The Hypocrisy Weblog

There’s a lot of talk about “social media” and “social networks” these days, but what I think really makes a difference for many of us is the social filtering made by one or more (sometimes online) friends.

I have a few good friends that are active within a wide range of areas, where-as one person is a bleeding edge kind of software guy (open source / Ubuntu Linux) and whom both try out and give me tips on cool new software for my Ubuntu box (yes, I run both Windows and Ubuntu). Instead of me having to put down time and effort (and sometimes risk) in trying new software, my Linux friend does that job for me.

Another friend is an avid web 2.0 fan, whom jump on basically every site out there. Through him I get reviews of what is good or not, and combining this intelligence with a more general buzz I can decipher what is hot or not.

A third friend is an experienced journalist, and he gives me fresh ideas and angles – especially when it comes to politics, but also other fields.

The fourth friend is a security expert, who shares his deep knowledge from within the security community.

The fifth friend… Well, you get the point – right?! The friendship chain of trust is a very good and (most often) trust-worthy source of information. This is why it is so important to form social bonds with the right people, this is not something that Google, Facebook or Wikipedia can offer you.

In short; never understimate the value of personal relationships.

cnet’s web 2.0 blog, “Webware” has announced it’s Webware 100 winners-list. The question is now; how is this list relevant to anyone in the Internet-business? Each and every category, 10 of them, has 10 winners each – and each and every site on the top 100-list anyone who’s involved in working with the Internet (in any way) have heard of.

The categories are; Browsing, Communications, Community, Data, Entertainment, Media, Mobile, Productivity and Commerce, Publishing, Reference.

Surely, it is a good ego boost for the people behind the services to get recognition, but does it serve any journalistic purpose? I am not so sure about that; Rafe Needleman and the Webware crew are preaching for the already saved. There is no internal ranking of the sites in the individual categories – so how do I as a visitor know which site got more votes than the other? (Yes, alright – they do have a list of the over-all top 10 and the sites that got over 1000 votes, though it doesn’t show the internal ranking in between the sites within each category. Perhaps the over-all statistic material wasn’t enough?! I don’t know…)

From my own perspective I am glad that the swizz army-knife-like site Netvibes, which deserves more media coverage – as it is a really nice service to keep track on all your communication needs ranging from rss-feeds (sites, forums, email, blogs etc), to email, to skype, to.. yeah – you get the idea.

Google was the company with most services in the top 100-list, yet this is not surprising as they are the biggest site on the Internet.

To the Webware authors; Please make the list more detailed the next time and get a broader statistic foundation (aka get more people to vote on the list), then we’re talking about a relevant list.

Via slashdot: xseedit writes “The RIAA has moved their main Web site www.riaa.com from IIS on Win2003 to Apache 2.2.3 on Red Hat. It appears that the move did not go smoothly as it resulted in an 8-hour downtime starting yesterday around noon, according to Netcraft. And the RIAA is still showing a ‘temporarily under construction’ page. They also moved their DNS from the small company that had been hosting them for the past 4 years, Tomorrow’s Solutions Today (TST Inc.), to Mindshift Technologies. One can only guess what happened here, but the move seems to have been sudden and unplanned. They still haven’t moved the riaa.org, riaa.net, and musicunited.org domains — those are still pointing to the TST nameservers that no longer accept queries for those domains. TST Inc. deserves credit, however. They seem to have managed to host the RIAA quite successfully for the past 4 years. Will Mindshift do a better job hosting one of the most reviled, and therefore most attacked, Web sites in the world? I wonder if anybody at the RIAA or TST would care to comment on the reasons behind this sudden move. Could it be that the RIAA is being sued by its hosting provider? Or perhaps the sue-happy organizaiton is suing its provider?”

As seen above, RIAA’s website has moved both server environment as well as ISP (Internet service provider). Comments on slashdot express the irony they see of RIAA moving from the closed-source environment being Microsoft Windows Server 2003 to the GPL:ed ditto of Red Hat Enterprise Linux.RIAA is probably one of the prime targets for various attacks (code, ddos, dos) on the Internet, and the move to a more resilient environment such as Red Hat Enterprise Linux was probably a necessity in the end. Also, one can figure that they grew out of the resources that their old ISP, Tomorrow’s Solutions Today, could provide.

What do you think was the reason for switching both server-environment as well as ISP?

After the Mac-hack contest announced by CanSecWest in April, Apple has been a popular target to find security flaws in. I should think that the more a brand sell, the more popular it is to hack…

However, the Safari-hack must’ve broken some kind of record as 3 minutes after the public beta of Apple’s Safari-browser for Microsoft Windows was released, self-proclaimed security-expert Aviv Raff found a serious bug in Safari which will make the browser crash and much possibly open up the browser for exploits.

Raff was clearly unhappy with Apple’s claim that Safari was designed to be “secure from day one” (he called this claim “pathetic”) but he said he wasn’t particularly going after Apple. “I don’t pick just on Apple,” he said. “I’ve posted about Microsoft and Mozilla issues too.”

It is not clear if this flaw exists on the Mac OS-version of Safari.

In other words; Do not think that you’ll be secure just because you opt-in for Apple OS X (or Ubuntu, or… yes, you get it). Apple, in this case, has been having security-issues with their products. An example of that is their multimedia player Quicktime, where serious vulnerabilities went for weeks without being patched.

Via PC World

DVRDude @ Digg wrote the following: “I noticed women of ebay posing provocatively — presumably to boost sales. How did this come about? In an effort to limit fraudulent listings, ebay is requiring PS3 and Wii sellers to photographs of receipts, user names, and consoles… So a few entrepreneurs must have recalled their Advertising 101 ’sex sells’ lesson. I took tons of screen grabs!”

A valid observation, yes indeed – what “DVRDude” didn’t observe was to be prepared to handle the visitor numbers a digg would bring. Great video-clip, thanks for that – but a “less great” idea to embed the video-clip you uploaded to YouTube on a webserver that couldn’t handle the load

Fact remains: These eBay auctions really show how the times have changed. (Conclusion: I don’t remember when half-naked girls were used for selling second hand items) It doesn’t take much time / marketing-resources to figure out what sells and what does not. In my personal curiosity I wonder if the eBay-auctions with half-naked ladies got higher end-bids than the ones without these bells n’ whistles (that’s a double pun btw;)).

As the song goes: “Mad World”

According to Swedish IT-news site IDG.se, movie company Universal Pictures is
about to launch a download service for movies in Sweden. This is apparently the second of it’s kind in the world and no details are known so far, so it remains to be seen if it will be a serious option to use for consumers and a competitor to the Peer to Peer networks that offer free downloads for a small risk and little effort for the end consumer.

See this flash-animation and make up your mind on if the United States should send Nuclear Bunker Busters towards Iran or not.

From the page:

“This animation depicts a proposed weapon with a one megaton yield. The funding for this weapon was cut in 2005 defense appropriations. However, the United States still has a B61-11 nuclear ‘bunker buster’ in its arsenal which has a 400 kiloton yield, which could still cause hundreds of thousands of deaths and spread radiation to other countries.”

How many of you administrates your own server(s)? How many of you don’t but still receive on the magnitude of 10 to 1 more spam than real email in your inbox?

Matt Lake really puts down the grim reality into words in his chronicle.

One of the biggest problems is the outgoing spam which we as domain-owners can’t protect ourselves against: Spoofed from-addresses.

This quote says it all:

“Somebody out there, probably thousands of people, are getting messages for V-1-A=G-R-A and c1a-L:IS and embedded GIFs touting some penny stock that nobody’s heard of–all with my domain name all over the From field.”

The above can be handled on a pure technical level, as most of the error-responses can be filtered out automatically. What is worse however is the bad-will that these spoofed send-outs creates, whether these fake emails contains the spam mentioned above or viruses.

This is how it works, told through Matt Lake’s experience:

“Essentially, spoofing would mean that a spammer ran a piece of software that got hold of my domain name, possibly from its own spam lists, maybe from sniffing around in vulnerable e-mail servers from which e-mail came to me, or maybe from the central WHOIS database. The software then generated a mess of fake addresses with my domain on the end to masquerade as the sender’s addresses in the From and/or Reply To fields of their crass bulk e-mail. Then they sent out messages to unwitting strangers.”

Matt continues:

“I picked up the bounced-back messages only because I have a catchall account at my domain host. E-mail spoofing could happen to anybody with a domain (it could have happened to you), and most people never find out about it.

Unfortunately, if this spammer manages to annoy enough people, my domain may end up on a blacklist. Fortunately, because this kind of thing happens all the time, the blacklist compilers probably won’t punish me for what that spammer did, but they may. So I need to keep an eye out for any dropped messages to important clients and friends and comb the huge public list of blacklisted sites and hope for the best.

All told, my options aren’t terribly cheering.”

What is needed is an overhaul of the email-system, however there are many competing technologies and companies promoting these technologies plus that email shouldn’t lose it’s simplictic and genious usage.

A risk that is often forgotten when talking about which way is best to develop email to be less sensitive to UCE (Unsolicited Commercial Email = spam) is that less developed countries will be left behind (again) if the systems becomes too complex and / or expensive.

Another quote from Matt’s chronicle shows on another trap you as an administrator / provider can run into:

“So perhaps Verizon’s spam filter was doing exactly what it was supposed to do: removing objectionable unsolicited content from my mailbox. But of course, this does also mean that Verizon considers itself a spammer.”

Also note that there’s been a class action lawsuit against Verizon due to their spam-filtering methods. (Read about it here.)

It looks like we are stuck between a rock and a hard place…

Ah yes, I feel the urge to try out the new iMac or MacBook Pro now when they have switched to Intel processors. Dual core and very nice performance, plus Mac OS X… Hmm…

I’ve found them on Amazon.com and below I’ve listed two options to get more information about these two model-lines.

Apple iMac Desktop with 20″ Display MA200LL/A (2.0 GHz Intel Core Duo, 512 MB RAM, 250 GB Hard Drive, SuperDrive)

Apple PowerBook Notebook 17″ M9970LL/A (1.67 GHz, 512 MB RAM, 120 GB Hard Drive, SuperDrive)

Both of the above comes with rebate.

Boing Boing picked up on the story of Canadian Internet Service Provider Shaw blocking iTunes store and / or their podcasts due to the content coming from multiple sources.

Over the past month Rogers (ISP) in Canada has put some software on their networks that prevents activity for BitTorrents, P2P, IRC, and also along with that is a rule that if you are trying to download a large media file from more then 1 server it will be dropped. When you download a Podcast from iTunes it downloads that file from multiple servers in the background (I confirmed this by watching my cable modem logs). As soon as it tries to use more than 2 different servers for the download, it just stops. That’s the reason why Podcast downloads stop at random places – it’s the point where a 2nd server is involved in the download. The same issue causes timeouts and cut-offs in the iTunes music store.Here is the problem – when anyone calls Rogers about the problem they say it is either a router, firewall or Apple problem and they shrug you off.

Hundreds or thousands of people in Canada can no longer get Podcasts or purchase music from the iTunes Music store. This is BAD. Please, Apple, contact Rogers and sort it out. So many people have called Rogers with no luck.

The question I ask myself is why an Internet Service Provider should be capping bandwidth or limiting net-services in any way?! For security issues I do not mind certain restrictions, such as blocking port 25 for outgoing email to reduce spam coming from the network, and/ or blocking the ports135 to 139 in order to reduce common worm-threats – but there should always be some kind of user agreement where the advanced user should be able to sign a paper and taking all responsibility for unlocking these ports.

What your Internet Service Provider should do is to deliver you an unfiltered Internet-connection, if you choose to have this. With no traffic limitations or other restrictions. What you do with your Internet connection should be your business and responsibility, no-one else should be able to dictate what sites you surf to, what content you choose to download and so on. What should be applicable is the laws of the country you reside in, not the arbitrariness of your Internet Service Provider.

So, if you are a customer of Shaw or any other Internet Service Provider that is limiting your Internet-access, vote with your feet and with your wallet: switch to a provider that will provide you with un-filtered access. Sooner or later, your old provider will be forced to change their policy.