Angus Thinks…

Well I feel stupid.

I was notified today that marilac.malcolmhardie.com (ie this server) was apparently hosting paypal login spoof web pages. Somebody managed to crack one of the user accounts on the system and place a few files in the public_html directory.

Fortunately the pages were only there for a few hours, but it shows how important it is to check the logs regularly.

This is really unfortunate, although at least at the moment it doesn’t look as if the cracker got root access.

What is particularly annoying is that, as far as I can see, I have all of my software patched to the latest versions.

I spent much of the afternoon checking the server to ensure that nothing else has been compromised. It may be necessary (or advisable) for me to wipe the whole machine and reinstall.

It does explain the previous email though. I just wish that I had understood what was happening earlier.

Today, one of the email accounts at malcolmhardie.com received a very strange email

just a line to let you know I have passed on you details to paypal and the police regards your scam emails trying to access my paypal account with bogus emails.

This was sent from what appears to be an AOL account. I won’t detail the sender for obvious reasons, but I was rather puzzled by it.

As I see it there are several possibilities for this:

1) Somebody has received spam email that appears to be from malcolmhardie.com and is thus trying (unsuccessfully) to report the culprit (which incorrectly appears to be someone at malcolmhardie.com)

2) A machine that is permitted to send email via malcolmhardie.com has been compromised and is sending out such mail. (unlikely, but possible)

3) The sender is actually some kind of spam harvester that is hoping legitmate recipients will send back letters complaining or, possibly, explaining the situation.

At the moment I’m tending towards option 1, since it seems most likely.

However I remain mystified by the whole thing.

Adobe are merging with Macromedia (read: buying up the only competitor).

This is of course going to be as sucessful as every other merger from HP/Compaq (disaster) to Halifax/Bank Of Scotland (disaster).

Daring fireball has an english translation of the marketing speak in the press release

I’ve been thinking recently about music buying. When I can buy music online from the iTunes music store why should I want to buy it in a physical store? With the online store I can experience a sample of any track and get to listen to the music immediately. If I buy it offline I have to carry it home, convert it to mp3 and only then can I listen. I suppose a music store offers some browsing capability and there are some music stores where they have friendly staff who can offer suggestions, but I don’t really tend to see that kind of customer service very often and the browsing that experience online is often superior, especially with recommendations from other users.

So what is my conclusion? On the surface the online services have every advantage over the bricks and morter store. Unless the bricks and morter stores work very hard to catch up they’re going to fall behind. But where can they go? Bookstores are introducing cafe’s and relaxing chairs, but does a cafe make sense in a branch of HMV or Virgin? I suppose I can see a bar, maybe, but a cafe?

With bookshops I actually enjoy going to browse, but then with books you can really browse, reading the books as you go. No music store offers the ability to sample all of the music in the store, although it doesn’t seem insurmountable as a technical challenge, so maybe that is one direction to go in.

But I become increasingly disappointed with physical music and DVD stores. I go and then I wander around for a while looking vaguely for something worth buying. So I suspect that more of my business will be heading online unless something drastically changes.

Binary Thoughts is back!

I probably should have remarked on this before, but Dhruba’s weblog “Binary Thoughts” has reappeared. He was moving servers so it went down for a bit, but it has now returned. Which is really great news.

Plus of course the fact that the presentation of Binary Thoughts is so much better than Angus Thinks that the comparison really isn’t funny. Curved corners are definitely in right now and the theme and extras are much better.

http://www.chocolatereview.co.uk/

Reviews of chocolate bars, with ratings and reviews !!

The Inquirer has made a truly mischievous offer to Carly Fiorina, former CEO of HP. The company, resulting from the merger of Hewlett-Packard and Compaq, is in considerable difficulties, as the inquirer has merrily written about in articles like The three ways HP has screwed up and How HP totally lost the support plot.

But now in a remarkable offer they have asked Ms Fiorina to write a column. It seems unlikely that Ms Fiorina will take up the offer given the consistent history of criticism that she has faced from The Inquirer but perhaps she will? Who knows? What if she does say yes? Will the inquirer find itself publishing a series of articles criticial of itself? A revenge on months of sniping?

It seems unlikely. But stranger things have happened.

… with Windows XP I don’t gotta worry about emailing viruses to my friends and family at all. The built-in email client Outlook Express does it automatically, in the background.

From divisiontwo.com via Macslash.

Disclaimer: I use Windows XP sometimes but not outlook express

Amazingly enough, despite appearing on Wired’s vapourware list, the Phantom game system actually appeared at CES. (Or at least a box appeared at CES)

The Phantom offers a sort of video game on demand system, which I’m not totally convinced about, but the box looks nice and it seems to offer an interesting collection of features. I think given the choice the XBox2 would be a better bet, or the PS3.

TheTechLounge has the pictures (about half way down).

I was just doing a quick search for Lemony Snicket books (of which there are apparently now 11) on Amazon.com

Oddly enough when I did the search I got the following within the search results:

It appears that they are using google ad words, and one of the advertisments offered was for a competitor.

It does seem a bit odd to say the least, to be advertising a different online store …

Weird things seem to be happening in the Palm OS sector. PalmSource recently bought China MobileSoft which is a Chinese linux smartphone developer. This comes after spending about $11 million to buy BeOS from be back in 2001.

One obvious motivation in buying a Chinese company is to get access to the Chinese market (which is always going to be huge real soon now. IBM is thought to have similar motivations in selling it’s PC division to Lenovo. But PalmSource is now also talking about basing future Palm OS versions on Linux. So maybe they were after technology as well as market access.

The alternatives aren’t pretty. PalmSource hasn’t been making much progress since the incremental Palm OS 5. Licensees have yet to ship a PalmOS 6/Cobalt device. The software seems to be available to device developers but everyone is still on the PalmOS 5 platform. Not one Cobalt device has yet been released commercially by anyone. It almost makes one question what exactly is wrong with Palm OS 6. Performance? Memory footprint? Price? The about box?

In the operating system market it seems anyone writing operating systems and selling them (as opposed to open source things like Linux) always has a major failure when trying to develop the next big operating system. Apple had Copeland (which would have been Mac OS 8 if it had been released but was actually abandoned) before Mac OS X. Microsoft had OS2 (with IBM) before developing Windows NT/XP. Now perhaps Palm OS will fail on Palm OS 6 before releasing a new platform based on Linux?

This evening I went along to the Edinburgh BCS talk on Ethical Hacking. It was really eye-opening and made me suitably paranoid about my own security.

Peter Wood of First Base Technologies gave a remarkably useful, informative and funny talk on the subject. (and left me totally paranoid as I said before).

Some interesting points and some thoughts

Physical intrusion is very likely

Physically entering a building and stealing data is often easier than getting past network security and cracking a network.

Social engineering is a serious concern

It is relatively easy to get people to give access information away

Have a plan to deal with physical intrusion.

In one case the receptionists realised that the intruder was present but didn’t have any instructions on what to do in that situation - result: failure. Have obvious guidelines on who to call and what to do if an intruder is spotted.

Look at logs

Log files are often the first sign of unexpected happenings

Encrypt valuable data

The machine doesn’t have to be secure for your data to be secure

Firewall all access and especially firewall dialup accounts

One of the examples should how an apparently secured network was compromised by a dial up access point within the network

People with clipboards and pens are always accepted as genuine, even when they are actually intruders

Suggestion: Have anyone holding a clipboard and pen removed from the building immediately. Or at least don’t assume that they are genuine, just because they look busy

Overall fascinating and really interesting.

Weird thing happened today. I was checking my email and I saw a message from ebay stating that my account had been suspended. I assumed it was fake and went to visit ebay itself. But it seems real.

The whole business is odd. I have never bought or sold anything on ebay. I think I once made a few bids, but they were unsucessful. Who knows what’s happening. It doesn’t reassure me though about the ebay security system.

Perhaps more information will appear shortly.

I’ve got tired of people spamming my web log. So I’ve changed the name of the comments posting page. I’m going to see if it makes a difference. If it does then the people spamming are automated, if it doesn’t then the automatic system is either too smart or it’s figuring it out in some other way. I’ve got some more ideas so if this doesn’t work then I’ll move on. Either that or ban URLs in comments altogether.

Potential spammers should note that advertising or commercially orientated posting in the comments area is specifically prohibited. Under no circumstances is any such posting permitted. Posting any such comment counts as unauthorized and illegal use of this machine.

Currently I’m using flyspray for bug tracking.
I use cvsweb to view the cvs tree online.

One thing that I really wanted was to be able to click one bug numbers in the cvs log reports and see the bug tracking entry that matches it.
It turns out this is amazingly simple. I added the following code to the cvsweb.cgi file inside the htmlify function, just below the bit that does the urls. (new section in bold)

# get URL's as link
s{
((https?|ftp)://.+?)([s']|&(quot|[lg]t);)
}{
&link($1, htmlunquote($1)) . $3
}egx;


# replace FS with correct bug track link in flyspray
s{
FS#([0-9]+)
}{
&link(”[$1]“,”/flyspray/index.php?do=details&id=$1″)
}egx;

# get e-mails as link


And now my cvs logs display a link whenever I use FS#100 or a similar bug number. Next I suppose is to integrate it the other way and have the cvs system automatically close resolved issues in flyspray. There is actually already some code for subversion so it wouldn’t be very hard to implement probably (but there are better things to do with my time).

[edit]
subversion code is at http://flyspray.rocks.cc/bts/index.php?do=details&id=310&area=attachments#tabs

The people over at mini-itx.com have a picture of a most amazing looking pc. It is mounted vertically in a table like case. With amythtv software, a video projector and a wireless keyboard it would make a wonderful, stylish and invisible home entertainment system.

Zdnet and others are announcing firefox PR1 will be released later today. The mozilla homepage is already showing download links but the Mac OS X links aren’t actually working as I write this.

Firefox 1.0PR1 will probably be a defining moment in web browser history, along with Netscape 1.0 and Internet Explorer 3. A browser release that represents a fundamental change in web browsing behaviour.

It is also a milestone in open source development. Firefox is one of the more visible pieces of open source software around and it definitely seems to have caught people’s attention. It is gaining against IE in terms of popularity and without the advantages that IE has, such as integration with windows and the marketing support of Microsoft. It is suceeding on the strength of its own quality as a piece of software.

The Mozilla software project is a sucess!

[edit: download now available]

Lots of fun new features have just appeared over at Binary Thoughts. Dhruba’s site now has loads of really clever new bits. I really like the css3 link icons.

I just had the thought that there is email that I should have, but can’t find. Which is bad, given that I’ve been trying to archive all of my email. The key question obviously is where has it gone? And I suspect the answer may be that it is gone forever.

This might be really bad, alternatively it might not. Who can tell?

I think the best thing might be to convert my email to html at intervals, rather than leaving it in my email imap server. If it was carefully indexed and sorted it would probably be a better way to to do things.

David made an interesting point in a comment recently about the ridiculous prices people are paying for ring tones and how this may be encouraging news for more sophisticated content (like video). If people are willing to pay 50p or more for a few seconds of music in a ringtone, how much might they be willing to pay to see a key goal scored in a football match or an important news story?

Of course Mazingo tried pocket video stories a while back using a system like avantgo. I think it worked by syncing a pocket pc or palm unit with a server somewhere. Then you got video clips pushed to the unit. The costs eventually got the better of them because the company isn’t really doing that anymore. I think the most likely reason for failure was because they had difficulty charging for a service that was extremely expensive to provide.

Video over 3G networks has two crucial advantages over Mazingo. The first is that the people operating the system have a proven solid billing and payments system. Ring tone buyers have been useful guinea pigs for more sophisticated products and Vodafone has been running it’s Vodafone live service for some time now. So the payment side of things is working. The other key advantage is people seem willing to pay for services on mobile phones that they wouldn’t if they were buying the service via the internet and a regular PC (Or even to sync to a Pocket PC or Palm device). Somehow the networks have managed to convince users that their mobile phone is something different (and more expensive) and that they should expect to pay. Whether this view can be sustained is difficult to guess, but I suspect that it will probably last a little while yet.

I don’t know whether this means that 3G services will be sucessful or not. I suspect that eventually people will realise that the wider internet offers more scope and lower prices. The mobile networks may have to accept that their product is really just a commodity.

How long this takes is the key question though. It makes the difference between recovering the billions spent on 3G licenses and not. I suspect the networks will be paying very close attention to this indeed.