Rick's World

Happy New Year!

As is traditional, many people make resolutions on January 1st as to what they want to accomplish in the new year. I've done this in the past too. However, I've decided to take a bit of a different approach to it this year. This year, I'm setting goals for the year, not resolutions. I am also cementing these goals in my brain by writing them down on a piece of paper, and sticking that piece of paper 'in my face' on the fridge in the kitchen. I am also going to write these goes down here for the whole world to see. I will be checking back over the year to see how these goals are progressing. They say that just setting goals for yourself doesn't do much unless you write it down! So I'm doing that and putting it in a very conspicuous spot that I'll see a number of times every day. And so, on with the goals.

200 lbs by 7/14/2009

If you look at the META tags, in the source of every page of my blog, you will see that I describe my blog as 'Thoughts on computers and health.' I still ramble on about computers pretty regularly, but the health side of my ramblings has been noticeably silent over the last couple of years. That is because my attention on health over the last couple of years has been pathetic. Several years ago, when I was at my healthiest, I managed to get myself down to a low of a very healthy 194lbs (for a guy who's 6' and medium build, that's LOW). However, these days my weight is considerably higher. I'm currently sitting at about 255 lbs, I'm ashamed to say. Back in the days of my being in fantastic health, I swore up and down that I would never allow 'Fat Rick' to return. Well, he did return. He returned because I got lazy and I got complacent. It became entirely too easy to just say to myself, "I can skip my diet, just this one time..." Of course one time, turned into two times, turned into ten times, turned into one hundred times. Before you know it, I'm fat again. I don't think I'm AS fat as I was at my worse (I was pushing 270 in those days), but I'm damn close.

I refuse to allow myself to return to that point. There is no reason for this to ever happen. I know how to keep my weight under control. I did it for several years. I know how to lose weight. I did that and VERY successfully for several years. It's just a matter of getting myself back into those habits. I also have been noticing a return of the 'fat guy' health issues - Lack of energy, little aches and pains, etc. I'm not getting any younger. I can't afford to allow these problems to continue. As such, I have put several policies into effect.

First, I am returning to the regular gym visits. At my best I was going to the gym 4-5 days a week. Effective immediately, that is resumed. Tomorrow, and at least 4 times a week after that, I will be going to the gym and doing my usual intense interval program on the elliptical machine. Normally, I do that on the treadmill, but due to the fact that I sprained my foot several months ago and that foot is still rather weak, I don't think I should be putting that heavy of a strain on that foot for a while, at least until I can get it back up to full strength. Given a month or two, I should have lost enough weight and rebuilt enough strength in that leg that I can start going 'whole hog' on the treadmill again.

Second, I have returned to my habit of daily morning weigh-ins. I've actually already been doing this whole return to the diet for about a week or so, so I've been doing this weigh-in every day so far. I've already lost several pounds. I intend to continue this on a daily basis going forward. You can't track your progress if you don't check it regularly. I am also logging this information in an app I have on my iPhone (Weightbot) that is meant for this purpose.

Third, I have returned to my old habits of 'nutritional responsibility'. While, I have continued to eat a very healthy diet over the last few years, there are many things I've done that have been ruining my diet. These include, frequently eating out for lunch (BAD BAD BAD), drinking a lot of sodas, and eating a lot of bread (too much carbs). I have cut the soda down significantly. My rule now is two cans of soda a day. No more. No more large sodas at lunch. No more sodas on the (now very rare) eating out. No more bread in the fridge. I am also diving hardcore back into my old six small meals a day program (which I never truly stopped). I've maintained this six small meals a day program for many years, but unfortunately one of those meals tended to be a not-so-small lunch at the neighborhood Quizno's, or Chicken Kitchen, or whatever. Each of those meals is several times larger than the proper size one of my six daily meals should be. Those days are over. I am now returning to my old rule of ONE eating out meal a week. And that meal will be a healthy one. No massive subs, no huge plates of rice & beans, etc.

Fourth, I now have a Wii Fit. When my family asked me what I wanted for this past Christmas, I told them I wanted that. To my surprise (or perhaps concern) they didn't seem at all surprised that I wanted an exercise game. Hmm, they have been criticizing me for gaining weight a lot so maybe they weren't surprised that I asked for it. I needed it! My brother was lucky enough to find one of these very rare gems, and gave it to me for Christmas. I've been playing with it daily ever since Christmas and I really like it. (I'll write a full review later). Since I now have my own 'in house personal trainer', I intend to put in a good 30-60 minutes of time on this game every day. I was worried at first, that this thing wouldn't be intense enough to give you a good workout. Boy was I wrong! Once you get past the beginner levels (which doesn't take long), the advanced levels can get very tiring. A half hour of some of those games will have you sweaty and panting. Just what I need. The Wii Fit also tracks your weight and BMI over time and lets you set goals for those to help you track your progress. While I'm not thrilled that it uses BMI (which is not a very good indication of obesity) as it's sole indicator of how healthy you are, that's the best it can do, so I'll use this as a 'backup' weight tracking system. The game is also a lot of fun, which certainly helps if you are going to be playing a video game that is that strenuous.

Now you may be wondering as to the significance of that 7/14/2009 date that I set as my goal for my return to the 200 lb range. The answer is, that date is my birthday - my 40th birthday. A significant date to be sure. Plus my older brother (age 42) has been teasing me that once I hit 40, everything starts falling apart. That is not going to happen. I intend my 40th birthday to be one of my best, and healthiest birthdays ever! I'm going to get healthier with age, not worse!

One iPhone app on sale

I have been studying how to write iPhone apps ever since the first beta of the iPhone SDK came out on March 6th, 2008. While I did develop a small iPhone app as a consulting project for a friend's company, that app has yet to go on sale to anyone. It seems to have been 'shelved' for now. I've also, in all this time not released any apps of my own for sale. There is a HUGE market for these apps. If a stupid app like iFart Mobile can sell 100,000 copies in a couple weeks, (at a profit of $70,000 to the developer), surely I can come up with something that will be able to earn me some money. As such, I have set a goal to have at least one iPhone app on sale in the App Store by the end of 2009. What that app will be, I have no idea. I have to come up with a good idea of something I can implement and sell. Getting that idea is the hard part. Once I can get a good idea going, I can tackle this and produce something. I spent $100 back in July to become a full-fledged iPhone developer. I have nothing to show for that $100 investment though. It's time to solve this problem.

$25,000 in savings

I make a good salary (I won't say how much) but I haven't been saving as much as I should. I do have about $13,000 in my savings right now, but I would like to get this up to $25,000. Why? I estimate that my monthly expenses are around $3,000-3,500. I would like to have at least 6 months of salary in the bank to provide a nice 'cushion' in the event that I lose my job for a while. While I certainly don't see any signs that my employer is going to start laying people off, it's always good to have a nice 'buffer' for things. This large savings also makes the inevitable 'emergencies' that always pop up less of a stress on your life. If you have $25K in the bank, the need for a new dishwasher, or new tires, or whatever, goes from being a major crisis to a minor inconvenience. I've done a pretty good job of managing my finances lately. I live considerably below my means. This goal means I would need to save at least $1,000 a month. This is very doable, based on my salary and expenses I just need to be more careful with the 'discretionary income'. I originally had a rule that the savings has been off limits. It was for real emergencies only. However, like my diet, I've gotten lax in this rule. I've become entirely too comfortable using this emergency fund for non-emergencies. That has to stop. I need to cut back heavily on the big toys in favor of this. I also have been thinking about making two large purchases this year - a new Macbook Pro (upgrade to my current Macbook), and a big-screen HDTV. The plans for these two were for the Macbook Pro to happen around the time of my birthday in July and the HDTV to happen around Christmas time. Whether these two purchases are still possible, given this goal, remains to be seen. I could easily sacrifice both items in favor of this goal, if need be. However, I still think that these two major purchases would be possible in the timeframes I mentioned, even considering this savings goal and my current income and expenses. A selling iPhone app would certainly also contribute to this goal! :)

I have other goals for the year, of a much more personal nature, that I won't talk about here, but I think these three goals I mentioned are a good indication of my plan for the year. For the most part, my life has been going pretty well. It just continues to need some refinement in a few significant areas. That's my target for this year.

On November 18th of this year, Wall-E came out on DVD. Target had an interesting promotion that if you buy the DVD there, they give you a coupon to order a real-live tree. (A tree is a major part of the movie). I thought this was a clever promotion so, I bought the DVD and ordered the tree. I never expected to get much. Today, I got my little tree. (See the picture). It's a Slash Pine. I planted it outside of my house. Let's see if it grows. Who'd have thought a DVD would contribute to my landscaping! :)

I got this email yesterday:

Return-Path: >gardcm23@mail.buffalostate.edu>
X-Original-To: rick@ekle.us
Received: from smtp.buffalostate.edu (smtp.buffalostate.edu [136.183.139.54])
Received: from mail.buffalostate.edu (unverified [136.183.139.147]) 
	by mail.buffalostate.edu (SurgeMail 3.9e) with ESMTP id 6842901-1888925 
	for multiple; Sat, 13 Dec 2008 16:06:31 -0500
To: (Recipient List Suppressed)
Received: from 115.67.221.114 by HTTP
Sender: gardcm23@mail.buffalostate.edu
From: "Update Your E-mail Account" >edu-accountupdate2008@live.com>
Reply-To: edu-accountupdate2008@live.com
Subject: Dear Email Owner
X-Mailer: 115.67.221.114 - gardcm23
X-Originating-IP: 115.67.221.114
Date: Sat, 13 Dec 2008 16:06:32 -0500
Priority: normal
Message-id: >494423d8.115.6a4b.32340870@mail.buffalostate.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Authenticated-User: gardcm23@mail.buffalostate.edu 

Dear Email Owner,

This message is from messaging center to all Email owners.
We are currently upgrading our data base and e-mail center.
We are deleting all unused email to create more space for
new one.

CONFIRM YOUR EMAIL BELOW:

Email Username: ...............
EMAIL Password: ................

Warning!!! Email owner that refuses to update his or her
Email, within Seven days of receiving this warning will lose
his or her Email permanently. You are to send your email
username and password to the webmaster via this email:
org-accountupdate@live.com

Regards

Mrs. Anderson Mary
Webmaster (ORG)

This one is clearly a scam. There is also some interesting redirection going on here. If you start with the originating IP of 115.67.221.114, we find that this IP is located in Queensland, Australia. However, the sender appears to be 'gardcm23@mail.buffalostate.edu'. This is an email address at New York State University College at Buffalo (and the IP addresses appear to confirm this.) So the email was sent from Australia, through a mail server in New York in the United States. Plus the visible email address in there that you are supposed to return your email login information to is 'org-accountupdate@live.com'. Live.com is a domain named owned by Microsoft. It's one of the domain names you can get from signing up for a free email address with Microsoft's Hotmail service.

So someone in Australia, sends an email through a New York University mail server, and masquerades as someone from Microsoft??? Um no. This is clearly a scam. It's trivial to create an email address called 'org-accountupdate' at Hotmail. This name looks pretty legit, but when you follow the email back through the path it takes through the internet it is clearly a scam. We see several classic signs of spam here. First the English grammar is incorrect in this email. It's better than most, but still wrong. Second, it uses scare tactics to get you to respond to it. If you don't send your email username and password immediately you'll lose your email! Considering how I received this email in an email box that is not run by Microsoft, nor anyplace in Queensland, Australia, or anything related to a university in New York, it is clearly a scam. Third, it is very general. 'org-accountupdate' is just general enough to make it sound official. There is no mention of WHAT organization is sending the email. Also, keep in mind that your email provider would never ask you for your email username and password - they already have it!

The secret to learning if an email is valid is to study the raw email headers. Most email programs hide these from you because they are full of information that's not useful in most cases. The email program should have some way to find this information though. If you find an email like this that you are suspicious of, look through the options of your email program to find out how to view the raw headers. Then start looking at the various servers and IP addresses in the 'Received:" and other headers. These headers give you the full information as to the route this email took to reach you. If it sounds suspicous, then it's very likely that it is.

I'm a gadget nut. Ask anyone who knows me. My house is filled with way more gadgets than the average single guy would need. I have three TVs (all Sony, all 'old-fashioned' picture tube models), I have surround sound receivers, I have two DVRs (one a Tivo, one not), I have satellite TV, I have lots of Apple hardware. One thing I do not have, is an HDTV.

It's not that I've been ignoring these things. I've been keeping an eye on them for years. Of course I avoided buying one for the biggest of reasons - price. When they first came out they were $5K-$10K or more. These days, they've dropped into the $1-2K range for most of them, even the big ones. However, I'm still very hesitant to get one. Yes, one of the big reasons is the price. $1-2K is a lot of money to spend on a TV that realistically I don't watch a whole lot. I might watch it for an hour or two a night. Plus, it's not just the cost of the TV. You also need a new Blu-Ray DVD player, a new stereo receiver (for the HDMI signal coming from the Blu-Ray player), a new satellite dish (to receive the HD television signal, a new Tivo (to record the new HD television shows). etc. All those new gizmos add up to several thousand dollars! Not something I want to spend! But there is one other reason, irregardless of the money that makes me hesitant. Quality.

As I said before, I have three Sony SDTVs in my house. The oldest of which is over 15 years old and it still works perfectly. The most recent of these TVs is the 32" Sony I use as my main, living room TV. I think I paid about $400 for this TV about 5 years ago. Of course it still works flawlessly. Compare the perfect 15 year track record of my oldest TV with what appears to be a pathetic track record of these big screen HDTVs.

About 4 years ago, I bought a nice 20" Dell LCD monitor for my computer at home. I used it for about 3 years happily. I loved the thing. Perfect picture, looked nice, worked well. No complaints. About a year ago, I upgraded to a 24" Samsung LCD monitor (which honestly I'm not that happy with). So I put the 20" LCD aside for a month or so. About a month later, I decided I wanted a dual monitor setup at work. I knew the company wouldn't buy me one so I brought in my old 20" Dell to work and connected it. I used the old Dell as my main monitor and my previous monitor as the secondary monitor. However, as soon as I connected the Dell at work, I noticed a distinct difference in how the colors looked on the old Dell versus the newer (cheap) Acer LCD I had at work. My Dell had noticeably worse color. It was still bearable, so I kept using it. Within a year of installing it at work, however, my nice Dell monitor died completely. A large swatch of the screen right down the middle just went bonkers and I couldn't fix it. The monitor was dead. Looking back on this I realize that this monitor had started to go bad a year before it died. When I first moved it to work I noticed the colors it displayed were not quite right. Despite that I used it, bad colors and all for the better part of a year. This means that essentially my monitor had started to go bad only 3 years into owning it! it's possible that those colors could have started going bad even before that, but I didn't notice because I didn't have another monitor next to it to compare it with.

What does the story of my dead LCD monitor have to do with the quality of HDTVs? Everything. Most HDTVs sold these days are LCD - the same technology used on my dead LCD monitor that only lasted 4 years (3 if you count from when I started noticing the colors were bad). Now LCD computer monitors are fairly cheap these days. You can buy them from anywhere from $200-$400. If they only last 4 years, not a big deal. An HDTV, however, runs at least $1000 and that thing is expected (at least for me) to last a good 15-20 years! The problem is, I don't think they will. If an LCD computer monitor only lasts 4 years, what's to lead me to think an LCD TV will last 15? It won't. I just can't bring myself to spend that kind of money on a TV that will die in a couple of years. What am I going to do, spend $1500 on a TV every 5 years or so? That's ridiculous! Now you may argue that LCD technology has improved over the years and these LCD HDTVs should last a lot longer. I don't believe it. I've noticed HDTVs in electronic stores that are clearly defective. The colors are WAY off, and I've even seen images permanently burned into the screens. I was in Sam's Club yesterday. They had a big display of HDTVs showing Wall-E (one of my favorite movies from this year) in HD. So I paused to admire the great HD picture on these TVs for a moment. That's when I noticed that one of the TVs had a image permanently burned into the screen! If a TV that runs 8 hours a day for maybe a year can suffer these issues, then that means that if I were to buy one, and it ran maybe a couple of hours a day in my home, the thing would only last a couple of years.

I just can't bring myself to spend that kind of money on a technology that doesn't look very reliable.

Around election time, there are often many people, such as myself, that consider the candidates running and don't like either of them. This time it's a bigger, more important election than usual - the election of the next President of the United States. Some people support Barack Obama, and some people support John McCain. Me? I don't particularly care for either of them. I will not vote for Barack Obama due to his frequently stated intention to raise taxes. I am not comfortable voting for John McCain either. I just think he is way too old to be president. I've watched him in several debates and he does not look very healthy and clearly is not as alert at Obama. I imagine that being the President is an incredibly stressful job. This kind of stress can do bad things to your health. I don't think John McCain could handle the job physically.

So I don't like either Barak Obama or John McCain. This puts me in a bit of a quandry. If I tell this problem to others, they will likely tell you, "Well, you have to vote for one of the two. Just vote for whom you think is the lesser of the two evils". This implies that there are only two people running for president. As such, I have to vote for one of them.

This is not true.

There are in fact thirteen different people/political parties running for president this year, at least based on the information in the sample ballot that I received. What? You mean you thought there were only two political parties in the United States - the Demo crats and the Republicans? Surprise! Not that I'm particularly suprised that most people think there are only two parties in this country. If the American media is any indication, this is a fact. How many parties were represented in any televised presidental debates? Two. How many parties with candidates running for president are ever mentioned on the nightly news or in the daily newspaper? Two. So that means there must be only two parties right? WRONG. The American media is incredibly biased, and I believe intentionally so, towards these two parties. If the American media were truly impartial, as they claim to be, the presidential debates would be considerably more complicated and a lot more interesting. Can you imagine thirteen different presidential candidates up on stage at the same time? That would certainly make for some interesting debates. Can you imagine all thirteen of these candidates getting equal time in the news? That would certainly lead to some interesting discussion of the issues at hand, rather than the typical mudslinging that the two main parties lob at each other.

In the interests of educating my fellow Americans to the reality of the election, rather than the narrow image portrayed by our media, I thought I'd list all the presidental candidates and provide links to their web sites for your education.

Candidate (President and Vice President)	Political Party	Website
John McCain Sara Palin	Republican	http://www.johnmccain.com
Barack Obama Joe Biden	Democrat	http://www.barackobama.com
Gloria La Riva Eugene Puryear	Party for Socialism and Liberation	http://pslweb.org
Chuck Baldwin Darrel Castle	Constitution Party	http://www.baldwin08.com
Gene Amondson Leroy Pletten	Prohibition Party	http://www.geneamondson.com/prohibition-party-2004.html
Bob Barr Wayne A. Root	Libertarian Party	http://www.bobbarr2008.com
Thomas Robert Stevens Alden Link	Objectivist Party	http://www.objectivistparty.us
James Harris Alyson Kennedy	Socialist Workers Party	http://www.themilitant.com/campaign
Cynthia McKinney Rosa Clemente	Green Party	http://votetruth08.com
Alan Keyes Brian Rohrbough	America's Independent Party	http://www.selfgovernment.us
Ralph Nader Matt Gonzalez	Ecology Party	http://www.votenader.org/index.html
Brian Moore Stewart Alexander	Socialist Party	http://www.votebrianmoore.com/
Charles Jay John Wayne Smith	Boston Tea Party	His web site is largely nonfunctional, so here's a link to his Wikipedia page.

Um... I'm going to have to pause here a minute and collect my bearings. I just spend the last half hour compiling the above list of Presidental candidates, and I have to say that I am disturbed. There are no less then three Socialist parties running (if you don't count the Socialist tendencies of some of the Republican and Democratic policies). And there's even a party called the 'Boston Tea Party'. Um, what? I'm beginning to understand why I've never heard of some of these parties before. These guys are complete nutjobs! One party sounds like a joke, and several parties want to turn this country into a Socialist country (i.e. RUSSIA). While, I'm sure some of these parties are reasonable people with a valid plan for the country, some are just crazy.

Ok, I just did the first real research I've ever done into who I'm going to vote for President and I have to say that I am at a loss for words. It's clear I have a LOT of research to do about these people. Some are clearly nutjobs and can be easily removed from my personal list of candidates, but some are still possible. I'm just stunned by how many incredibly bad people have managed to get themselves onto the ballot. And to make matters worse, the ballot doesn't even list the name of their political parties! All it has is three letter abbreviations for their party name. Until a few moments ago, I had no idea that the "SWP" party on my ballot was the Socialist Workers Party. I guarantee some of these wackos will get votes because people will just vote for whomever because they don't like McCain or Obama. This is truly disturbing.

This blog really went 'off the rails' from where it started. That list of candidates really bothers me. Is this the best we can come up with? Either the same old, same old in the Republican and Democrat parties, or a bunch of nutjobs? I worry about the future of this country.

Time for yet another spam scam email analysis. This time, the scam is an emailed plane ticket. Here's the email I got:

Return-Path: <bykvjypw@brainstem.com>
Received: from 37-8.2-85.cust.bluewin.ch (37-8.2-85.cust.bluewin.ch [85.2.8.37])
	for <rick@ekle.us>; Mon, 13 Oct 2008 23:23:39 -0700 (PDT)
Received: from [85.2.8.37] by brainstem.com.inbound10.mxlogic.net; Tue, 14 Oct 2008 07:23:39 +0100
From: Southwest Airlines <bykvjypw@brainstem.com>
To: <rick@ekle.us>
Subject: Your Online Flight Ticket  N 45109
Date: Tue, 14 Oct 2008 07:23:39 +0100
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2730.2
Importance: Normal


Good day,
Thank you for using our new service "Buy flight ticket Online" on our website.
Your account has been created:

Your login: rick@ekle.us
Your password: PASS0PAW

Your credit card has been charged for $986.14.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Southwest Airlines

Attachment: E-ticket.zip

Let's take a look at the mail headers. Here are a few things to notice:

From: Southwest Airlines <bykvjypw@brainstem.com>

Hmm. So apparently I'm getting an email from Southwest Airlines. If that is true, why is someone from brainstem.com sending it to me? Clearly, 'brainstem.com' is not Southwest Airlines. It's some Microsoft certified company in Maryland. Clearly this email address is fake. I would suspect the spammers did a couple of things here.

1. Picked the name of an American airline company, likely at random. This time they choose Southwest Airlines, but I suspect other emails are sent with other airline names (Delta, American Airlines, JetBlue, etc.)
2. Chose a domain name at random... In this case it was brainstem.com
3. Created an email address at random... In this case it was 'bykvjypw'.

From Addresses are easily forged and should never be trusted. I've had spam emails sent with my email address as the From email, and I certainly did not send it, nor did I approve it. Unfortunately, there's nothing you can do to stop this. You just have to accept that people will do this. Of course, if this email was from Southwest Airlines, the email address would have been 'something@southwest.com'. Southwest.com is the domain of Southwest Airlines. This is one sign that it is not valid.

Received: from 37-8.2-85.cust.bluewin.ch (37-8.2-85.cust.bluewin.ch [85.2.8.37])

This header tells us the domain name and IP address of who sent the email. By looking at the name and IP we discover that this was sent by 'bluewin.ch', which appears to be an ISP of some kind in Switzerland! So, I'm getting emails from Southwest Airlines by way of Switzerland? I don't think so. Looks like another zombie computer.

Your credit card has been charged for $986.14.

Scare tactics. They expect you to react to this as "Oh my God, someone charted nine hundred bucks on my credit card! I'd better check this out." You then open that evil file attachment and you are infected. This is a scam. Your credit card was not charged. They don't have your credit card.

print it on a color printed

Um, what the heck is a 'printed'? I assume they meant 'printer' here. This is yet another example of the bad grammar and/or typos that frequently appear in these scam emails.

File Attachment: E-ticket.zip

Look. It's another zip file attachment. This is a huge warning sign. Let's take a (careful) look at the contents of this zip file... Unzipping this zip file, I find a single file 'e-ticket.doc.exe' inside. This is yet another example of the double file extension trick. Due to the way Windows works, it will normally hide that '.exe' part of the filename. This makes the filename look like 'e-ticket.doc'. This makes you think it is that airline ticket they said it was. Of course it's not. It's actually a program that will infect your computer if you run it.

Conclusion

A good attempt. They got the grammar mostly right. I only found one blatant typo. This would likely trick most people. For a brief moment I thought it was real. Of course, once I studied it some more I realized it wasn't. It also helps to use a little common sense here. Did I recently spend $900 on a plane ticket? No. Clearly this is not valid. Could it be identify theft? Yes, but even if it was, you can log onto your credit card company's web site and validate if this $900 charge was made. And even if it WAS made, you just dispute the charges with the credit card company and you are not out a penny. None of your money is at risk.

Always remember that a little common sense and a healthy dose of skepticism will often save you from falling for these scams.

The scare tactics in this email attack your pocketbook. It appears to be an email from my credit card company indicating that someone used my credit card fraudulently. Here's the body of the email:

Received: from [67.158.232.43] (unknown [67.158.232.43])
	for <rick@ekle.us>; Tue,  7 Oct 2008 14:54:16 -0700 (PDT)
Received: from [67.158.232.43] by mxmta.bellnet.ca; Tue, 7 Oct 2008 13:54:16 -0800
From: "Kelsey Fuller" <telesonicstetherese@qc.aira.com>
To: <rick@ekle.us>
Subject: Fraud Transactions
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869

Greating
Dear Valued Customer,

We have reasons to believe that your credit card 
has been involved in a number of fraudulent transactions 
we have spotted recently. Enclosed is the account 
statement with the list of transactions made with your 
credit card between 01.09.2008 and 03.09.2008. Please look 
carefully through the enclosed document; the last three of 
the listed transactions are the ones that we suspect to be 
fraudulent. 

I would appreciate if you could find time to 
clarify this issue and confirm the transactions that you 
have made personally. This would help us both to have this 
issue resolved as quickly as possible.

Please find the Word-formatted copy of your account statement is 
enclosed in the archive attached to this message.

Best regards
Kelsey Fuller
Manager of Credit Card Fraud Defense

Attachment: Statement.zip

IP Address: 67.158.232.43

If you do a reverse DNS lookup on this IP you get an IP owned by Pocketinet Communications, Inc, out of Walla Walla, Washington. This company appears to be yet another DSL provider. This likely means that this email was sent by a home user, or maybe a computer in a business that has been 'owned' by a previous malware and is now, yet another zombie computer. This email is supposed to be coming from my credit card company... Um, my credit card company is not a DSL provider in Walla Walla, Washington. If it were from my credit card company, it would be from an IP owned by my credit card company. That fact that it is from a DSL provider means that this is coming from a small company, if not an individual. This is clearly not my credit card company.

'01.09.2008 and 03.09.2008'

This is clearly the dates September 1, 2008 and September 3, 2008. These dates are once again formatted in a non-American style of date. This indicates that it is not coming from someone in the United States.

'Greating '

As is often the case, bad English grammar shows up as another indication of this coming from outside the United States. This should really be 'Greetings' to be correct. The English grammar is actually pretty good on this one, though. It is much better than most.

Binary Attachements

Once again we have a binary attachment - a ZIP file. If you unzip this file, you find something interesting:

Statement_01.doc                             .exe

What we see here is a file with one hundred spaces between the '.doc' and the '.exe' extension. (I shortened the number of spaces above for formatting purposes.) This is really another one of those double file extension binary attachments. This email is again taking advantage of the Windows setting to hide the '.exe' file extension. If you have this extension hidden, as Windows normally does, it looks like 'Statement_01.doc'. This makes it look like it is the Word document it claims to be. But this email goes one step farther and adds those 100 spaces between the '.doc' and the '.exe' extensions. Why do they do this? It is done so that if you are not hiding the file extensions, then the spaces cause the real '.exe' file extension to be moved so far to the right, that you likely won't even see it, if you viewed this file in Windows Explorer. Very clever. So once again we have an EXE that likely contains the program that installs the malware on your computer.

No credit card company name mentioned

The final red flag in this email is the fact that it says it's from your credit card company, but it never says which one! If this email were real it would say something more specific like 'Chase Financial Fraud Services' or something like that. The fact that it is an 'anonymous' email, means it's not from your credit card company. The email is intentionally made to be more generic so that it will be noticed and read by many people, no matter who their credit card company is.

Another day, another scam.

Time for some more malware that uses scare tactics. Here's something I got in my email recently...

Return-Path: <yjm@bossa-hashi.com>
X-Original-To: rick@ekle.us
Received: from 209-16-113-5.net.bhntampa.com (209-16-113-5.net.bhntampa.com [209.16.113.5])
	for <rick@ekle.us>; Fri,  3 Oct 2008 14:33:31 -0700 (PDT)
From: "Jeffrey Mclean" <yjm@bossa-hashi.com>
To: <rick@ekle.us>
Subject: New Law

I haven't seen you for weeks

New clauses have been added to the legislation regulating your online activities; some of the
operations are now considered illegal. The new law has come into force as of 25.09.2008; the
penalties have been toughened.

Please read the new document and be more accurate further on.

Remember me to your wife

Attachment: Legislation.zip

Let's look at why this is a scam.

25.09.2008

This is clearly supposed to be the date of September (9) 25, 2008. However, this date lists the day of the month before the month. This is not the traditional American style of writing dates. In America this date would likely be written as 9/25/2008. Note how the month is listed first. This implies that this was written by someone who is used to a non-American date style. Since I live in America, that makes this email suspect.

From IP Address: 209.16.113.5

If you do a reverse DNS lookup on this IP address, it returns '09-16-113-5.net.bhntampa.com'. This name appears to be Bright House Networks out of Tampa Florida. This does not appear to be anyone who has any reason to be emailing about my 'illegal online activities'. This makes me suspicious. I looked at what services Bright House Networks provides and these include 'Digital Cable' and 'Digital Phone'. This leads me to believe that this is a cable modem provider in Tampa, Florida. It looks like we have another zombie computer running in some cable modem customer's home.

Note that I got a second one of these emails from IP address 208.119.131.129. This IP address resolves to an IP owned by the Indiana State Library. This appears to be another zombie computer running in a public library in Indiana. Anyone else noticing a pattern here? These malware emails are sent by zombie computers that have already been taken over by other malware programs. These programs are designed to spread themselves in ways that are difficult to stop.

Binary Attachments

Once again, we have a binary attachment. If you extact the contents of that 'Legislation.zip' file, you find the file 'Legislation-25.doc.exe'. An EXE is an executable. It's a program that runs on your computer and does something. This is clearly not some legislation. If it was, it would be a text file (TXT, DOC, RTF, PDF, etc). And what does this EXE program do? It installs the malware on your computer! This is the 'payload' of the attack. Also, notice how the attached file has two extensions: '.doc.exe'. This is another big red flag. Windows is normally set to hide the file extension of any file displayed in Windows Explorer. This means that it would hide the '.exe' part of the filename, giving you 'Legislation-25.doc'. This makes it look like it IS a text file. This double filename extension trick is very common among spam and malware. I haven't scanned this file, but I suspect it's some form of virus/malware.

Strange statements

'Remember me to your wife'. Um, what? This doesn't mean anything. it's not even proper English. This is another red flag that this is coming from someone who doesn't have a good grasp of the English language. Note that I've gotten several of these emails from different people and this line line is different on them. The other email I got like this had the final line of 'See you around', which is a bit more believable.

So there you have it. Another malware disassembled. Always be suspicious of emails like this.

Many iPhone applications present a brief 'splash screen' when starting up. Here's how to make one.

Create a PNG image named 'Default.png'. It must be exactly that filename, case sensitive. Put this in your Resources folder of the project. The application will display this image briefly when the application first loads.

Technically this image isn't supposed to be used as a splash screen. It is supposed to be a image which resembles the running UI of your application. It's purpose is to make the application show something while it is starting up. By doing this, it doesn't look like the application has frozen while starting up. Despite this, most people just use this feature as a splash screen.

With the NDA finally lifted, it's time for my first quick iPhone SDK article.

Recently, I developed an iPhone application for a company a friend of mine works for. The application worked well, but when the application was complete, the one thing missing was the icon in iTunes for the application. Whenever I built the application and imported it into iTunes, instead of the proper application icon, which I had properly defined, I kept getting a plain black icon with an 'A' shape in it - In other words it kind of looks like the Interface Builder icon, but in monocrome on a black background. I tried everything I could think of to fix this. I searched all the iPhone SDK documentation. I found references to a 512x512 image you had to create for the app for this, but there was no information that I could find as to WHERE to put it. Finally, in frustration, I emailed another iPhone SDK developer who already had a published iPhone application and asked him how to do it. He responded back and gave me the solution.

In short, create a JPEG image named 'iTunesArtwork' without any file extension. Put it in your project so it's in the Resources folder. When the application is build, this file will end up in the root directory of your *.app package. It is this file that iTunes looks for to display as the application icon in iTunes. I believe the icon really should be 512x512 pixels, for best appearance, but a smaller icon will work.

I hope this helps someone get past this seemingly undocumented requirement. Good Luck