by ·0 Comments

So we started to get some interesting emails at work over the past few weeks.  I’ll reproduce them here.  They’re a laugh riot.

Email #1

 

Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China. We received an application fromHuayuan Ltd on May 12, 2014. Theywant toregister ” our-domain” as their Internet Keyword and “our-domain” ”our-domain.com.cn” ”our-domain.net.cn” our-domain.org.cn ” domain names etc..,theyarein China domain names. But after checking it, we find”our-domain” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Best Regards,

Jim
GeneralManager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 18701994951
Fax: +86 216191 8697
Web: www.ygregistryltd.org

We kind of smelled a scam going, so we decided to roll with it.

Reply #1

Hello Jim,

“our-domain.org” is a website for a USA-based school district and is not affiliated with any other similar domain or respective company/organization. In order to avoid confusion, we kindly ask that the “our-domain” keyword not be registered in the capacity in which you described. Thank you in advance for your help and cooperation.

-Dan

Daniel <Lastname>
Technology Specialist, Webmaster
School District of the 🙂

 

We waited, and lo-and-behold, we got a reply.

Email #2

 

Dear Sirs,

Our company based in chinese office, our company has submitted the “our-domain” as CN(.cn/.com.cn/.net.cn/.org.cn) domain name and Internet Keyword, we are waiting for Mr. Jim’s approval. We think this name is very important for our products in Chinese market. Even though Mr. Jim advises us to change another name, we will persist in this name.


Best regards

Jiang zhihai

We got a little more suspicious, especially after the persistence.  We sent another reply.

Reply #2

 

Hello Jiang,

Can you provide me with a description of the products you sell in the Chinese market, including brochures and the like? In addition, can you provide me with your company profile, including mailing address and telephone number? I’d like to learn more about your business. Thank you kindly.

-Dan

Daniel <Lastname>
Technology Specialist, Webmaster
School District of the 🙂

 

We thought that’d be the end of it.  Instead of leaving us alone after asking for some real information, they instead sent us this email:

Email #3

 

Dear Daniel,

Based on your company having no relationship with them, we have suggested they should choose another name to avoid this conflict but they insist on this name as CN domain names (cn/ com.cn/ net.cn/ org.cn) and internet keyword on the internet. In our opinion, maybe they do the similar business as your company and register it to promote his company.
According to the domain name registration principle: The domain names and internet keyword which applied based on the international principle are opened to companies as well as individuals. Any companies or individuals have rights to register any domain name and internet keyword which are unregistered. Because your company haven’t registered this name as CN domains and internet keyword on the internet, anyone can obtain them by registration. However, in order to avoid this conflict, the trademark or original name owner has priority to make this registration in our audit period. If your company is the original owner of this name and want to register these CN domain names (cn/ com.cn/ net.cn/ org.cn) and internet keyword to prevent anybody from using them, please inform us. We can send an application form and the price list to you and help you register these within dispute period.

Kind regards

Jim
GeneralManager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 18701994951
Fax: +86 216191 8697
Web: www.ygregistryltd.org

 

And there it is!  Give us some money and we’ll protect your site from people trying to be you on the internet.

Scam: confirmed.

by ·2 Comments

I’m a huge fan of Google Chrome (basically, anything Google, really).  They’re more often than not simple, straightforward tools to accomplish a wide variety of tasks.  They’re great tools for the every day user.  Google Docs is more than sufficient as a basic replacement for Microsoft Office (word processing, basic tasks in spreadsheets, even decent presentations).  Gmail is pretty awesome (supposing you don’t mind that they’re mining your email for their ad programs).  Chrome is an awesome browser.

For the most part.

I speak specifically about how Google decided that Chrome will no longer be able to use any Adobe Reader plugin: you either use a 3rd Party plugin (like Foxit) or use the Google integrated PDF viewer.  Normally, this wouldn’t be a problem, as most PDF files load perfectly fine with either of these two tools.

Lately, we’ve seen a new kind of PDF file.  It’s got the same PDF extension, but it does a very cool thing: you can embed multiple files separately into a single PDF file.  It is called the PDF portfolio.

The problem is, neither Foxit nor Google Chrome PDF plugin can render the PDF portfolio properly.  They both recognize it, and direct you to download the file and open it directly in Adobe Reader.  It’s very frustrating for me as a technician because we’re supposed to be moving to a seamless web experience.  I shouldn’t have to direct people to open another application after saving the PDF to the machine.

Furthermore, devices like Chromebooks (which can never get Adobe Reader installed) will never be able to open the PDF portfolio files.  This makes me sad.

Some come on Google.  Get with the program.  Either update your plugin or allow Adobe Reader to run in the browser again.

Please?

by ·0 Comments

On April 1st I purchased a Jawbone Up 24.  Since then I’ve been using it for over a month, wearing it EVERY day, ALL day (with the exception of 2 hours once a week to charge the awesome battery) and waiting to write this review.  I wanted to give myself plenty of time to collect data, screenshots, and roll my ideas into a cohesive ball.  A month seems to have been the perfect amount of time.

So without further delay, here’s the Up 24 review!

2014-05-02 14.00.40

The Up 24 is pretty awesome to me, I have to admit.  It does a lot of things right, and misses only a few things (though some of them are things that only I care about).  I’ll start off with some basic stuff.

It’s pretty rugged.  The unit itself is textured (you can see it in the picture above).  The texturing works pretty well for it’s intended purposes (at least as I believe them to be): scuffs don’t show up on it, and the surface is pretty resilient.  It’s got a satisfying springy-ness to itself which means it can clamp around your wrist pretty securely.  I’ve never worried about the unit falling off me during the day nor at night.  That’s saying a lot as I am a pretty restless sleeper usually (tossing and turning, etc).  My only complain would be the silver end cap, which gets marred up pretty easily just in day to day use.  They do sell replacement end caps on Amazon, but they aren’t cheap ($8-$12 for a small bit of plastic is kind of absurd to me).  However, the cap is pretty important – it protects the charging port.  Ruin the charging port and you’re done.  It admittedly leaves me a little wanting.  For how expensive the Up 24 is I kind of expect slightly better engineering than a simple click-lock cover.  It’s a small gripe, but a gripe nonetheless.

Let’s get on to the important stuff, the tracking.

The Up 24 tracks 3 things primarily: activity , eating, and sleeping patterns.  All of this is accomplished through the app on your smart phone.  It connects to it via Bluetooth, but the phone must support Bluetooth 4.0 or better.  If it doesn’t, then don’t bother.  As far as I know, there is no way to sync the Up 24 via a cable connection unlike previous models.  Admittedly, I didn’t look too much into this feature because it’s just not important to me – all the devices I own currently support Bluetooth 4.0.

2014-05-02 18.02.19

Activity is tracked via ‘steps’ which you can calibrate by timing a jog and then telling the Up app how many miles you went.  It’s quite handy, as the default calibration was off for me by about .25 miles over a 2.5 mile span.  10% doesn’t seem like much, but I like to keep things accurate.  It has a stopwatch feature to time your exercising and indicates on the graph with a little icon.  A very nifty feature is the Reminders.  You can set idle reminders for every so often.  For example, if you’re working at your desk all day long, it can vibrate every half hour (customizable, of course) to remind you to get up and do a little lap around the office.  Every step counts to the Up 24, and it wants you to live healthier.  Even a 5 minute stretch and walk can make the difference between a healthy life and an unhealthy life.  The whole point of the Up 24 is to get healthier.

2014-05-02 18.02.43

Sleeping is tracked via your movement at night as well.  If you toss and turn a lot through the night, it will be indicated on the sleep tracker.  The sleep tracker tracks light sleep, heavy sleep, and awake time.  It’s pretty spot on for me – there are times when I wake up in the middle of the night and roll around for a while to get comfortable.  It has tracked the entire thing. One of my favorite features about the sleep tracker is the Alarm.  The alarm works by looking at when you want to wake up and going off when you’re in a light sleep pattern.  That is to say, if I set my alarm for 6:00am, the band will go off anywhere from 5:30am-6:00am (with a customizable range) during a light sleep cycle (leaving you feeling more refreshed usually).  It wakes you up in a very subtle fashion: it vibrates.  It vibrates until you press the little button on the top of the unit.  It’s quite pleasant actually, and I find myself waking up feeling much more energetic.  This is quite possibly my favorite feature of the Up 24.

2014-05-02 18.02.33

I haven’t really futzed too much with the food tracking capabilities of the Up 24 because it already works with MyFitnessPal.  It imports your meals from there and keeps them all recorded for you.  The Up app is basically your one stop shopping for maintaining a healthy lifestyle.  It keeps track of healthy and unhealthy eating habits alike.  One of my favorite features is that the Up app will send data back to MyFitnessPal.  Let’s say you’ve had a particularly busy day, burned a LOT of calories.  Those extra calories that Up knows you’ve earned will show up in your MyFitnessPal app as Up calories.  It’s awesome.

2014-05-02 18.02.56

 

So by now you’re probably thinking, ok, great, why do I need the Up 24 and the app in order to be healthy?  All it seems to do is centralize a bunch of information.  This is true, it does make monitoring this information very easy.  Beyond that though, after a while it starts making recommendations.  It reminds you to go to sleep at a proper time to ensure you get a full night of rest.  Did you know that getting the optimal 8 hours of sleep can help you lose stubborn belly fat by decreasing your stress and leading to better health?  I didn’t. Up told me.  It tells me lots of things.  It encourages me!  It tells me that I’m being active and doing better than the majority of people or where I stand, and how to improve.  Hey, we noticed you didn’t move a lot last week, maybe you could try for 250 more steps a day and build up from there!  It challenges you.  It’s a great app and the unit itself is a great addition.

2014-05-02 18.03.07

Beyond this, it also visualizes your health.  It makes charts and graphs for you so you can see your trends throughout the days and weeks.  This is great for a person like me who loves data.

2014-05-02 18.03.47 2014-05-02 18.03.30

 

Controlling the unit is a breeze too.  You can do a lot of things through the app, but the Up 24 isn’t content with that.  It has a button built into it which you can use to control the key features of sleep, workout, and nap.  Sleep mode is enabled or disabled by pressing and holding the band button until you see the moon icon flash and the band vibrates.  Stop watch mode is enabled by pressing the button once, then quickly pressing and holding it a second time, again until the moon icon flashes and the band vibrates.  The nap is, yup, you guessed it, press the button twice, then quickly pressing and holding it a third time.  Simple, and straightforward.

Now, on to my one real complaint about this device: where’s the heart rate monitor?  A heart rate monitor would have been an awesome end-all-be-all for this device.  The ability to monitor your own heart rate during a workout or throughout the day is a great way to keep your heart going properly.  It’s a sorely missed feature and I’m kind of disappointed it wasn’t present in this device.  This is really my only major gripe.

To that end: if you’re interested in upping your health and promoting a healthy life style I heartily recommend the Jawbone Up 24.  It’s a great little device.  It’s not cheap, but you’re worth it.

-M, out.

 

 

by ·0 Comments

FCC proposal would destroy net neutrality | The Verge.

FCC Proposal Tucks head Up Butt and Kisses Your Net Neutrality Goodbye | GottaBe Mobile

 

This is going to become a once a month type of thing isn’t it? Yeah it is.  Ok then.

Coming to us from the “we-think-you-owe-us-more-money-and-we’ll-get-it-no-matter-what” department, we see once more a blatant money grab from Internet Service Providers and their Congressional/Senatorial Pawns.

These new ‘net neutrality’ rules are basically the exact opposite of what real ‘net neutrality’ is.

The FCC has of course issued a statement saying that our interpretation of their potential ruling is, of course, false.  Seeing as how the current Chairman of the FCC, Tom Wheeler, is a venture capitalist and lobbyist for the cable and wireless industry (including NCTA and CTIA work) I am understandably less than willing to believe that this is the truth.

When the proposed rules (as quoted by the Wall Street Journal) indicate that “The proposed rules would prevent the service providers from blocking or discriminating against specific websites, but would allow broadband providers to give some traffic preferential treatment, so long as such arrangements are available on “commercially reasonable” terms for all interested content companies. Whether the terms are commercially reasonable would be decided by the FCC on a case-by-case basis.” we know we are in trouble.

The rules are released tomorrow.

I wait with baited breath.

by ·1 Comment

Today I had the pleasure of going back to visit Rutgers University, this time to the recently-opened FabLab at the Mabel Smith Douglass Library on the Cook/Douglass Campus of Rutgers University.  With the help of Ms. Stacey Carton, the Manager of the Fordham Commons, I got to print out two ships from the online role-playing game EVE Online: A Raven-Class Battleship and a Phoenix-Class Dreadnought for practically pennies.

Here are the videos and pictures I took of the process:

IMAG0075 IMAG0076 IMAG0077 IMAG0078 IMAG0079 IMAG0080 IMAG0081 IMAG0082

Here are the pictures of the final product:

IMG_3168 IMG_3169 IMG_3170 IMG_3171 IMG_3172 IMG_3173 IMG_3174 IMG_3175 IMG_3176 IMG_3177 IMG_3178 IMG_3179 IMG_3180

Notes:

For things like this, printing the raft may have been unnecessary.  However, we were experimenting with it and it was a learning experience for us both.  I had never used a 3d printer before, and I don’t think she had printed out something like the Raven with the super fine detailing for the small wings.

Furthermore, the hardest part of the entire process is printing with the supports, and the supports are VERY necessary for the raven and probably even for the Phoenix (because of the aft section).

All in all this process has only left me with one desire: to purchase a Makerbot or some other 3d printer.  Guess I better start saving eh?

by ·0 Comments

So it’s been a little over 24 hours since the Heartbleed Bug and associated fixes were announced.  If you haven’t checked your SSL enabled site yet, I highly recommend that you do so.  The test is available at SSL Lab’s site: Qualys SSL Labs SSL Tester.  I highly recommend you give it a shot.  If you don’t pass, the site will give you recommendations on how to fix it.  I’ve been testing our web-facing equipment at work all morning, and the results are largely decent, with a few minor exceptions.

That being said, the question of the hour becomes: how much damage was done?

The answer to this question is largely unknown.  If you haven’t been following the Heartbleed Bug I will try and explain it as much as I understand it.

Thanks to Nick, I understand that the bug allowed a remote attacker to remotely read data from server memory. This attack can be repeated many times, allowing an attacker to basically dump the webserver memory completely.  Things like passwords, usernames, and security keys could be seen.  Usernames and passwords are one thing: the user can change them almost at will (and a lot of people, including myself, will be changing ALL their passwords over the next few days) and is largely not the problem.

The real problems lay with the security keys for SSL certificates.  If the security key for a SSL certificate was compromised before the bug patch was deployed to that server, then the server must still be considered compromised until they regenerate their SSL certificates (which I will also be doing this week, once I get Apache upgraded from 2.2.22 to 2.4.x).  If the attacker has the security keys for the SSL certificates, than the encryption that the SSL certificate services provides are basically null and void: the attacker can decrypt data fairly easily.

So at the end of the day, the question becomes: how bad is this?

The answer is: REALLY, REALLY, REALLY (potentially) BAD

Recommendations:

  1. For the love of god, if you haven’t updated your SSL provider yet, please do so.  The attack information has been published for over 24 hours.  Attacks will start becoming prevalent VERY soon.
  2. If you do any sort of e-commerce now, or with the potential to do it any time soon (or if you even have users who login to your pages to post content, etc) then REGENERATE YOUR SSL CERTIFICATES WITH NEW KEYS.  Otherwise, your site integrity is basically useless.
  3. Change your passwords for critical sites.  Things like Google accounts, Bank accounts, Shopping accounts are all big targets.  Do you want unexpected purchases and charges on your cards?  I don’t think so.

I do not wish to seem alarmist or even crazy, but cyber security is a BIG DEAL and we need to pay attention to it.

Relevant sites for extra reading:

Heartbleed Bug
Matthew D Fuller’s Blog
Business Insider’s Article
Storify’s Article
Relevant XKCD

by ·0 Comments

Yikes!  Kind of scary.  Good thing the update is already available.  I highly recommend patching your OpenSSL if you’re running it.

For those unwilling to read the article, the long and short of it is that with vulnerable OpenSSL, a lot of traffic on the web that is ‘encrypted’ is capable of being decrypted.

Those usernames, passwords, credit card details, your emails, all of it.

So I hope all you admins out there are keeping an eye open.

I’ll be updating today.

Heartbleed Bug original article

Crypto Bug in Open SSL Arstechnica article