Category: Technology

Why I Ban URL Shortened Service Links

It’s no secret to anybody who knows me but I absolutely hate URL shortening services. My problem with them stems from the fact when you click on a shortened URL you haven’t a clue where it will actually take you. This gives you a great vector for an attack by linking somebody to a bit.ly link which sends an unsuspecting user to a malicious website that uses a browser exploit to infect their machine.

What I never thought about was using a URL shortening service to perform distributed denial of service (DDoS) attacks. Hit the link to details (which are actually pretty trivial).

Biting Off More Than You Can Chew

Hot on the tails of attacking MasterCard, Visa, and PayPal the boys and girls that compose Anonymous are performing a distributed denial of service (DDoS) attack against Amazon. The funny thing is it doesn’t seem to be working as I can access Amazon without any issue.

I don’t think these guys make the connection that Wikileaks chose to use Amazon’s hosting service specifically because of how robot Amazon’s infrastructure is. Amazon makes their money on people visiting their website and thus have made massive strides in ensuring it’s always accessible. Amazon has been a victim of DDoS attacks before (usually to extort money from Amazon to make the DDoS attack stop) and know how to deal with it. It’s would be like trying to take down Google via a DDoS attack, it won’t work.

This also sends a bad message to web hosts. Basically Anonymous are saying anybody who has hosted Wikileaks and stopped is going to be attacked. Likewise anybody hosting Wikileaks will also be attacked by people from the other side of the issue. Why would any web host be willing to host Wikileaks at all if all they’ll get for their troubles is a big old helping of DDoS. If you want to set a precedence in favor of Wikileaks work to stop the DDoS attacks that are targeting Wikileaks, not a web host who hosted Wikileaks and later terminated the hosting.

I’m still finding the events surrounding Wikileaks far more interesting than the actual leaks themselves.

Chrome OS

Yesterday Google officially announced Chrome OS. For those of you who haven’t heard of it Chrome OS is Google’s non-Android operating system that consists of a web browser and… nothing else really. Chrome OS is literally an instance of the Chrome web browser running on top of a Linux kernel. No applications exist outside of the web browser which basically means with the exception of HTML5 offline support the OS is worthless without an Internet connection.

You can probably tell I don’t find the OS all that useful especially when Google already has an operating system that could be adapted to small notebooks called Android. Either way there are a couple of interesting things regarding the web browser OS. First Google will actually offer some form of live support. My biggest headache with Android ended up being the complete lack of any support from Google. Google’s system lost all records of the Android applications I purchased and the only option is to post on their support forum which they apparently don’t monitor at all (I still haven’t received a single reply to my post). Of course Google also offered support for the Nexus One and in less than a year terminated it and sent you to HTC (who manufactured the Nexus One) for your support needs. Either way I don’t have much faith in Google supporting Chrome OS for very long.

The more interesting news item I found was the fact that Verizon will give all Chrome OS users 100MB a month of 3G data for free. I think a majority of people in the comments section are bitching that 100MB is nothing this day and age but for free what do you fucking expect? It’s enough to check your e-mail once in a while when you don’t have Wi-Fi available to you. Of course you can get unlimited data from Verizon for the rather steep price of $9.99… a day. Yikes! That’s actually worse than AT&T’s data plan which is already pretty fucking poor ($20.00 for 2GB and then $10.00 for each additional GB over that). On the upside that $9.99 a day doesn’t require a contract.

Either way I’m still not impressed with the idea of Chrome OS. Every small notebook on the planet already comes with a web browser plus a whole lot more. Being even more impressive these other notebooks are still useful if you have no Internet connection. But hey it wouldn’t be the first time Google hyped up a produce only to shit can it later when nobody really found it useful.

Google Nexus S

Yesterday Google announced a new developer phone, the Nexus S. Over all it’s not nearly as awesome as the first Nexus was (in comparison to other phones on the market at the time vs. other phones on the market now). Really the phone is just a rebranded Samsung Galaxy S running a stock version of Android which in of itself is a great feature (Samsung’s TouchWiz interface is all sorts of crap in my opinion).

The only real changes from the already released Galaxy S that I’ve noticed is the inclusion of a Near Field Communications (NFC) chip (which nobody else has so the feature is limited to Nexus S phones at the moment), a gyroscope, and the removal of the microSD card slot.

The first two features are kind of neat but the last one left a sour taste in my mouth. Almost every Android phone has a microSDHC slot on board which allows you to expand the amount of storage space up to 32GB (the maximum the microSDHC standard allows). The Nexus S has a fixed amount of memory on board which weighs in at only 16GB. If this was simply and included microSD card that wouldn’t be a big deal as you could simply upgrade it but the memory is fixed. I have no idea why this route was chosen when the Galaxy S currently has a microSDHC slot on board.

The phone does have a Super AMOLED screen which I’ve heard is absolutely gorgeous. Along with that the basic specs are still pretty bloody good. Over all it looks like a decent, albeit lackluster, successor to the original Nexus developer phone. It’ll be interesting to see how Android 2.3 handles when this phone is released later this month.

Android Headaches Ended

A couple of weeks ago I made a post talking about a huge problem I have encountered with my Android device. Basically Google has lost all record of the applications I’ve purchased and if I want to continue using my paid applications I have to purchase them again.

The biggest headache here is the fact there is no phone or e-mail support for Google and thus if you have problems related to the Android Marketplace you have to post on the support forum. I did that on November 17th and have yet to receive any form of response. Worst of all I’m not alone. The more I dug into this problem to more obvious it became that there is no solution available and Google is worthless in providing any sort of help. The only solution so far is the following posted by user mjwhit3:

Update:
I had a conversation with a developer.
There is no way for them to change the account an app was purchased under (your apps account).

A workaround is (verify with the developer before doing anything):
1. Purchase the app again under your new primary (gmail) account
2. Provide proof of purchase for both transactions (apps and gmail)
3. The develop refunds your money for the first purchase.

This is a bit of work for them to do — especially to refund $1.50 or other small amount — so your mileage may vary.

Personally, I’m just going to safeguard my Titanium Backup files until Windows Phone comes out….

Yes the only solution so far is to repurchase your applications and ask the developers for a refund on the second copy. That’s bullshit through and through. This was the straw that broke the camel’s back after the previous series of failures I’ve encountered with the Android platform has lead me to this conclusion; Android isn’t a viable option as a phone platform. There I said it.

I’m willing to put up with a ton of shit but frankly losing all record of my app purchases without any method of getting technical support just crosses the line. I feel as though Google ripped me off and nothing pisses me off more than getting ripped off.

With all of that said I’m officially admitting to something now, I obtained an iPhone. Yes the platform I railed on more than anything else on the planet is currently what I’m carrying with me. As much as Apple pisses me off with their practices regarding the iOS platform I must admit the platform works. VPN works (which has never worked on Android as far as I can find), local backups of apps I’ve purchased are saved to my computer every sync (thus Apple losing all records of apps I’ve purchased it’s Armageddon), I receive no errors when syncing with my Exchange account calendar at work, and the media layer is rock solid. Between the options of an open and free platform that doesn’t work and a closed and restricted platform that does work I have to chose the latter because if my phone doesn’t work it’s worthless to me.

So what can I say about the iPhone at the moment? As I already stated all the features actually work which is a huge plus. The screen is gorgeous as Hell. Of course the phone does lose a lot of signal strength if you’re holding it in your left hand and having the front and back made out of glass if fucking stupid. The Last.fm app actually works and when I pause a podcast and come back to in five hours later it doesn’t restart from the beginning (huge plus). I also must admit that the built-in camera is the first phone camera that I can actually say does a half-way decent job (the Evo has an 8.0 megapixel camera but if the lighting isn’t absolutely perfect you get a ton of noise in the picture). Finally Apple’s practices with the App Store still piss me off to no end but at least if there is a catastrophic failure (like Apple losing all records of apps I’ve purchase) I can call somebody. Did I mention being able to use the phone function and my data plan at the same time seriously rocks?

I really tried to like Android but it fought me ever step of the way. Personally I’m not a fan of abusive relationships so I’m officially saying fuck that shit and moving elsewhere. I’ve eaten my words and realize I’m going to take endless shit for this but frankly I think the above makes a very valid case for my decision.

So why didn’t I jump to the Palm Pre instead? There are two reasons for that; I hold endless amounts of disdain for HP and the number of available applications for WebOS is sadly laughable. Considering the market share of WebOS has sunk to 1.3% I don’t know how relevant the platform will be in a couple of years. The last thing I want is to set myself up with a new platform only to have it die and thus have to perform yet another transition to a new platform.

I Like This Judge

Some poor schmuck is being sent through the legal wringer because it made a side business of modifying Xbox 360 systems. Well the judge in the case isn’t too happy with the government agents who are bring the case out and went on a 30 minute rant against the actions of the government in this case. Here’s my favorite part:

Among the judge’s host of complaints against the government was his alarm that prosecutors would put on two witnesses who may have broken the law.

One is Entertainment Software Association investigator Tony Rosario, who secretly video-recorded defendant Matthew Crippen allegedly performing the Xbox mod in Crippen’s Los Angeles suburban house. The defense argues that making the recording violates California privacy law. The other witness is Microsoft security employee Ken McGrail, who analyzed the two consoles Crippen allegedly altered. McGrail admitted that he himself had modded Xboxes in college.

“Maybe two of the four government witnesses committed crimes,” the judge said from the bench. “I think it is relevant and the jury is going to hear about it –- both crimes.”

The government had fought to keep the witness conduct a secret from the jury.

So the actions of two witnesses may have been criminal and the government wanted to conceal that from the jury. Are they any people remaining who question my distaste of the government?

What I find most interesting is the fact this case exists at all. I understand the actions of the man being prosecuted were in violation of the Digital Millennium Copyright Act but frankly that piece of legislation itself is unlawful. If I purchase a piece of hardware and want to pay somebody to modify it that’s my business, not the governments. My Xbox 360 is mine, I own it. Microsoft succeeded all rights to it upon my legal purchase of the device.

This is where many people will point out the license agreement that appears on the screen when you first power on the Xbox. Guess what? I never agreed to that before purchase and have no recourse should I disagree with the license. Would it be OK if I tossed in a license agreement to a car I sold that only became visible after somebody had purchased the car? “Oh hey I see you’re starting this car for the first time, just an FYI but doing so you agree to give me all the money in your bank account. K THANX BAI!”

Private Messages on the Internet Don’t Exist

I thought I’d bring this up because the subject cropped up on a forum I frequent. If you’re planning an illegal activity involving illicit substances do not do it on a public forum or through e-mail (seriously it makes the rest of us on that forum look bad). Private messages don’t exist online (in 99.99% of cases). The messages you send and receive are almost always in plain text format that can be read by anybody with the correct credentials. This means a system administrator can see any private messages sent by any user on the system they administer.

This in of itself may not be a huge deal but if that administrator is served a subpoena for those messages they must legally provide them to the authorities. The same goes with e-mail. E-mail may be encrypted from your system to the e-mail server but it’s most likely not encrypted on the e-mail server after arrival. This means any authority figured with a subpoena can obtain those messages and according to an EFF summit I attended at Defcon any e-mails older than six months don’t even require a subpoena to obtain.

Basically if you’re going to do something illegal, embarrassing, politically unacceptable, etc. don’t do it online. Even if you control your e-mail server you don’t control others’. When somebody on GMail sends an e-mail a copy is stored in their sent folder which includes information on whom it was sent to.

I’ll close in saying the best way to avoid getting in trouble with the police is to avoid doing illegal activities. With that said this advice also applies to things outside of criminal activities such as politic dissidence. Basically anything you want to keep private should be encrypted end to end and stored in an encrypted format that can only be unencrypted by the sender and receiver of the message.

USB is Evil

Most people realize that Firewire has much better sustained read and write speeds when compared to USB but I’ve never gone so far as to say USB is the Devil. Then again I’m not an Evangelical Christian in Brazil:

The evangelical cult “Paz do Senhor Amado” (“Peace of the beloved Lord”) in the interior of Brazil forbids its followers to use any USB technology by contending that it uses a symbol that shows sympathy for the devil.

According to its founder, the “Apostle” Welder Saldanha says that this is just another symbol of Satan, which is always present in all Christian homes.

“The symbol of that name (a name which he doesn’t even like to pronounce) is a trident, which is used to torture souls that go to hell. Use only a symbol of those shows that all users of that vile technology are actually worshipers of Satan” – explains the” Apostle”.

I actually lack any smart ass remark that could add to the hilarity of that statement.

Online Privacy

Facebook revealed a new messaging service yesterday and today when rolling into work I heard some guy on the radio talking about the privacy implications (sadly although I have an FM transmitter attached to my iPod there is a split second between the time I turn my iPod off and when I turn my truck off that exposes me to regular radio).

I thought I’d take a second to remind everybody about the golden rule of Internet privacy. If you don’t want everybody in the world to know something don’t post it online. The Internet was never developed with privacy in mind and although websites often try to make data private eventually that data becomes public through human error or system compromise.

The other thing to remember is the simple fact that putting information on a system you don’t completely control may lead to undesirable consequences. You do not control Facebook as you don’t own their servers. This means all information you post on that site is outside of your realm of control making it impossible to know how secure the data is.

Either way if you follow the golden rule of Internet privacy you should never have a problem.