the Star Wars Trilogy on Amazon and noticed it had 1394 reviews:

I saw that number, and my mind instantly thought “Firewire.”

(Yes, the question of the day is, “How can I make a post about Star Wars even more geeky?”)

The Storm That Wouldn’t Die

Amazingly, Hurricane Ivan is back [note: originally linked to CNN; replacement link found via Wikipedia]. The remnants of the storm drifted back out to sea, which got them going again… and Ivan was again classified as a tropical storm.

Flood warnings are in effect in Louisiana and texas. Again.

(via Meyerweb)

Another bogus warning

Here’s another one. First the notice they sent me:

Subject: VIRUS (Worm.SomeFool.P) IN MAIL FROM YOU

VIRUS ALERT

Our content checker found
    virus: Worm.SomeFool.P
in your email to the following recipient:
-> ADDRESS REMOVED

Please check your system for viruses,
or ask your system administrator to do so.

Delivery of the email was stopped!

And now my response:

Subject: BOGUS ALERT (sent to wrong address) IN MAIL FROM YOU

BOGUS WARNING ALERT

My BS checker found
    bogus warning: notice sent to known-forged sender
in your email to the following recipient:
-> MY ADDRESS

Please check your virus scanner for better notification options,
or ask your system administrator to do so.

All modern email-based viruses forge the sender address. Additionally, since your virus scanner was able to identify the specific virus, it can determine on its own that this virus always uses a forged address.

By notifying the supposed sender of a message when you know that sender is forged, you are knowingly sending virus warnings to people who are, in all likelihood, not using an infected computer. Messages like these are just noise, and the more of them that are sent, the less attention people will pay to *real* warnings. Additionally, it also runs the risk of causing unnecessary concern among the less tech-savvy (and extra calls to tech support about the nonexistant virus they fear they have).

(Feel free to re-use my response. I partially quoted myself anyway.)

I’m contemplating building a “hall of shame” and actually posting the sources of some of these. Any thoughts?

Interesting Acronym

From a recent abuse report:

Hello. The spammer below is either using your resources to send out BULK, unsolicited, S.P.A.M. or is deceptively trying to make it look as if from your server as the ISP.

I’ve seen similar wording before, mainly on reports via SpamCop, but this really made me wonder.

I know what SPAM is (processed lunch meat), and I know what spam is (unsolicited bulk mail), and while many people get them confused, this is the first time I’ve seen S.P.A.M. Obviously they meant spam, but what if it was an acronym?

So, what should S.P.A.M. stand for?

Web on Fire

Wow. The Mozilla Foundation set a goal of 1,000,000 downloads of Firefox 1.0PR in ten days. It only took four.

Now they want to see how fast they can reach 2 million.

It does make me wonder just what download numbers mean. I’ve downloaded it myself three times — once at work for Windows, then once each at home for Linux and Mac — and at some point I’ll need to download the Windows version at home. On the other hand, I installed the one copy I downloaded at work on at least three different computers. So the number of downloads is more than the number of people downloading, but less than the number of installations.

IE Flashback

I had to reboot one of the Windows servers on Thursday, at which point the GDI+ checker installed by Tuesday’s security fix popped up a message explaining that there was still some software with the JPEG vulnerability. OK, fine, I’ll run it again and see what’s missing. So I clicked on, well, OK, and it pulled up Internet Explorer.

More to the point, it pulled up Internet Explorer 2.0.

You see, that machine has some leftover files from a previous OS, and somehow the GDI+ utility picked up on that copy of iexplore.exe. Of course, it could barely handle the vulnerability info page — no ActiveX of course, and it even displayed raw JavaScript code at the top of the page because it wasn’t hidden inside a comment! (Even Lynx can handle that now!)

But once I fired up IE6 to actually run the test, I figured as long as I had the old one running, why not check a few site layouts? Or some browser sniffers, and see what it claimed and what it could handle?

Almost nothing, as it turns out. It couldn’t even find any of the sites I tried. And from the way it couldn’t find them, I realized exactly what was missing: it couldn’t handle virtual hosts. Read the rest of this entry »

Nostalgia not included

My dresser is an IKEA kit and was something of a bear to assemble. The second drawer down has recently developed the annoying habit of not closing on the first go, and I feel a strange obligation to fix it but I’m not sure how. It’d be nice if the stuff would come with more instructions for maintenance.

So this gets me thinking: IKEA furniture is Lego for grown-ups. You go to the store, look at the cool pictures, and pick up a box of parts to make the model you want. When you get it home and open the box, sometimes the picture inside doesn’t look like what you saw in the store, but you think, “Oh, what the hell, I’ll make it anyway, maybe I’ll figure out how to make the other thing later.” So you count up all the little pieces and lay them out and once in a while there’s some stuff missing but you always have extras around because every other set you have included the same interchangeable parts and didn’t need them all. When you start assembling it, you’re just about guaranteed to miss a step or do something out of order and have a tough time getting the pieces apart to put them back together right. And when you’re done, part of the enjoyment of having the finished product around is looking at it and thinking, “Hey, look what I made!”

Two places at once

Well, I picked up JLA Secret Files 2004 today. Not because I read JLA, or even Justice League Elite (I read the first two issues, but it hasn’t really grabbed me), but because I figured there’d be a good image to scan of the Flash’s alternate costume for JLE. (It’s odd to be using that abbreviation again.)

The main story, as it turned out, focused on the Flash dividing his time between the two teams as they work cases that turn out to be related. It’s an OK story, up until the end, which features the most boneheaded use of super-speed I’ve seen in a long time. Read the rest of this entry »

Contrary to popular belief

For quite a while now, the always-excellent This Is True newsletter has been advertising writer Randy Cassingham’s latest (?) project: JumboJoke, a weblog-style daily joke post. I finally took a look at it, and thought I’d share the following pair of lists based on our political parties’ often contradictory platforms and rhetoric:

• What You Must Believe to be a Good Democrat
• What You Must Believe to be a Good Republican

Out in the open

Just what we need. Netcraft reports a worm that installs a network sniffer.

What’s that? It’s a program that listens in on traffic going across your network, looking for things like, oh, login names and passwords, credit card numbers, etc. They’re the reason online commerce requires SSL encryption.

Sniffers work because of the way ethernet is designed. Basically your local network is like holding a conversation in a crowded room. You focus on the people you’re talking with, and you tune out other people as best as you can. (In this case there’s also someone at the door who can relay your words to someone in another room, and relay back their responses.) To hold a private conversation you have to go somewhere else or talk in code. A traffic sniffer just doesn’t tune anyone out, so it picks up on everything in your local network.

So now, no matter how well you guard your own computer, if some moron on your network manages to get infected by Worm.SDBot (which thankfully hasn’t been spotted “in the wild” yet), you could still be handing out your email login/password when you log onto Yahoo/Hotmail/Outlook/etc.

You just might want to use that “secure login” option. Assuming, of course, that you have one.

Warspamming

Via Email Battles: First ‘warspamming’ case reaches court.

Basically the guy (allegedly) drove around LA with a laptop looking for insecure wireless networks, then connected to them and sent spam using people’s home accounts.

The term comes from wardriving — driving around looking for unsecured networks — and warchalking — marking walls or sidewalks to indicate the presence, type and speed of the networks found. Early wardrivers discovered that Pringles cans make good amplifiers.

Further etymology: according to the Jargon File, war-driving is a play on war dialer. War dialers were programs that would call up a series of phone numbers looking for modems, faxes, or other phone-based systems it might be able to crack into. And that term started out as wargames dialer, a reference to the film War Games. (Whew!)

It turns out that warspamming is older than I thought: the term was coined two years ago, though this is the first case to go to trial. The scumbag defendant is being tried under CAN-SPAM, which went into effect this past January.

An interesting statement from the article:

If Tombros is convicted or pleads guilty then warspamming — also known as drive-by spamming — will move from being just a theoretical possibility to a genuine threat.

What, so in the two years since someone came up with the idea, no one has ever seen it done? And we have to wait for a conviction to determine whether it’s happened now? We don’t need to wait for a trial to know that spammers — an annoyingly resourceful lot — are using thousands of virus- and spyware-infested home computers as zombies. Warspamming doesn’t even require programming skills (or ties to virus writers — although I understand access to already-compromised networks has become a brisk business on the black market.) Surely someone has logs to show that it’s been done.

Go away or I shall taunt you a second time!

Now this is interesting: the Amus worm will verbally taunt the user using Windows XP’s speech-generating features. F-Secure has posted a .wav, and McAfee’s writeup has an MP3.

Oddly, Symantec’s entry says nothing about the speech. Maybe they don’t have speakers on their test boxes.

Check the wording!

Oh, this is good!

You may have heard a few days ago that the latest MyDoom variant includes a request for work in the antivirus industry.

Well, the comic strip User Friendly has come up with the perfect solution!

For something free, they don’t care what they pay

Via PeterDavid.net:

To promote Fallen Angel, DC re-released the first issue as a free promo edition and sent it out to comic stores this week.

It seems someone’s already selling it on eBay as a “Hard-To-Find Retailer Variant.” In fact, based on the auction start time, it looks like it went up Thursday afternoon, within hours of it being available to, uh, “sell.”

Keep in mind that this has the word “FREE!” emblazoned in at least 48-point type on the cover (you can read it clearly even in the thumbnail).

Of course at $6.49+$3.85 shipping it’s already creeping up on the cost of the trade paperback ($12.95) that contains the first six issues. Anyone who’s just curious about the book and can’t find the promo copy would probably be better off ordering the trade instead.

This is the kind of thing you’d expect on Opposite Day. Selling something free. Marketing the reprint as a collectors’ edition. Heck, just targeting the collectors’ market for a book that’s more suited to people who actually read comics.

“We’ll clean ’em out the American way.
For something free, they don’t care what they pay!”
—The Engineer, Miss Saigon

Speaking of Oxymorons

I experienced a bit of cognitive dissonance earlier today. I was listening to a report on The World (PRI) about the bombing of the Australian embassy in Jakarta, and a reporter (Stephen McConnell) was explaining the Australian political situation for an American audience. (Why? They’ve got an election coming up in a month. Comparisons to the Madrid bombing should be obvious at this point.)

He explained, “It’s a two-horse race. You’ve got the conservatives, who in this country are called the Liberals, and then there’s the Labor Party, which would be much more aligned to something like the Democrats…”

It’s a lot more complicated, of course, but the idea of conservatives calling themselves liberals just seemed bizarre, considering that the terms are opposites here in the US. For all practical purposes, conservative and liberal are swear words when used by someone of the opposite ideology!

Revise and Rewrite

Yes, Star Wars has changed again [archive.org].

Looking at the comparisons, it seems most of the changes really have just been cleanup. They finally fixed the compositing in the Rancor pit, for instance. And some of the Special Edition bits that didn’t work quite right, like the Jabba scene in A New Hope, have been redone. (He now looks closer to the Return of the Jedi and Phantom Menace versions.) They’ve also cleared up some continuity glitches. Nothing wrong with that — I’m all for fixing things that are genuinely broken.

Then there’s the annoying stuff:

• Han and Greedo shooting simultaneously is better than the Special Edition… but really, there was no reason to change it in the first place. Han’s a smuggler, and he was in an obvious shoot-or-be-shot situation. Why not just restore it?
• Inserting Hayden Christensen as Anakin Skywalker. Again, not necessary. First of all, under the helmet he’s so smashed up you can’t even tell it’s him in the new version. (Edit: Oops — it turns out it isn’t him in that first scene. They just erased the original actor’s eyebrows.) Secondly, what was wrong with the shot of his ghost? I suppose they appealed to continuity, but if they really cared that much they’d have waited until Jake Lloyd grew up so they could use him in Episode II. (It also doesn’t help that he looks younger than Mark Hamill.)
• Since the Hayden Christensen rumor turned out to be true, I really hope they haven’t decided to insert a gratuitous Natalie Portman flashback to the “Do you remember your mother?” scene (as has also been rumored). Nothing against Natalie Portman, I just don’t see how it will add anything. More likely it would break the scene up.

Anyway, for those who want to skip the commentary, here’s the USA Today article and here’s the side-by-side comparisons.

Update 9/10: Here’s another writeup that goes into more detail on the changes and reviews the DVD set as a whole.

Only 84% garbage!

MessageLabs has found that “only” 84.2% of email was spam in August, down from 94.5% in July.

Let that sink in.

Just under one-sixth of email sent last month was “real” mail. That means, on average, someone who receives 10 “real” emails a day will receive 60 pieces of spam. And just that much is an improvement!

Can you imagine that statistic applied to something else, like food? “Only 84% of milk sold in August was contaminated…” Or entertainment. It would be like watching 10 minutes of a TV show scattered among 50 minutes of commercials.

Actually, the way some stations show movies, that might not be too far off the mark…

Foreign Asse(t)s

Not five minutes ago I received my first 419 scam in a language other than English.

What’s strange is that even though it uses normal case and I can’t read more than a few words of French, it’s still obvious what it is. It has the same general structure with the opening, the “Excuse me for contacting you even though you don’t know me” line (I think), talks about a sub-Saharan African nation (Côte d’Ivoire), and of course, “($8,500,000) Huit Millions Cinq Cent Mille Dollars Américains.”

Effective Oxymorons

On the way to work this morning, Katie noticed one of those ubiquitous catering trucks and remakred, “With a name like ‘Superior Coffee,’ you know it probably isn’t.” It’s a rule of thumb: if a company has to tell you something is gourmet, for instance, that means it can’t count on its reputation alone.

That reminded me of a story David Weber told at a convention about the first Honor Harrington book. They were almost ready to go to press when he got a call from his editor.

“I’ve been thinking. Your viewpoint characters are in the Royal Manticoran Navy. The villains are the Republic of Haven. Isn’t that backwards? Shouldn’t the monarchy be the bad guys?”

They went back and forth a bit, until one of them said, “What if it’s the People’s Republic of Haven?”

They agreed that was a good solution, and then proceeded to look through the proofs for a place where they could insert the word without moving the page breaks around. As I recall, he said they only found one spot, and possibly the map, but he used the full name in the rest of the series.

A bit morbid, but still funny

I was at Fry’s earlier today and noticed an ambulance parked out in front. On my way in, I passed two people who were talking about it:

“That’s kind of disturbing.”

“Sure, ‘Shop ’till you drop,’ but…”

One of those moments where you know you shouldn’t laugh, but it somehow manages to be funny anyway.

Shortcut from what?

Today’s recipe:

SHORT-CUT ZUCCHINI

1 lb zucchini, sliced
1/4 c butter
1/4 t garlic salt
salt and pepper to taste
2 T water
3 T Parmesan cheese, grated

Melt butter in a pan. Add zucchini, seasonings and water. Cover pan and simmer on low for about 10 minutes. Sprinkle with cheese and cook another 5 minutes. Serve immediately. Serves 3

********

I just looked up my last grocery receipt, and the two rather pathetic zucchini I bought were .89 pounds. So, a pound of zucchini is about two medium-large squash. The idea of needing half a stick of butter to adequately season two zucchini is sickening. That’s over a tablespoon of butter per serving as they’ve outlined it. Not to mention that 15 minutes of cooking time, even on low, is far from a shortcut in the age of the microwave, and will probably cause the zucchini to disintegrate if you’re not careful. No wonder it doesn’t say anywhere that you should stir it…..

Is XP SP2 Just a Placebo?

I thought I ought to post this link in light of my recent post about WinXP SP2 news coverage.

Via OSNews comes WinXP SP2 = security placebo?

The Register did an analysis of the security features in Service Pack 2 and concluded that it just plain wasn’t enough. Lots of services are still on by default, and as others have pointed out, the firewall only checks incoming connections, meaning once the spyware gets on your machine, the firewall won’t do you any good.

It’s an interesting read, and it approaches the issue from a completely different perspective. Rather than “It breaks stuff (which probably shouldn’t have worked in the first place),” it’s “It doesn’t do enough to fix stuff.”

To be fair, even the Register concludes that it is at least better than XP SP1, so the security isn’t all in your head. But there is the risk that people will think installing it is enough, when they still need to practice safe computing and make some effort to harden the system.