I reported the following to the FBI, to LogMeIn123.com, to Century Link, and to Bing, and now I’ll share the story with you.
Yesterday, May 12, 2014, a relative was having trouble with Netflix. So she went to Bing and did a search for her ISP’s technical support:
Bing leads you to a convenient toll-free number to call for technical support!
She called the number: 844-835-7605 and spoke with a guy who had her go to LogMeIn123.com so he could fix her computer. He opened up something that revealed to her the presence of “foreign IP addresses” and then showed her the Wikipedia page for the Zeus Trojan Horse. He explained that she would need to refresh her IP address and that their Microsoft Certified Network Security whatevers could do it for $350 and they could take a personal check since her computer was infected and they couldn’t do a transaction online.
So, she conferenced me in. I said that she could just reinstall Windows, but he said no, as long as the IP was infected it would need to be refreshed. I said, well, what if we just destroyed the computer. No, no, the IP is infected. “An IP address is a number: how can it get infected?” I then explained that I was a network administrator . . . he said he would check with his manager. That was the last we heard from him.
I advised her that this sounded very very very much like a phishing scam and that she should call the telephone number on the bill from her ISP. She did that and they were very interested in her experience.
I was initially very worried that she had a virus that managed to fool her into calling a different number for her ISP. I followed up the next day, using similar software to VNC into her computer. I checked the browser history and found that the telephone number was right there in Bing for all the world to see. She doesn’t have a computer virus after all! (I’ll take a cloer look tonight . . .)
I submitted a report to the FBI, LogMeIn123.com, Bing, and Century Link. And now I share the story here. Its a phishing scam that doesn’t even require an actual computer virus to work!
As a SysAdmin, people ask me how much they need to worry over the heartbleed vulnerability. Here’s my own take:
Google were known to be vulnerable. They co-discovered the vulnerability and deployed fixes quickly. I like to believe they are analyzing the scope and likelihood of user password compromise and will issue good advice on whether Gmail passwords should be updated.
For everything else, my small opinion is “don’t panic.” Not every web site would have been affected. The Ops folks at each site need to patch their systems and assess the extent to which credentials may have been compromised, then take appropriate steps to mitigate compromised data, which might include asking users to set new passwords. But if they’re still waiting on some patches, then submitting a new password could actually put both passwords at risk.
For other important passwords, like your bank, check up on what they’re recommending that you do. If a site is important to you and they offer two-factor auth, go for it: that typically means that if you log on from a new computer they’ll text a one-time pin code to your mobile phone to double-check that it’s you.
How do you triumph against an oppressor who has an overwhelming advantage in terms of firepower? If you are Mahatma Gandi, Martin Luther King Jr, Nelson Mandela, or Ukrainian Colonel Yuri Mamchur, you practice non-violent direct action. I hope that Ukraine may yet share in the triumph of this strategy.
Commander of Ukraine’s Belbek base just got a call from Russian counterpart. Another ultimatum: surrender by 16:00. This is the 3rd one
Incredible. Half the Ukraine troops from Belbek base now marching to airstrip occupied by Russians. Unarmed. To take it back.
The column of troops, carrying the Ukraine and Soviet (!) flags, about to march on the Russian occupied airstrip. pic.twitter.com/prR9rfP7Fp
Ukraine column has reached Russian checkpoint. Russians begin firing in the air. Ukrainians keep marching
Russians call commander to negotiate. Troops have RPGs and machine guns trained on the column of unarmed Ukrainian soldiers. Belbek, Crimea
Russians back down, allow 10 Ukraine soldiers to take up positions at occupied base, but still awaiting orders from Moscow
Face off between Ukraine base commander Col. Yuli Manchur and Russian officer at occupied Belbek airbase pic.twitter.com/6N10wuezef
The Ukraine commanders just received word that Putin ordered the Russian troops to withdraw. Is that true?
Officer who shot in air as Ukraine column marched up to him said he was on the Maidan fighting ‘fascists’ with a stick. Presumably Berkut
The red flag the Ukrainians marched with is the banner of the fighter pilots who fought Nazis in 1941 and guarded the Yalta Conference
Ukraine Colonel still negotiating, Russian snipers & RPGs still aiming at column of soldiers. But deescalation is clear, at least in Belbek
Personnel carrier just arrived, disgorging armed Russian troops at checkpoint. Ukraine commander just finished negotiating.
Ukraine commander demands to guard the base jointly with Russians, who pledge to give their commanders’ response by 12:00, in 2 hours
Russian military truck just brought a handful of (probably Russian) news crews to the Belbek standoff. They’re now filming from Russian side
Ukraine’s 204th tactical aviation brigade when they just arrived to face down the Russians in Belbek: pic.twitter.com/Zz91TuJHXf
Marching along with the Ukraine brigade were the wives of four of the officers, all standing surrounded by Russian snipers at Belbek
Phone battery dying. Read @Time a bit later for the hair-raising conclusion of the ballsiest move of the Crimean conflict so far. #Belbek
I first read of the story via ABC News. I think this is an excellent strategy to employ against the Russian occupation. Putin claims the Russians are there to defend against violent acts. It would appear that the Ukrainian Military are Not the Problem here. I hope this tactic is employed further by Ukraine’s soldiers and its people, and I wish to see them succeed. Mamchur and his soldiers are heros of humanity.
I started trying to use Fitbit to track calorie consumption again the other day. This gets frustrating pretty fast because unless you only eat processed food from packages of specific size you mostly have to accept that calorie counting is a wildly inaccurate guessing game.
I’m happy to embrace the mystery and accept approximate measurements for the most part, but I figured there was one thing I could tackle: breakfast! The most important meal of the day … and I tend to eat the same thing: a bowl of Trader Joe’s Raisin Bran with skim milk. (Trader Joe’s is the only raisin bran I can find any more where the raisins aren’t coated in sugar.)
In theory, this is trivial to figure out. The information is posted right on the side of the box:
So, how many calories am I eating, here?
Caveat: I eat cereal by the bowl, not by the cup! I also eat with some quantity of skim milk.
I whipped out my trusty digtal kitchen scale:
1) Switch scale back to metric
2) Place bowl on scale
3) TARE
4) Pour a bowl of cereal, note weight (129g)
5) TARE
6) Pour milk, note weight (331g)
7) Remove bowl from scale and enjoy breakfast before everything goes soggy
Cereal calories are easy to figure: 129/55 * 170 = 399 calories
Milk servings are measured in ml, though. The moment I started trying to look up the volume of a gram of milk, Google just gave me the answer: 113 calories
UPDATE: Friends advise use of http://www.myfitnesspal.com/, which allegedly has a better database. It looks like I can “save” a favorite meal consisting of:
Two quotes passed along on September 11, from my meat-eating Grandmother:
A USDA inspector reviews the carcasses of slaughtered pigs for our safety. Credit: Wikmedia Commons
“As long as there are slaughterhouses there will be battlefields.” –Leo Tolstoy
“We are the living graves of murdered beasts
slaughtered to satisfy our appetites.
We never pause to wonder at our feasts,
if animals, like men, can possibly have rights.
We pray on Sundays that we may have light,
to guide our footsteps on the path we tread.
We’re sick of war, we do not want to fight –
The thought of it now fills our hearts with dread,
and yet – we gorge ourselves upon the dead.
Like carrion crows we live and feed on meat,
regardless of the suffering and pain
we cause by doing so, if thus we treat
defenseless animals for sport or gain
how can we hope in this world to attain
the PEACE we say we are so anxious for.
We pray for it o’er hecatombs of slain,
to God, while outraging the moral law,
thus cruelty begets its offspring – WAR.”
–George Bernard Shaw
Here is a new phishing attack that made it through to Gmail about the domain name dispute around tjldme . . . ?!!
Dear Manager,
(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)
We are a organization specializing in network consulting and registration in China. Here we have something to confirm with you. We just received an application sent from “Global Importing Co., Ltd” on 20/11/2013, requesting for applying the “tjldme” as the Internet Brand and the following domain names for their business running in China region:
Though our preliminary review and verification, we found that this name is currently being used by your company and is applied as your domain name. In order to avoid any potential risks in terms of domain name dispute and impact on your market businesses in China and Asia in future, we need to confirm with you whether “Global Importing Co., Ltd” is your own subsidiary or partner, whether the registration of the listed domains would bring any impact on you. If no impact on you, we will go on with the registration at once. If you have no relationship with “Global Importing Co., Ltd” and the registration would bring some impact on you, Please contact us immediately within 10 working days, otherwise, you will be deemed as waived by default. We will unconditionally finish the registration for “Global Importing Co., Ltd”
Please contact us in time in order that we can handle this issue better.
Best Regards,
Wesley Hu
Auditing Department.
Registration Department Manager
4/F,No.9 XingHui West Street,
JinNiu ChenDu, China
Office:Â +86 2887662861
Fax:Â +86 2887783286
Web:Â http://www.cnnetpro.com
Please consider the environment before you print this e-mail.
I assume they’ll need a processing fee. I wonder if they munged toldme.com in an effort to avoid Phish filtering . . . ? The URL at the bottom is blocked by our firewall.
We were somewhere around Barstow on the edge of the desert when the drugs began to take hold. I remember saying something like “I feel a bit lightheaded; maybe you should drive….” And suddenly there was a terrible roar all around us and the sky was full of what looked like huge bats, all swooping and screeching and diving around the car, which was going about a hundred miles an hour with the top down to Las Vegas. And a voice was screaming “Holy Jesus! What are these goddamn animals?”
Then it was quiet again. My attorney had taken his shirt off and was pouring beer on his chest, to facilitate the tanning process. “What the hell are you yelling about?” he muttered, staring up at the sun with his eyes closed and covered with wraparound Spanish sunglasses. “Never mind,” I said. “It’s your turn to drive.” I hit the brakes and aimed the Great Red Shark toward the shoulder of the highway. No point mentioning those bats, I thought. The poor bastard will see them soon enough.
We were somewhere around Barstow on the edge of the desert with a drug against a cold. I remember saying something like “I feel a bit lightheaded maybe you should drive.” And suddenly there was a terrible rawr all around us in the sky was full of it look like you’re fat, also reach me on the car, which was going about a hundred miles an hour with the top down to Las Vegas. And waste of screaming “All ages! What are these god damn animals?”
It was quiet again. I turn into taking your shirt off was pouring beer ice chest, to the Celtic the tanning process. “What the hell are you yelling about?” he muttered, staring up at the Sun with his eyes closed and covered with wraparound Spanish sunglasses. “Nevermind,” I said. “It’s your turn to drive.” I hit the brakes and emigrate red truck with the shoulder of the highway. No point missing those bats, I thought. The poor bastard will see them soon enough.
I added the quotation marks manually, as well as the paragraph break. My phone, unlike others, does not seem to understand the “new paragraph” command. The original text, was stolen from http://www.galleries.com/jeff/gonzo.htm, which was stolen from Hunter S. Thompson, who is dead.
At long last, I retired my old T-Mobile G2. It was the last in a long line of phones I have owned for the past decade with a physical keyboard. (I think I owned every Sidekick up to the 3 before going Android with the G1 and the G2.) I like the ability to thumb type into my phone, but the G2’s old keyboard had long ago gone creaky, and it had lacked a dedicated number row besides.
Obligatory picture recently taken with my new computer telephone. Featuring a cat.
They don’t make nice smart phones with keyboards any more. Market research seems to indicate that the only remaining markets for keyboard phones are horny teenagers who need a cheap, hip Android-based Sidekick, and those legions of high powered business people who will never abandon their ancient Blackberries.
Anyway, the new Nexus 5 is here. The on-screen keyboard is okay slow and inaccurate. Like moving from a really fantastic sports car to a hovercraft piloted by a drunken monkey. I mean,the monkey-piloted hovercraft is undeniably cool technology, and I can eventually get where I need to go, but . . . its not the same, you see?
So, lets explore Voice dictation! It works . . . well, about as well as the monkey hovercraft, but with the added benefit that you don’t have to keep jiggling your thumb across the screen. But how do you do new lines and paragraphs? Where’s the command reference?
The other thing that excited me about the Nexus 5 was that on the home screen you can drag apps right up to “Uninstall” . . . unless they’re Google apps! “Way to not be evil,” I cried. Until a Google colleague pointed out that it was just a bit of UI funkiness on Google’s part, owing to the applications coming bolted into the UI, there is at least a method to disable them.
Anyway, this is useful knowledge that helped me to vanquish the Picasa sync thing that has been hiding images from the gallery for the past few years. I have another project where I’m testing out BitTorrent Sync to pull images off our phones and then sync a copy of the family photo archive back down to the phones. If that works out, I’ll write it up. I may pursue that further to see if I can’t replace Dropbox, which, unfortunately, does not (yet) offer any sort of a family plan. Also, if I can host my own data I needn’t share as much of it with the NSA.
Two weeks ago, I attended Atlassian Summit 2013 in San Francisco. Â This is an opportunity to train, network, and absorb propaganda about Atlassian products (JIRA, Greenhopper, Confluence, &c.) and ecosystem partners. Â I thought I would share a summary of some of the notes I took along the way, for anyone who might find interest:
At the Keynote, Atlassian launched some interesting products:
As time passes, the ticket gets crankier at you in real time about the SLA.
Jira Service Desk
Jira Service Desk is an extension to JIRA 6 oriented around IT needs.  The interesting features include:
Customer Portal with integrated KB search
Real-time visibility of ticket SLA status
The first thing helps people get their work done, and the second is manager catnip.
Confluence Knowledge Base
Confluence 5.3 features a shake-the-box Knowledge Base setup:
Improved template system — “blueprints” for different article types
Real-time search portal which integrates with JIRA Service Desk
My Questions: enforcing KB link with JIRA workflow and identifying “use count” as an article search metric
Other Stuff I looked into:
REST and Webhooks
There was a presentation on JIRA’s REST API, and mention of Webhooks.
Another feature for tight integration is Webhooks: you can configure JIRA so that certain issue actions trigger a hit to a remote URL. Â This is generally intended for building apps around JIRA. Â We might use this to implement Nagios ACKs.
Atlassian Connect
I haven’t looked too deeply as this is a JIRA 6 feature, but Atlassian Connect promises to be a new method of building JIRA extensions that is lighter-weight than their traditional plugin method.  (Plugins want you to set up Eclipse and build a Java Dev environment in your workstation… Connect sounds like just build something in your own technology stack around REST and Webhooks)
Cultivating Content: Designing Wiki Solutions that Scale
Rebecca Glassman, a tech writer at Opower, gave a really engaging talk that addresses a problem that seems commonplace: how to tame the wiki jungle! Â Her methodology went something like this:
Manage the wiki like it is a product: interview stakeholders, get some metrics, do UX testing
Metrics: Google Analytics, View Tracker Macro, Usage Macro
UX results at Opower revealed more reliance on Table of Contents vs Search (55%) and that users skip past top-level pages, so you don’t want to put content just on there
In search, users only look at the first 2-3 results before giving up
They engaged some users to track the questions they had and their success at getting answers from the wiki
The Docs people (2) built an “answer desk” situation where they took in Questions from across the company, and tracked their progress writing answers on a Kanban board
As they better learned user needs and what sort of knowledge there was, they built “The BOOK” (Body of Opower Knowledge) based on a National Parks model:
Most of the wiki is a vast wilderness, which you are free to explore
The BOOK is the nice, clean visitors center to help take care of most of your needs and help you prepare for your trek into the wilderness
The BOOK is a handbook, in its own space, with its own look-and-feel, and edits are welcome, but they are vetted by the Docs team via Ad Hoc Workflows
By having tracked Metrics from the get-go, they can quantify the utility of The BOOK …
(I have some more notes on how they built, launched, and promoted The BOOK. Â The problem they tackled sounds all to familiar and her approach is what I have always imagined as the sort of way to go.)
Ad Hoc Canvas
The Ad Hoc Canvas plugin for Confluence caught my eye.  At first glance, it is like Trello, or Kanban, where you fill out little cards and drag them around to track things.  But it has options to organize the information in different ways depending on the task at hand: wherever you are using a spreadsheet to track knowledge or work, Ad Hoc Canvas might be a much better solution.  Just look at the videos and you get an idea . . .
The Dark Art of Performance Tuning
Adaptavist gave a presentation on performance analysis of JIRA and Confluence. Â It was fairly high-level but the gist of this is that you want to monitor and trend the state of the JVM: memory, heap, garbage collection, filehandles, database connections, &c. Â He had some cool graphs of stuff like garbage collection events versus latency that had helped them to analyze issues for clients. Â One consideration is that each plugin and each code revision to a plugin brings a bunch of new code into the pool with its own potential for issues. Â Ideally, you can set up a load testing environment for your staging system. Â Short of that, the more system metrics that you can track, you can upgrade plugins one at a time and watch for any effects. Â As an example, one plugin upgrade went from reserving 30 database connections to reserving 150 database connections, and that messed up performance because the rest of the system would become starved of available database connections. Â (So, they figured that out and increased that resource..)
tl;dr: JIRA Performance Tuning is a variation of managing other JVM Applications
Collaboration For Executives
I popped in on this session near the end, but the takeaway for anyone who wants to deliver effective presentations to upper management are:
The presenter’s narrative was driven by an initial need to capture executive buy-in that their JIRA system was critical to business function and needed adequate resourcing.
One big deal is that when Hussein used chemical weapons against Iran, we knew it was happening, and instead of raising a stink, we gave him logistical support. Our credibility with regards to international law is heavily tarnished, and that undermines our claims in present day Syria.
What I would love to see is if Congress, in authorizing military action, also passed some kind of Whistle Blower Compulsion bill: if you see something, you must say something!! If you are aware that a war crime or a crime against humanity is being perpetrated, you have to tell everyone you can think of: your boss, your mom, your blog, the New York Times, hell, even tell that douchenozzle Julian Assange! Failure to disclose knowledge of such crimes should consequently open you to charges of criminal conspiracy once they are finally disclosed.
(. . . not like we would ever prosecute Americans for War Crimes, but a boy can dream . . .)
As far as the current situation in Syria goes, I am reminded of Serbia. After a few too many abuses Clinton sent in air power to disrupt their military command and control and mess up the power grid. We basically put our thumb on the scale to expedite our preferred outcome. From what I can tell, our short-term preferred outcome in Syria is a stalemate (brutal dictator vs Al Qaeda) so I don’t reckon we’ll spend much time with our thumb on the scale.
The long-term desired outcome, which is the real reason we need to take the idea of intervention seriously, is to discourage the future use of chemical weapons. “Remember when Assad looked like he might win the civil war in Syria but then he gassed civilians and the US started bombing him? Yeah, maybe we shouldn’t be too quick to reach for the chemical weapons.” This is what I hope will be an outcome of our bombing Syria.
As new parents, it is not as if we are getting out to the movies at all these days. All the same, when the Ender’s Game Movie page popped up in my Facebook I had to pay a visit, and share my opinion:
FWIW, Card has continued to advocate and advance his beliefs that homosexual people should have lesser rights than heterosexual people. If you see this movie then some of your ticket price goes to Card and will help in your own small way to advocate for discrimination. This reason alone turns me so far of the prospect of seeing this movie.
When I was younger, I loved the entire trilogy, and I would still encourage folks to borrow the books from the library, but the thought of giving another dime to Card fills me with revulsion.
Discrimination is not cool, and every dollar of revenue this movie fails to book is a dollar that has been better spent elsewhere.
Unsurprisingly, people who are planning not see go watch Ender’s Game aren’t spending much time on the movie’s Facebook page. So, comments like mine get a lot of pushback. Some guy in Netherlands reads what I said above and responds, “So you liked the books and then you learned about OSC’s beliefs and you didn’t like the books anymore?”
Which, no, that’s not quite what I said. So, I’ll try again:
Peter, I love the books. What I dislike is the idea of giving any money to a guy who uses it as a soapbox to preach that gay people should be discriminated against. I dislike the idea of giving my money to someone who preaches against the rights of homosexuals just as much as I dislike the idea of giving my money to someone preaching Racism or Sexism or Ultranationalism or Religious Extremism or any of the rest.
Fortunately, there are plenty of great books to be read, plenty of great movies to be watched, that aren’t asking me to support the cause of hateful people. There are plenty of great books I have not yet read, plenty of great movies I have yet to watch. Plenty of enjoyment to be had without giving money to those preaching a tired old hatred.
Ask yourself this: would the idealistic young kids portrayed in “Enders Game” be lining up to see a movie produced by someone preaching hate? There are surely any number of more valuable things that you could be spending your time and money on, neh?
At any rate, as I said, there’s only so much time I have to spend that I’m not going to blow too much of it debating kids on Facebook. I have done my little part, and Orson Scott Card is pretty small-fry compared to the kind of awful stuff that is happening in Russia.
Four score and seven years ago, our fathers set forth upon this continent a new nation. One conceived in Liberty and dedicated to the proposition that All Men are Created Equal.
My regular handwriting is pretty awful. But this font is somewhat more readable. The process is you pick out the characters you’ll want in your alphabet, download and print some templates, write in the squares on the templates, scan and upload and boom, you’ve got your font. Kind of fun.
Of course, nothing’s ever quite simple. I wrestled at first with the limitations of MyScriptFont.com and a ball-point pen. That first site doesn’t do “double-quotes”. To get the font as far as I have, I also needed to use a felt pen, which is weird for me, and then review the scanned pages in a paint program to eliminate stray marks and cut the bottom tail off my capital I.
I’m pretty pleased with the results thus far. I have to use a larger size for legibility. One nice feature about the PaintFont site is that you can later add characters to your existing font file. If I ever have occasion to employ this font for a “serious” endeavor, I may try to re-render some of the characters for better legibility.
In testing a handwritten font, I find that writing out a few addresses seems to be a good test. Not only do they have a good mixture of letter casing and numbers, but that’s pretty much all I have occasion to handwrite any more anyway:
Jake & Elwood Blues
1060 W Addison St.
Chicago, IL 60613
President Obama
1600 Pennsylvania Ave NW
Washington, DC 20500
The Honorable Mike Honda
2001 Gateway Place
Suite 670W
San Jose, CA 95110
I’m not sure when this will be useful, but it is nice to have your very own font around, and the process is kind of fun. :)
I have for a long time wanted to be able to download my data. It seems simple: I buy a device to track my data, I should have access to the data collected.
Honestly, that just feels slimy. They are my data. My data are not a premium feature. This restriction puts a bad taste in my mouth and that is a strong deterrent to purchasing further products from you folks. Which is too bad, since I otherwise like the hardware and I am ready to be upsold to an NFC device. But since my data are not my data … well, I’d rather just spend my money elsewhere.
Thanks,
-danny
If anyone has an activity tracker they particularly like, I am keen to hear about it.
A reaction I posted to a friend’s Facebook with regard to the present BART Strike:
I’m a pro-Union Liberal who thinks it is wrong to beat up on public-sector employees. I have heard that BART staff get 40 PTO days per year and there’s a scheme where you can take PTO, then take a shift, and get overtime for that. That’s something we can fix.
The train operators literally sit on their ass and watch the train drive itself. I talked to a guy who said that he did an important job of every once in a while mashing the buttons to fix something, and if he and his comrades weren’t there, BART would have to evacuate the passengers, shut the doors, and run the train empty to its terminal. Horrors!
In NYC, they’ve been laying off station agents where possible and using video cameras to aggregate agent services remotely.
I keep hoping that one of these days a labor action will be an excuse for BART to just fire the train operators and let the system run on automatic as it was designed to do. Spend the money on more frequent service so when a train occasionally has to be taken down, its replacement appears that much more quickly. Spread some of that money to the best station agents and start installing remote presence equipment to make the most of their labor.
. . . and if those train operators are even half as as good at mashing buttons in an emergency as they think they are, they can make the same salary as an entry-level SysAdmin.
Seriously, it is sad when your job is obsoleted by technology. It is even sadder when your job was obsoleted by technology before it even existed. Saddest when your skills are in extremely high demand at higher pay, but we keep paying you to do an obsolete job of extremely marginal public benefit.
