A Microsoft Miracle

[Tue Sep 30 16:45:59 2003] [error] [client 68.37.128.146] File does not exist:
/var/www/htdocs/scripts/..%2f../winnt/system32/cmd.exe
[Thu Oct 2 09:47:49 2003] [error] [client 68.65.168.115] File does not exist:
/var/www/htdocs/scripts/root.exe

What is the significance of these log entries?

They mean that I actually went for over 24 hours without a single goddamn Windows virus attack. A miracle indeed.

We Don’t Need No Steenking License

It’s kind of strange to admit this, but I, a 30 year old person who’s lived in urban areas most of his life now, have never driven a car. I don’t even have a proper license, just a Class 7 (i.e., learner’s permit) that’s been expired for five years now.

I suppose I’ve been lucky enough to have never really needed one. Buses got me to all the important spots, I didn’t really travel a lot or have to go far to hang out with friends, etc. Heck, where I live right now, I’m within walking distance of my office, a supermarket, the whole downtown core, an LRT station, lots of smaller stores… There have only been a few occasions where having a car would have been really helpful, such as carrying larger packages, travelling to less-popular parts of the city, and such, and even then there were alternatives available.

There are other factors at work to a certain degree as well. A bit of fear, since it can be a risky business after all. A bit of doubt, as without access to a vehicle I’m not even sure how to even develop driving skills before fully committing myself. And certainly a bit of laziness.

Still, it would be nice to have a bit more flexibility. If I ever get a house, I don’t want to be severely restricted in where I can be located. It’s unfair to drop all the transportation arrangements on friends all the time. Relying on my passport for id is a pain, I’ll have to get the license renewed eventually in order to renew the passport, so I may as well go all the way anyway.

Now where do I start? :-P

Move Over FTP

FTP has long been a mainstay of transferring files, but it’s been plagued by problems due to its centralized nature, especially for popular files: if the site is down you can’t get it, central or popular sites are often slow, mirrors get out of sync, etc… File sharing a la KaZaA/Gnutella is an alternative, but then you have to search for what you want and hope it turns up, connections aren’t reliable, what you get might have a virus…

Fortunately, these concepts have been merged into newer programs like BitTorrent and eDonkey, where you download chunks of the file from other people who are also downloading it. The bandwidth requirements are thus scattered across a large number of systems, you don’t depend on a single site, and the result is checked against the original package description to ensure integrity.

As an example, the Slackware 9.1 ISO images were released last week, but it was almost impossible to get on the main site or any mirrors and download it at a decent rate. Using the BitTorrent links instead though, I was able to immediately download both ISOs at over 250kB/s. At the same time, my client exported about half of the ISO data, which in turn helped other people who were downloading the files.

They’re certainly not a complete replacement for FTP yet, but hopefully we’ll see the usage of these kinds of programs on the increase. A lot of large data files like movie trailers, game demos, etc. can certainly benefit from this kind of distribution. Otherwise you’re stuck with services like FilePlanet where you wait forever in ‘line’ to download a file at a way too slow rate…

Pain, Thy Name Is Spam

I’m still getting flooded with those stupid Swen virus e-mails, as is half the planet apparently, but now I have a new spam menace to contend with as well.

In an effort to bypass filters and pose as legitimate e-mail, spammers are sending out e-mails with legitimate From: addresses. If you were to connect to the MX record’s mail server for that person and verify the address you would find that it does in fact exist. Unfortunately, it’s not the person who actually sent the spam… The spammers have huge lists of e-mail addresses they can send to, and they can pose as people on that list as well.

My e-mail address appears to have gotten on one of these lists, so now some people are receiving spam messages that appear as though they are being sent by me. Not only that but it’s the address of my private mailbox, which I had set up separate from a public one specifically to avoid spam. It got leaked somewhere along the way, though it’s hard to tell where.

Not only do I get the blame for these spam messages, but the errors regarding full mailboxes (fairly common with this Swen virus filling peoples’ mailboxes), nonexistent users and domains, etc. all get bounced back to me. Now I’m constantly cleaning viruses out of my public mailbox and error messages out of my private one. I really need to set up those filters…

This ought to be illegal, if it isn’t already. At the very least it’s identity theft for them to send e-mail using my address.

Patch This

My e-mail had actually been relatively spam-free up to this point, but now over the last couple days I’ve been flooded with fake messages in one of two forms:

1) The Microsoft Security Patch

An obvious hoax if you look at the right spots (somehow I don’t think MS’s e-mail address is bqgkxiqisa@support.net), but unfortunately some people will believe it and get suckered into running it and infecting their systems.

2) The undeliverable message notice

These messages try to give you the impression that you sent a piece of e-mail with an attachment to someone and it bounced, hoping you’ll be confused enough that you’ll open it up to remind yourself what it was when, of course, it’s really just a virus in the attachment. The same one as the trojan above, in fact. There’s also a variation on this one where you get a legitimate bounce message from a mailer because it had anti-virus protection, except that you weren’t the person who sent it in the first place because the virus spoofed your address from someone else’s address book, and the anti-virus software has now oh-so-helpfully sent you a copy of the virus as well. :-P

Although they’re easy enough to spot and delete, they’re still getting annoying. I’m receiving about 30-40 a day now and at 110k or more each, they’re wasting a lot of space and risk filling my mailbox and preventing other e-mail from getting through. My private mailbox is fortunately untouched so far, but I do still need to check for the occasional potentially important stuff in the public mailbox, too.

I’m not sure what brought this flood on so suddenly, but now I really need to set up those filters…

(Update: Apparently this is the newly-released W32.Swen.A virus.)

Musical Madness

One of the stranger parts of civil law is the notion that a corporation is considered a ‘virtual person’ with all the rights and freedoms thereof. The analogy goes even further though; apparently companies and organizations and such can become sick and even mentally ill. Otherwise how can you explain the recent actions of the RIAA, such as:

I do sympathize with the artists and they don’t deserve to get ripped off (though with the way things are currently set up they don’t make an awful lot off of album sales anyway), but this is getting a little heavy-handed…

Geekier Than Thou

Speaking of geekiness…

I figured it was about time for my semi-annual haircut. I usually dread these since I really have no idea how to describe what I want done, if I’m even thinking of any particular style to begin with. I’d just mumble something about short/long and hope the end result isn’t too bad.

This time however, I came armed. I went through all the old photos of myself, found one with short hair, and….loaded it onto my PocketPC and popped it up in a picture viewer. A picture is supposed to be worth a thousand words, after all.

I don’t know if the end result was really any better for it, but it was worth the peace of mind at least.

Invaders From The Planet Krispy

As I was leaving the Bow Valley Square building after finishing lunch, I saw something a bit on the strange side. A lot of people were walking around holding flat boxes. The exact same kind of box. *Everywhere* I looked — at least half of the people around must have been carrying them. Otherwise they looked just like the regular lunchtime crowd going around their business.

On the boxes was a logo I’d only seen or heard about from news sites and friends in the States before: the logo of Krispy Kreme. Strange, I thought, I don’t think we even have one of their shops here.

It must have been a promotion nearby of some kind, but I couldn’t tell exactly where they were all coming from. All too aware that their allegedly tasty temptations were a threat to my current diet, I fled the area and returned to the safety of my own doughnut-less office.

And then as I was typing this, my team manager leaned in my office door with a familiar-looking box and said “Hey, want one of these?”…

Password Hell

You wouldn’t think that changing your password would be a big deal. Enter your old password, enter the new password twice, that’s it. Except if you’re on a Windows domain…

The domain policy is set up to force us to change passwords every 90 days, as a standard security precaution. It never fails though — within hours of changing the password, the Weird Things start happening. Some shares remain accessible, some start giving me vague authentication errors, some claim they don’t exist anymore…

After a quick trip to the admin’s office, it’s discovered that my account is locked out because of too many failed password attempts. Of course there was no explicit warning of this at my own workstation as I had continued to be able to lock and unlock the console without trouble… I had however left myself logged in on my other development system under the previous password, and it was what was causing the failed password attempts.

Fine, I log out and back in on that system, unlock my account, and everything’s back to normal. Until a few hours later when the Weird Things start up again…

After roaming from office to office checking all of our test systems, I finally find one of our rarely-used systems that I had logged into two months ago to test something and forgotten to log out of. After logging out of that one and unlocking the account yet again, things are *finally* normal for good. Or at least until the next password change.

You’d think there would be a better way of handling this…

E-mail Hell

I’ve got to get my e-mail filtering system back in place.

I’m not being overwhelmed by spam as much as a lot of other people — I only get maybe a dozen pieces of spam a day. It’s still the majority of mail that I recieve though, and they’re getting sneaky enough to use subject lines that make you hesitate and think it just might be relevant, especially when you run a web site. You get a piece of e-mail with the subject “I think this link is broken” only to find out it’s for GENERIC VIAGRA CHEAP! when you open it…

Unfortunately spam is getting trickier to filter out no thanks to things like the use of HTML in e-mail. HTML was never meant for e-mails, but some wiseguys got the idea of making it show up in mail readers if it happened to be present, which encouraged people to use it, which made e-mail client explicitly allow composing in it… Unfortunately, HTML allows things like:

1) Obscuring the real text of the message

I wish you could filter our just on specific words like “Viagra”, but that doesn’t work anymore due to embedded HTML comments. Although on your screen it might show up as all one word, within the raw text it actually looks something like

Vi<!--fdsatfrqrf-->a<!--gehjwghk-->gr<!--iouwhjlkh-->a

They specifically try to block matching against words by inserting random HTML comments all over the place.

2) Tracking your usage

Some e-mails are now including ‘invisible’ images which link back to a website run by whoever sent the spam. As soon as you open it, if your mail client automatically loads HTML data, it contacts the web site and presto, the company now knows that you actually opened the e-mail. E-mail addresses that are verified to be valid are considered more valuable than unverified addresses. Expect to get a lot more spam sent your way…

Time to start tuning those filters a bit more…

Scanning For Intruders…

In my insatiable quest for toys, I finally picked up a flatbed scanner. I had been holding out trying to find a 2400 dpi model around here, but after playing around with it a bit, I doubt I’ll even use the full 1600 dpi of this model all that often (those files get huge!).

There is actually a practical reason for it. As part of the process of cleaning up around here, there are a bunch of things that I’d like to keep around, but just don’t have the space for: pictures, segments from magazines, comic strips, etc. So instead I’m going to scan them in and then I can ditch the originals. Second on the list is the comics found in the back of The Gateway student newspaper I picked up when I was a student at the UofA (besides the ones that already have their own scans online, like Space Moose or Bob The Angry Flower).

First though, was a promise I’d made to my mother to try and reproduce a picture from a photographic proof (the tiny little sample pictures you get to choose from for the final picture) of her parents. She’d tried taking it to photographers and getting them to reprint it, but they wouldn’t do it — apparently they don’t work off of other peoples’ proofs on general principle since it may be someone trying to scam the photographer into getting them the free sample proofs and then taking it to another, cheaper photographer for the final work.

Unfortunately in this case we don’t know who the original photographer was, whether he’s even still in business, or whether he’d even still have the negatives after all this time, and we can’t exactly take her parents down and have another picture taken when one of them is dead… So, we’ve had to take matters into our own hands and thus I’m trying to scan and reprint the photo based off this tiny little proof picture. This is the best I have so far:

(Shrunken down for web viewing, of course. The original file is 3403 pixels by 4797!)

Papers, Please

Security is a necessary evil, of course. The keycard on the outer doors of the building? Well, there is a lot of riffraff around this part of downtown. The keycard on the elevators? Can’t have people wandering the floors after hours. The keycard on the floor doors? Gotta be able to tell the employees from non-employees.

But now they’re putting key locks on *every individual office door*. It’s not entirely new; a number of people in the company have had locks on their doors for a long time now due to expensive, portable equipment they have (we’ve had laptops stolen before, likely by delivery people who pop in and see nobody around), but now everyone gets one.

It’s not because we don’t trust each other. All of the locks will actually all work off the same key, so all of us can get into each others’ offices if necessary. What it’s actually for is to protect us from our subtenants.

A while back I had to move my office since we’re subleasing some of our space to another company to save on costs. No problem — until we discovered that we can’t build walls between us and them. The section they took is positioned such that the corridors leading between us *have* to remain open in order to comply with fire codes. We’ve put doors up instead, but again to satisfy the fire codes they have to remain unlocked.

So, next month, we’re going to have completely unknown people with access to our floor space as well, and the paranoia’s been gradually greeping upwards, culminating in the installation of all these door locks.

One more lock isn’t really a big deal, but it’s annoying to have yet another daily ritual I have to incoporate…

Do Crazy People Know They’re Crazy?

While I was out walking tonight, I caught myself doing something I’d worried about before. I was mulling some idea around in my head, and while I was thinking about it, I realized that I was thinking as though I was explaining the idea to some imaginary audience in my head.

“Is this normal?”, I started wondering. Am I subconsciously trying to counter loneliness by making up conversations with myself? Is this the first step towards hearing voices in my head?

Well of course not, one side of my head says. The fact that I can identify that behaviour, separate it, and talk about it rationally implies that it’s not some ingrained ‘craziness’. Maybe it’s just a deliberate eccentricity as a form of mental analysis.

Then the other side of my head reminded me that I was carrying out all this rationalization as if I were discussing it with some imaginary audience in my head…