Author Archives: Joe Wein

About Joe Wein

Software developer and anti-spam activist

CodeWebLog.com, a pile of garbage indexed by Google

Posted on by
2

Often when I post on my blog, I get a linkback from another blog that has repackaged my posting. While I like other bloggers quoting from my site, many backlink-sites I come across look completely automated. They contain nothing but machine-generated quotes taken from fresh human-generated blog postings that have just appeared on other sites. Presumably these content thieves do it to attract search traffic (i.e. click revenue) and for boosting their own page rank.

However there are even more annoying sites, for example sites like CodeWebLog.com: While researching information for a programming project, Google repeatedly showed me hits on that site that looked promising. When I clicked on the links however I found meaningless garbage, consisting of hashed up partial sentences obviously quoted from technology blogs, but without any link back to the full source. None of the text really made any sense. It was total garbage, but with enough unique keywords to show up in search results and waste people’s time.

I reported these Google spammers to Google’s abuse department and hope they will ban them from their index.

World Cup: I hate the Vuvuzela

Posted on by
17

As a long time supporter of the anti-apartheid movement I couldn’t be prouder for a free South Africa to be hosting the World Cup (I drink coffee from an ANC fundraiser coffee mug I bought when Nelson Mandela was still in prison, I have read Mandela’s autobiography, I own dozens of South African vinyl records and music CDs and I have friends who live there).

But when I watched Mexico vs. South Africa on TV last night I was deeply irritated by the constant drone of vuvuzelas, meter-long plastic trumpets played by fans that make it sound like a swarm of about 10 million wasps is hovering over the stadium throughout the games. There is no rhythm or melody to it, it is just noise at exactly one volume, extremely loud.

To me, part of the attraction of a football (soccer) match is in the crowd response, the ups and downs of singing and shouting and gasping by the crowd as the ball moves closer to their goal or the other team’s goal, as the teams gain and lose control of the ball, etc. It makes football games exciting when you listen to them on the radio, where you only get the crowd response and a reporter describing the action. None of that happens with vuvuzelas. If you close your eyes in this cacophony it’s like the audience is absent, but someone forgot to turn off a hundred jet engines.

It drives you crazy. I don’t know how the players can put up with it. How do they communicate with their team mates? How about viewers trying to follow reporters in the stadium, how about reporters who have to talk in this noise?

I don’t know about you, but if this pattern persists with other games, even ones not involving the South African team then I may give this World Cup a miss on TV and I pity those who traveled half way around the globe to see their favourite teams play, only to be drowning in an orgy of mindless noise.

Bring back the beautiful Brazilian samba drums, but ban the mindless vuvuzela. PLEASE!

GuruPlug Server and JTAG interface

Posted on by
6

The GuruPlug Server Plus that I ordered from GlobalScale Technologies in February finally arrived around the middle of May, about two weeks later than anticipated.

These ARM-based Linux computers draw a mere 5-6 Watt of power at idle according to my WattChecker Plus, yet provide as much port connectivity as a regular notebook or desktop PC. It’s a full-featured Linux server, provided your application matches the storage available (or or you add enough storage) and integer performance comparable to a Pentium III 800 MHz is adequate for your purpose.

Here’s the specification of the machine:

  • 1.2 Ghz Marvell Kirkwood ARM CPU
  • 512 MB of DDR2 RAM
  • 512 MB of NAND flash
  • two gigabit Ethernet ports
  • 802.11b/g WLAN
  • Bluetooth
  • two hi-speed USB (480 Mbps) ports
  • eSATA port
  • microSDHC slot
  • Debian GNU/Linux 5.0 (2.6.32 kernel)

Normally the GuruPlug boots Linux off its NAND flash (see log below), but it can be reconfigured to load an image from a microsSD / microSDHC card (4 / 8 / 16 GB) and it can also use USB or eSATA disk drives. To reconfigure the boot loader, one needs to access a serial port via a JTAG interface, one of which came bundled with my order but is also available separately. To access this serial port one needs a terminal program such as PuTTY for Windows, a micro-USB cable and drivers for the USB-connected serial port.

If you look at the GuruPlug from the top there will be two tiny sockets on the right, a narrow one with 4 pins for the serial interface and a wider one for the flash interface. Connect these to the JTAG module. Plug the micro-USB cable into the socket at the opposite end of the JTAG module, but don’t connect it to the PC just yet.

Download the FTDI driver .zip file from here into a folder and extract its contents. Modify the two files FTDIBUS.INF and FTDIPORT.INF as described here. (EDIT): Download the FTDI driver archive file from here and save it in a folder. Extract the archive within the archive and unpack it into a folder.

When you finally connect the JTAG module to the PC via the micro-USB cable, it will start the plug and play device detection for it. Windows will not find a matching driver for the two ports (“SheevaPlug JTAGKey FT2232D B”) and so you’ll need to manually chose the location where it may find the driver and INF files (the ones you extracted and edited as above).

If anything goes wrong with the device installation, you can always delete the unrecognized devices in the device manager of Windows and disconnect and reconnect the USB cable to have another try.

Configure the virtual serial port (COM10 in my case) in device manager for 115200 bps. Download and install PuTTY. Then create a PuTTY profile for a connection to the virtual serial port. When you power-cycle the GuruPlug you should see messages come up. Here is a sample of an uninterrupted boot process:

U-Boot 2009.11-rc1-00602-g28a9c08-dirty (Feb 09 2010 – 18:15:21)
Marvell-Plug2L

SoC: Kirkwood 88F6281_A0
DRAM: 512 MB
NAND: 512 MiB
In: serial
Out: serial
Err: serial
Net: egiga0, egiga1
88E1121 Initialized on egiga0
88E1121 Initialized on egiga1
Hit any key to stop autoboot: 0
*** ERROR: `ipaddr’ not set
ping failed; host 192.168.2.1 is not alive
No link on egiga1
*** ERROR: `ipaddr’ not set
ping failed; host 192.168.2.1 is not alive
(Re)start USB…
USB: Register 10011 NbrPorts 1
USB EHCI 1.00
scanning bus for devices… 3 USB Device(s) found
scanning bus for storage devices… Device NOT ready
Request Sense returned 02 3A 00
1 Storage Device(s) found

NAND read: device 0 offset 0x100000, size 0x400000
4194304 bytes read: OK
## Booting kernel from Legacy Image at 06400000 …
Image Name: Linux-2.6.32-00007-g56678ec
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2789756 Bytes = 2.7 MB
Load Address: 00008000
Entry Point: 00008000
Verifying Checksum … OK
Loading Kernel Image … OK
OK

Starting kernel …

Uncompressing Linux…………………………………………………..
…………………………………………………………………………..
…………………………….. done, booting the kernel.
Linux version 2.6.32-00007-g56678ec (root@msi-linux-build.marvell.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33.fa1)) #1 PREEMPT Mon Feb 8 03:49:55 PST 2010
CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053977
CPU: VIVT data cache, VIVT instruction cache
Machine: Marvell Plug2L Reference Board
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 130048
Kernel command line: console=ttyS0,115200 ubi.mtd=2 root=ubi0:rootfs rootfstype=ubifs
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Memory: 256MB 256MB = 512MB total
Memory: 513024KB available (5144K code, 1034K data, 148K init, 0K highmem)
SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Hierarchical RCU implementation.
NR_IRQS:114
Console: colour dummy device 80×30
Calibrating delay loop… 1192.75 BogoMIPS (lpj=5963776)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
NET: Registered protocol family 16
Kirkwood: MV88F6281-A1, TCLK=200000000.
Feroceon L2: Cache support initialised.
bio: create slab at 0
vgaarb: loaded
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
cfg80211: Using static regulatory domain info
cfg80211: Regulatory domain: US
(start_freq – end_freq @ bandwidth), (max_antenna_gain, max_eirp)
(2402000 KHz – 2472000 KHz @ 40000 KHz), (600 mBi, 2700 mBm)
(5170000 KHz – 5190000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
(5190000 KHz – 5210000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
(5210000 KHz – 5230000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
(5230000 KHz – 5330000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
(5735000 KHz – 5835000 KHz @ 40000 KHz), (600 mBi, 3000 mBm)
cfg80211: Calling CRDA for country: US
Switching to clocksource orion_clocksource
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
TCP established hash table entries: 16384 (order: 5, 131072 bytes)
TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
TCP: Hash tables configured (established 16384 bind 16384)
TCP reno registered
NET: Registered protocol family 1
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
JFS: nTxBlock = 4010, nTxLock = 32080
msgmni has been set to 1002
alg: No test for stdrng (krng)
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
console [ttyS0] enabled
brd: module loaded
loop: module loaded
sata_mv sata_mv.0: version 1.28
sata_mv sata_mv.0: slots 32 ports 1
scsi0 : sata_mv
ata1: SATA max UDMA/133 irq 21
NAND device: Manufacturer ID: 0xec, Chip ID: 0xdc (Samsung NAND 512MiB 3,3V 8-bit)
Scanning device for bad blocks
Bad eraseblock 1265 at 0x000009e20000
Creating 3 MTD partitions on “orion_nand”:
0x000000000000-0x000000100000 : “u-boot”
0x000000100000-0x000000500000 : “uImage”
0x000000500000-0x000020000000 : “root”
UBI: attaching mtd2 to ubi0
UBI: physical eraseblock size: 131072 bytes (128 KiB)
UBI: logical eraseblock size: 129024 bytes
UBI: smallest flash I/O unit: 2048
UBI: sub-page size: 512
UBI: VID header offset: 512 (aligned 512)
UBI: data offset: 2048
ata1: SATA link down (SStatus 0 SControl F300)
UBI warning: ubi_eba_init_scan: cannot reserve enough PEBs for bad PEB handling, reserved 39, need 40
UBI: attached mtd2 to ubi0
UBI: MTD device name: “root”
UBI: MTD device size: 507 MiB
UBI: number of good PEBs: 4055
UBI: number of bad PEBs: 1
UBI: max. allowed volumes: 128
UBI: wear-leveling threshold: 4096
UBI: number of internal volumes: 1
UBI: number of user volumes: 1
UBI: available PEBs: 0
UBI: total number of reserved PEBs: 4055
UBI: number of PEBs reserved for bad PEB handling: 39
UBI: max/mean erase counter: 2/0
UBI: image sequence number: 0
UBI: background thread “ubi_bgt0d” started, PID 454
MV-643xx 10/100/1000 ethernet driver version 1.4
mv643xx_eth smi: probed
net eth0: port 0 with MAC address 00:50:43:01:5c:56
net eth1: port 0 with MAC address 00:50:43:01:5c:57
ehci_hcd: USB 2.0 ‘Enhanced’ Host Controller (EHCI) Driver
orion-ehci orion-ehci.0: Marvell Orion EHCI
orion-ehci orion-ehci.0: new USB bus registered, assigned bus number 1
orion-ehci orion-ehci.0: irq 19, io mem 0xf1050000
orion-ehci orion-ehci.0: USB 2.0 started, EHCI 1.00
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
Initializing USB Mass Storage driver…
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
mice: PS/2 mouse device common for all mice
rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0
i2c /dev entries driver
cpuidle: using governor ladder
cpuidle: using governor menu
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
mmc0: mvsdio driver initialized, lacking card detect (fall back to polling)
Registered led device: plug2l:red:health
Registered led device: plug2l:green:health
Registered led device: plug2l:red:wmode
Registered led device: plug2l:green:wmode
mv_xor_shared mv_xor_shared.0: Marvell shared XOR driver
mv_xor_shared mv_xor_shared.1: Marvell shared XOR driver
mmc0: new high speed SDIO card at address 0001
mv_xor mv_xor.0: Marvell XOR: ( xor cpy )
mv_xor mv_xor.1: Marvell XOR: ( xor fill cpy )
mv_xor mv_xor.2: Marvell XOR: ( xor cpy )
mv_xor mv_xor.3: Marvell XOR: ( xor fill cpy )
usbcore: registered new interface driver usbhid
usbhid: v2.6:USB HID core driver
oprofile: using timer interrupt.
TCP cubic registered
NET: Registered protocol family 17
lib80211: common routines for IEEE802.11 drivers
rtc-mv rtc-mv: setting system clock to 2009-08-08 08:10:20 UTC (1249719020)
usb 1-1: new high speed USB device using orion-ehci and address 2
UBIFS: mounted UBI device 0, volume 0, name “rootfs”
UBIFS: file system size: 516225024 bytes (504126 KiB, 492 MiB, 4001 LEBs)
UBIFS: journal size: 9033728 bytes (8822 KiB, 8 MiB, 71 LEBs)
UBIFS: media format: w4/r0 (latest is w4/r0)
UBIFS: default compressor: zlib
UBIFS: reserved for root: 0 bytes (0 KiB)
VFS: Mounted root (ubifs filesystem) on device 0:13.
Freeing init memory: 148K
usb 1-1: configuration #1 chosen from 1 choice
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
INIT: version 2.86 booting
usb 1-1.1: new high speed USB device using orion-ehci and address 3
usb 1-1.1: configuration #1 chosen from 1 choice
scsi1 : SCSI emulation for USB Mass Storage devices
Starting the hotplug events dispatcher: udevd.
Synthesizing the initial hotplug events…done.
Waiting for /dev to be fully populated…Bluetooth: Core ver 2.15
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
libertas_sdio: Libertas SDIO driver
libertas_sdio: Copyright Pierre Ossman
libertas_sdio mmc0:0001:1: firmware: requesting sd8688_helper.bin
libertas: can’t load helper firmware
libertas: failed to load helper firmware
libertas_sdio: probe of mmc0:0001:1 failed with error -2
Bluetooth: vendor=0x2df, device=0x9105, class=255, fn=2
btmrvl_sdio mmc0:0001:2: firmware: requesting sd8688_helper.bin
btmrvl_sdio_download_helper: request_firmware(helper) failed, error code = -2
btmrvl_sdio_download_fw: Failed to download helper!
btmrvl_sdio_probe: Downloading firmware failed!
done.
Setting the system clock.
Activating swap…done.
Setting the system clock.
scsi 1:0:0:0: Direct-Access Generic STORAGE DEVICE 9909 PQ: 0 ANSI: 0
sd 1:0:0:0: Attached scsi generic sg0 type 0
sd 1:0:0:0: [sda] Attached SCSI removable disk
scsi 1:0:0:1: Direct-Access Generic STORAGE DEVICE 9909 PQ: 0 ANSI: 0
sd 1:0:0:1: Attached scsi generic sg1 type 0
sd 1:0:0:1: [sdb] 7954432 512-byte logical blocks: (4.07 GB/3.79 GiB)
sd 1:0:0:1: [sdb] Write Protect is off
sd 1:0:0:1: [sdb] Assuming drive cache: write through
sd 1:0:0:1: [sdb] Assuming drive cache: write through
sdb: sdb1
sd 1:0:0:1: [sdb] Assuming drive cache: write through
sd 1:0:0:1: [sdb] Attached SCSI removable disk
Cleaning up ifupdown….
Loading kernel modules…done.
Checking file systems…fsck 1.41.3 (12-Oct-2008)
done.
Setting kernel variables (/etc/sysctl.conf)…done.
Mounting local filesystems…done.
Activating swapfile swap…done.
Setting up networking….
Configuring network interfaces…done.
Starting portmap daemon….
Setting console screen modes and fonts.
cannot (un)set powersave mode
Setting up ALSA…done (none loaded).
INIT: Entering runlevel: 2
Starting enhanced syslogd: rsyslogd.
Starting system message bus: dbus.
Starting OpenBSD Secure Shell server: sshdNET: Registered protocol family 10
.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Starting MTA: exim4.
ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken failed!
Starting Network Interface Plugging Daemon:ADDRCONF(NETDEV_UP): eth0: link is not ready
eth0.
Starting web server: lighttpd.
Starting internet superserver: inetd.
Starting Samba daemons: nmbdeth0: link up, 100 Mb/s, full duplex, flow control disabled
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
smbd.
Starting file alteration monitor: FAM.
Starting Hardware abstraction layer: hald.
Starting periodic command scheduler: crond.
Sat Aug 8 08:08:00 UTC 2009
uap_probe: vendor=0x02DF device=0x9104 class=0 function=1
uap_sdio mmc0:0001:1: firmware: requesting mrvl/helper_sd.bin
uap_sdio mmc0:0001:1: firmware: requesting mrvl/sd8688_ap.bin
UAP FW is active
ADDRCONF(NETDEV_UP): uap0: link is not ready
SSID setting successful
BSS started!
ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (8022 buckets, 32088 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
Starting very small DHCP server: udhcpd (v0.9.9-pre) started
udhcpd.
Starting DNS forwarder and DHCP server: dnsmasq.
Starting bluetooth: bluetoothdBluetooth: L2CAP ver 2.14
Bluetooth: L2CAP socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM ver 1.11
.
Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Bluetooth: vendor=0x2df, device=0x9105, class=255, fn=2
Bridge firewalling registered
Bluetooth: SCO (Voice Link) ver 0.6
Bluetooth: SCO socket layer initialized
Agent registered

Debian GNU/Linux 5.0 sheevaplug-debian ttyS0

sheevaplug-debian login:

The initial admin password for user “root” is “nosoup4u”. Change this as soon as you can to something different.

By default the Plug acts as a broadband access point. Join the GuruPlug WLAN from a laptop and you’ll get an IP address in the 192.168.1.100-192.168.1.200 range. You can access a simple website at htpp://192.168.1.100:80 to learn more about the GuruPlug settings.

http://plugcomputer.org/ is a great resource for finding more information about setting up your GuruPlug.

RsyncServer not started because pid file rsyncd.pid exists

Posted on by
4

I had a scary experience today because one of my Windows PCs “blue screened”, i.e. it crashed. While the “Blue Screen of Death” was fairly common in Windows 95 and 98, it is unusual to see it on any healthy machine running Windows 2000, XP, 2003 or 2008 Server, Vista or Windows 7.

Since the CPU fan of the machine had been running faster than normal recently, I had already suspected it of dust buildup in the CPU heat sink and when I opened up the machine, my suspicion was confirmed. I pulled out some dust and vacuumed the machine before starting it up again.

The machine booted normally and the fan was quiet, but I got alerts from another machine that it could not connect to the Rsync server of the restarted machine. I use an Rsync service for Windows to synchronize data updates between various machines. The service was shown with startup mode “Automatic”, which means it should start whenever Windows is booted, but it was not showing as “Started”. Looking into the log file at “C:\Program Files\ICW\rsyncd.log” I found several of these error messages, one each for every restart I had performed after the crash:

2010/05/08 15:37:45 [2128] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 15:37:45 [2128] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]
2010/05/08 15:52:32 [2120] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 15:52:32 [2120] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]
2010/05/08 16:11:13 [2644] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 16:11:13 [2644] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]

Probably the sudden crash had prevented the Rsync service from deleting its pid (process ID) file, as it normally does when it is shut down orderly.

After I deleted “C:\Program Files\ICW\rsyncd.pid” I was able to start the service and the other machine could connect to it and synchronize with it properly.

Hopefully the machine will keep running reliably again now that the heat sink is clean again. I will keep checking it for dust buildup at least monthly now that the summer months are approaching.

Vir7remover_2009_b2.exe / defend6-pc.com scareware

Posted on by
6

While researching some information, I came across a Google hit that looked like what I was looking for, but when I opened the page, none of the text in the preview paragraph was there. Somebody must have fed bogus contents to GoogleBot to attract searches.

Instead of the expected information I found myself on a scareware site called defend6-pc.com that was then trying to coerce me into downloading and installing their fake security software. A pop-up dialog asked me whether I wanted to scan my computer with their software. It didn’t matter if I clicked OK or Cancel, a download would always start. Only by closing the browser Window could I get rid of their nasty popup dialogs.

I’m using Mozilla FireFox, which does not offer to run downloaded EXEs directly. I did not click on the downloaded “Vir7remover_2009_b2.exe”, instead I ran it through the VirusTotal.com online malware scanner (highly recommended!) and products by four companies diagnosed it as malicious or suspicious:

  • Microsoft (1.5605) says it’s a “Trojan:Win32/FakeXPA”
  • Sophos (4.52.0) says it’s “Mal/FakeAV-CX”
  • VBA32 (3.12.12.4) says it’s “BScope.Trojan.MTA.0157”
  • Panda (10.0.2.2) calls it a “”Suspicious file”

“Mal/FakeAV-CX” indicates “scareware“, software that pretends to be an anti-virus / malware scanner that scares you with bogus alerts of malware on your harddisk into installing and or purchasing the software. Such software can include Trojans (as you would suspect from “Trojan:Win32/FakeXPA” and “BScope.Trojan.MTA.0157”) that take over your machine and can give someone else full control over your machine for malicious activities.

The following domains are all hosted on the same server as defend6-pc.com (IP address 93.174.95.154) and this list probably is not complete. I definitely would not recommend installing any software from any of these sites:

  • 10scanantispyware.com
  • 20scanantispyware.com
  • 2scanantispyware.com
  • 30scanantispyware.com
  • 3scanantispyware.com
  • 50virus-scanner.com
  • 5scanantispyware.com
  • 60scanantispyware.com
  • 7scanantispyware.com
  • 80scanantispyware.com
  • 8scanantispyware.com
  • 90virus-scanner.com
  • antispy-scan200.com
  • antispy-scan400.com
  • antispy-scan600.com
  • antispy-scan700.com
  • antispy-scan800.com
  • antispywarehelp002.com
  • antispywarehelp004.com
  • antispywarehelp008.com
  • antispywarehelp010.com
  • antispywarehelp022.com
  • antispywarehelpk0.com
  • antispywarehelpk2.com
  • antispywarehelpk4.com
  • antispywarehelpk6.com
  • antispywarehelpk8.com
  • antivirus-inet01.com
  • antivirus-inet31.com
  • antivirus-inet41.com
  • antivirus-inet51.com
  • antivirus-scan200.com
  • antivirus-scan400.com
  • antivirus-scan600.com
  • antivirus-scan700.com
  • antivirus-scan900.com
  • antivirus-test88.com
  • antivirus10scanner.com
  • antivirus900scanner.com
  • av-scanner200.com
  • av-scanner300.com
  • av-scanner400.com
  • av-scanner500.com
  • av-scanner700.com
  • defend-computer10.com
  • defend-computer30.com
  • defend-computer50.com
  • defend-computer70.com
  • defend-computer82.com
  • defend-computer83.com
  • defend-computer84.com
  • defend-computer85.com
  • defend-computer86.com
  • defend-computer88.com
  • defend-computer90.com
  • defend-pc100.com
  • defend-pc130.com
  • defend-pc150.com
  • defend-pc170.com
  • defend2-pc.com
  • defend5-pc.com
  • defend6-pc.com
  • inetproscan001.com
  • inetproscan031.com
  • inetproscan061.com
  • inetproscan081.com
  • inetproscan091.com
  • insight-scan20.com
  • insight-scan40.com
  • insight-scan60.com
  • insight-scan80.com
  • insight-scan90.com
  • insight-scanner2.com
  • insight-scanner5.com
  • insight-scanner7.com
  • insight-scanner8.com
  • insight-scanner9.com
  • internet-scan020.com
  • internet-scan040.com
  • internet-scan050.com
  • internet-scan070.com
  • internet-scan090.com
  • internet-scanner020.com
  • internet-scanner030.com
  • internet-scanner050.com
  • internet-scanner070.com
  • internet-scanner090.com
  • net-02antivirus.com
  • net-04antivirus.com
  • net-05antivirus.com
  • net-07antivirus.com
  • net001antivirus.com
  • net011antivirus.com
  • net021antivirus.com
  • net111antivirus.com
  • net222antivirus.com
  • novirus-scan00.com
  • novirus-scan01.com
  • novirus-scan22.com
  • novirus-scan31.com
  • novirus-scan33.com
  • novirus-scan41.com
  • novirus-scan55.com
  • novirus-scan61.com
  • novirus-scan81.com
  • novirus-scan88.com
  • spyware-stop01.com
  • spyware-stopb1.com
  • spyware-stopm1.com
  • spyware-stopn1.com
  • spyware-stopz1.com
  • spyware200scan.com
  • spyware500scan.com
  • spyware800scan.com
  • spyware880scan.com
  • spywarescan010.com
  • spywarescan013.com
  • spywarescan015.com
  • spywarescan017.com
  • spywarescan018.com
  • stop-all-virus1.com
  • stop-all-virus3.com
  • stop-all-virus6.com
  • stop-all-virus9.com
  • stop-virus-01a.com
  • stop-virus-01b.com
  • stop-virus-01d.com
  • stop-virus-01e.com
  • stop-virus-01f.com
  • stop-virus-03b.com
  • stop-virus-03u.com
  • stop-virus-03y.com
  • stop-virus-03z.com
  • stop-virus-040.com
  • stop-virus-070.com
  • stop-virus-090.com
  • stop-virus-091.com
  • stop-virus-099.com
  • stopvirus-scan11.com
  • stopvirus-scan13.com
  • stopvirus-scan16.com
  • stopvirus-scan18.com
  • stopvirus-scan33.com
  • stopvirus-scan66.com
  • stopvirus-scan88.com
  • stopvirus-scan99.com
  • virus77scanner.com
  • virus88scanner.com

Spam from hacked hotmail accounts sent from China

Posted on by
26

A bit over a year ago I wrote here about the “New Shopping, new life” spam that was sent from hacked free webmail accounts to advertise fake Chinese online shops. Recently I am seeing a lot more spam like that, mostly using hacked Hotmail accounts. Here is a typical example:

hello:
Please forgive us to disturb your valued time.
This is a big wholesale company in china, sell electronic products to all the world,such as laptop, camera, phone and so on. We can offer the low price and high quality to you. If you have free time, please to visit our official website: http://lezucker.com
if you have any other questions, please be free contact us by email or msn at any time.
Yours Sincerely,

——————————————————————————–
Not got a Hotmail account? Sign-up now – Free

The emails accounts appear to be accessed from IP addresses in China such as these:

  • 60.4.32.231 (3220 emails)
  • 116.7.20.191 (1974 emails)
  • 121.35.79.35 (1865 emails)
  • 60.4.153.48 (326 emails)
  • 121.35.79.16 (265 emails)

The email counts are for a period of about 60 hours and are only for my spam traps and external spam feeds, not the total sent from those addresses. What’s more, it’s not just a large number of emails per IP address but also per mail account (full address obscured for privacy reasons):

  • XXamari35@hotmail.com (2645 emails)
  • XXpsychling@hotmail.com (1994 emails)
  • XXishacarroll@hotmail.com (1215 emails)
  • XXbgreene27@hotmail.com (671 emails)
  • XXedina723@hotmail.com (575 emails)
  • XXgmo@hotmail.com (326 emails)
  • XXroxd1@hotmail.com (294 emails)

I find it surprising that Hotmail would allow a single free mail account to send out thousands of spams a day without getting it shut down. I can only guess what the total number is, as the above are only spam that I have received copies of. Clearly Microsoft will have to improve its mechanisms to catch such abuse.

Here are some of the domains advertised via these scammers:

  • lezucker.com (4189 emails)
  • ebroun.com (2645 emails)
  • hgbet.com (329 emails)

The IP address seem to be mostly but not exclusively from providers in the South of China, in Henan and Guangdong provinces:

inetnum: 115.48.0.0 – 115.63.255.255
netname: UNICOM-HA
descr: China Unicom Henan province network
descr: China Unicom
country: CN

inetnum: 123.8.0.0 – 123.15.255.255
netname: UNICOM-HA
descr: China Unicom Henan province network
descr: China Unicom
country: CN

inetnum: 123.52.0.0 – 123.55.255.255
netname: MAINT-CHINANET-HA
descr: CHINANET HENAN PROVINCE NETWORK
descr: henan Telecom Corporation
descr: 97# Zhongyuan Street, Zhengzhou,henan,Chinese
country: CN

inetnum: 121.32.0.0 – 121.35.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN

inetnum: 219.128.0.0 – 219.137.255.255
netname: CHINANET-GD
descr: CHINANET Guangdong province network
descr: Data Communication Division
descr: China Telecom
country: CN

inetnum: 123.112.0.0 – 123.127.255.255
netname: UNICOM-BJ
descr: China Unicom Beijing province network
descr: China Unicom
country: CN

Bloom Energy: Cutting through the hype

Posted on by
2

On 24 February 2010 Bloom Energy, a Sunnyvale, California based company launched its solid oxide fuel cell (SOFC), which is currently being field tested at several large customers, including eBay, Google and WalMart. CBS “60 Minutes” ran a program on the company and their product three days earlier. Their technology will let you generate your own electric power from natural gas or other fuels. Each Bloom Energy Server has a power output of 100 kW and is about the size of a small truck. Google was the first company to have a unit installed in July 2008. It now has 4 units and eBay has 5. They are the two most visible installations so far. It may be coincidence, but Google was not only the first customer of Bloom Energy, in 1999 it had also received venture funding from Kleiner Perkins Caufield & Byers (KPCB), the major backer behind Bloom Energy. Other customers are Staples, Walmart, FedEx, Coca Cola and Bank of America.

Costs versus carbon savings
According to Bloom Energy, their Servers can generate electricity at a cost of 8-10 cents per kWh (read Jesse Jenkins’ interesting article on Forbes.com). That is after California state and US federal subsidies for the purchase of the units, which go for at $700,000-$800,000 each or some $7,000-$8,000 per kW of rated power. Their cost per installed kW is high, more than an order of a magnitude higher than the around $600 per kW of rated output for combined-cycle gas turbines (CCGT), an established and proven technology that combines gas turbines with steam turbines for best efficiency. CCGTs are used in many power stations that supply the electric grid.

Even with US tax payers picking up around half the cost, the Energy Servers are still six times as expensive per kW as CCGTs. That might be an acceptable price for nurturing a new technology, but Bloom Energy fuel cells are more expensive without giving clearly superior results: While SOFC technology as used by Bloom Technology achieves efficiencies of about 50-55%, CCGT achieves thermal efficiencies of close to 60%, which translates to overall efficiencies similar to what Bloom can offer. Consequently, specific CO2-Output is virtually identical for both technologies, at about 0.8 lb of CO2 per kWh when run on natural gas for either technology. Though Bloom Energy undercuts coal fired power stations by some 60% on greenhouse gas emissions, it offers no clear advantage in that respect when compared to the most advanced gas turbines, which do equally well but are much cheaper to install than fuel cells.

Transmission and conversion losses
It is true that decentralized generation adjacent to your parking lot can save grid transmission losses, but these losses are actually smaller than many people assume: In 1995 some 7.2% of electricity generated in the US was lost in transmission (see Wikipedia). With steam turbine power generation the bulk (60-70%) of the energy losses is not during grid transmission, but conversion losses during generation. Not all the heat from a gas, oil or coal fire can be turned into mechanical and subsequently electrical energy. The laws of physics limit the maximum possible efficiency according to the temperature difference between the hot side and the cold side of the working cycle of any kind of engine. The low temperature heat that is left is waste heat which accounts for 60% or more of the initial heat from burnt fuel. In centralized power stations it ends up warming rivers or oceans or ambient air while condensing steam back into water to run it trough the boiler and steam turbine once more. It can not be put to use because it’s too far from most consumers.

If you really wanted to cut down on CO2 emissions from fossil fuel, you need to address the major conversion losses and not just the minor transmission losses. If power was generated where it’s consumed, then all that waste heat was still available for low temperature applications (below 100°C / 180F), such as providing warm water, heating buildings and even cooling them via absorption chillers. Yet this major benefit of decentralized generation is for now rejected as impractical by Bloom Energy:

Some makers of legacy fuel cell technologies have tried to overcome these limitations by offering combined heat and power (CHP) schemes to take advantage of their wasted heat. While CHP does improve the economic value proposition, it only really does so in environments with exactly the right ratios of heat and power requirements on a 24/7/365 basis. Everywhere else the cost, complexity, and customization of CHP tends to outweigh the benefits.
(Bloomenergy: Solid Oxide Fuel Cells)

At Google or eBay the waste heat produced in the fuel cell only heats the air in the parking lot. By contrast, the EneFarm combined heat and power (CHP) system offered by Tokyo Gas in Japan, another natural gas powered fuel cell already on the market, is designed primarily as a hot water source, with electricity generation as a byproduct. When you run that fuel cell to generate hot water, you either use or sell the electricity produced in the process, but there is never any waste.

The potential of reverse fuel cell technology
In the CBS interview, the Bloom Technology CEO also mentioned the possibility of reversing the function of their fuel cell, producing hydrocarbons or other fuels from CO2, water and (perhaps solar) electricity. That one had me a bit puzzled. It will still be a few more decades before we will completely stop using hydrocarbons and coal for generating electricity. Until then, wouldn’t it be easier to simply cut back on burning gas, coal and and oil to make electricity, instead of using precious electricity (which we mostly produced by burning fossil fuel) to regenerate a fraction of that carbon-based fuel from CO2?

Reverse fuel cells make little sense for energy storage – chances are, if an SOFC is about 50% efficient at converting fuel into electricity, it probably won’t be much more efficient going the opposite direction, making fuel using electricity. Do the conversion both ways to even out power output between day and night and you end up losing 75% of the energy. Batteries would retain as much as 90% and lose only 10%. Still, one could see a role for reverse fuel cells at remote wind or solar installations for making methane or other chemical feed stocks from surplus electricity some time in the far future. It won’t be as an energy carrier though, because if you have spare electricity it’s far easier to electrolyze water and make hydrogen than to make methane, which requires a CO2 supply as well.

Let’s assume the Bloom Energy server produces 0.8 lbs of CO2 per kWh and a coal fired plant produces 2 lbs per kWh. If we assume that reverse fuel cell operating is about as efficient as regular fuel cell operation (some 50%), then per kWh (say from wind, geothermal or nuclear) you could turn only 0.2 lb of CO2 back into fuel. For each extra kWh of carbon-free electricity, would you invest it on

  • preventing 2 lb of CO2 output from coal power or
  • on avoiding 0.8 lb of CO2 output from a fuel cell or CCGT, or
  • on a mere 0.2 lb of CO2 reduction in a reverse fuel cell?

From a carbon balance point of view, the latter makes no sense at all until you’ve completely exhausted the former two, i.e. completely stopped burning fossil fuel.

Summary
Bloom Technology’s fuel cell technology looks interesting, but nowhere near as revolutionary as its supporters would have us believe. It certainly has applications in niche markets such as backup power for data centers, but it remains severely hampered by excessive cost relative to its technically feasible performance. Lowered production costs, availability of smaller units and making use of waste heat could still improve its prospects, but don’t expect this device to revolutionize electricity production.

Apart from combined heat and power generation, fuel cells will find markets in remote locations where diesel generators are costly and maintenance intensive or too noisy, such as as tactical generators for the military, but they’re unlikely to make major inroads for electricity-only generation anywhere near the grid in the foreseeable future. That’s because gas turbines can be made just as efficient / low carbon and they’re known to work year after year, at a fraction of the capital cost of fuel cells.

Reading list:

John Doerr On Bloom Energy Launch: “This Is Like The Google IPO”
by Erick Schonfeld on Feb 24, 2010

The Bloom box
February 21, 2010

Doing The Math On Bloom Energy
Jesse Jenkins, 02.25.10

Is Bloom Energy’s Secret Ingredient Zirconia?
Michael Kanellos 2010-02-22

Combined Cycle Gas Turbine project

Kleiner Perkins, stealth, and Ion America
Posted by Matt Marshall on November 17, 2004

GuruPlug Server Plus, a $129 Linux server based on ARM

Posted on by
5

GuruPlug Server Plus

Over the years, Intel and its microprocessors have become a household name, recognized by millions of PC users. However, far more people own computers based on ARM processors without ever having heard of that CPU – it’s their mobile phones. More than a billion mobile phones are sold worldwide every year, each one more powerful than an office computer that used to run Windows 95/98 not too long ago. Whatever the brand or model, almost all of them (98%) use at least one CPU based on the ARM architecture. Also, if you own a car navigation system or a broadband router that connects your PC to a DSL or cable modem, it probably uses an ARM chip. Do your kids own a Gameboy Advance, a Nintendo DS, do you listen to music on an iPod? ARM CPUs are common to all of these, as well as the iPhone, the Blackberry and other mobile phones.

From the start, ARM was meant to compete head-on with Intel CPUs in desktop computers, but for many years there really was no direct competition between the two. The issue was mostly software, and as that may change, we’ll increasingly see ARM and Intel compete directly in the same markets. This is bad news for Intel (and AMD) as per-CPU revenue has been far higher in their markets than for makers of ARM chips. As Intel is trying to get a bigger slice of the exploding handheld market with Atom while ARM is taking a bite out of Intel-dominated markets, this gap in pricing is set to erode.

A short history of ARM

ARM has a colourful history. The first ARM chips were developed by Acorn Computers Ltd in Cambridge/UK, who in the early 1980s had successfully launched the 6502-based BBC Micro home/educational computer, an 8-bit machine. I first visited Acorn in the summer of 1984 as a young software engineer working at Digital Research UK. Under an OEM contract I ported Concurrent DOS to a prototype Acorn ABC 310, a 6502-based machine with an 8 MHz 80286 second processor equipped with 1 MB of memory. That 286 machine was one of several projects meant to take Acorn into the more lucrative business market, using a range of 16-bit and 32-bit machines to compete against the likes of the new IBM PC/XT, PC/AT and the 8086-based ACT Apricot that was very successful in the UK. Acorn was well aware of the limitations of the 6502, which was only an 8-bit processor that could not address more than 64 KB of memory. Acorn then decided to replace the 6502 with a simple but efficient 32-bit RISC design, the Acorn RISC Machine (ARM) which came out in 1986.

As it turned out, machines based on ARM never took much market share from the new IBM-compatible PCs that were gradually taking over the desktop market. So instead of building entire computers, or making chips and selling them like Intel does, the developers of ARM decided to license the design to anyone wishing to integrate it into their own custom designs. That’s how ARM became both ubiquitous and nameless. One reason for the lack of success on the desktop was the huge library of software written for MS-DOS and later the various MS Windows versions, which only worked on Intel-compatible CPUs. Despite that, the ARM design eventually became successful beyond anybody’s wildest dreams in mobile and embedded markets where low power usage and low cost were crucial. Mobile phones and other handheld devices and appliances had no need to run desktop applications written for MS Windows. Subsequently, ARM as a hardware platform became so successful that Microsoft ported its Windows CE operating system to ARM (besides x86, MIPS and SuperH as other supported platforms). Even Intel was involved for 8 years with StrongARM and XScale, which it sold to Marvell in 2006.

The marriage of ARM and Open Source

Now it looks like ARM is returning to its roots, with the announcement of ARM-based netbooks and with ARM-based Linux servers. Until recently notebooks and servers were mostly Intel domains, but open source and portable Linux is bridging the gap between Intel and ARM hardware, leveling the playing field for applications. In early 2009 Marvell launched the SheevaPlug, a $99 self-contained ARM and Linux-based mini-server about the size of a notebook power brick. A year later, Globalscale Technologies announced the GuruPlug range of low cost, energy saving computers as the successor to the SheevaPlug; both SheevaPlug and GuruPlug are based on a Marvell chip set, with similar specs and sizes. The GuruPlug is 95mm (L) x 65mm (W) x 48.5 mm (H) and draws under 5 Watts. Its built-in universal power supply handles 100-240V, 50/60Hz for worldwide use with only a plug adapter. The GuruPlug is supposed to start shipping in April and I have two on order 🙂

The most interesting of the three GuruPlug Server models in my opinion is the “Plus” model, which sells for $129, $30 more than the GuruPlug Server “Standard” model or the older SheevaPlug base model. All GuruPlug Server models sport a 1.2 Ghz Marvell Kirkwood ARM CPU, 512 MB of DDR2 RAM, 512 MB of NAND flash, 802.11b/g WLAN and Bluetooth. While the Standard model offers one gigabit Ethernet port and one hi-speed USB (480 Mbps) port, the Plus has two of each and also offers an eSATA port (3 Gbps) plus an external micro-SD slot.

Dual network interfaces make the Plus very suitable as a router (one port for the WAN, one for the LAN). Just add a 4-port hub and you have a direct replacement for a regular broadband router, but with the ability to also hook up USB or eSATA hard disks for Network Attached Storage (NAS) or as a web server or media server, or plug in a USB-printer to be shared over the LAN. Or you could run a VPN, or a mail server, or a spam filter – or all of these combined. Basically anything that works on a Linux server should work in this tiny box, as long as there is enough storage for files on either the internal flash or RAM or the micro-SD or a USB-stick or an external USB or eSATA hard disk.

A third model, the GuruPlug Display for $179 has also been announced, but (as of 2010-02-21) can not be ordered yet. This one will come with 3 USB ports and an HDMI video connector for hooking up an external monitor, so you could use it with a keyboard and mouse (via USB or Bluetooth) for web browsing.

Haiti disaster attracts Nigerian scammers

Posted on by
12

It happened after the Indian ocean tsunami and after Hurricane Katrina. It’s happening again with the earthquake in Haiti that has killed tens of thousands and left hundreds of thousands injured, homeless, hungry or without medical treatment: Scammers in Nigeria and elsewhere are stealing money meant for victims of the disaster.

If you think there is a line that such scammers won’t cross, think again.

Here is an email soliciting donations on behalf of “HAITI CITIZENS LIVING IN THE UNITED KINGDOM” with relatives living in Haiti, but really originating from an IP address in Nigeria, West Africa:

PASTOR JOHN BROMA
HAITI CITIZENS IN UNITED KINGDOM
23 BEN AVENUE S/W,LONDON
UNITED KINGDOM

DEAR SIR/MADAM

WE ARE HAITI CITIZENS LIVING IN THE UNITED KINGDOM WHOM THEIR FAMILIES
ARE AFFECTED BY THE RECENT EARTQUAKE,WE HAVE BEEN TRYING TO RAISE MONEY
TO HELP THE HAITI CITIZENS WHO ARE WITHOUT FOODS,DRUG AND SHELTER,SO WE
PLEAD THAT YOU SUPPORT US WITH WHAT EVER YOU CAN.

ALL DONATIONS SHOULD BE SEND THROUGH WESTERN UNION MONEY TRANSFER
BECAUSE OF THE URGENT ATTENTION NEEDED.DO SEND IT TO THE INFORMATIONS BELOW.

PASTOR JOHN BROMA

HAITI CITIZENS IN UNITED KINGDOM
23 BEN AVENUE S/W,LONDON
UNITED KINGDOM

PLEASE MAKE SURE THAT YOU FORWARD THE WESTERN UNION INFORMATIONS SUCH AS
SENDERS NAME,AMOUNT SEND AND THE MTCN.WE PRAY THAT ALMIGHTY GOD WILL
BLESS AS YOU HELP THE SUFFERING HAITI CITIZEN.

THANKS FOR YOUR HELP

PASTOR JOHN BROMA(SECRETARY)

Looking at the message headers we see:

Received: from User ([82.128.33.35] RDNS failed) by mail.westnet.com
with Microsoft SMTPSVC(6.0.3790.3959); Fri, 15 Jan 2010 19:13:32 +0900
Reply-To: <pastorjohnbroma@yahoo.com>
From: HIATI CITIZENS IN UNITED KINGDOM<pastorjohnbroma@yahoo.com>
Subject: HELP FOR HAITI
Date: Sat, 16 Jan 2010 11:21:10 -0800

IP address 82.128.33.35 belongs to a cell phone provider in Nigeria:

inetnum: 82.128.32.0 – 82.128.63.255
netname: INET-MLTL
descr: CDMA 1x/EVDO Dial up pool
country: NG
admin-c: RIA27
tech-c: RIA27
status: ASSIGNED PA
mnt-by: MLTL-INT-MNT
mnt-lower: MLTL-INT-MNT
source: AFRINIC # Filtered
parent: 82.128.0.0 – 82.128.127.255

person: IP Admin-RIPE
address: Multilinks Telecommunications Limited
address: 231 Adeola Odeku Str.
address: Victoria Island, Lagos, Nigeria

The criminal who sent this mail must be one of their customers.

If you want to make a donation to help those affected by the disaster, send it to the Red Cross or another well established relief organization. Beware of any stranger who asks you to wire money by Western Union or MoneyGram, because these instant wire transfer services are essentially anonymous and untraceable and there are no safeguards whatsoever against abuse by criminal recipients, who can not be traced. That is precisely why scammers prefer you to send money that way.

If hell exists there must be a special place there waiting for these scammers, who even make money out of the orphans and dying in Haiti.

Broken link suggestion spam, a new twist on link exchange spam

Posted on by

Since Google ranks sites primarily by how many other pages and sites link to them, unethical people have been trying to boost their site rankings by tricking others into creating links to them.

Link exchange spam, i.e. unsolicited offers to reciprocally create links to each other’s sites, has been around for many years. Recently I came across a new twist, broken link suggestion spam. You’ll receive a personal looking email like the following that tells you about a broken link on a page on one of your sites, with a suggestion for a replacement link target (boldface added by me):

Hi Joe!
Sorry to bother you, my name is Kate Austen, I’m a teaching assistant for a sociology class. I’ve been doing some research online for an upcoming lesson on the urban legends, myths, and hoaxes, and your page was very helpful. Thanks so much!

I noticed that on your page (http://www.joewein.de/hoax.htm) you have a broken link http://www.urbanlegends.com/index.html (an old page about urban legends)… May I offer a thought on a possible replacement? http://www.costumesupercenter.com/csc_inc/html/static/btarticles/urbanlegendsandmyths.html It has some great information about several urban legends and myths. I found it to be a great resource during my research, and it would be a great fix to your broken link. I’ve added it to my bookmarks, along with your site 🙂

Just thought I’d let you know 🙂

Take Care,
Kate
kate@professor-research.org

I plugged some phrases from the above email into Google and it found the following similar email (boldface also added by me, please compare the two):

Crystal Sawyer
crystal@studentresearchers.org

Hi!
Sorry to bother you, my name is Crystal Sawyer, I’m an education major from upstate New York. I’ve been doing some research online for a class project and your pages were very helpful. Thanks so much 🙂

I noticed that on your page (http://www.apfn.org/apfn/mmm.htm) you have a broken link http://www.nara.gov/exhall/charters/declaration/decmain.html (an old page about science projects)… May I offer a thought on a possible replacement? http://legalmetro.com/library/historic-us-documents-the-charters-of-freedom.html It has some great information about teaching children how to do experimental science projects. I found it to be a great resource during my research, and it would be a great fix to your broken link. I’ve added it to my bookmarks, along with your site 🙂

Just thought I’d let you know 🙂

Take Care,
Crystal
crystal@studentresearchers.org

The number of identical phrases is far to high to be a coincidence. Looking at the sender domains professor-research.org and studentresearchers.org, the registrant on both is hidden behind the anonymization service domainsbyproxy.com.

I would say chances are good that both “Kate” and “Crystal” are the same person and that this person works for a company offering paid search engine optimization (SEO) services to boost their customers’ website rankings. They add some editorial contents to the customer website and then deceptively ask owners of sites with a high Page rank (PR) to replace broken links with links to these new pages by posing as students and researchers with no obvious commercial interest in the link target site.