Rick's World

Link: http://www.baen.com/library/

The other day, I was in the bookstore with a friend of mine. He mentioned that David Weber was a good science fiction author. A few days later, I was looking through the bargain books section at Barnes & Noble and I found a David Weber book - Ashes of Victory. I bought it and put it in my pile of books to read. Then, yesterday I was in the bookstore again and found another David Weber book - War of Honor, also in the bargain books section.

Both of these books are part of the Honor Harrington series of books. Since both books were far into the series, I debated buying that second book. I'd never read the series so I thought that starting near the end of the series might be a bad idea. The thing that sold that second book for me, though wasn't the book, but what was inside the book. Inside this bargain book, was a CDROM containing the entire Honor Harrington series of books - in HTML, Microsoft Word, RTF and a couple other formats! And all these files were not protected by any form of DRM! I buy one book and I get ALL the books! How cool is that!

When you put the CD into your CDROM drive and view the HTML page on it, there is a link to the Baen Free Library. This is a web site that lets you read the entire books that Baen Books (the publisher of these David Weber Books) publish. The Library site opens with an introduction by the company as to why they are offering all these books for free, without any DRM. Below is a quote from the page as to his opinion of DRM and online piracy:

1. Online piracy — while it is definitely illegal and immoral — is, as a practical problem, nothing more than (at most) a nuisance. We're talking brats stealing chewing gum, here, not the Barbary Pirates.

2. Losses any author suffers from piracy are almost certainly offset by the additional publicity which, in practice, any kind of free copies of a book usually engender. Whatever the moral difference, which certainly exists, the practical effect of online piracy is no different from that of any existing method by which readers may obtain books for free or at reduced cost: public libraries, friends borrowing and loaning each other books, used book stores, promotional copies, etc.

3. Any cure which relies on tighter regulation of the market — especially the kind of extreme measures being advocated by some people — is far worse than the disease. As a widespread phenomenon rather than a nuisance, piracy occurs when artificial restrictions in the market jack up prices beyond what people think are reasonable. The "regulation-enforcement-more regulation" strategy is a bottomless pit which continually recreates (on a larger scale) the problem it supposedly solves. And that commercial effect is often compounded by the more general damage done to social and political freedom.

Amen brother! This is a rare sight - a book publisher that GETS the Internet and the concept of DRM being bad. Plus, this was written in the year 2000! Seven years ago, this company 'got a clue' and there are many companies, such as *ahem* NBC Universal and Universal Music that still do NOT.

I have to say that after discovering this, I'm going to be buying a lot more Baen published books. I show my support with my money, and these folks certainly deserve it.

Ok, this one just started showing up today. It appears to be very similar to the previous spam scam I wrote about - a compromised computer starts sending spam with links that supposedly go to one thing, but actually point to something else. See the actual email below:

Subject: LOL, that is too cool.....
From: xxx.yyy@zzz.com

If your mom sees this she this video of you she is gonna freak. here is where I found it... http:// www. youtube. com/watch?v=dPoP6G44wg9

In the above email, that Youtube link is a hyperlink, but it does NOT go to Youtube. It acutally goes to http:// 70.244.195.157/. I did a reverse DNS lookup on the IP address that it REALLY links to and it is not Youtube, but a DSL customer on AT&T's network. In other words, it's a home user. Had this REALLY been Youtube, it would have linked to youtube.com. The fact that this is linking to some DSL customer of AT&T means that we have YET another computer that has been secretly infected by spyware. When I retreived the HTML for this page with wget, I see that this one is serving out a file called video.exe. It also contained a Youtube logo on the page! This one certainly looks like a better done scam than the previous one, but again, easily disproved.

Once again, we see another example of Windows machines that have been taken over by spyware/malware without their owner's knowledge.

For the last several days, I've been receiving a new kind of spam. Below you can see a copy of the email. Following the email is my analysis of this:

Subject: Member Details
From:    "MP3 World" <icxpw@cheshire.k12.ct.us>

New Member,

Thank You for Joining MP3 World.

Confirmation Number: 7245114248563
Your Temp. Login ID: user1043
Temorary Password: pu345

Your temporary Login Info will expire in 24 hours. Please login and change it.

Use this link to change your Login info: MP3 World

Thank You,
Confirmation Dept.
MP3 World

The first red flag I noticed was the From email address. Ok, so "MP3 World" sounds like a legitimate web site. The problem is, the actual email address next to it is the email address of some grade school in Connecticut! You can tell this because the email contains 'cheshire.k12.ct.us'. The 'ct.us' indicates that this likely in Connecticut in the United States. The 'k12' usually indicates a grade school (i.e. Kindergarden through 12th grade). 'cheshire' is likely the name of the school. So in other words, Cheshire High School in Connecticut is running a web site called 'MP3 World'? Unlikely. If this were a legitimate web site, the email address would likely end in 'mp3world.com' or something like that. Granted, the From address on an email address can easily be faked, but on this one they didn't even bother to do that.

The next obvious red flag was that it was for a site that I'd never heard of and had not signed up for. If you don't recognize the name of the site and don't remember signing up for it, that's a good sign that this is at worst spam, and at best a mistake by that web site.

The next red flag that I noticed was the link to 'MP3 World' itself that was in the email. If you look at the email, the link was pointing to 'http:// 24.242.61.215' rather than 'http://www.mp3world.com' or something like that, as you would expect. I did a reverse DNS lookup on that 24.242.61.215 and found out that it was a RoadRunner IP address. RoadRunner is a Cable broadband provider for homes. Why would a home user be hosting an 'MP3 World' web site from his home computer. That makes no sense. Plus, the fact that it is listed as an IP rather than a domain name, likely means there IS no DNS record for a 'MP3 World' domain.

The next thing I did was to carefully retrieve the HTML page listed at that IP address. I did NOT do this using a web browser. That's a good way to get your computer 'owned'. I used a program called wget, which just downloads the raw HTML and that's all. Upon looking at the HTML, all I saw was a very basic web page that had a link to 'ecard.exe' for download. That fact that it was trying to download an executable was another huge red flag. If all you are doing is logging into a web site, you don't need any executables for that. You just need to log into the web site from any browser. The presence of this executable is a STRONG sign that that executable is a virus that will infect your machine.

Based on these observations, it appears a computer at some grade school in Connecticut has become infected with spyware that is being used to secretly spread that spyware to other computers.

Beware of this latest scam!

Last week, I bought a Mac Pro. I have to say that I truly love that thing! It is so fast! It is the first computer I've had that could keep up to me... When I really get going on a computer, I have so much stuff going on at the same time that most computers can't keep up. This one can. One problem I've been having for the last week though was a cause of some concern for me.

The problem was, At times it didn't seem to be displaying anything on the monitor, even though the monitor was on and the computer was fully booted up. I would turn on the monitor, then turn on the Pro and then wait... and wait... and wait. It seemsed like sometimes it would come up within a good 20 seconds and sometimes it took 5 minutes before I saw anything on the screen. I often wouldn't even see the Apple logo that you usually see when the Mac Pro first boots up. I was getting worried that something was defective.

After much experimenting and consulting with knowlegable friends, I think I've figured out the problem. It seems like at times the Mac Pro has trouble syncing with the monitor... In other words, it can't properly communicate with the monitor. This causes nothing to show up. As best I can figure this is some kind of odd driver bug on the Mac Pro. The solution I found that seems to work is to turn on the monitor first, give the monitor a few seconds to start up, and THEN turn on the Mac Pro. It seems like if you let the monitor fully start up before starting the Mac Pro, that it will work properly. What I had been doing was turning on the monitor first and then immediately turning on the Mac Pro. This seemed to cause the Mac Pro to sync to try to sync to the monitor before the monitor had fully started up. If you give the monitor a few seconds to start up first, it seems to fix the problem. You can also just turn the monitor off for a couple seconds and then turn it back on. This should cause the Mac Pro to resync with the monitor also.

Apple really needs to fix this bug, though.

It's here!

Yesterday I received my Mac Pro - exactly 2 years and 1 month from the day I got my old Powermac (and first *real* Mac).

The new Mac Pro wasn't without it's share of small problems. When I ordered it last week, I made sure to ask if I was going to get one of those new, really slim Mac keyboards and a copy of the new iLife 08. They assured me I would. I get the box yesterday afternoon at work and open it up to find that they did not send me the new keyboard or the new iLife 08! So I called them, pretty angry and said I wanted them to overnight me the keyboard and iLife. They said they would, but that it would take a few days for it to ship. The earliest it would ship would be Friday. I wasn't happy about this, but it's not like I had any choice. So I accepted and hung up. I later discovered that the Mac DID come with iLife 08, so I now have a second copy of it on the way! Oh well. I also checked my order later on last night and discovered that they had already mailed out the keyboard and iLife overnight to me. I should be getting it today! Way to go Apple! Once more, they show some excellent customer service and come through for me!

The second problem I had was trying to reinstall OS X on the Mac Pro. I had ordered the Mac Pro with a 250GB HD, since that's what it came with, but I had a 500GB HD that I wanted to use instead, so the first thing I did was install that into the computer - before I even turned it on for the first time. The problem was, the dern thing refused to install on the 500GB HD! It must have taken me four complete installs before I figured out how to solve this problem. The problem is, that the OS X install by default tries to upgrade the current OS X version on your machine. That means that it was only allowing me to 'install' (actually upgrade) over the existing OS X on the 250GB HD. I found out that you need to change the install to an 'Erase and Install' in order to get it to install to a different HD. Once I got that working, I was able to install to the 500GB HD and wipe the old one.

I still have a lot of other stuff to setup on it. I have to copy all my stuff back over from the Powermac, and restore all my email, browser bookmarks etc. I also need to reinstall a bunch of apps and put in that additional 2GB of RAM that I'm getting today. Tonight is going to be another busy night.

A few months ago, I bought my friend Dave's old Mac Mini from him. This was the same Mac Mini that I sold to HIM a couple years before when I upgraded to my Powermac. He bought my Mini because he had heard me raving about how good the Mac was and he wanted to try it. The problem is, the Mac Mini is a sadly underpowered computer for all but the most basic of tasks. That's why I got rid of it in favor of the Powermac. The Mac Mini did do its intended job though - it convinced me to try a Mac. It didn't take me long to go from buying a Mini to buying a full blown Powermac. At the time, when Dave sold me back the Mac Mini, I understood his feeling that the Mini wasn't adequate. I shared that opinion. I was just disapointed that Dave had 'lost his mind' and gone back to Windows. Looks like Windows Vista finally pushed him over the edge though.

Yesterday, I went with him and he bought a Mac Pro! This is basically the same Mac Pro that I ordered that will be arriving in a couple days. He loves this new Mac! I can see why. This thing is much more powerful than the Mini and it can easily keep up with things. I'm glad Dave came back to his senses! :)

In the interests of getting him up to speed on the Mac as soon as possible, here are a few apps he might find useful. Note that MOST of these apps are free.

Cyberduck: A great drag & drop FTP program. Source code is available for this if you want to learn some Mac programming.

Quicksilver: You MUST download this now! If you are a typist, this program makes it VERY easy to run any program (and do many other things) without once touching the mouse. Source code is not available for this yet, but will be once Leopard ships.

Vienna: A good, free RSS reader. It may not hold up against NetNewsWire, but it is free and quite capable. Source code is available for this.

Unison: A great newsgroup reader. $24.95 from Panic Software.

Coda: Supposed to be a great web page builder application. Costs $69.

AOL Radio: America Online's free online radio program. They FINALLY came out with a Mac version!

Link: http://chuqui.typepad.com/chuqui_30/2007/08/why-the-geeks-w.html

I came across a great blog post today that got me thinking about the way I and other technical types, look at Apple computers.

Two days ago, Apple had another one of their big 'dog and pony' shows. In it they announced new iMacs (very nice looking), new iLife 08 and iWork 08 software suites, and a new version of their .Mac online service. I anxiously followed along on the news of this event as it happened. There had been rumors of a new iMac and new iLife and iWork versions coming out, so those didn't surprise me. What I was waiting for has been my long desired 'Mac' computer. I was hoping for Apple to come out with essentially a lower end Mac Pro, one that wasn't so expensive, but was still upgradable. After some of the events of that show, I'm coming to believe that this desired 'Mac' is never going to happen.

If you look at the features of the new iLife and iWork versions, they are all very clearly aimed not as business customers or developer customers (like me), but as the 'Average Joe' home customer. Most of the features they added to the iLife suite were all centered around organizing and publishing photos and movies. The changes they made to the iWork suite (sort of a home version of Microsoft Office) were better word processing and the addition of a very nice, easy to use spreadsheet program. Both of these new software suites looked nice and I am very interested in buying them both for myself.

As for the new version of their .Mac service, they increased the amount of space it provides for backups and web space from 1GB to 10GB and added some easy to use picture displaying features. Despite these new features, my complaint about the site still existed. Why would I spend $99 per year for a web site I can show some pictures on, and 10GB of backup space? I can do all this myself! I think though, I was missing the whole point here.

The point I was missing is that all these improvements they made to their products really weren't aimed at me. Technically knowledgeable people like me are a rarity. Most of the world out there is not very familiar with computers. They just want the dern thing to work. They don't care how it works. All of Apple's products, including the iPhone, iPod, iMacs, AppleTV etc, are designed very clearly with the 'Average Joe' user in mind. Yes, they are high tech gadgets, but they are intentionally 'walled off' from modifications in various degrees. This is done to make them easier to use and more reliable for the target market - the average user. Technical people like me who want to write apps for the iPhone or tinker around inside their Macs are the exception, not the rule.

This focus on the average user is also why I think we won't see my 'Mac' anytime soon. The 'Mac' configuration I want would essentially be a desktop, with no monitor. The problem is, having to connect a monitor, computer, keyboard etc, can be very complicated for the average user. That is why they push laptops and iMacs so much. These are all in one computers. You pretty much just plug them in and the work, right out of the box. This is exactly what the average user needs and a computer company should provide. Yes, Apple has the Mac Mini, but that is very much a 'intro Mac'. Frankly, I'm surprised they even still sell that thing. It doesn't seem to quite fit Apple's average user focus. The MacPro that I want is expensive, but it strikes me as Apple's concession to the power user like me. They provide it, but it's big, powerful and expensive. This is clearly their computer aimed at developers, heavy video production people, etc. There isn't going to be a low end power machine.

Looks like I'm stuck with the Mac Pro. I'll be ordering one for myself tomorrow. I'll be sure to blog about that whole adventure once it arrives. It'll be my first Intel Mac.

Link: https://www.paypal.com/securitykey

I've used eBay and Paypal for many years now. So has my family. One of the ongoing problems lately is phishing attacks that steal your eBay and/or Paypal accounts. These phishing attacks come by way of a forged email that looks like it's from eBay. It convinces you to log in to eBay in order to respond to this email. It does this by providing a link in the email that you click on that takes you to eBay. The problem is that the link doesn't take you to eBay, but to a site that perfectly copies eBay! You then enter your information, 'eBay' says everything is OK and you go about your life, not realizing that you just gave your eBay username and password to a criminal. They then go in, using your eBay username and password and start stealing from you. The same happens to Paypal, which is even worse because it has direct access to your bank account. I'm usually very good at spotting these phishing attacks but they have gotten so good, that even I fell for one once. My brother fell for one too. Fortunately in both cases, I realized it quickly and we were able to go in and change our passwords before any harm was done.

The problem is that these phishing attacks still happen and will continue to happen for the foreseeable future. We all need a way to protect ourselves from this. Recently, eBay has come up with a way. They now provide an electronic security key that you can use to log into your account. Once you get this small device, you activate it and associate it with your account. From that point on, when you log into your account you have to press the button on this device to get a six digit security key. You type this in along with your username and password to log into the site. Since eBay and Paypal now require this six digit number to log in, even if a criminal got your username and password, they would not be able to log in. Essentially, your password is now changing every 30 seconds and there are 1 million possible combinations that your password could change to every 30 seconds. Unless the criminal is a VERY lucky guesser, they have no prayer of ever logging into your account! Granted, it's a bit of an inconvenience to have to use this little device every time you log into eBay or Paypal, but if it prevents theft, I think it's worth it.

The device costs $5.00 and you can order it here. If you use eBay or Paypal a lot, I suggest you pick up one of these right away!

Above you see a screenshot of a graph from my web site statistics. This graph shows the number of hits to my site on a daily basis over the last several months. As you can see, most of the time, the number of hits is pretty consistent. There have been two major incidents where things went way higher than normal.

The first one that you'll notice is the big spike in the center of the graph. That high point in the graph is the release date of the Spiderman 3 movie. A year before the movie, I wrote an article, containing lots of pictures describing my predictions for the movie. This article has been very popular, getting 16,000(!) views so far. This is much more, by far than any other article I've written. You'll notice a nice consistent increase in hits over time heading to the release date. Then, after the movie is released, the hits gradually decline. This is to be expected. As the movie release gets closer, people start to be more and more interested in it. Once people see the movie, interest drops off. This was a nice, natural spike in the logs. The other incident, however was not.

The second incident you see is over on the right side of the graph. Here you'll notice a nearly instant doubling of the number of hits going to my site. At first, I didn't think much about it. I just thought I was getting more visitors. It turns out this is not true. This sudden jump that you see is due to one web site - laguna2000.com. This website was singlehandedly doubling the traffic to my site and also sucking down tons of my bandwidth. After a couple weeks of this increased traffic, I found the problem. This is proof of the 'image blogging' problem I mentioned previously. One of the administrators of the discussion forum there decided to use one of my images from my blog about the Transformers movie as his 'avatar' image. In other words, every time he posted an article on the discussion forum or responded to an article, it would include his avatar image. This also mean that anytime someone read a message he posted, it would include his avatar image. The problem is that he chose to use my image as his avatar image. He was directly linking to the image on my web site as his avatar image. Everytime someone read one of his article on laguna2000.com, it was loading the image from my web site. There were a lot of people reading his posts on this site. I was seeing a good 3,000-4,000 hits per day coming from that site. That meant that I was literally giving them hundreds of megabytes of free bandwidth per day! In the several weeks that he was doing this, I likely provided several gigabytes of bandwidth to them for free. This had to change.

Saturday evening, I modified my site, to refuse to send any images to that web site, and only that web site. I'll write more about how I did that later. Ever since I blocked the images going to that site, I've seen laguna2000.com jump to the top of my failed referer list. In one day I got over 3,400 failed referers from this site - exactly what I intended. Looks like my hack to fix this little bit of theft works.

The moral of the story is to always watch your logs. When you see something weird, be sure to investigate. It might be something important.

Today is my parents' 43rd wedding anniversary. Congratulations to you both, and many, many more!