Seriously, WHAT DOES THIS BUTTON DO.
It's on a keyboard I got long ago, from the mid to late nineties - you know, buttons for every function you don't need a hardware button for.
The button does nothing. It doesn't bring coffee, it doesn't open up a coffee-related webpage, it doesn't try to start a coffee machine, it does nothing at all.
I MUST KNOW.
Thursday, 22 December 2011
Monday, 12 December 2011
Vodafone Australia Leaking Private Picture messages?
Over the weekend, one of our users had a pretty strange event happen. The basic chain of events went like this:
While they'd been wiped off the personal phone, I got to have a look at the work phone this morning. The MMSes had all arrived at her email address which makes things a bit easier to analyse.
From this we can see:
Here's a good example of the kind of thing that was leaked.
.
A student card. To go with his phone number, they gave us the high school, full name, date of birth, and some photo ID of a minor. Believe me when I say that this was far from the most personal piece of information there.
Most worryingly, Somebody has mentioned to me since then that a friend of theirs had the same thing happen yesterday - hundreds of PXTs being misdirected to his phone. He thought it was some kind of spam and changed his number, which is a shame.
I'd love to find somebody else who had this happen and still has some messages. With some more data we can work out a few more details:
I should also mention: I've contacted vodafone about this (via the authorised partner we deal with), but I haven't heard back yet. I'm very interested to hear their response.
- The user receives an (expected) MMS message to their work and personal phones at the same time. Both these numbers are on vodafone.
- The user immediately starts receiving dozens of other MMS messages from numbers they don't recognise.
- After 10 minutes, the user turns off both phones.When they're turned back on, the messages have stopped.
While they'd been wiped off the personal phone, I got to have a look at the work phone this morning. The MMSes had all arrived at her email address which makes things a bit easier to analyse.
From this we can see:
- These were, beyond a doubt, not intended for her. The only thread even linking all the recipients (and senders) is that they're australian.
- The messages all came through vodafones servers.
- The messages all have a send time approximately that of the receive. That doesn't necessarily mean that this was essentially a live capture of their MMS traffic, but it seems likely.
- A quick look at some messages shows a high incidence of people from WA. That could mean it was a WA-only issue, or it could be due to the time difference between us and the Eastern States.
- These are real MMSes. They are not spam, they were sent by real people who did not expect them to be made public.
Here's a good example of the kind of thing that was leaked.
.
Most worryingly, Somebody has mentioned to me since then that a friend of theirs had the same thing happen yesterday - hundreds of PXTs being misdirected to his phone. He thought it was some kind of spam and changed his number, which is a shame.
I'd love to find somebody else who had this happen and still has some messages. With some more data we can work out a few more details:
- The time period. It was about 10 minutes for this case, but that may have just been the tail end - it could have been going for weeks in the right conditions.
- The trigger. I'm guessing it was 'receiving or sending a PXT message', but again I need more data.
- Whether the same messages were sent to everybody. Everybody getting the same stream of messages is a much smaller problem than everybody receiving separate streams
I should also mention: I've contacted vodafone about this (via the authorised partner we deal with), but I haven't heard back yet. I'm very interested to hear their response.
Monday, 28 November 2011
Correct UPS Usage
Are you worried about power outages and unexpected surges corrupting your precious data? Have you bought an 'Uninterruptible Power Supply' but still find yourself worrying it might not take the mood swings and violence your power company deals out? Fear not, For I've taken it upon myself to demonstrate the best way to keep your data safe.
Look at that magnificent beast.
It works like repeatedly filtering vodka: Each UPS draws power from the one beneath it, magnifying the power-conditioning effect exponentially. By the time your electrons reach the hard drive at the top, they'll be some of the purest and safest electricity in existence.
While this method is great for ensuring the physical safety of your data, if you care about uptime you'll need to have at least two of these badboys for redundancy.
Do it. You'll attract the envy of your friends and the smouldering desire of women everywhere.
Tuesday, 22 November 2011
Buggy LCD Panel
Somebody at the office came over wondering whether they had a virus, because there was a bug crawling around their screen they couldn't wipe off.
It's not on the surface of the screen, yet it's not software - what we have here is an actual bug that somehow crawled in between the LCD panel and the backlight. A quick googling shows that this seems to be worryingly common.
It's been wandering around in there ever since, unable to find a way out. Whenever it hits the edge of the panel, it'll crawl along a bit and come straight out. My plan is to wait for the bug to escape of its own accord or starve to death (hopefully at the edge of the screen so it's not much of a nuisance).
If you're as intrigued by this as I am, have some low-quality videos of the bug exploring where no bug has gone before.
It's only Tuesday. There's still plenty of time this week for even weirder IT problems to spring forth.
See that tiny dot in the centre? ITS ALIVE. |
It's not on the surface of the screen, yet it's not software - what we have here is an actual bug that somehow crawled in between the LCD panel and the backlight. A quick googling shows that this seems to be worryingly common.
It's been wandering around in there ever since, unable to find a way out. Whenever it hits the edge of the panel, it'll crawl along a bit and come straight out. My plan is to wait for the bug to escape of its own accord or starve to death (hopefully at the edge of the screen so it's not much of a nuisance).
If you're as intrigued by this as I am, have some low-quality videos of the bug exploring where no bug has gone before.
It's only Tuesday. There's still plenty of time this week for even weirder IT problems to spring forth.
Thursday, 17 November 2011
Blogger removes GPS EXIF data from uploaded pictures
While writing my last post, I found out something interesting: Google Blogger strips out the GPS EXIF tags when you post it to your blog while leaving the rest intact.
Here's the exif data of the pic I posted yesterday - all of it identical to when it was taken.
And here's the same pic uploaded to blogger and then downloaded again. Everything is the same except the GPS data, which is mysteriously missing. (The thumbnail is upside down, but I'm guessing that's because I used different programs to rotate them).
And just to make the situation more complex, I can go and have a look at the uploaded photos in picasa - and it shows the gps data as being intact!
So google doesn't modify the original at all, but will quietly rip out GPS data from any copies that are displayed publicly. This is a pretty useful safety feature. With it, I can just upload any picture without worrying that I'm giving away where I live or work.
It's confusing that I can't find this feature noted anywhere. It's the kind of subtle but important feature that shows a product has been carefully thought out and sets it apart from the rest, but neither the help documents nor my frantic googling found a single reference.
Here's the exif data of the pic I posted yesterday - all of it identical to when it was taken.
And here's the same pic uploaded to blogger and then downloaded again. Everything is the same except the GPS data, which is mysteriously missing. (The thumbnail is upside down, but I'm guessing that's because I used different programs to rotate them).
And just to make the situation more complex, I can go and have a look at the uploaded photos in picasa - and it shows the gps data as being intact!
So google doesn't modify the original at all, but will quietly rip out GPS data from any copies that are displayed publicly. This is a pretty useful safety feature. With it, I can just upload any picture without worrying that I'm giving away where I live or work.
It's confusing that I can't find this feature noted anywhere. It's the kind of subtle but important feature that shows a product has been carefully thought out and sets it apart from the rest, but neither the help documents nor my frantic googling found a single reference.
Wednesday, 16 November 2011
If you want a job done right
It's great when a phone company wants your business. Whether or not you're considering changing over, they offer nice perks. The latest company gave me an iPad and a playbook for a few days, to 'test out their network'. (Summary: the iPad is built better and more polished, but I love some of the playbook UI choices. After swiping from outside the screen to switch apps, double-tapping the iPad's home button felt clunky and wrong. But I digress.)
I've hidden one entry to protect The Salesman (who we might end up dealing with), but the search history is interesting regardless - mens fashion and porn. Later on I poked around to see if there was more.
I didn't investigate too much, but there's a good mix: email, mens clothing, ASX announcements, straight porn, gay porn, email again, and finally cruise ships. From this we can deduce he's an open minded young man who takes care of his looks, has a solid financial basis, and keeps track of his investments.
And since The Salesman didn't know how to clear all the pics, the man with the interesting browsing habits works with these guys:
It looks like he works in a car sales yard, but you can't tell much else. Most of the other key apps are clear of data, so the privacy violation should stop here.
Except the apps he installed require his account to upgrade.
This is getting awkward. The email is his full name including initials and there's only one guy in this city with that name. So that leads straight to his facebook account, which leads to his 500+ friends, his girlfriend, his family, and so on. I've never met this guy, but from an iPad he used for one day we can link his porn habits all the way back to his family and workplace, even after someone tried to wipe it.. Imagine what the phone you use every day has?
The moral of this story: Your personal data is important. Don't trust others to handle it for you if you can handle it yourself.
And Wipe your test devices when you're done with them.
UPDATE:
Somebody pointed out that I hadn't checked to see if the photos had the GPS location they were taken stored. And hey, what do you know?
So in addition to everything else, we've been provided with the very building he works in. Awesome.
Before The Salesman handed over the iPad, he made a point of spending a few minutes clearing user data - it had just come from another company Okay, he's not doing a secure wipe, but a quick wipe in each app is enough. At least they care about confidentiality.
This was the first sign they hadn't been thorough.
The best way to test out hardware is to buy miniskirts. Try it sometime. |
I didn't investigate too much, but there's a good mix: email, mens clothing, ASX announcements, straight porn, gay porn, email again, and finally cruise ships. From this we can deduce he's an open minded young man who takes care of his looks, has a solid financial basis, and keeps track of his investments.
And since The Salesman didn't know how to clear all the pics, the man with the interesting browsing habits works with these guys:
It looks like he works in a car sales yard, but you can't tell much else. Most of the other key apps are clear of data, so the privacy violation should stop here.
Except the apps he installed require his account to upgrade.
This is getting awkward. The email is his full name including initials and there's only one guy in this city with that name. So that leads straight to his facebook account, which leads to his 500+ friends, his girlfriend, his family, and so on. I've never met this guy, but from an iPad he used for one day we can link his porn habits all the way back to his family and workplace, even after someone tried to wipe it.. Imagine what the phone you use every day has?
The moral of this story: Your personal data is important. Don't trust others to handle it for you if you can handle it yourself.
And Wipe your test devices when you're done with them.
UPDATE:
Somebody pointed out that I hadn't checked to see if the photos had the GPS location they were taken stored. And hey, what do you know?
So in addition to everything else, we've been provided with the very building he works in. Awesome.
Thursday, 10 November 2011
Google Reader Sharing: Gone but not forgotten?
Google reader recently rolled out some rather big updates, much to the horror of their users. The most controversial move was the removal of the social aspects so they could be replaced by google plus.
In their haste to clean out google reader, it looks like they just hid the old menus without actually removing them. If you have a look at the page source, everything is still there - your friends list, your shared items, the comments, everything.
Just add #friends-manager-page to the end of the url, you're back at the disabled pages!
IF you delve a little deeper, you can get to each of your friends feeds or the list of all shared items.
Everything works. All your old posts, every single link, every friends page, all there waiting for you...the only thing you can't do is share new items. It all fits the new interface perfectly, and I find it strange they haven't removed anything yet - are they leaving everything completely untouched in case they change their minds, or are they planning on properly integrating the google+ sharing into reader?
One things for sure: It could stand proper integration. With the google+ system, you can share posts with your friends, but not read posts others have shared. If google get it together and integrate google+ properly with reader - like, say, an interface that works very similarly to the old post sharing/reading - then I'll be pretty happy.
In their haste to clean out google reader, it looks like they just hid the old menus without actually removing them. If you have a look at the page source, everything is still there - your friends list, your shared items, the comments, everything.
Just add #friends-manager-page to the end of the url, you're back at the disabled pages!
IF you delve a little deeper, you can get to each of your friends feeds or the list of all shared items.
Everything works. All your old posts, every single link, every friends page, all there waiting for you...the only thing you can't do is share new items. It all fits the new interface perfectly, and I find it strange they haven't removed anything yet - are they leaving everything completely untouched in case they change their minds, or are they planning on properly integrating the google+ sharing into reader?
One things for sure: It could stand proper integration. With the google+ system, you can share posts with your friends, but not read posts others have shared. If google get it together and integrate google+ properly with reader - like, say, an interface that works very similarly to the old post sharing/reading - then I'll be pretty happy.
Sunday, 6 November 2011
Broken Things: iPhone 4
I was browsing through some older files when I saw this pic. The story behind this phone is one of adventure, intrigue, and criminal elements leaving their murky underworld to terrorise the public.
This iPhone has a fun little escapade attached to it, in April this year.
The Owner had it stolen while picking their kids up from school - they left the car unlocked for two minutes, and came back to find it gone. By sheer luck he'd recently been travelling so we'd connected his brand-new phone to our corporate mobileme account.
He called me about an hour later and I pulled it up on 'find my iphone'. We got occasional reports as it was driven south before the thief finally settled down for the evening at a little house in Fremantle.
I kept an eye on it the next morning, and finally got a good GPS reading that showed exactly which house it was in. One screenshot and we were in business.
We got lucky again when we got the police involved. They apparently had some free time (and were intrigued by 'Find My iPhone'), so they sent a car around to the house. They found one elderly man and his son in a near-empty house who let the officers in for a quick look around their mostly empty house. There was no sign of any phone and the police left. It looked like our investigation had come to an inglorious end.
The next day, we got some surprising news: The phone had been turned in at the Fremantle police station looking rather damaged (see above). The man who turned it in said they'd just found it but - rather conveniently - happened to live at the same house the police had visited the day before. It seems the police visit unsettled him, so he did the logical thing: Hit the phone repeatedly with a rock, and turn it in denying all knowledge.
Where are they now?
The Mysterious Thief: I lost all involvement with the case after we got the phone back, but he was in the awkward position of explaining why the phone had been in his house and turned on for two nights before he 'found it'. I hope it went well for him.
The iPhone: One $80 screen replacement put it in perfect working condition, and it's still chugging along just fine.
This iPhone has a fun little escapade attached to it, in April this year.
The Owner had it stolen while picking their kids up from school - they left the car unlocked for two minutes, and came back to find it gone. By sheer luck he'd recently been travelling so we'd connected his brand-new phone to our corporate mobileme account.
He called me about an hour later and I pulled it up on 'find my iphone'. We got occasional reports as it was driven south before the thief finally settled down for the evening at a little house in Fremantle.
I kept an eye on it the next morning, and finally got a good GPS reading that showed exactly which house it was in. One screenshot and we were in business.
We got lucky again when we got the police involved. They apparently had some free time (and were intrigued by 'Find My iPhone'), so they sent a car around to the house. They found one elderly man and his son in a near-empty house who let the officers in for a quick look around their mostly empty house. There was no sign of any phone and the police left. It looked like our investigation had come to an inglorious end.
The next day, we got some surprising news: The phone had been turned in at the Fremantle police station looking rather damaged (see above). The man who turned it in said they'd just found it but - rather conveniently - happened to live at the same house the police had visited the day before. It seems the police visit unsettled him, so he did the logical thing: Hit the phone repeatedly with a rock, and turn it in denying all knowledge.
Where are they now?
The Mysterious Thief: I lost all involvement with the case after we got the phone back, but he was in the awkward position of explaining why the phone had been in his house and turned on for two nights before he 'found it'. I hope it went well for him.
The iPhone: One $80 screen replacement put it in perfect working condition, and it's still chugging along just fine.
Tuesday, 25 October 2011
Data Destruction: Hammer
If you ask for methods to quickly destroy data, You'll probably get a whole bunch of advice ranging from a decent software wipe up to nuking it from orbit. Most of them are effective but need special equipment or hours of time. What if you want something quick and simple? Hit the drive with a hammer.
I was lucky enough to find a scrap drive pre-hammered by the prior owner, so this is a real example of attempted data destruction. I've removed the company name from the drive since I'm sure they'd be surprised if they knew what IT did with their old servers.
At first glance the damage doesn't look too bad, but the drive isn't mounting. Clearly it's time to open it up.
Look at that! Data platters in perfect condition inside a drive that spins up perfectly. The armature isn't moving quite correctly, but the read heads themselves are in great condition. Almost all the data on this drive will be intact and could be recovered by a sufficiently determined person.
A few points to note:
- They were hammering exactly the wrong end of the drive. While the drive mechanism might not work afterwards, it's a good idea to hit the end where you actually keep data.
- This drive has a single platter mounted low. Even if he'd repeatedly hit it in the right spot he might have missed the platters completely.
- Let's be honest: Hammering the case isn't going to do as much damage as you hope because the case is partly designed as a protective layer against blunt trauma. You'd have to scale this up to a sledgehammer to be sure it works.
And because I like them so much, let's finish with a few closeups of all that beautiful undestroyed data.
Next test: microwaving your drive. If anybody feels like donating to that cause, I'll need half a dozen drives of the same model with matching firmware.
Sunday, 16 October 2011
Doggy Data Destruction
Dogs like chewing on things. Electronic devices are often small and easily chewable. Hijinks ensue.
Opening it up, you can see the chips themselves are badly cracked. Once you get physical damage like this, there's zero chance of recovering any data.
For control purposes, the following items were all chewed up by the same dogs over a period of a few years. They provide a sliding scale of how much damage your dog can do to what you hold most dear: your handheld devices.
Item 1: SD Card.
Item 1: SD Card.
SD cards are pretty small and fragile. They're designed to go inside more sturdy devices (phones, cameras, sewing machines), and rely on the extra protection to survive. They're definitely not built for a foray into a dogs mouth.
Opening it up, you can see the chips themselves are badly cracked. Once you get physical damage like this, there's zero chance of recovering any data.
Item 2: Thumbdrive
Thumbdrives are made of sterner stuff, since they spend half their life bouncing around in your pocket and being forcefully thrust into USB ports backwards. It's hard to judge what might happen in a dogs mouth, but liquid damage wouldn't be much of an issue - I once put the same thumbdrive through a washing machine three times before it finally broke. This one had a bonus layer of metal which gave up its life to protect the delicate layers beneath.
The memory chips survived but the drive didn't mount when plugged in. Close examination revealed a few small breaks in solder, so a few minutes work with a soldering iron should bring it back from the dead.
Item 3: MP3 Player
This is a bit of an unfair example as it's an uncommon and unusually hardy mp3 player. You can see it has a thick plastic shell, with no screen to provide an easy breaking point.
This one is remarkable because of just how well it survived. The dog had been chewing on the corners for quite a while before anybody noticed, and yet the plastic is barely dented.. Every button, speaker, jack, and panel survived in working condition. The same MP3 player survived a second round with the labrador a few months later, so they must make these things tough.
I guess the lesson to take from this is if you're going to give gadgets to your dog as toys, use the biggest you have. If you change your mind, it might still work.
(Alternative lesson: If you're keeping valuable data in a portable form, find the most durable and protected device you can. You can't always predict a dog eating your portable hard drive)
Wednesday, 28 September 2011
Why RIM stopped using Trackballs
This is under the trackball of a Blackberry Bold 9000 after about two years of light-to-moderate use. To get some lovely detail of the grime, you'll want to view that image full size.
It looks almost uncannily like a birds nest aside from the scale - it's just a few millimetres across. Perfectly shaped to the underside of the roller, it kept it's form as I yanked off the protective plastic coating. I'm not sure what material kept it stuck down during this but it certainly didn't wipe off easily. I'll be disappointed when the 9000's are retired as the trackpad handsets don't have this kind of character (I haven't had a single one in for cleaning yet).
The best part: The roller was still working perfectly, it was brought in because of antenna issues.
Tuesday, 27 September 2011
Broken Things: iPhone 3G
Somebody brought this iPhone 3G in a few days ago. I'll give you three guesses why.
You're absolutely correct, she wanted a software update. The owner has no plans to replace the screen - after all, it works perfectly aside from the occasional ear-cutting incident.
She's been through two screen replacements so far with this handset. For her next phone I might recommend a nice sturdy case to go with it.
You're absolutely correct, she wanted a software update. The owner has no plans to replace the screen - after all, it works perfectly aside from the occasional ear-cutting incident.
She's been through two screen replacements so far with this handset. For her next phone I might recommend a nice sturdy case to go with it.
Monday, 26 September 2011
Package updates looping in Ubuntu 10.04 LTS
A quick snip of weird behaviour from . On my old fileserver (running Ubuntu 10.04 LTS), I noticed an infinite loop of packages being added and removed.
And after removal, if you try dist-upgrade you get..
And so on ad infinitum.
It looks like those packages are simultaneously required and unnecessary for my system, which I'm fairly sure isn't normal behaviour. A quick look at the package dependencies points the finger at gstreamer0.10-plugins-bad being kept back. Since it's not a vital package, one quick removal and everything is back to normal.
Okay, I may not have found the root cause of the problem, but this works just as well for me.
root@mybox:~$ apt-get autoremove Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: libass4 libcelt0-0 libdca0 libdirac-encoder0 libfftw3-3 libflite1 libgme0 libkate1 libmimic0 libofa0 liborc-0.4-0 0 upgraded, 0 newly installed, 11 to remove and 1 not upgraded. After this operation, 16.8MB disk space will be freed. Do you want to continue [Y/n]? y
And after removal, if you try dist-upgrade you get..
root@mybox:~$ apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following NEW packages will be installed: libass4 libcelt0-0 libdca0 libdirac-encoder0 libfftw3-3 libflite1 libgme0 libkate1 libmimic0 libofa0 liborc-0.4-0 The following packages have been kept back: gstreamer0.10-plugins-bad 0 upgraded, 11 newly installed, 0 to remove and 1 not upgraded. Need to get 0B/9,685kB of archives. After this operation, 16.8MB of additional disk space will be used. Do you want to continue [Y/n]?
And so on ad infinitum.
It looks like those packages are simultaneously required and unnecessary for my system, which I'm fairly sure isn't normal behaviour. A quick look at the package dependencies points the finger at gstreamer0.10-plugins-bad being kept back. Since it's not a vital package, one quick removal and everything is back to normal.
Okay, I may not have found the root cause of the problem, but this works just as well for me.
Thursday, 15 September 2011
Get Inifinite Email Addresses in Google Apps
You've got your own domain. It's for personal use, so you've set up Google Apps to get free and effective email. What could possibly make this better?
The Google Apps Catch-All address, of course.
The Basics:
A Catch-All address is an email account that receives all incorrectly addressed email for your domain. If somebody typos your address but gets the domain right, the email winds up in the catch-all email account. The account owner will occasionally check through to make sure the email gets to the right recipient (If they type the domain wrong, they end up with a much bigger problem).
The catch-all address became less popular as spam got worse for fairly obvious reasons. Google, however, has remarkably good spam filtering, which gives us the option back.
What you can do with it:
You can come up with any email you like on the spur of the moment (say, SpurOfTheMomentEmail@yourdomain.com) and it'll reach your inbox. You can give a different email address to every person you meet and every site you sign up for and receive them all. It gives you an essentially unlimited supply of email addresses, because *@yourdomain.com is now yours. Hell, I sometimes use it to send subtle messages - If dave is hounding you for your email address, giving him stopannoyingmedave@yourdomain.com might get the point across.
Aside from the awesomeness and flexibility this gives you, it has some practical advantages - you can treat addresses as 'throw-away' email accounts. If a site sells your address on to spammers, you can just blacklist all mail to that address with email filters (shown below).
Setting it up:
Assuming you've already got a domain and set up google apps, it's very, very simple. If not, you may want to start at the beginning.
Log into the Google Apps control panel, and choose Settings followed by Email. Under the catch-all email section, choose to forward it to your main email account.
Save, and that's it. If you look under your account settings, you now have *@yourdomain.com listed as one of your addresses.
Blacklisting:
Blacklisting one of the addresses you gave out is easily done under your email settings. Click on Filters and then Create a new filter. Type the email you want to blacklist in the To: field, and hit Next Step.
Now simply check the Delete it box and click Create Filter, and that's it! Any future messages sent to that address will be silently moved to the deleted folder.
Now enjoy the freedom that only an infinite supply of email addresses can give you.
The Google Apps Catch-All address, of course.
The Basics:
A Catch-All address is an email account that receives all incorrectly addressed email for your domain. If somebody typos your address but gets the domain right, the email winds up in the catch-all email account. The account owner will occasionally check through to make sure the email gets to the right recipient (If they type the domain wrong, they end up with a much bigger problem).
The catch-all address became less popular as spam got worse for fairly obvious reasons. Google, however, has remarkably good spam filtering, which gives us the option back.
What you can do with it:
You can come up with any email you like on the spur of the moment (say, SpurOfTheMomentEmail@yourdomain.com) and it'll reach your inbox. You can give a different email address to every person you meet and every site you sign up for and receive them all. It gives you an essentially unlimited supply of email addresses, because *@yourdomain.com is now yours. Hell, I sometimes use it to send subtle messages - If dave is hounding you for your email address, giving him stopannoyingmedave@yourdomain.com might get the point across.
Aside from the awesomeness and flexibility this gives you, it has some practical advantages - you can treat addresses as 'throw-away' email accounts. If a site sells your address on to spammers, you can just blacklist all mail to that address with email filters (shown below).
Setting it up:
Assuming you've already got a domain and set up google apps, it's very, very simple. If not, you may want to start at the beginning.
Log into the Google Apps control panel, and choose Settings followed by Email. Under the catch-all email section, choose to forward it to your main email account.
Save, and that's it. If you look under your account settings, you now have *@yourdomain.com listed as one of your addresses.
Blacklisting:
Blacklisting one of the addresses you gave out is easily done under your email settings. Click on Filters and then Create a new filter. Type the email you want to blacklist in the To: field, and hit Next Step.
Now simply check the Delete it box and click Create Filter, and that's it! Any future messages sent to that address will be silently moved to the deleted folder.
Now enjoy the freedom that only an infinite supply of email addresses can give you.
Monday, 12 September 2011
Perth Verge Collection Map
Update:
This map is now very out of date, last updated 2014. Thankfully, a new champion has taken up the challenge and the current map can be found at vergeside.com.au
Original post:
I've been fiddling with this for a while, so it's time to share: A google maps layer that shows the Vergeside rubbish collection areas for the whole Perth metropolitan area. This is pretty useful to anyone around Perth who're looking for some free furniture or appliances, as well as to those just wondering when their next vergeside collection is.
I'll update this post with relevant data as it changes.
How it works and notes:
View Perth Verge Collections in a larger map
Local Government Areas currently mapped:
Click on a council to see their information page about bulk rubbish.
Local Government Areas currently lacking data:
If you have one of the council verge collection pamphlets for these areas, please let me know
This map is now very out of date, last updated 2014. Thankfully, a new champion has taken up the challenge and the current map can be found at vergeside.com.au
Original post:
I've been fiddling with this for a while, so it's time to share: A google maps layer that shows the Vergeside rubbish collection areas for the whole Perth metropolitan area. This is pretty useful to anyone around Perth who're looking for some free furniture or appliances, as well as to those just wondering when their next vergeside collection is.
I'll update this post with relevant data as it changes.
How it works and notes:
- Click here to get to the full version of the map. It's easier to work with than the embedded version below.
- On the left you have the various collection zones/councils with the next known collection date. Flick through the pages to see the rest of the zones, as google maps won't display them all at once by default.
- The date represents when the collection itself starts, not when to start putting things out.
- You can save this map directly in your google profile by hitting the save to my places button.
- You can export the map data as KML if you want and do anything you like with it. It should work with most mapping applications that support layers.
- This works great on your mobile phone. It works with Google Maps for Blackberry and Android, Google Earth for iOS, and it should work with any map software that supports google layers or importing kml data. Combined with your phones GPS, it's pretty handy when you're in the field.
- This is a work in progress, and there's bound to be gaps and occasional errors. Local councils often provide patchy data.
- For similar projects try Freecycle Perth , Free items on gumtree, and the Perth Kerbside Collection Facebook page.
- If you have any suggestions or updated information, email me or add a comment below.
- I can't believe I'm putting this in, but it keeps coming up: If you want to interview me about verge collecting or the map, emailing me the questions is the easiest and most reliable way to get a response.
View Perth Verge Collections in a larger map
Local Government Areas currently mapped:
Click on a council to see their information page about bulk rubbish.
- City of Canning
- City of Cockburn
- City of Fremantle
- City of Joondalup
- City of Mandurah
- City of Melville
- City of Nedlands
- City of Perth
- City of Rockingham
- City of South Perth
- City of Stirling
- City of Subiaco
- City of Swan
- City of Vincent
- City of Wanneroo
- Town of Bassendean
- Town of Cambridge
- Town of Claremont
- Town of Cottesloe
- Town of East Fremantle
- Town of Kwinana
- Town of Mosman Park
- Town of Victoria Park
- Shire of Mundaring
- Shire of Peppermint Grove
Local Government Areas currently lacking data:
If you have one of the council verge collection pamphlets for these areas, please let me know
- City of Bayswater - NO VERGE COLLECTION
- City of Belmont - NO VERGE COLLECTION
- City of Armadale - Only distributes pamphlets to houses?
- City of Gosnells - Mapping data difficult to extract
- Shire of Kalamunda - NO VERGE COLLECTION, replaced with skip bins.
Using this on the move:
- Sign into your google account and save the map above to your account. This will allow you to access it from any program that supports layers.
- If you have an android phone, use the built-in google maps. When you go to load layers, it will appear on the list of options.
- If you have a blackberry phone, install google maps for Blackberry. You can sign into your account via the menu and load layers.
- If you have an iPhone/iPad, install Google earth. Sign into your google account, and load the layers from there.
Here's a screenshot of what the ipad version looks like on the move - The blue dot is your current location. It makes it damn easy to work out the edges of verge pickup.
Labels:
bulk rubbish,
google,
local council,
map,
Perth,
vergeside collection
Location:
Perth WA, Australia
Sunday, 28 August 2011
A brief analysis of Yahoo captchas
Captchas, initially a huge annoyance, are generally recognized as a necessary evil now. They stop bots from abusing your services, and there's a lot of interesting variants to use. The biggest is google's recaptcha, which is so popular even microsoft uses it occasionally. Today my attention is on Yahoo's implementation. You'll know them, they look like this:
In a nutshell: I had to type a few of these lately, and the character distribution didn't look quite right. I grabbed a hundred captchas, laboriously typed them out, and broke it down by character.
What you can't see here: Yahoo works with the traditional 'random combinations of letters and numbers' form of captcha. They use at least three different fonts, which are then physically skewed in a variety of ways. There's no additional visible interference between you and the letters, and the average length is 7.2 characters.
What you can see: Yahoo captchas use a relatively small subset of alphanumeric characters. A, B ,F ,G ,H ,J ,L ,M, T and V appear only in uppercase while c, d, e, n, p, r, s, t, y, q, y and z appear only in lowercase. Out of the numbers we have only 2, 3, 4, 5, 6, 7, and 8. This leaves 8 alphanumeric characters completely unrepresented - i, k, o, q, x, 1, 9 and 0.
Most of these seem to be omitted due to possible confusion. O, o and 0 are easily mistaken and so all are avoided, and the same goes for l/1 and K/X. Additionally, some two-character combinations which look similar to existing characters are omitted.
In this example the letter d is very easily mistaken for either 'cl' or 'ol' due to the font. However c, l, and o never appear in the captchas, presumably for this reason.. The letter p suffers similarly, while B and 8 manage to escape despite being sometimes difficult to distinguish.
I'm not entirely sure of the strategy here. They're purposefully obfuscating the word by overlapping the characters, but at the same time dramatically reducing the number of characters that could be present. By cutting down the total alphanumeric characters from 62 to 28 they're making it easier for OCR to render their technique ineffective.
In a nutshell: I had to type a few of these lately, and the character distribution didn't look quite right. I grabbed a hundred captchas, laboriously typed them out, and broke it down by character.
What you can't see here: Yahoo works with the traditional 'random combinations of letters and numbers' form of captcha. They use at least three different fonts, which are then physically skewed in a variety of ways. There's no additional visible interference between you and the letters, and the average length is 7.2 characters.
What you can see: Yahoo captchas use a relatively small subset of alphanumeric characters. A, B ,F ,G ,H ,J ,L ,M, T and V appear only in uppercase while c, d, e, n, p, r, s, t, y, q, y and z appear only in lowercase. Out of the numbers we have only 2, 3, 4, 5, 6, 7, and 8. This leaves 8 alphanumeric characters completely unrepresented - i, k, o, q, x, 1, 9 and 0.
Most of these seem to be omitted due to possible confusion. O, o and 0 are easily mistaken and so all are avoided, and the same goes for l/1 and K/X. Additionally, some two-character combinations which look similar to existing characters are omitted.
In this example the letter d is very easily mistaken for either 'cl' or 'ol' due to the font. However c, l, and o never appear in the captchas, presumably for this reason.. The letter p suffers similarly, while B and 8 manage to escape despite being sometimes difficult to distinguish.
I'm not entirely sure of the strategy here. They're purposefully obfuscating the word by overlapping the characters, but at the same time dramatically reducing the number of characters that could be present. By cutting down the total alphanumeric characters from 62 to 28 they're making it easier for OCR to render their technique ineffective.
Wednesday, 10 August 2011
RIM: Now checking your email from the wrong country
I like the way my blackberry handles multiple email accounts. RIM servers effortlessly stream my gmail traffic directly to me wherever I am, handling two-way sync, calendars and contacts with ease.
Today google forced me to re-authenticate in gmail a couple of times. A quick look at the recent activity list revealed why:
216.9.249.99 turns out to be bda-216-9-249-99.bis3.ap.blackberry.com and is the first time a foreign IP has been handling my mail for an extended period.
They have Australian servers that work perfectly well, and I cant find any notices about local downtime. I'm not entirely happy with this, we'll have to see if it stays.
Edit: A week later, It's still all Canada. Either google has reclassified all RIM IP space as physically in canada, or RIM has made a fairly drastic change to how they access your email account.
Today google forced me to re-authenticate in gmail a couple of times. A quick look at the recent activity list revealed why:
216.9.249.99 turns out to be bda-216-9-249-99.bis3.ap.blackberry.com and is the first time a foreign IP has been handling my mail for an extended period.
They have Australian servers that work perfectly well, and I cant find any notices about local downtime. I'm not entirely happy with this, we'll have to see if it stays.
Edit: A week later, It's still all Canada. Either google has reclassified all RIM IP space as physically in canada, or RIM has made a fairly drastic change to how they access your email account.
Tuesday, 2 August 2011
Boxify.me: A brief lesson in what privacy isn't
Boxify.me is getting a bit of press lately as a new site that allows sharing multiple files with others in 'boxes'. No sign up required; you just click on the 'start sharing' button, upload files, and share the URL around with others.
Here's their current front page.
Before I go further, I should mention this kind of sharing is inherently insecure - they make no promises about keeping your data safe and there's no password protection. Anything you put up there can be accessed by whoever has the private URL, and that's how it's designed. The only thing they specify on that page there is that your box has a 'private URL'.
That should be easy, right? All they have to do is set up robots.txt so that nobody can spider their site, after all.
Unfortunately, I'm wrong.
And as a result of that:
Now, I know what you're thinking -"That's not too big a deal, google can't find anything that's not already linked to". That's where the second mistake comes in, which is only obvious because of the first.
When you click on the link to uploads.boxify.me, you get this lovely page.
Yup. That a public xml file with hard links for the thousand most recently uploaded files. I'm not sure why the file exists, but the fact it's publicly accessible is just terrible. In 15 minutes you could knock up a shell script that regularly checks for and downloads every single file uploaded to the site.
So the outcome here: Boxify.me may turn out fine one day, but so far Loren Burton's claims of a private URL aren't holding up.. If you don't want your files immediately available to the general internet, don't use boxify.
Interesting Sidenode: The example box they link to on the front page can also be edited by the masses. Consequently, it has naughty material for the discerning visitor.
Here's their current front page.
Before I go further, I should mention this kind of sharing is inherently insecure - they make no promises about keeping your data safe and there's no password protection. Anything you put up there can be accessed by whoever has the private URL, and that's how it's designed. The only thing they specify on that page there is that your box has a 'private URL'.
That should be easy, right? All they have to do is set up robots.txt so that nobody can spider their site, after all.
Unfortunately, I'm wrong.
And as a result of that:
Now, I know what you're thinking -"That's not too big a deal, google can't find anything that's not already linked to". That's where the second mistake comes in, which is only obvious because of the first.
When you click on the link to uploads.boxify.me, you get this lovely page.
Yup. That a public xml file with hard links for the thousand most recently uploaded files. I'm not sure why the file exists, but the fact it's publicly accessible is just terrible. In 15 minutes you could knock up a shell script that regularly checks for and downloads every single file uploaded to the site.
So the outcome here: Boxify.me may turn out fine one day, but so far Loren Burton's claims of a private URL aren't holding up.. If you don't want your files immediately available to the general internet, don't use boxify.
Interesting Sidenode: The example box they link to on the front page can also be edited by the masses. Consequently, it has naughty material for the discerning visitor.
Wednesday, 27 July 2011
Fringe
I finally got around to watching Fringe, after a year or two of constantly meaning to. It's a macabre but fun show where you have to suspend quite a bit of disbelief - they're always reading the memories of corpses, teleporting around, and growing single cells to the size of a greyhound. Sometimes they push my limits, but I've mostly been able to enjoy it. Then I saw this.
In their Operating System (that consists entirely of fancy maps and scrolling text), they have an IP address where every octet is over 256. This was a bit of a surprise, so I went back through the scene a little more carefully to glean a few more facts about their computer.
The text might be a bit small, but his computer is s a PIV 2.8 MMX cpu running at 3.2kMHTZ with 128000 memories. There's what seems to be a typo on the next line with the 'Plug and PLay' bios, and the rest is a nice mixing-pot of acronyms that occasionally make sense.
Here's more of the same address type: all IP addresses, but nearly all of the numbers involved are way too big. This time they've thrown in a few token two-digit numbers, but they're clearly not using IPv4 as we know it.
It's hard to read, but that top window is full of extra IP adresses... this time consisting of 5 pairs of numbers. They've added a whole new octet but limited themselves to numbers below a hundred, which doesn't give them much more IP space to work with. The only reasonable option I can think of is that these guys are working with base 10 computers and I've uncovered a major plot point later intended for later.
It's reminds me of a cargo cult. Whoever did this knows what a computer should look like, they vaguely remember the boot screen and they liked that map in Goldeneye. It's so close at the casual glance, but wrong in every single detail. Mindbogglingly, they had to use a computer to create all of this. At some point in the process, people who know what an IP address is must have been involved. They stood by and watched somebody fake a a whole boot sequence for no good reason.
If you want to see the whole scene, you can find it here.
On the plus side, they have a rather nice Hard Drive sound effect.
Subscribe to:
Posts (Atom)