Bookmarks for February 4th through February 11th

These are my links for February 4th through February 11th:

  • Schneier on Security: Interview with a Nigerian Internet Scammer – "We had something called the recovery approach. A few months after the original scam, we would approach the victim again, this time pretending to be from the FBI, or the Nigerian Authorities. The email would tell the victim that we had caught a scammer and had found all of the details of the original scam, and that the money could be recovered. Of course there would be fees involved as well. Victims would often pay up again to try and get their money back."
  • xkcd – Frequency of Strip Versions of Various Games – n = Google hits for "strip <game name>" / Google hits for "<game name>"
  • PeteSearch: How to split up the US – Visualization of social network clusters in the US. "information by location, with connections drawn between places that share friends. For example, a lot of people in LA have friends in San Francisco, so there's a line between them.

    Looking at the network of US cities, it's been remarkable to see how groups of them form clusters, with strong connections locally but few contacts outside the cluster. For example Columbus, OH and Charleston WV are nearby as the crow flies, but share few connections, with Columbus clearly part of the North, and Charleston tied to the South."

  • Redis: Lightweight key/value Store That Goes the Extra Mile | Linux Magazine – Sort of like memcache. "Calling redis a key/value store doesn’t quite due it justice. It’s better thought of as a “data structures” server that supports several native data types and operations on them. That’s pretty much how creator Salvatore Sanfilippo (known as antirez) describes it in the documentation. Let’s dig in and see how it works."
  • Op-Ed Contributor – Microsoft’s Creative Destruction – NYTimes.com – Unlike other companies, Microsoft never developed a true system for innovation. Some of my former colleagues argue that it actually developed a system to thwart innovation. Despite having one of the largest and best corporate laboratories in the world, and the luxury of not one but three chief technology officers, the company routinely manages to frustrate the efforts of its visionary thinkers.

Bookmarks for January 30th through February 4th

These are my links for January 30th through February 4th:

  • Op-Ed Contributor – Microsoft’s Creative Destruction – NYTimes.com – Unlike other companies, Microsoft never developed a true system for innovation. Some of my former colleagues argue that it actually developed a system to thwart innovation. Despite having one of the largest and best corporate laboratories in the world, and the luxury of not one but three chief technology officers, the company routinely manages to frustrate the efforts of its visionary thinkers.
  • Leonardo da Vinci’s Resume Explains Why He’s The Renaissance Man For the Job – Davinci – Gizmodo – At one time in history, even da Vinci himself had to pen a resume to explain why he was a qualified applicant. Here's a translation of his letter to the Duke of Milan, delineating his many talents and abilities. "Most Illustrious Lord, Having now sufficiently considered the specimens of all those who proclaim themselves skilled contrivers of instruments of war, and that the invention and operation of the said instruments are nothing different from those in common use: I shall endeavor, without prejudice to any one else, to explain myself to your Excellency, showing your Lordship my secret, and then offering them to your best pleasure and approbation to work with effect at opportune moments on all those things which, in part, shall be briefly noted below..The document, written when da Vinci was 30, is actually more of a cover letter than a resume; he leaves out many of his artistic achievements and instead focuses on what he can provide for the Duke in technologies of war.
  • jsMath: jsMath Home Page – The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. Although it works best with the TeX fonts installed, jsMath will fall back on a collection of image-based fonts (which can still be scaled or printed at high resolution) or unicode fonts when the TeX fonts are not available.
  • Josh on the Web » Blog Archive » Abusing the Cache: Tracking Users without Cookies – To track a user I make use of three URLs: the container, which can be any website; a shim file, which contains a unique code; and a tracking page, which stores (and in this case displays) requests. The trick lies in making the browser cache the shim file indefinitely. When the file is requested for the first – and only – time a unique identifier is embedded in the page. The shim embeds the tracking page, passing it the unique ID every time it is loaded. See the source code.

    One neat thing about this method is that JavaScript is not strictly required. It is only used to pass the message and referrer to the tracker. It would probably be possible to replace the iframes with CSS and images to gain JS-free HTTP referrer logging but would lose the ability to store messages so easily.

  • Panopticlick – Your browser fingerprint appears to be unique among the 342,943 tested so far.

    Currently, we estimate that your browser has a fingerprint that conveys at least 18.39 bits of identifying information.

    The measurements we used to obtain this result are listed below. You can read more about the methodology here, and about some defenses against fingerprinting here

Bookmarks for January 23rd through January 30th

These are my links for January 23rd through January 30th:

  • Leonardo da Vinci’s Resume Explains Why He’s The Renaissance Man For the Job – Davinci – Gizmodo – At one time in history, even da Vinci himself had to pen a resume to explain why he was a qualified applicant. Here's a translation of his letter to the Duke of Milan, delineating his many talents and abilities. "Most Illustrious Lord, Having now sufficiently considered the specimens of all those who proclaim themselves skilled contrivers of instruments of war, and that the invention and operation of the said instruments are nothing different from those in common use: I shall endeavor, without prejudice to any one else, to explain myself to your Excellency, showing your Lordship my secret, and then offering them to your best pleasure and approbation to work with effect at opportune moments on all those things which, in part, shall be briefly noted below..The document, written when da Vinci was 30, is actually more of a cover letter than a resume; he leaves out many of his artistic achievements and instead focuses on what he can provide for the Duke in technologies of war.
  • jsMath: jsMath Home Page – The jsMath package provides a method of including mathematics in HTML pages that works across multiple browsers under Windows, Macintosh OS X, Linux and other flavors of unix. It overcomes a number of the shortcomings of the traditional method of using images to represent mathematics: jsMath uses native fonts, so they resize when you change the size of the text in your browser, they print at the full resolution of your printer, and you don't have to wait for dozens of images to be downloaded in order to see the mathematics in a web page. There are also advantages for web-page authors, as there is no need to preprocess your web pages to generate any images, and the mathematics is entered in TeX form, so it is easy to create and maintain your web pages. Although it works best with the TeX fonts installed, jsMath will fall back on a collection of image-based fonts (which can still be scaled or printed at high resolution) or unicode fonts when the TeX fonts are not available.
  • Josh on the Web » Blog Archive » Abusing the Cache: Tracking Users without Cookies – To track a user I make use of three URLs: the container, which can be any website; a shim file, which contains a unique code; and a tracking page, which stores (and in this case displays) requests. The trick lies in making the browser cache the shim file indefinitely. When the file is requested for the first – and only – time a unique identifier is embedded in the page. The shim embeds the tracking page, passing it the unique ID every time it is loaded. See the source code.

    One neat thing about this method is that JavaScript is not strictly required. It is only used to pass the message and referrer to the tracker. It would probably be possible to replace the iframes with CSS and images to gain JS-free HTTP referrer logging but would lose the ability to store messages so easily.

  • Panopticlick – Your browser fingerprint appears to be unique among the 342,943 tested so far.

    Currently, we estimate that your browser has a fingerprint that conveys at least 18.39 bits of identifying information.

    The measurements we used to obtain this result are listed below. You can read more about the methodology here, and about some defenses against fingerprinting here

  • Benlog » Don’t Hash Secrets – If I tell you that SHA1(foo) is X, then it turns out in a lot of cases to be quite easy for you to determine what SHA1(foo || bar) is. You don’t need to know what foo is. because SHA1 is iterative and works block by block, if you know the hash of foo, then you can extend the computation to determine the hash of foo || bar

    That means that if you know SHA1(secret || message), you can compute SHA1(secret || message || ANYTHING), which is a valid signature for message || ANYTHING. So to break this system, you just need to see one signature from SuperAnnoyingPoke, then you can impersonate SuperAnnoyingPoke for lots of other messages.

    What you should be using is HMAC: Hash-function Message Authentication Code. You don’t need to know exactly how it works, just need to know that HMAC is specifically built for message authentication codes and the use case of SuperAnnoyingPoke/MyFace. Under the hood, what’s approximately going on is two hashes, with the secret combined after the first hash

  • Data.gov – Featured Datasets: Open Government Directive Agency – Datasets required under the Open Government Directive through the end of the day, January 22, 2010. Freedom of Information Act request logs, Treasury TARP and derivative activity logs, crime, income, agriculture datasets.

Bookmarks for December 31st through January 17th

These are my links for December 31st through January 17th:

  • Khan Academy – The Khan Academy is a not-for-profit organization with the mission of providing a high quality education to anyone, anywhere.

    We have 1000+ videos on YouTube covering everything from basic arithmetic and algebra to differential equations, physics, chemistry, biology and finance which have been recorded by Salman Khan.

  • StarCraft AI Competition | Expressive Intelligence Studio – AI bot warfare competition using a hacked API to run StarCraft, will be held at AIIDE2010 in October 2010.
    The competition will use StarCraft Brood War 1.16.1. Bots for StarCraft can be developed using the Broodwar API, which provides hooks into StarCraft and enables the development of custom AI for StarCraft. A C++ interface enables developers to query the current state of the game and issue orders to units. An introduction to the Broodwar API is available here. Instructions for building a bot that communicates with a remote process are available here. There is also a Forum. We encourage submission of bots that make use of advanced AI techniques. Some ideas are:
    * Planning
    * Data Mining
    * Machine Learning
    * Case-Based Reasoning
  • Measuring Measures: Learning About Statistical Learning – A "quick start guide" for statistical and machine learning systems, good collection of references.
  • Berkowitz et al : The use of formal methods to map, analyze and interpret hawala and terrorist-related alternative remittance systems (2006) – Berkowitz, Steven D., Woodward, Lloyd H., & Woodward, Caitlin. (2006). Use of formal methods to map, analyze and interpret hawala and terrorist-related alternative remittance systems. Originally intended for publication in updating the 1988 volume, eds., Wellman and Berkowitz, Social Structures: A Network Approach (Cambridge University Press). Steve died in November, 2003. See Barry Wellman’s “Steve Berkowitz: A Network Pioneer has passed away,” in Connections 25(2), 2003. It has not been possible to add the updating of references or of the quality of graphics that might have been possible if Berkowitz were alive. An early version of the article appeared in the Proceedings of the Session on Combating Terrorist Networks: Current Research in Social Network Analysis for the New War Fighting Environment. 8th International Command and Control Research and Technology Symposium. National Defense University, Washington, D.C June 17-19, 2003
  • SSH Tunneling through web filters | s-anand.net – Step by step tutorial on using Putty and an EC2 instance to set up a private web proxy on demand.
  • PyDroid GUI automation toolkit – GitHub – What is Pydroid?

    Pydroid is a simple toolkit for automating and scripting repetitive tasks, especially those involving a GUI, with Python. It includes functions for controlling the mouse and keyboard, finding colors and bitmaps on-screen, as well as displaying cross-platform alerts.
    Why use Pydroid?

    * Testing a GUI application for bugs and edge cases
    o You might think your app is stable, but what happens if you press that button 5000 times?
    * Automating games
    o Writing a script to beat that crappy flash game can be so much more gratifying than spending hours playing it yourself.
    * Freaking out friends and family
    o Well maybe this isn't really a practical use, but…

  • Time Series Data Library – More data sets – "This is a collection of about 800 time series drawn from many different fields.Agriculture Chemistry Crime Demography Ecology Finance Health Hydrology Industry Labour Market Macro-Economics Meteorology Micro-Economics Miscellaneous Physics Production Sales Simulated series Sport Transport & Tourism Tree-rings Utilities"
  • How informative is Twitter? » SemanticHacker Blog – "We undertook a small study to characterize the different types of messages that can be found on Twitter. We downloaded a sample of tweets over a two-week period using the Twitter streaming API. This resulted in a corpus of 8.9 million messages (”tweets”) posted by 2.6 million unique users. About 2.7 million of these tweets, or 31%, were replies to a tweet posted by another user, while half a million (6%) were retweets. Almost 2 million (22%) of the messages contained a URL."
  • Gremlin – a Turing-complete, graph-based programming language – GitHub – Gremlin is a Turing-complete, graph-based programming language developed in Java 1.6+ for key/value-pair multi-relational graphs known as property graphs. Gremlin makes extensive use of the XPath 1.0 language to support complex graph traversals. This language has applications in the areas of graph query, analysis, and manipulation. Connectors exist for the following data management systems:

    * TinkerGraph in-memory graph
    * Neo4j graph database
    * Sesame 2.0 compliant RDF stores
    * MongoDB document database

    The documentation for Gremlin can be found at this location. Finally, please visit TinkerPop for other software products.

  • The C Programming Language: 4.10 – by Kernighan & Ritchie & Lovecraft – void Rlyeh
    (int mene[], int wgah, int nagl) {
    int Ia, fhtagn;
    if (wgah>=nagl) return;
    swap (mene,wgah,(wgah+nagl)/2);
    fhtagn = wgah;
    for (Ia=wgah+1; Ia<=nagl; Ia++)
    if (mene[Ia]<mene[wgah])
    swap (mene,++fhtagn,Ia);
    swap (mene,wgah,fhtagn);
    Rlyeh (mene,wgah,fhtagn-1);
    Rlyeh (mene,fhtagn+1,nagl);

    } // PH'NGLUI MGLW'NAFH CTHULHU!

  • How to convert email addresses into name, age, ethnicity, sexual orientation – This is so Meta – "Save your email list as a CSV file (just comma separate those email addresses). Upload this file to your facebook account as if you wanted to add them as friends. Voila, facebook will give you all the profiles of all those users (in my test, about 80% of my email lists have facebook profiles). Now, click through each profile, and because of the new default facebook settings, which makes all information public, about 95% of the user info is available for you to harvest."
  • Microsoft Security Development Lifecycle (SDL): Tools Repository – A collection of previously internal-only security tools from Microsoft, including anti-xss, fuzz test, fxcop, threat modeling, binscope, now available for free download.
  • Analytics X Prize – Home – Forecast the murder rate in Philadelphia – The Analytics X Prize is an ongoing contest to apply analytics, modeling, and statistics to solve the social problems that affect our cities. It combines the fields of statistics, mathematics, and social science to understand the root causes of dysfunction in our neighborhoods. Understanding these relationships and discovering the most highly correlated variables allows us to deploy our limited resources more effectively and target the variables that will have the greatest positive impact on improvement.
  • PeteSearch: How to find user information from an email address – FindByEmail code released as open-source. You pass it an email address, and it queries 11 different public APIs to discover what information those services have on the user with that email address.
  • Measuring Measures: Beyond PageRank: Learning with Content and Networks – Conclusion: learning based on content and network data is the current state of the art There is a great paper and talk about personalization in Google News they use content for this purpose, and then user click streams to provide personalization, i.e. recommend specific articles within each topical cluster. The issue is content filtering is typically (as we say in research) "way harder." Suppose you have a social graph, a bunch of documents, and you know that some users in the social graph like some documents, and you want to recommend other documents that you think they will like. Using approaches based on Networks, you might consider clustering users based on co-visitaion (they have co-liked some of the documents). This scales great, and it internationalizes great. If you start extracting features from the documents themselves, then what you build for English may not work as well for the Chinese market. In addition, there is far more data in the text than there is in the social graph
  • mikemaccana’s python-docx at master – GitHub – MIT-licensed Python library to read/write Microsoft Word docx format files. "The docx module reads and writes Microsoft Office Word 2007 docx files. These are referred to as 'WordML', 'Office Open XML' and 'Open XML' by Microsoft. They can be opened in Microsoft Office 2007, Microsoft Mac Office 2008, OpenOffice.org 2.2, and Apple iWork 08. The module was created when I was looking for a Python support for MS Word .doc files, but could only find various hacks involving COM automation, calling .net or Java, or automating OpenOffice or MS Office."

Bookmarks for June 3rd through June 4th

These are my links for June 3rd through June 4th:

Bookmarks for May 22nd from 06:31 to 07:14

These are my links for May 22nd from 06:31 to 07:14:

  • Javascript Malware Analysis: A Case Study – "This particular beast was found in the wild in May 2009 on a site phishing for Facebook user credentials, and is a particularly-nasty bugger. Note the number of strangely-named variables created up front, many of which are not even referenced in the code blocks that follow. Additionally notice the odd ternary statements which have no impact on the operation of the code, and presumably must exist to trip up scanners (unless there is a fancy form of string replacement on the body of some functions, in which case the functions could be mutated before execution – and that would be scary. A cipher based on the body of the function has also been seen.)"
  • MySQL: Forked beyond repair? | Developer World – InfoWorld – Now that MySQL is part of Oracle, will the forks take over? "if MySQL's approval ratings are slumping, all the more reason for Oracle to move decisively. Oracle must work to regain the trust and support of the MySQL community or risk losing mindshare to a fork, such as Drizzle or MariaDB. To do that, it has to avoid making the mistakes that Sun made when it acquired MySQL. In a sense, to succeed with MySQL, Oracle will have to stop acting like Oracle."
  • Scott Hanselman’s Computer Zen – Less Virtual, More Machine – Windows 7 and the magic of Boot to VHD – Notes on using Windows virtual hard drives to manage instances of multiple version of Windows in parallel, e.g. Windows 7 beta, WinXP, etc.
  • How Opera’s business model works – Communication Breakdown – David Meyer’s Blog at ZDNet.co.uk Community – Around 40M users, "Most of our revenue — 75-80 percent — comes from mobile devices, fom a free browser. We provide the browser for free, like Opera desktop and Mini, and then we generate revenue through our content partners. We provide the search in the right corner and things like that, and that generates revenues in the free distributions. Then you get paid by OEMs [original equipment manufacturers] for distribution — companies like Nokia and Motorola. Most of the mobile OEMs and a fair amount of the other OEMs. We signed up Ford recently and we're now in Ford trucks."
  • Digicorp » Blog Archive » Prevention of Sql Injection with PHP – Notes on good coding hygiene for avoiding SQL injection attacks while processing web form input such as passwords and other text fields.

Bookmarks for May 5th through May 6th

These are my links for May 5th through May 6th:

Bookmarks for April 30th through May 2nd

These are my links for April 30th through May 2nd:

  • FusionCharts Free – Animated Flash Charts and Graphs for ASP, PHP, ASP.NET, JSP, RoR and other web applications – Flash charting component that can be used to render data-driven & animated charts for your web applications and presentations. It is a cross-browser and cross-platform solution that can be used with PHP, Python, Ruby on Rails, ASP, ASP.NET, JSP, ColdFusion, simple HTML pages or even PowerPoint Presentations to deliver interactive and powerful flash charts. You do NOT need to know anything about Flash to use FusionCharts. All you need to know is the language you're programming in.
  • Raphaël—JavaScript Library – Raphaël is a small JavaScript library that should simplify your work with vector graphics on the web. If you want to create your own specific chart or image crop and rotate widget, for example, you can achieve it simply and easily with this library. Raphaël uses the SVG W3C Recommendation and VML as a base for creating graphics. This means every graphical object you create is also a DOM object, so you can attach JavaScript event handlers or modify them later. Raphaël’s goal is to provide an adapter that will make drawing vector art compatible cross-browser and easy.
  • A Really Gentle Introduction to Data Mining | Regular Geek – List of data mining blogs and related resources.
  • BlackBerry SSH Tutorial: Connect to Unix Server using MidpSSH for Mobile Devices – Notes on using MidpSSH on Blackberry for remote access to servers. Seems to work, although big network lag on my BlackBerry Bold / AT&T.
  • Country Reports on Terrorism 2008 – U.S. law requires the Secretary of State to provide Congress, by April 30 of each year, a full and complete report on terrorism with regard to those countries and groups meeting criteria set forth in the legislation. This annual report is entitled Country Reports on Terrorism. Beginning with the report for 2004, it replaced the previously published Patterns of Global Terrorism.
  • DIY: How To Find Authoritative Twitter Users Plus 100 To Get You Started | Ignite Social Media – Some comments on recommendation metrics for Twitter, trying to use "favorites" mark as an indicator.
  • SIGUSR2 > The Power That is GNU Emacs – "If you've never been convinced before that Emacs is the text editor in which dreams are made from, or that inside Emacs there are unicorns manipulating your text, don't expect me to convince you."

Bookmarks for April 24th through April 27th

These are my links for April 24th through April 27th:

Bookmarks for April 20th through April 23rd

These are my links for April 20th through April 23rd:

Bookmarks for April 3rd through April 7th

These are my links for April 3rd through April 7th:

  • Agile Testing: Experiences deploying a large-scale infrastructure in Amazon EC2 – Practical guidance on using cloud computing at EC2. Expect failures, automate deployment, more.
  • joshua’s blog: on url shorteners – Joshua Schachter (founder of del.icio.us) summary on the state of URL shorteners (tinyurl, bit.ly, etc), and issues with 3rd party redirects, link sharing through twitter, etc.
  • Control Yourself » status.net coming soon – On status.net, plans for hosting laconi.ca sites, and federating microblogging status networks
  • There must be some way out of here (Scripting News) – Comments on the rise of celebrity accounts on Twitter, increasing spam/noise, and alternative models for laconi.ca and status.net
  • Stochastic Models of User-Contributory Web Sites – Tad Hogg, Kristina Lerman 31 Mar 2009 Abstract: We describe a general stochastic processes-based approach to modeling user-contributory web sites, where users create, rate and share content. These models describe aggregate measures of activity and how they arise from simple models of individual users. This approach provides a tractable method to understand user activity on the web site and how this activity depends on web site design choices, especially the choice of what information about other users' behaviors is shown to each user. We illustrate this modeling approach in the context of user-created content on the news rating site Digg.

Bookmarks for February 28th through March 1st

These are my links for February 28th through March 1st:

  • Community Data – Swivel – User contributed datasets, for visualization and graphs with Swivel
  • Obamameter – Map visualization of economic stimulus outlays. "Keep tabs on the the US economy, the global economy and the stimulus through our dashboard for the economy."
  • recovery.gov.pdf – Slide presentation on data sources and construction of initial Recover.gov site in Jan 2009, from talk at Transparency Camp.
  • Virtual Hoff : DoxPara Research – Slides from Dan Kaminsky's talk at CloudCamp Seattle on network and application security issues in cloud and virtualized computing environments.
  • Can You Buy a Silicon Valley? Maybe. – from Paul Graham – "If you could get startups to stick to your town for a million apiece, then for a billion dollars you could bring in a thousand startups. That probably wouldn't push you past Silicon Valley itself, but it might get you second place. For the price of a football stadium, any town that was decent to live in could make itself one of the biggest startup hubs in the world."
  • Berkshire Hathaway 2008 shareholders letter (PDF) – Warren Buffet reviews the state of the financial markets, his worst year ever, and the outlook for 2009.
  • White House 2: Where YOU set the nation’s priorities – Not the actual White House, but an interesting experiment in collaborative input for setting government agenda.
  • Python for Lisp Programmers – Peter Norvig examines Python. "(Although it wasn't my intent, Python programers have told me this page has helped them learn Lisp.) Basically, Python can be seen as a dialect of Lisp with "traditional" syntax (what Lisp people call "infix" or "m-lisp" syntax). One message on comp.lang.python said "I never understood why LISP was a good idea until I started playing with python." Python supports all of Lisp's essential features except macros, and you don't miss macros all that much because it does have eval, and operator overloading, and regular expression parsing, so you can create custom languages that way. "

Bookmarks for February 16th through February 17th

These are my links for February 16th through February 17th:

  • Top 100 Network Security Tools – Many many security testing and hacking tools.
  • FRONTLINE: inside the meltdown: watch the full program – "On Thursday, Sept. 18, 2008, the astonished leadership of the U.S. Congress was told in a private session by the chairman of the Federal Reserve that the American economy was in grave danger of a complete meltdown within a matter of days. "There was literally a pause in that room where the oxygen left," says Sen. Christopher Dodd"
  • The Dark Matter of a Startup – "Every successful startup that I have seen has someone within their ranks that just kinda “does stuff.” No one really knows specifically what they do, but its vital to the success of the startup."
  • Why I Hate Frameworks – "A hammer?" he asks. "Nobody really buys hammers anymore. They're kind of old fashioned…we started selling schematic diagrams for hammer factories, enabling our clients to build their own hammer factories, custom engineered to manufacture only the kinds of hammers that they would actually need."
  • Mining The Thought Stream – Lots of comments around what is Twitter good for and how will it make money, revolving around real/near-time search, analytics, marketing, etc.
  • Understanding Web Operations Culture – the Graph & Data Obsession … – Comparison of traffic at Flickr, Google, Twitter, last.fm during the Obama inauguration. "One of the most interesting parts of running a large website is watching the effects of unrelated events affecting user traffic in aggregate."

Hacked by keymachine.de

I just noticed that my WordPress installation got hacked by a search engine spam injection attack sometime in the past few weeks. This particular one inserts invisible text with lots of keywords in footer.php. The changes to the file were made using the built-in theme editor, originating from ns.km20725.keymachine.de, which is currently at 84.19.188.144. The spam campaign automatically updates the spam payload every day or so. The links point to a variety of servers that have also been hacked to host the spam content. Here is a sample: http://www.nanosolar.com/feb3/talk.php?28/82138131762.html
I’ve sent an e-mail to Nanosolar, so they’ll probably have that content cleaned up before long. But the automated SEO spam campaign updates the keyword and link payload regularly, so any affected WordPress sites will be updated to point at the new hosting victims.

From a quick check on Google, it looks like keymachine.de is a regular offender

Volvo’s pointlessly paranoid heartbeat sensor


A few days ago, the first time I saw the television ad for the new Volvo S80′s heartbeat sensor alarm, I thought it was a parody. It shows a woman walking up to her car in a dark parking lot, then turning away after the heartbeat detector shows that someone is hiding in her car. I’m sure they test marketed this before including the feature, but I totally don’t get it.

Here’s what the Volvo site says about the feature:

The Personal Car Communicator (PCC) is your car key’s smart connection with your Volvo S80 applying the latest in two-way radio technology. When in range, you’ll always know the status of your car. Locked or unlocked. Alarm activated or not. If the alarm has been activated, the heart beat sensor will also tell you if there is someone inside the car. The PCC also includes keyless entry and keyless drive.

So…the heartbeat detector will tell you if someone’s unexpectedly locked themselves in the car? It isn’t going to do anything if it’s turned off, and you’d think anyone trying to break into the car would set off the alarm on the way in, or have a way to turn it off. The least likely thing I can imagine is someone successfully breaking into the car, and waiting there with the alarm still turned on. Even if it works with the alarm turned off, I still don’t see how this is useful.

Volvo has a reputation for safety, but I really did think the ad was a parody or a joke of some kind. I’m obviously not in the core demographic for this feature…but who is?

No more fisheye? A better security camera lens


A team at Honam University in Korea has developed a low cost wide angle lens that provides the wide field of view associated with fisheye lenses, but with much lower distortion. The image above is from a wide angle camera mounted on the ceiling of a university book store. Notice the relatively straight lines of the book shelves, in contrast to the curving distortion associated with a fisheye lens.

There are already various software solutions for remapping lens distortion from captured images, but this is a much more elegant approach performing the mapping in analog space before the image is sampled. There is still a blind spot at the center of the image, where the camera blocks the conical miror.

Optics.org says the lens costs around $100, although I suspect that may be the cost of materials for the development team, and probably doesn’t include the cost of the camera. The lens assembly looks more fragile than a typical security camera, but I could also see this making a nice webcam, especially if they come up with a way to minimize/mask/move the blind spot.

Speaking to optics.org, Prof. Gyeong-il Kweon of Honam University said: “We have successfully designed a wide angle lens that can provide a FoV of over 150 degrees with less than 1% distortion, and are very excited about its potential in the security arena.”

Dubbed as a “catadioptric” wide-angle lens, it is made up of a mirror that reflects the light from a wide area (catoptric), and lenses that focus this light on the sensor of a small camera (dioptric).

The setup consists of cone-shaped mirror fixed inside a hemispherical glass dome. At the top of the dome are a series of lenses leading up to a slot for connecting a small camera. Light entering from the dome strikes the mirror and is directed toward the lens. Here, it is focused to form a sharp image at the exact location of the camera’s sensor.

Looking at some of the sample images one can’t help but notice a small black spot at the centre of every picture. This phenomenon, called central obscuration, is actually a reflection of the camera appearing on the mirror. Kweon and his research partner Milton Laikin are looking for ways to overcome this problem. Currently, they have designed a purely dioptric lens that doesn’t suffer from this problem and has a FoV of 120 °.

Link (requires free registration)

North Korea tests a nuclear bomb?

North Korea has been threatening to test a nuclear weapon recently, and may have done so a couple of hours ago.

The test is “unconfirmed” at the moment, but South Korea says it detected seismic activity measuring 3.5 on the Richter scale at 0136GMT, or 10:36AM Korea local time. The presumed test site is underground, in a coal mine in Gilju.

It’s surprising to me that, given the advance warning, there isn’t an official confirmation that there was a nuclear test or not. There’s probably no shortage of equipment set up to monitor the situation, and I would expect a different signature for a nuclear explosion than from setting off a huge pile of RDX at the bottom of a mine.

There’s no shortage of countries that could build nuclear weapons if they wanted. South Korea and Japan in particular come to mind at the moment. More problematic would be Kim Jong-Il making a deal with Iran’s Mahmoud Ahmadinejad (or someone similar) to trade oil and hard currency for nuclear weapons technology.

Thinkpad battery fire at LAX


The recent problems with spontaneously combusting lithium-ion batteries in Dell and Apple computers appears to have turned up in IBM Thinkpads now.

Engadget reports

the ThinkPad (which was quoted to be an IBM, not a Lenovo) apparently had a number of death throes as the fire went through various phases, until eventually a United employee busted out the fire extinguisher and laid the laptop to rest. Apparently the machine’s owner already checked its battery against the recalls and it was not listed — and why would it be? IBM and Lenovo aren’t flagged for bad batteries — yet.

I cleaned up the photo a bit to get a better look. Based on the battery placement and connectors it looks quite a lot like my T42P. It will be interesting to see whether that battery was an original IBM-supplied battery or from a 3rd party. My notebook has a Sanyo battery. The recent battery fires have all been in Sony-manufactured units. There are also a lot of low quality generic batteries available in Asia, but the Thinkpad is mostly purchased by corporate and consulting users, who are likely to stick with original equipment.

It would be really miserable if we end up with a ban on notebook computers in airplane cabins. I’ve been on at least one international flight in which everyone on the upper deck (business class) of a 747 appeared to be equipped with Thinkpads.

There’s a short discussion at the Thinkpad forums, and the original post at Something Awful.

See also: Dell recalls notebook batteries – who’s next?

Update Monday 09-18-2006 16:43PDT – The owner of the notebook posted in the comments over at Engadget. It was a T43, and it was turned off and in its case when it caught on fire…

Awesom-o: It’s legit. How do I know? Because it’s mine (I was wondering how long it would take before someone posted this on engadget). The thing went up like a firecracker when the fire hit each of the cells. It was pretty crazy.

And yes, it’s a ThinkPad T43. I don’t know if it was a Sony battery – I can’t tell now that it’s a charred mess, but my guess is that it was if they made them for IBM. I was using it 30 minutes before and it had no problems. It was even turned off and in my bag when it caught fire. So even if the computer is off, there’s still a risk of a fire – now that’s scary.

It’s going to be an interesting Monday morning when I take the thing into the office for a replacement. One thing for sure, I’m always going to disconnect the battery from the computer whenever I fly. At least I have a good excuse for not working when I’m flying :-)

Everyone please check your computer battery, and just because it isn’t on the list doesn’t mean that it’s not at risk. If anything, just disconnect the thing when you fly.

Update Wednesday 09-20-2006 16:25PDT – Lenovo confirms that it was a T43, although doesn’t say if it had Sony batteries. (CNET)

Update Friday 09-29-2006 11:09PDT – Lenovo issues a recall for 500K Thinkpad batteries, including recent T43 and T60s.

Dell recalls notebook batteries – who’s next?

Dell is recalling several models of notebook batteries, due to several incidents of spontaneous combustion. The batteries in question were manufactured by Sony, which also supplies batteries to other notebook vendors. Lithium-ion batteries are widely used today, so I’m expecting to see additional recalls from other notebook vendors, or at least a raft of press releases verifying that they do not have a problem. Dell has already set up their own web site for battery recall information.

I haven’t heard of any episodes other than various spontaneously combusting Dell notebooks and exploding Powerbooks in recent weeks, but I’m keeping an eye out for news about my Thinkpad’s battery.

The battery issue is compounded by the recent changes to airline security screening. It would be unfortunate if this got all lithium-ion batteries banned from the cabin. On the other hand I don’t see any way to create a completely accident-/terrorist-proof high density energy storage device, which is going to make some people unhappy now that they’ve noticed the issue.

Consequences of new air travel restrictions – removable drives, portable user profiles?

I’m quite pleased that the British authorities managed to foil the attempt to blow up multiple airliners last week. On the other hand, I’m probably not alone in wondering how long-haul business air travel is going to work out.

If a ban on all liquids, gels, and personal electronics stands, a lot of air carriers will need to start competing on in-flight service again. In recent years, I normally bring my own water, food, work, entertainment, and a change of clothes for air travel to China and India. On a trip to India, it’s about 30 hours in transit, which is a lot of time to watch the 6 movies that United usually rotates each month, along with putting in a full day or so of work. I usually fly United since their Asian routes are all based here, but I wouldn’t want to rely on them for food, water, and entertainment. Might be time to book on Singapore Airlines, which flies with a huge video- and audio-on-demand library and Nintendo video games, never seems to run out of food or water, and consistently provides attentive cabin service.

Given the growing number of data theft cases, I’m also hesitant to put my Thinkpad in a checked bag which I’m not allowed to lock (per TSA). Some people are suggesting that airlines rent computers onboard, but this isn’t going to help much until either

  • You can remove your data and applications and carry it with you
  • You can connect to your data and applications online from the cabin

Putting the risk of using someone else’s hardware aside for a moment (sort of like an internet cafe in the sky), you might need a convenient, security-screenable media to carry the bulk of your personal data with you. Perhaps flash memory in another year or two. I know of people who carry portable environments on USB flash memory keys, but you have to be fairly motivated to deal with it at the moment. If notebook computers get pushed into checked luggage, I’m certain we’ll see at least one more high profile data leak, in which someone happened to steal the wrong notebook that had data it wasn’t supposed to have on it.

The other direction would be to use web services for applications, files, and storage. Some people already work that way, but it usually fails badly if you don’t have a reliable and relatively fast network connection. A permutation of this might be to have the airlines become a sort of internet service provider, and cache copies of your data onto the airplane’s local network server for in-flight use, which get pushed back to the primary server when you land.

I’m glad I don’t have any overseas travel scheduled for a while.

Update Sunday 08-13-2006 22:18 PDT: more on the prospects for air travel from Michael Parekh, Jeff Jarvis, and Fred Wilson.

Page 1 of 212