Author Archives: Joe Wein

About Joe Wein

Software developer and anti-spam activist

NewerTech USB 2.0 Universal Drive Adapter

Posted on by
Reply

If you find yourself needing to read and write hard disks from other computers and do not always want to transplant them into a computer or an empty USB drive chassis, the NewerTech USB 2.0 Universal Drive Adapter is a great solution. It handles just about any format:

  • 3.5″ SATA (1.5 or 3.0 GBps, Molex or SATA power connector)
  • 3.5″ parallel ATA
  • 2.5″ SATA
  • 2.5″ parallel ATA
  • 5.25″ parallel ATA optical drives (CD/DVD/Blueray – but not notebook drives!

Its 100-240V, 50/60 Hz universal power brick is usable worldwide. All necessary cables are included (ATA ribbon cable, SATA, USB, power cables).

Using a hard disk on any USB-equipped computer is as easy as connecting the drive to the USB adapter and power brick and plugging the USB cable into the computer’s port (PC or Mac, running Windows, OS X or Linux). It may take about half a minute for the PC’s operating system to load the necessary drivers, but then you’ll have a new drive that can use any way you like.

So far the unit has worked just as advertised. I’m using it to access drives from older machines as well as for system upgrades and new operating system installs. For example, you could use the unit to hook up a DVD drive for installing an OS on a net book or other PC that doesn’t have an optical drive.

NewerTech has been around for a long time and has a good reputation mostly for Mac-related hardware, but some of it works equally well for Windows and Linux PCs.

Their Guardian MAXimus external RAID-1 solution (from $150 without preinstalled disks, $430 for twin enterprise class 1 TB drives) also looks very interesting. It supports a full range of interfaces (eSATA, USB 2.0 and Firewire 400/800) and handles a pair of drives of up to 2 TB each. RAID-1 means that all writes are automatically replicated to both drives, without the operating system needing any special support for it, so that you’ll be fully covered should one of the drives fail: You just replace the dead drive and it is automatically rebuilt using the data from the good drive while you keep on working.

“…, has added you as a friend on SiliconIndia” scam emails

Posted on by
7

Over the past year I’ve been getting a steady trickle of “friend requests”, i.e. invitations to join a service, for a website called SiliconIndia. Virtually all the supposed senders were women from India. Job titles included Software Engineer, Business Analyst and HR Executive. Most were very pretty. By that I mean not just better than average looking, more like the portfolio of a modeling agency.

Because of my volunteer work against online scams, some email accounts of mine end up in address books of thousands of people who over time have forwarded me samples of questionable mails. Consequently, I also receive a lot of requests to join online networking and other websites, many of which make it too easy to invite everyone in your address book to join a particular service when you join. One mail folder that I keep exclusively for such invitations from people I don’t recognize currently contains over 1,100 examples.

When I received another SiliconIndia invitation yesterday, I decided to take a closer look and a very interesting picture evolved. I had 42 invitations going back to February 2008. Nine of them (originating with three indivuals) did not include a photograph and almost all of those were from the first month. They may have been real invitations. The interesting thing about the other 33 invitations was that the senders were all female. Not one guy! 23 of these were sent from Gmail accounts and 10 from AOL or AIM accounts. One picture I received from both a Gmail and an AOL account. It wasn’t just that these emails had AOL or Gmail sender addresses, they also did not come from a SiliconIndia mail server as one might expect for regular “tell a friend” invitations. All were sent from regular personal Gmail and AOL accounts through the respective mail servers.

What this tells me is that someone is manually making up invitation mails, using pictures of pretty women to attract mostly male job seekers to join that service. And somebody somewhere is making money out of people who respond.

Out of curiosity I joined the service under an assumed identity. The profile for the person who had invited me the day before had a list of 456 “friends”. If she were to “stay in touch” with all of them as it said in the invitation, she’d be a pretty busy lady. So next time you get an invitation to join SiliconIndia to connect with some pretty woman, don’t delude yourself. Most likely some guy somewhere is being paid a few rupees to mail pictures of pretty girls to thousands of guys in order to drive traffic to a commercial website.

“Trau keiner Statistik…”

Posted on by
2

Today, in online chat with an American friend that touched on website statistics I posted the line:

“Never trust any statistics that you didn’t forge yourself.”

He replied that he liked the quote, which suggested to me that he hadn’t heard it before. This particular one liner frequently pops up in discussions of published numbers in Germany, especially if one disagrees with what they appear to show. You might call it the German equivalent of “There are three kinds of lies: lies, damned lies, and statistics.” Its two common variants are “Ich traue keiner Statistik die ich nicht selbst gefaelscht habe” (I don’t trust any statistics that I didn’t forge myself) or as advice: “Traue keiner Statistik die du nicht selbst gefaelscht hast” (Don’t trust any statistics that you didn’t forge yourself).

I vaguely remembered that this line was usually attributed to Winston Churchill and found my friend’s reaction odd, because if this was a Churchill quote, it would be more likely to be known amongst English speakers than in Germany. A quick Google search confirmed my suspicions because hits centered on Germany, making it unlikely the quote was indeed from Churchill. The German-centric hits were no coincidence, because as it turns out the “quote” was a product of Nazi propaganda that has managed to survive the fall of the Reich by more than six decades.

According to research conducted by a member of the Baden-Wuerttemberg State Office of Statistics a couple of years ago, there is no verifiable source for the supposed “quote”. The Times of London had never heard of it. What’s more, it dovetails nicely with WWII Nazi propaganda that accused Churchill of exaggerating Allied successes and minimizing British losses (i.e. forging numbers). It does not really fit Churchill, because he was not known as a general skeptic on statistics, though he was suspicious of German claims (and for good reasons). The fake “quote” combines these two themes, skepticism of his opponents’ statistics and accusations of being a liar that the Nazis liked to smear him with.

Maybe better advice would be: “Don’t trust any quote that you didn’t forge yourself.” 😉

Sources:

IPv6 with DD-WRT router and Hurricane Electric

Posted on by
7

Last weekend I got IPv6 working on my US$60 router, allowing all my machines here to talk IPv6 to the outside world. That includes an Ubuntu Linux server, 4 PCs and one Mac.

The biggest incentive for upgrading to IPv6 is the fact that at the current pace we’ll run out of (IPv4) IP addresses in about two years. These are the unique host addresses (usually written in dotted decimal format like 209.85.171.100) that identify client and server computers on the Internet. The newer IPv6 standard that replaces 32-bit addresses with 128-bit addresses will forever take care of this shortage. It will also do away with the primary need for Network Address Translation (NAT) which has been a big headache for voice over IP (VoIP) and other peer to peer applications.

However, over a decade after the introduction of the newer standard (in 1997), uptake is still slow. Many ISPs still don’t support IPv6 and neither does a lot of the equipment used at homes and offices. This is gradually starting to change. IPv6 is an integral part of modern operating systems such as Linux, Mac OS X, Windows 7, Windows 2008 Server, Windows Vista, Windows 2003 Server and Windows XP (where it’s optional).

If your ISP does not support IPv6, you can still use it by employing the services of a tunnel broker, which gives you IPv6 connectivity over an IPv4 tunnel. This lets you test your software with the new APIs, though you won’t gain native IPv6 performance. If you have a static IP you can use tunnelbroker.net by Hurricane Electric, Inc. Their service is professionally run and free. Another option is SixXS, but I have not tried them.

My router is a Buffalo WHR-HP-G54, which is compatible with the Linux based open source DD-WRT firmware. Recent versions of DD-WRT have IPv6 support. My first attempt with the v24 sp1 std build which is supposed to include IPv6 was unsuccessful, but I had more luck after trying the v24 10070 crushedhat version (dd-wrt.v24-10070_crushedhat_4MB.bin). Here’s what you do:

  • The following instructions assume that your WHR-HP-G54 router is running open source DD-WRT firmware. If your router is still running the default firmware, install DD-WRT v24 sp1 mini generic (SVN build 10020, 27-July-2008) on it. See my blog post on the WHR-HP-G54 with DD-WRT for detailed instructions. The WHR-HP-G54DD is a version of this router that comes with DD-WRT preinstalled.
  • Go to Security / Firewall on your DD-WRT and remove the check mark on Block anonymous WAN requests (ping) so that Hurricane Electric can verify your router exists by pinging it.
  • Go to www.tunnelbroker.net and sign up for an account. Then log in and go to Create a Regular tunnel. You’ll need to enter your static IP, which will be conveniently displayed. You have a choice of tunnel endpoints. Pick one that has a short ping time from where you are. Make a note of all the details of the tunnel that is created. You will need to enter some of these details on your router, in particular these:
    • Server IPv4 address
    • Server IPv6 address
    • Routed /64
  • Read crushedhat’s description of how to configure the router with his firmware, which should work with most Broadcom-based DD-WRT-compatible routers.
  • I’m assuming you have updated the firmware of your router before and know the usual caveats about “bricking” your router if anything goes wrong. I won’t be responsible for that. 😉 I went from the factory Buffalo firmware to v24 sp1 mini to v24 sp1 std to v24 sp1 mini to v24 crushedhat 10070, with no problems, but your mileage may vary. I downgraded from v24 sp1 std (4 MB) to v24 sp1 mini (2 MB) “just in case” before flashing crushedhat’s std (4 MB) build. I did not opt to reset the NVRAM to factory defaults.
  • Download a copy of the v24 crushedhat 10070 build and save it on your hard disk. Use a computer with a wired connection to the router, not WLAN for the firmware upgrade. Go to Administration / Firmware Upgrade and select the dd-wrt.v24-10070_crushedhat_4MB.bin file. Click the upgrade button. Don’t touch anything until after the router has reset and is running the new firmware.
  • Go to Administration / Management and check Enable for IPv6 and Radvd enabled. Then paste the following into the Radvd config box:

    interface br0
    {
    AdvSendAdvert on;
    prefix 2001:470:YYYY:YY::/64
    {
    AdvOnLink on;
    AdvAutonomous on;
    };
    };

    where 2001:470:YYYY:YY::/64 matches the value of “Routed /64” in the created tunnel given to you by Tunnelbroker.net:

    Server IPv4 address: 216.218.226.238
    Server IPv6 address: 2001:470:XXXX:XX::1/64
    Client IPv4 address: 219.110.159.121
    Client IPv6 address: 2001:470:YYYY:YY::2/64
    Routed /48: 2001:470:ZZZZ::/48
    Routed /64: 2001:470:YYYY:YY::/64

  • Go to Administration / Commands and enter these commands, then click Save Startup:

    ip tunnel add he-ipv6 mode sit remote 216.218.226.238 ttl 64
    ip link set he-ipv6 up
    ip addr add 2001:470:XXXX:XX::2/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip addr add 2001:470:YYYY:YY:200:00ff:fe00:0000/64 dev br0

    Replace 216.218.226.238 with Server IPv4 address from your tunnel settings, 2001:470:XXXX:XX:: with the Server IPv6 address value and 2001:470:YYYY:YY:: with the Routed /64 value.

  • Go to Administration / Commands and enter these commands, then click Save Firewall:

    insmod ip6t_REJECT
    ip6tables -F
    ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -m multiport –dports ftp-data,ftp,ssh,smtp,http,https,ntp,domain -j ACCEPT
    ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -j REJECT –reject-with adm-prohibited
    ip6tables -A FORWARD -p udp -i he-ipv6 -m multiport –dports ntp,domain -j ACCEPT
    ip6tables -A FORWARD -p udp -i he-ipv6 -j REJECT –reject-with adm-prohibited

  • Now it’s time to check if everything works. It may take a few minutes or one reboot for your client to obtain an IPv6 address. Here is what things should look like after that:

    C:\>ipconfig

    Windows IP Configuration

    Ethernet adapter Motherboard Network Connection:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : 192.168.100.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    IP Address. . . . . . . . . . . . : 2001:470:YYYY:YY:290:feff:fe66:e237
    IP Address. . . . . . . . . . . . : fe80::290:feff:fe66:e237%6
    Default Gateway . . . . . . . . . : 192.168.100.1
    fe80::21d:73ff:fe3a:3b8c%6

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
    Default Gateway . . . . . . . . . :

    Tunnel adapter Automatic Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : fe80::5efe:192.168.42.2%2
    Default Gateway . . . . . . . . . :

    You can ping Google’s IPv6 servers:

    C:\>ping ipv6.google.com

    Pinging ipv6.l.google.com [2001:4860:c004::68] from 2001:470:YYYY:YY:290:feff:fe66:e237 with 32 bytes of data:

    Reply from 2001:4860:c004::68: time=307ms
    Reply from 2001:4860:c004::68: time=307ms
    Reply from 2001:4860:c004::68: time=331ms
    Reply from 2001:4860:c004::68: time=318ms

    Ping statistics for 2001:4860:c004::68:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 307ms, Maximum = 331ms, Average = 315ms

    Fire up FireFox 3 or the browser of your choice and go to http://www.kame.net/ – if the image of the turtle is dancing then you have IPv6 working. Go to http://whatismyv6.com/ to see your IPv6 address.

Good luck! 🙂

“Muslim demographics” propaganda video exposed

Posted on by
25

Today a friend forwarded me an email with a link to a Youtube video on “Muslim demographics” that appears to be viral at the moment, with over 5 million views so far:

Islam will overwhelm Christendom unless Christians recognize the demographic realities, begin reproducing again, and share the gospel with Muslims.

It’s a cleverly made piece of propaganda that paints a picture of a Europe in which Muslims become the majority of the population by or before 2050. However it did not clearly reference its sources, which (if you notice them at all) appear too small to be readable. It’s not clear who produced this video either.

Why do I call it propaganda? Because whoever made it, they did play fast and loose with the truth – Goebbels would have been proud of them. I will give you just a few examples.

They claimed that the average fertility of Muslim women in France was 8.1 children per woman, which would be about 4 times the French average. The fact is that most Muslims in France originated from Morocco, Algeria, Tunisia or Turkey, countries whose average fertility rates are much lower than claimed for the Muslim immigrants.

Morocco 2.57
Algeria 1.82
Tunisia 1.73
Turkey 1.87

That doesn’t really make sense. It seems likely that fertility amongst immigrants would fall somewhere in between rates in their country of origin and of their new chosen home, but not some four times higher than either of them, as the makers of this propaganda video would have us believe.

Birth rates have been falling with rising living standards and education levels – not only in Europe, North America and Japan but also in Latin America, South Asia, East Asia, most of the Middle East and just about anywhere else. It’s a global trend: These days even the Islamic Republic of Iran, not exactly a bastion of Western liberalism, has a lower fertility rate than France. In fact sub-Saharan Africa is the only region worldwide that has bucked the trend, where fertility rates have remained consistently high. A large percentage of future Christian and Muslim worldwide population growth will come from that continent.

Another example is false claim in the video that Muslims make up 25% of the population of Belgium, when in fact they only reach that proportion in the city of Brussels, while they constitute a mere 4.0% of the population of Wallonia and 3.9% of the population of Flanders, the two major regions of the country. The national average is 6% – only one quarter of what the video claims. The video authors are off in a similar way in a similar claim about the Netherlands.

These and numerous other mistakes and inconsistencies are exposed and thoroughly refuted in an excellent post on the Tiny Frog blog. If anyone sends you a link to the “Muslim demographics” video, send them back a link to the facts!

Demographics and Politics

With falling birth rates in many developed countries and rising immigration that partly compensates for this, many people are afraid of their countries gradually losing their cultural identity. This fear is largely misplaced. When Polish workers came to the Ruhr area of Prussia in large numbers to work in coal mines in the 19th century, there were the same fears, but now their descendants are as German as anyone else and only the numerous Polish surnames in the phone books or local football (soccer) teams remind of the immigration. Likewise, Catholic immigrants from Ireland, Italy and Mexico faced a lot of hostility in the US around the turn of the 19th/20th century, but they integrated like Protestant immigrants before them and their descendants speak English like other Americans. With immigration patterns such as in Europe and the US, immigrant populations will largely assimilate within two or three generations, even if they may retain some elements of their parents’ and grandparents’ culture.

Unfortunately most people who have watched this propaganda video will not see the real facts any time soon. There is a good chance this video will have had an effect on them, sowing seeds of fear and mistrust that others will seek to exploit for political gains. Nazi chief propagandist Joseph Goebbels’ would have approved: “That propaganda is good which leads to success, and that is bad which fails to achieve the desired result,” he wrote. “It is not propaganda’s task to be intelligent, its task is to lead to success.” (see Joachim Fest, The Face of the Third Reich).

Whoever made this video does not care about the real numbers or facts, or they would not consistently get their facts wrong by such wide margins. What they are trying to do is to stoke fear. As one person wrote who forwarded the link to my friend: “WATCH THIS AND BE AFRAID – VERY AFRAID.” People who are afraid are easier to manipulate: They will want to give power to whoever is promising to protect them from the perceived danger. In 1933 Hitler assumed total power in Germany after scaring the country of a supposedly imminent communist coup (by having his troopers secretly set fire to the Reichstag). Look what George W. Bush, Dick Cheney and Co. managed to get away with when Americans got really frightened after 9/11! Fear is a powerful weapon at the hands of those unscrupulous enough to exploit it.

Compact fluorescent lights (CFLs) and mercury

Posted on by
4

In December 2007, Congress passed a bill and President Bush signed it into law that would ban conventional light bulbs by 2014, starting with 100W bulbs in 2012. In February 2009 the European Union’s Environment Committee voted to phase out conventional light bulbs, starting with 100W bulbs by September 2009. Australia and Canada have similar laws, which seek to encourage consumers to switch to more energy efficient compact fluorescent lights (CFLs) that also fit conventional fixtures, but use some 75% less electricity and last up to ten times longer.

Though CFLs are more expensive to buy (from about $3 compared to conventional light bulbs at 50 cents), they will actually pay for themselves via a lower electricity bill over only a couple of months. Also, because of the much shorter life span of conventional bulbs they would be more expensive to run even if electricity were free: At 10,000 hours per CFL and 1000 hours per light bulb, you’d end up buying 10 light bulbs that cost more than the single CFL that matches their total life span.

Nevertheless, there are other criticisms brought against a switch to CFLs. One of them is the fact that CFLs, like all types of fluorescent light, contain small amounts of mercury, a toxic heavy metal. They need to be handled carefully so as not to break them. Dead bulbs must not be thrown into the trash to go into landfills or garbage incinerators. Many electrical stores or recycling centres will take them back to dispose of them safely.

However, even if most consumers dumped old CFLs into the garbage bin, it is doubtful if this would cause more environmental problems than sticking with Edison’s old invention. In many countries, cheap coal provides a major portion of electricity. In the USA it’s about half. Unfortunately coal contains trace amounts of mercury, which goes up the chimney when the coal gets burnt. This makes for some interesting numbers:

  • Annual mercury emissions from coal fired power plants in US (1999): 48 tons
  • Electricity saved in US by switching all incandescent lamps to compact flourescents: 7%
  • Equivalent mercury pollution reduction: 3.36 tons
  • Typical amount of mercury in a CFL: 4 mg
  • Number of improperly trashed CFLs per year it would take to match mercury pollution reduction from switching to CFLs: 1,000,000,000
  • Number of CFLs sold per year: 330 million

Note that mercury content in CFLs is gradually being reduced. According to a July 2008 fact sheet by Energy Star, the average mercury content in CFLs dropped at least 20% during the previous year. Some models now contain as little as 1.4-2.5 mg of mercury, driving the break-even point up to 2 to 3 billion improperly trashed CFLs per year.

Better consumer education can avoid mercury pollution, whether it’s from lamps that should not be in the garbage or from coal that should not need to be burnt due to more efficient lights.

A recent New York Times article raised some questions about failure rates of cheap CFLs. Probably the bulbs I buy are not as cheap as those mentioned in the article (I used to pay about $10 a decade ago, maybe $5 now), but in all the years that I’ve been using CFLs I have yet to experience one failing in its first year.

Here in Japan regular fluorescents (non-CFL) have been very common in homes for decades, as people here like their homes brighter than in the west, which would have used a lot more electricity and put out much more heat with incandescent bulbs.

The average Japanese dining room, kitchen, living room or bed room uses either circular or straight fluorescent lights, but CFLs have become very common where incandescent bulbs were in use before.

When I moved to my current home 9 years ago and had to buy new lamp fixtures for all the main rooms, I installed CFLs or circular fluourescents throughout. The living room and the dining room table are only on their second set of CFLs during all these years.

Most of the first generation of bulbs in those rooms didn’t actually burn out before being replaced, but merely lost some brightness (the phosphor coating gradually wears out), so I swapped them for a new set and gradually reused the old set to replace less frequently used incandescents left in the house.

CFLs are big step forward from incandescent light bulbs, but eventually we will see them replaced with solid state lights and other new technologies that at the moment are still too expensive to compete for domestic lighting.

Top 10 employers list, made in Japan

Posted on by
6

A recent survey amongst Japanese third year university students indicates that relatively few aim to join the well known companies producing the export products “made in Japan” that, economically speaking, put the country on the world map during the 20th century.

According to the list published in Nihon Keizai Shimbun (2009-02-23), five of the top ten companies that students would like to work for were banks or insurances. There were also one airline (All Nippon Airways, #3), one travel agency (JTB, #5) and two railway companies.

Only one electronics company made it into the top ten (Panasonic at #4, unchanged from 2008) and no car manufacturer at all. The ranking clearly reflects the hit that Japan’s export industries have taken during the global economic downturn. Industrial icons such as Toyota (#46), Honda (#60), Sony (#22), Sharp (#37) dropped sharply from last year’s survey, when three of these were in the top 10 – Toyota (#3), Sony (#5) and Sharp (#6) while Honda at least made #22 then.

As an engineer I may be a bit biased, but I can’t help feeling sad when companies that make stuff for customers worldwide are seen as less interesting to work for than companies that domestically move money around.

Japan depends almost entirely on imports for primary energy resources and domestically produces little more than one third of the food that the Japanese eat. It will always have to depend on exports to pay for vital imports. The more bright minds that concentrate on competing globally, the better for the country.

The “new shopping new life” spam

Posted on by
93

For about a year I have been receiving spam emails like this one below. They all look like they’ve been sent by private individuals somewhere in the world (usually from Yahoo or Hotmail accounts) but advertise companies in China:

hi:
New shopping new life!
How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.
Look forward to your early reply!
The Web address: www.vanigo.com
E-mail: vanigo@188.com
MSN : vanigo@msn.cn

——————————————————————————–

Få en billig laptop. Se Kelkoos gode tilbud her!

Looking at the mail headers, it had come from the mail account of a Danish Yahoo user, but originated from an IP address in China (details edited to protect the privacy of the account owner):

Received: from [124.118.179.157] by web26101.mail.ukl.yahoo.com
via HTTP; Wed, 11 Feb 2009 19:54:29 GMT
X-Mailer: YahooMailWebService/0.7.260.1
Date: Wed, 11 Feb 2009 19:54:29 +0000 (GMT)
From: uffe #####sen <uf###2@yahoo.dk>
Reply-To: uf###2@yahoo.dk
Subject: hi:
To: undisclosed recipients: ;

IP address 124.118.179.157 belongs to China Telecom:

inetnum: 124.118.0.0 – 124.119.255.255
netname: CHINANET-XJ
descr: CHINANET Xinjiang province network
descr: China Telecom
descr: No1,jin-rong Street
descr: Beijing 100032
country: CN

What appears to have happened is that spammers know the passwords to these mail accounts and are using them to send that spam to everyone in the mail account’s address book.

This is a very effective way to get through spam filters, as many recipients are likely to also have the sender in their address book and address book entries are automatically whitelisted by many spamfilters.

If you receive an email like that, alert the “sender” that their account has been compromised. They need to immediately change their email password to something more secure.

This abuse of stolen passwords illustrates the potential of password harvesting scams such as this one I documented in August 2008, which is still going on.

Here are some Google searches related to the hacked webmail spam:

Here is a (probably incomplete) list of websites advertised this way:

  • gvccn.com
  • ibvcn.com
  • jvccn.com
  • tvtcn.com
  • szfac.com
  • cxkeg.com
  • yaier.com
  • mmhdf.com
  • ixicb.com
  • vanigo.com
  • wabada.com
  • bj-trade.com
  • store-168.com
  • ele-motors.com
  • electronics-brand.com
  • exciting-zone.com

Common subject lines:

  • New shopping new life
  • Good shopping good mood!
  • Good web site
  • Have a great shopping!
  • good website!
  • Hi,Thank you!
  • Hi,
  • Dear friend

Good passwords and bad passwords

A strong password should be the first line of defense against such criminals, but what makes a password good? It should contain a mixture of all of the following:

  • lower case letters
  • upper case letters
  • digits
  • at least one non-alphanumeric character

This makes it hard to break the password through brute force or through dictionary attacks.

Also the password should not be too short (8 characters or more) and should be reasonably easy to memorize, so you don’t have much need to write it down. Some examples:

  • 45Knife%Cabbage
  • 4F5g6H&j
  • J0hn1945-07-31

Bad choices are passwords that consist of any word found in a dictionary, proper names, digits-only dates, adjacent keys on the keyboard or repeated characters. Never use anything like these:

  • secret
  • qwerty
  • xxxx
  • john45

It is very important not to use the exact same password for different purposes.

If spammers manage to trick you into revealing your password for one site (e.g. by getting you to create a new account at a site they control or by breaking into the database of another site where you’re a customer) then you’ve effectively handed them the key to the candy store. They can get access to your email account, in which they may find login information, password reminders, etc. of many other sites you’ve signed up for. At the very least they can harvest all your email contacts.

Beyond using different passwords for every site and service, it’s also a good idea to use a different password schema for “core” sites that you trust and depend upon (such as your email provider and webhost) and another for sites to which you sign up more casually (such as various forums, online shopping, etc.). Thus if one of the latter is compromised, it does not give criminals any clues what your more critical passwords may look like.

Who is behind this spam?

The sites advertised from the hacked email accounts constantly vary. They usually have been created only a few weeks or months earlier. For example, the domain in the above example was created two months ago:

Domain name: vanigo.com

Registrant Contact:
wuxianj
xiaos wu zhongfm@it5.cn
0592-5861837 fax: 0592-5861834
beijin
beijin beijin 100000
cn

Administrative Contact:
xiaos wu zhongfm@it5.cn
0592-5861837 fax: 0592-5861834
beijin
beijin beijin 100000
cn

Technical Contact:
xiaos wu zhongfm@it5.cn
0592-5861837 fax: 0592-5861834
beijin
beijin beijin 100000
cn

Billing Contact:
xiaos wu zhongfm@it5.cn
0592-5861837 fax: 0592-5861834
beijin
beijin beijin 100000
cn

DNS:
ns1.4everdns.com
ns2.4everdns.com

Created: 2008-12-08
Expires: 2009-12-08

Considering the highly illegal way the companies advertised, what are the chances that any order you make at those sites would ever get shipped to you? For sure, they will gladly take your cash by (untraceable, unsafe) Western Union or take your credit card number, expiration date and security code. Never use Western Union to send money to people you don’t know from real life in person. Never enter your credit card on a site that doesn’t have SSL access (indicated by a URL starting with https:// and a padlock icon in the browser status bar) with a proper certificate.

Even more basic: Never do business with spammers. By sending you spam, they have already proven to you that they lack any morals. You have no reason to trust them and every reason to be alert!

If you have received similar spams, feel free to post them below.

“Please respond or Some Stranger will think you said no :(“

Posted on by
Reply

I never really got used to the idea of MySpace “friends” and Facebook “friends”, a concept that seems to appeal mostly to teenagers seeking peer-approval. Friends are not objects you collect like others collect postal stamps or or sports memorabilia. Real friends are there for each other when we need someone. With my friends, years may pass without us meeting, but when we see each other again we pick up just like we last saw each other only yesterday. I know them and they know me and we don’t have to explain much. I would never think of showing them off on a website like others show off their gold chains and SUV to boost their self image. This is not at all what friendship is about.

For over two years I’ve been receiving emails coaxing me to join a website called tagged.com, supposedly sent by people who consider me their “friend”, but who I invariably do not recognize. I suppose they have my email address in their address book because they probably reported Nigerian scams to me before (I collect several hundred reports per day, most of which get processed automatically), but I could not possibly have had a two way email exchange with more than a small fraction of them, let alone built a friendship.

Here is a typical example:

Firstname has added you as a friend on Tagged.

Is Firstname your friend?

[ Yes] [ No ]

Please respond or Firstname may think you said no 🙁

Click here to unsubscribe from Tagged, P.O. Box 193152 San Francisco, CA 94119-3152

Invitation spam

The tagged.com mails are just one example of a category of what I consider invitation spam, because they server no real purpose other than getting me to join a website that I have no interest in joining. The supposed sender already has my address and can contact me any time if he has something to tell me and if we really were friends, chances are I would already have his email too.

What I find particularly annoying about the Tagged.com emails is how they try to pressure the recipient into clicking the “Yes” link by exploiting people’s considerate nature. Most of us don’t unnecessarily want to hurt other people’s feelings. Therefore this line gets really on my nerves:

Please respond or Firstname may think you said no 🙁

Interestingly, the same annoying phrase (either including the colon, left bracket frowning negative smiley or a positive smiley) started appearing in several other invitation spams that don’t mention Tagged.com:

From imvu.com, August 2007:

Hey Joewein,

Firstname has added you as a friend on IMVU.

Is Firstname your friend?

[ Yes] [ No ]

Please respond or Firstname may think you said no 🙂

From MyYearBook.com, November 2007:

Firstname has added you as a friend
Is Firstname your friend?

[ Yes] [ No ]

Please respond or Firstname will think you said no 🙁

Click Here to block all emails from myYearbook, 280 Union Square Dr., New Hope, PA 18938

From Yaari.com, February 2008:

Firstname Lastname wants you to join Yaari!

Is Firstname your friend?

Yes, Firstname is my friend! No, Firstname isn’t my friend.

Please respond or Firstname might think you said no 🙁

Thanks,
The Yaari Team

____
You are receiving this message because someone you know registered for Yaari and listed you as a contact.
If you prefer not to receive this email tell us here.
If you have any concerns regarding the content of this message, please email abuse@yaari.com.
Yaari LLC, 358 Angier Ave, Atlanta, GA 30312

To this day I am receiving a mix of Tagged.com, MyYearbook, Yaari and IMVU emails from various people.

The only party who really gets anything out of this type of (probably automated) email is the website owner. It actually doesn’t matter whether you click “Yes” or “No” on those spams, either way you’ll end up on a web form to provide personal details to join the site.

Many social networking sites ask for access to your Yahoo, Hotmail, Outlook or other address book when joining. They then send everyone in your address book invitations in your name. Thus the game continues as long as address books aren’t empty and at least some people click on either “Yes” or “No”.

When I receive such emails, I usually archive them to a folder in my mail cabinet that I named “Plaxo-Ringo” after the first two websites that spammed me like that in significant volume. I archive them for research purposes, but if you’re not a spam researcher like me you might as well delete them.

Just like on Facebook and MySpace I never act on “friend” invitations unless I have a genuine personal relationship with the sender, and neither should you. There is no need to feel guilty about discarding spam that is meant to sell commercial websites, even if it masquerades as something much more personal and precious, like friendship.

Windows 7 versus Linux on netbooks

Posted on by
6

“Does Linux stand a chance now that Windows 7 will run on netbooks?”, Shane O’Neill asks in an article in ComputerWorld on 15 January 2009 that overall sounds fairly optimistic on Microsoft’s prospects. However it largely avoids one crucial subject that matters for Microsoft in the struggle over market share in the booming nettop market: Money.

In 1985 Jack Tramiel, head of Atari Corporation came to visit Digital Research Inc. (DRI) to license its GEM graphical desktop environment for the new Atari 520ST. It was going to be a low-cost machine based on the same Motoroloa 68K CPU as Apple’s much more expensive Macintosh, which itself was a low-cost derivative of the Apple Lisa (that was long before Microsoft Windows became a viable product). Tramiel had a reputation as a fierce negotiator, so his counterpart at DRI, then the main competitor of Microsoft and Apple, was only half joking when he said to Tramiel: “Jack, I know you’ll probably start off by offering us a dollar per copy.” – “No,” replied Tramiel dryly. “50 cents.”

Tramiel knew that by coming out with a fully-functional product at rock-bottom prices he could grow the PC market. In the segment he envisaged there simply was no margin for a $50 operating system license. What was true when an Atari machine cost around $1000 is even more true today with $250-$450 netbooks, and future netbooks will be even cheaper than that. Soon we will also see netbooks based on the same low-power, low-cost ARM processors that power virtually all mobile phones.

Commentators cited by Computerworld on Windows 7 don’t really talk about money:

Analyst Rob Enderle, president of technology research firm The Enderle Group, agrees that Microsoft doesn’t see Linux as much of a threat and that refocusing on the netbook market is more about “Microsoft addressing the problem of having to keep shipping Windows XP long after its expiration date.”

Enderle says that getting XP on netbooks was clearly a response to Linux gaining traction, but that Microsoft is not afraid of consumers or OEMs having a preference for Linux.

“The problem was that Linux could run on a netbook and Vista couldn’t, not any consumer or OEM love for Linux,” he adds.

But Microsoft’s real problem wasn’t just that Vista was too big to fit on a 4 GB flash drive and too slow and bulky to run on an Intel Atom with 512 MB of RAM. It was also too expensive. So Microsoft could save face by charging next to nothing for its 5 year old Windows XP, but it didn’t make any real money on it. So what’s going to happen when Windows Vista 1.1 aka Windows 7 hits the streets in volume maybe a year from now?

Does it really matter to Microsoft shareholders and employees if the 21 million or so netbooks expected to be sold this year (and the even bigger numbers in 2010) will be running some version of Windows or a version of Linux (which is free), if previously those buyers would have picked up a more powerful machine that netted Microsoft $40-$100 per license?

Whether Windows 7 will run with decent performance on low-cost machines is really only half the question. The other is, how much Asus, Acer and the other netbook OEMs will offer to pay Steve Ballmer of Microsoft. Is it going to be $1 or 50c per copy? That is no way to sustain a business with a market capitalization of $150 billion and almost 90,000 employees worldwide (Jan 2009 numbers), as Microsoft is realizing to its horror.