Monthly Archives: January 2013

Upgrading to a Western Digital WD20EFRX hard disk

Posted on by
Reply

All hard disks will die, sooner or later. They only way to avoid that is to retire a drive early enough. Often I upgrade drives because I run out of disk space, and migrate the data to a bigger drive. However, this times it looks like one of my drives is about to die.

Over the last couple of months, one of my PCs that is processing data 24/7 has been seizing up periodically, so I was starting to get suspicious about its hard drives (it has two of them). This week the Windows 7 event viewer reported that NTFS had encountered write errors on the secondary drive. It’s a Samsung SpinPoint F2 EG (Samsung HD154UI, 1.5 TB) which basically has been busy non stop for over three years.

I installed smartmontools for Windows and it showed errors:

ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000f 099 065 051 Pre-fail Always - 5230
(...)
13 Read_Soft_Error_Rate 0x000e 099 065 000 Old_age Always - 5223
(...)
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 12379
(...)
197 Current_Pending_Sector 0x0012 099 099 000 Old_age Always - 24

“Reported_Uncorrect” are fatal errors and “Current_Pending_Sector” are bad sectors the drive wants to replace with spare sectors as soon as it can. Neither is a good sign. So I have ordered a new drive, started a backup to another machine and will replace the drive with a new disk that I have ordered from Amazon.

The new drive is a 2 TB Western Digital WD20EFRX, which is part of WD’s “Red” series. These drives are specifically designed for 24/7 operation (as opposed for 8/5 office computers). The drive is 0.5 GB bigger, which is just as well as the old drive was getting close to filling up. Gradually I will be moving my processing to an Ubuntu server, which I already use as my main archive machine with a RAID6 drive array.

Garcinia Cambogia weight loss spam from hacked Yahoo accounts

Posted on by
4

I’m seeing another round of weight loss spam that abuses third party Yahoo accounts for sending. It is similar to the earlier “Raspberry Ultra Drops” weight loss spam that also used compromised Yahoo accounts.

Here is one of the advertised domains, which is hosted on many different servers:

biggsetfatburningsecret.com. 1439 IN A 91.207.7.134
biggsetfatburningsecret.com. 1439 IN A 94.75.193.33
biggsetfatburningsecret.com. 1439 IN A 94.75.193.38
biggsetfatburningsecret.com. 1439 IN A 142.0.79.134
biggsetfatburningsecret.com. 1439 IN A 142.0.79.140
biggsetfatburningsecret.com. 1439 IN A 176.53.119.24
biggsetfatburningsecret.com. 1439 IN A 176.53.119.27
biggsetfatburningsecret.com. 1439 IN A 176.53.119.68
biggsetfatburningsecret.com. 1439 IN A 176.53.119.69
biggsetfatburningsecret.com. 1439 IN A 198.144.156.42
biggsetfatburningsecret.com. 1439 IN A 199.116.117.166
biggsetfatburningsecret.com. 1439 IN A 199.127.98.117

The domain is registered through Ukrainian registrar ukrnames.com using forged WHOIS contact details.

The buy link on that site redirects to authenticgreencoffee.com, a domain registered last July, with the owner hidden behind a WHOIS proxy.

Other domains hosted on the same servers, some of which are part of the “Work from home mom” scam series:

bestfoodsforburningfat1.com
biggsetfatburningsecret.com
biggsetweightlosssecret.com
bigjim-foods.com
blogprogramflatstomach.com
blogquickprogramdiet.com
burnfatinfewdays.com
dietsforburningfat.com
eatingplansforweightloss.com
getflatstomachtoday.com
getweightlossandburnfat.com
icbs-news.com
icm-news.com
ircnn-news.com
losingweightrapidly.com
mnc-news.com
myscecretweightlosssolution.com
neverseeweightlossagain.com
plantipsflatstomach.com
plantodayflatstomach.com
rapidweightloss-blog.com
realmenshealthblog.com
revolutionarydiet2013.com
revolutionarydietformula.com
revolutionarydietloss2013.com
revolutionarydietsolution2013.com
revolutionarydietsolutions.com
revolutionarydietweightloss.com
revolutionarydietweightloss2013.com
revolutionarydietweightlosssolution.com
revolutionarydietweightlosssolution2013.com
revolutionaryfatburning.com
revolutionaryfatburningformula.com
revolutionaryfatburningmethod.com
revolutionaryflatstomachsystem.com
revolutionarynaturaldiet.com
revolutionarynaturalweightlosssystem.com
revolutionaryweightloss1.com
revolutionaryweightloss2013.com
revolutionaryweightlossdietplan.com
revolutionaryweightlossdietsolution.com
revolutionaryweightlossdietsolutions.com
revolutionaryweightlossplan.com
revolutionaryweightlosssolution.com
secretultrafastdiet.com
solutionflatstomachsecretsnow.com
solutionflatstomachtoday.com
solutionwithweightonline.com
thebigjim.com
tipsflatstomachquick.com
tipsflatstomachsystem.com
tipsprogramflatstomach.com
todayblogflatstomach.com
todayflatstomachblog.com
todayflatstomachquick.com
todayquickflatstomach.com
ultrafastsecretsdiet.com
weightlossgreatnews.com
weightlossthatworkisnotmagicpill.com

The “work at home mom” scam series also used hacked Yahoo accounts for advertising websites that are made to look like network TV news sites, so these scams are probably related.

The spam senders are often abusing mail interfaces meant for mobile phones. The Yahoo message IDs of the spams contain some of these strings:

.androidMobile@web
.BPMail_high_noncarrier@web
.BPMail_high_carrier@web
.BPMail_low_noncarrier@web
.BPMail_low_carrier@web

Probably “.androidMobile” is for use by the Yahoo Mail for Android app, though the spam is not necessarily sent from Android phones. More likely it is just using the servers provided for Android, but accessing from a PC.

The “BPMail” IDs are an interesting one. I suspect the “_noncarrier” variants involve IP addresses not connected to one of the phone carriers that bundle Yahoo mail with their service, while the “_carrier” variants mean the IP address is part of the provider’s address pool, though it could be used by a PC accessing via a wireless broadband modem.

“High” and “low” could be an internally assigned spam rating, though that is mere speculation. However, “.BPMail_high_noncarrier” is the most common Google hit of these 4 that comes up when searching for information about this type of spam. When investigating a pool of spam samples, this was the order of declining frequency: “.BPMail_high_noncarrier” was by far the most frequent, followed by “.BPMail_high_carrier” and finally relatively small numbers of “.BPMail_low_noncarrier” and “.BPMail_low_carrier”.

The spam recipients (common numbers: 1, 3, 9 or 10) tend to include the last addresses the legitimate owner of the Yahoo account has emailed. So perhaps the spammers are harvesting email addresses from the “Sent” folder of the Yahoo account after gaining access to it.

I find it amazing that Yahoo has yet to find a away to close the vulnerability that allows this spam and fraud to continue, despite the months and years since it was first observed.

Garmin Edge 500 with Heart Rate and Cadence

Posted on by
1

I’ve had my first week with my new Garmin Edge 500 with cadence sensor and premium heart rate monitor strap, so it’s time for a review. I bought it on Wiggle for about JPY 24,500 ($274).

Around the time I bought the Garmin Edge 500, the new Edge 510 came out. It adds a touch screen, wireless connectivity to a smartphone and various nifty new features, but is also more expensive, so I went for the existing 500.

I switched to the Garmin after more than a year and over 8,000 km of GPS logging using Android phones, mostly my Google Nexus S. Here are my first impressions (the cadence sensor in the bundled set is installed on my son’s bike for use with his 500, so it’s not part of this review):

  1. I really love being able to use a heart rate strap and it’s nice to be able to see the HR figure without having to push a button (daylight permitting). I can ride at a consistent effort level, avoiding both effort too light to build stamina and extreme effort that would lead to premature exhaustion. If money were no object, a power meter would work best (which the Garmin supports). A heart rate monitor is an inexpensive alternative that works for most cyclists wanting to improve their performance.
  2. Because of its barometric altimeter the elevation totals are much more meaningful on the Garmin than on the GPS-only phone, where they may be exaggerated by a factor of 2 to 3. Current altitude data on the Android is OK, but small variations add up too much and grades on climbs and descents may be overestimated.
  3. I love the 90 degree turn quick attach / quick release of the Garmin. It feels both secure and convenient. It is more confidence inspiring than the Minoura iH-100-S phone holder for my Android, which is generally reliable, but not 100% bulletproof. Even after using a bumper for the phone, which has improved the grip of the holder, I’ve had a few instances where on bumpy roads only the USB cable attached to the phone saved my day. I would never entrust my $300 phone to the Minoura without some kind of backup method of attachment, while I feel safe about the Garmin’s mode of attachment.
  4. Importing the rides into Strava or Garmin Connect after the ride is really easy. I just connect the Garmin to the USB cable of the PC and click “upload” on the website in the browser and the browser plugin finds the fresh tracks and uploads them. Assigning a name is marginally easier with a real keyboard than a soft keyboard on the Android Strava app. With the smartphone I could also upload rides while I’m on the road, but why do that if I’ll still add more kilometres until I get back home? That would only be a benefit on a multi day tour without laptop.
  5. One drawback of the Garmin is lack of direct Linux support. My son runs Ubuntu on his laptop, while Garmin only officially supports Microsoft Windows and Mac OS X, so he asked me to upload his activities on one of my PCs. There’s a workable solution though. When you connect the Garmin to a USB port on an Ubuntu machine, it gets mounted as a removable volume named “GARMIN”. In there is a folder called Garmin, with another folder Activities inside which contains all logged rides as .fit files. Copy those to your hard disk and then upload them manually from a browser (Strava supports .gpx, .tcx, .json, and .fit files).
  6. When leaving the house, both the Garmin and the Android take a short while to lock onto the satellites and the Android seems to have something of an edge (excuse the pun) over the Garmin, which does seem to take its time. Maybe that’s because the Android pull pull satellite position data off the web, while the Garmin can only use whatever data it captured before. In one unscientific test, I took my Android and my Garmin outside in the morning. The Android had a satellite lock in 15 seconds while the Garmin took a more leisurely 44 seconds. This is a minor issue to me compared to the next one, GPS precision.
  7. While I have seen better GPS results on some rides from the Garmin than the Android, switching from the latter to the former has not been a dramatic improvement. I think their results are still in the same class, i.e. far from perfect, especially in built-up areas. Neither is like my car GPS, which is pretty solid. Both my son and I have been riding on Strava segments in Tokyo, expecting to be ranked but found the segment didn’t show up because the plotted route was slightly off to the side, so the segment start or end didn’t match up.
  8. Having temperature data on the Garmin is nice, but not really important to me. Unlike heart rate and cadence it’s not feedback that you can use instantly in how you cycle. Your body is a temperature sensor anyway and how you dress is at least as important as the absolute temperature.
  9. The Garmin 500 battery is supposed to last “up to 18 hours”, which would cover me on everything but 300 km and longer brevets, but on any significant rides I tend to take my Android phone, which I use for Google Maps, e-mail, SMS and yes, even the occasional phone call. Using an external 8,000 mAh battery for the Android, battery life has not really been an issue. The same battery will charge either device (one at a time), provided I take both a mini and micro USB cable with me.

Summary

If my Android had an ANT+ chip or supported BTLE (BT 4.0) for using a heart rate monitor as well as a barometric altimeter, then it would still be my first choice for logging bike rides. Given the limitations of my phone and the reasonable price of the Garmin Edge 500 I am very happy with my purchase.

Android Gallery pictures are blank

Posted on by
Reply

I am not sure when this started to happen, but for some time I have been unable to use the Gallery app on my Google Nexus S (Android 4.0.4) phone to view my Picasa albums. It shows all the album names and how many pictures each album contains, but the pictures themselves are invisible. Each shows as a dark grey rectangle only. Only the “Camera” and “sdcard” albums (i.e. local pictures on the device) display correctly.

I tried all the fixes I could find, including these steps:
– Manage Apps, Gallery, Force Stop, Clear data
– Manage Apps, Google+, Force Stop, Clear data
– Manage Apps, Camera, Force Stop, Clear data

This didn’t do anything for me. It re-synced and showed the same blank images again.

So far the best solution has been to install the free app “Just Pictures!”. Upon connecting it to my Google identity, it initially showed only my public albums, but an article in their knowledge base explained how to add login credentials to enable it to manage private albums, too and after that I could view them all.

If anybody else figures out a way to fix the original Android Gallery problem, do let me know!

The “$5 wrinkle trick” (TruVisage, PurEssance) trial trap

Posted on by
25

On a lot of websites I visit I see ads like “Mom discovers $5 wrinkle trick — see her trick”. These ads lead to sites such as ch8health.com which advertise “free trials” of cosmetic products called TruVisage and PurEssance using deceptive advertising:

  • The trial is not free but costs $5.35, supposedly for shipping and handling.
  • Unless the trial is cancelled within 20 days, a further $74.95 is charged for the first bottle, which you may or may not have received by then.
  • After 30 days you will be billed another $80.30 ($74.95 + $5.35 shipping and handling). The same amount will be charged every 30 days after until canceled.
  • The website uses logos of newspapers and other media as if they had reviewed the product, which they haven’t. For example, when viewed from Japan it shows the logos of Japan Times, Yomiui Shimbun and Asahi Shimbun
  • The date at which the free trial is supposed to expire is always one day away – it is dynamically calculated based on your local time.
  • The date of all “user comments” are always one day old – they are also dynamically calculated based on your local time.

The deception used in these ads is very similar to the tricks used in the “Work at home mom” scam and the target population may be similar too.

UPDATE:

There is another variant of these ads. The ad text is something like “Woman is 53 but looks like 27” or “Mom Cut 20 Years in a Week Using This 1 Weird Trick” and takes you to a site called “consumers-lifestyles.net” where they advertise products called “BellaGenix” and “PuraSilk”. Shipping and handling is $4.95 but the first package is $99.95 and the subscription will cost you $89.95 every 30 days until cancelled. Beware!

The “Raspberry Ultra Drops” spammers

Posted on by
2

Large number of abused Yahoo accounts are being used for sending out spam that includes links to hacked websites with PHP code that links to sites selling weight loss products. Typically the mails have multiple recipients, no subject line and a single link in the message body that uses a PHP page, such as

http://www.example.com/images/stories/ronnd.php?faze=faze

The PHP code redirects to a spam domain, or another PHP page redirecting to a spam domain. Here is a list of some of the spam domains advertised recently:

12fox-news.com
12newsfx.com
1newstime.com
berryextra.com
berryrasps.com
berrythins.com
bestnewsfx.com
buy-raspberry.com
buyberrysdiet.com
channel6nws.com
diet12news.com
dietberryshop.com
dietsraspberry.com
e-raspberryshop.com
efoxnws.com
extra5news.com
focsnewss.com
fox-nws.com
fox5diet.com
fox5nws.com
foxclocknews.com
foxfxnws.com
foxnws24.com
fx-nwstop.com
fxnews12.com
fxsclock.com
fxsnws12.com
fxx-news.com
greencoffeediet.ru
hoursfox.com
i-foxnews.com
i-raspberrys.com
iclocknews.com
justraspberry.com
limitedberry.com
lossdietketone.com
luxurynws.com
naturalberrys.com
newoclocks.com
news24fox.com
newsfx12.com
newsfx24.com
newsfxs12.com
newsviagrow.ru
nowslimberry.com
nwscofee.com
nwsfox.com
nwsfox5.com
nwsfxs12.com
nwshour.com
onraspberry.com
onraspberrys.com
raspberry-slims.com
raspberrybest.com
raspberryelites.com
raspberryfresh.com
raspberryseller.com
raspberrysold.com
raspberrywinter.com
raspdiet.com
raspdiets.com
raspsberry.com
raspsworld.com
raspthinberry.com
salesraspberry.com
shopraspberry.com
slimketone.com
slimraspberry.com
slimsberrys.com
slimsfox.com
soldraspberry.com
topberrydiet.com
trimfatrasp.com
trimraspberry.com
ultraraspberry.ru

These domains use Russian name servers such as ns1.dnsmax.ru (219.87.170.82), ns1.dnscentral.ru (219.87.170.82), ns2.dnsmax.ru (89.103.247.13), ns2.dnscentral.ru (89.103.247.13). The use of hacked Yahoo accounts for mailing, of hacked PHP websites to mask the spam domain and the fake references to Fox News are similar to the “Work from home mom” scam that has been going around for a while, so they are probably connected.

My advice: Don’t buy from spammers. Why should you hand your credit card details to a criminal?