friedkitten.com - insanity included.

I just got home, hoping to be able to revive the Zyxel 650 ADSL modem that I got from Joco yesterday, but it seems the firmware is no longer available anywhere (not even on the Zyxel FTP server). Last night I already contacted the Zyxel support team by mail, but I don't expect to have an answer anytime soon. Too bad, as it would allow me to update the modem, test it and hopefully configure it so it can be used next week. I did manage to get access to the configuration page, so at least I know what firmware version is on the device right now (note to myself : V3.40(IS.2) | 6/16/2003).

Something that irks me more though is that one of my desktop machines constantly loses it's connection (it's a wired one, the wireless connection on the laptop I'm using right now is working just fine) and it worked splendid last night before I shut it down. I'll have to figure out what is wrong with it before I can even start working on everything I had planned for the day. Too bad. I already popped the cable into another machine which connects fine over it, so I suspect it's the NIC itself which would totally suck as it's on the motherboard and I don't think I've got a spare one laying around.

I could try swapping the port on the router just to see if that ain't borked, but if it was, the laptop shouldn't be able to connect either. Man, this really sucks.

Update : connection seems restored after unplugging and replugging the cable on the router side. No clue why it failed there, must have been a fluke.

I assumed my readers were security and update minded, especially since I mention the importance of keeping the computer and program(s) you use up to date every now and then. I was looking at some stats gathered and here's what irks me about browser updates and patches :

Firefox :

75,68% of visitors use 3.0.10
3% of visitors use 3.0.11
12,61% of visits were done using 3.5 (which is a preview release that I've been testing)
5.71% still use 2.0.0.20
2.40% use 1.5 or 3.0.x

All things taken into account, 83.79% of visits are done using an insecure firefox browser, which disappoints me. The 3.0.11 version was only released last week though, so maybe I should give it some more time... not! Get patching/updating, slackers!

When looking at Internet Explorer, we get :

52.16% uses version 7.0
29.86% uses version 6.0
17.99% uses version 8.0

Unfortunately, I can't get more detailed versions about IE usage, as it seems minor versions are not being reported. Let's just broadly assume that about 18% of our IE users is using the latest version, which still leaves a whopping 82% using older version. Get updating as well, will you?

If you've never tried the Secunia Personal Software Inspector (download) to get a quick overview of what software needs your attention, do so now. It's free, it's easy and it'll help you become more aware of issues you never knew about.

I just got back home from a quick intervention to fix some computer related problems at J&S's place - their virus scanner needed an upgrade and while it's not all that complicated for someone familiar with the process, they opted to call me in to do it for them. Wise choice :)

This creates a win-win situation : they know that I won't just run in and out and leave things behind broken, and I get some spare cash out of my experience and knowledge. Today's task included upgrading the virus scanner on J's machine, update Spybot S&D, remove an old Java install and install the new one, cleaning up some no longer needed files and desktop links and a full test of all the programs he uses frequently to make sure nothing got fubar'ed.

On S's machine I verified the virus scanner installation, removed no less than 3 out of date Spybot installations and installed the latest version. Opera also got an update and an old flash version was patched as well. It still leaves her system rather vulnerable due to missing OS and Office patches, but that's something I can't fix that easily as they opted to "borrow" an installation disk from someone else, hence it's running a "not so legit" version of office.

All of that was done within the hour while having a nice chat and giving security tips along the way. Securing machines is a very rewarding job, believe me, even if there is no such thing as 100% security.

For those less in the know or up to date on vulnerabilities :
- Firefox version 3.0.10 was released recently, patching one additional vulnerability
- NoScript saw the release of version 1.9.2.4 (Firefox plugin)
- Opera version 9.64 is available
- IE 8 has been deemed a critical update through Windows Update.

This morning I ordered a new video card for my Dell Dimension 5150c - nothing fancy at all, but something that should give me a bit more graphics power than the current ATI Radeon X600 with 128MB Ram that powering the box. I had been looking around for a replacement for a while, but the 5150c model is a very tiny and compact machine which results in video cards sporting low profile and half height brackets can even be considered. And truth be said, there are not so much of those around.

I finally opted for the ATI Radeon HD 3470 Low Profile with 256MB Ram on board + it has support for dual screens. Not that I actually have two screens right now, but I'm not opposed to getting a second flat screen where I can run video or a web browser on while playing World of Warcraft.

I am fully aware that it's not the most powerful video card out there, nor probably the best. If it fits the machine though - big IF there, as Dell only lists the Optiplex 960 as being compatible and NO cards at all for the Dimension 5150c - it will suit me just fine and deliver what I need for a reasonable price. I'm not using my computer to play the latest first-person shooter or cinematographic animations or DVD.

If I wanted to do that, I should have bought a full sized tower 2.5 years ago. Instead I deliberately picked a SFF (Small Form Factor) machine that looked nice and was compact and reasonably priced for what I wanted to use it for. You just can't have it all and I've learned that spending thousands of euro's on top end computers is usually a waste of time and money. Sure, I too like toying around with the latest and greatest but if I think about it, it just makes no sense. By the time you walk out of the shop, your high end gaming machine has become obsolete. Nowadays, I buy what I need immediately or expect to require in the next 3-5 years.

I'll keep you updated as to whether or not I can actually get the card fitted. Which will take a while as Dell doesn't mention their SEPA compliant bank account number (IBAN/Swift/BIC) in their mail, nor on the site. Which means I have to mail Customer Support to ask for something they should have included in the first place. Ah well...

Note : talk about speed - This post was picked up and indexed by Google within the hour. As I was searching for some more info about this video card and WoW, my own blog entry turned up at page three, only being published 56 minutes ago. Sweet!

It's been a while since I urged everyone to patch their computers, but today seems like a perfect occasion to get everyone's attention. Take your pick, depending on whether or not you actually use the program and/or version mentioned. Remember to uninstall programs you no longer use - if it ain't installed, it can't be used as an attack vector!

If you don't trust the direct download links I'm providing, I'm also listing the homepage of the software creator so you can hunt down the correct link yourself.

• Firefox 3.0.7 - download - http://www.mozilla.com
• Adobe Acrobat Reader 9.1 - download - http://www.adobe.com
• Adobe Flash - download - http://www.adobe.com
• Windows - Various Patches - download - http://www.microsoft.com

It can be quite challenging to keep an eye on what new versions are released, what software needs patching, or where to get those updates. You could give the excellent Secunia PSI tool a try : Secunia PSI download.

It'll scan your machine and report what software is out of date, vulnerable or end-of-life, as well as give you - where possible - a direct download link so you can stay up to date easily. Run it every week or have it monitor your computer constantly, your choice, but I use it on all my machines and recommend it to most of my friends, relatives...

After - once again - reconfiguring the network at B&H's place it seems things are working properly now. I set up most of the devices to use DHCP to get their IP addresses, but the printserver is set up to use a static address to prevent it from changing every time and confusing the hell out of the users and all devices present.

My dad suggested to take the printserver out of the equation altogether, but after doing some tests it turned out that the NIC in the LaserJet 2200 was broken, so we had to reinstall the printserver in order to get at least one printer attached to the network running again.

I'm not sure that the current setup is "fool proof", "water proof" or "no power proof" but even after several reboots and such, things seem to run quite well.

This blog entry is actually being written while connected on the network, so if you can read this, things are working :)

Just a test post to see if the database issue is resolved and whether it is related to this blog or rather a general server issue.

(This post was published and edited without trouble... go figure)

I was looking at some back end data and found out that lately there's been some fishy searching going on. If anyone has a clue what the idea behind this is, or recognizes the IP's listed, by all means, leave me a comment!

Search: query for 'marketing' - 83.29.184.204 - 41 minutes ago
Search: query for ' front 242' - 79.138.242.177 - 1 hour ago
Search: query for 'domains' - 83.29.184.204 - 6 hours ago
Search: query for 'books' - 83.29.157.104 - 12 hours ago
Search: query for 'legal' - 83.29.157.104 - 18 hours ago
Search: query for 'privacy' - 83.29.181.192 - 20 hours ago
Search: query for 'traffic' - 195.46.41.144 - 23 hours ago
Search: query for 'shopping' - 195.46.41.10 - 1 day ago
Search: query for 'linux' - 195.46.41.235 - 1 day ago
Search: query for 'blog' - 83.29.184.211 - 1 day ago
Search: query for 'friends' - 83.29.184.239 - 1 day ago
Search: query for 'legal' - 83.29.184.211 - 2 days ago
Search: query for 'world' - 78.46.86.18 - 2 days ago
Search: query for 'politics' - 78.46.86.18 - 2 days ago
Search: query for 'life' - 78.46.86.18 - 2 days ago

I'm not so much surprised by the actual searches and terms, because most of those are valid tags or categories on the blog. What is more striking is the fact that there are three searches in a short period of time, then it stops and it starts again later. Some IP's return quite a few times too. I've ran some through a series of tools and one IP address is assigned to a German provider, one is coming from Sweden but - and here it becomes interesting - 5 IP addresses are linked to ISP Neostrada Plus (Krakow Poland) with another one coming from the Lerkins Group, also based in Krakow, Poland.

It would be most safe to disregard the Swedish search entry, as it is not a category or regular tag search, nor does it fit the pattern the other searches share. I just included it to be as complete as possible.

The sudden attention from Poland for this blog seems a little odd, wouldn't you say? I looked around on the Lerkins Group site and apparently they provide Security Audit and Consultancy services. Is someone profiling me? Are they just interested in what I have to write here? Is a Lerkins admin catching up on all my posts and once work is done, does some more checking from home? Who knows...

I'm gonna take a look in some other log files to dig a bit deeper. Should I find anything out of the ordinary, I'll report back.

Note : while checking the last 300 lines in the log file, I noticed some IP addresses that belong to comment spammers, so those are now banned.

I bet you were thinking Chuck and Larry, weren't you? Wrong guess :)

I now pronounce my main machine to be terminally ill, and practically deceased. While it was running rather stable last night with some extra cooling - thus strengthening my guess that some fan wasn't up to it's task anymore - today it shut down without any error and rebooted, twice. Sounds like something is seriously amiss, ain't it?

Anyway, I followed Hilda's "Zen Zen Zen" advice and flicked the power off, dropped a load of laundry in the washer and went to take a shower. No need to go crazy about something I saw coming. I managed to write a couple of CD's last night containing a bunch of things I'll need if I reinstall or move to another machine, and all (I think I got them all) my passwords are safely backed up as well, so till I have decided what to do with the old box, there is no need to stress about anything. Sure, access and reply to mail may be a bit slower, but all things considered, this ain't something that can't be resolved with some effort and focus.

Oh, because I can't stay away from privacy related topics, I'm pointing you to a complete set of instructions regarding preserving evidence on electronic devices to be followed by UK police officers at ACPO Guidelines for Computer Evidence (PDF format, 2.7MB). I do that not because I want you to know how to commit the perfect crime, but because it'll make you understand that traces are left everywhere and removing data may be practically impossible.

In the past two or three hours, my main computer has shit itself twice on some kernel stack inpage error, also know as a dreaded Blue Screen Of Death. According to some online resources I've found, it most likely points to an imminent hardware failure, possibly RAM or hard disks.

Since I suspect that temperature could also be related to the issue at hand, I've set up an extra fan to give additional airflow while I figure out what is the exact cause. If the disks are failing, the problem is rather easily solved, as I've got two 80GB disks laying around as spares. I got those last year when I suspected HD failure already.

I'm just trying to decide whether to head off to bed now and backup/rebuild and reinstall the complete machine tomorrow, or wait till next week when I've got a bit more time between shifts. Worst case scenario, it all crashes before and I switch to my laptop or the other machine.

Funny thing is that I fixed a couple of computers for others today, and now end up holding the shortest straw. Where's karma when you need it?

Service Pack 3 for Windows XP has been (re-)released, after it was pulled last week due to some incompatibility. Download it from the usual MS update site at http://update.microsoft.com. I've installed it on one of my machines already and have found no problems so far.

While you're doing updates, consider replacing your AVG Free 7.5 with the new 8.01 version as well. Download from http://free.grisoft.com/. I could point you directly to the download link for the free version, but have decided against it. After all, the free version is only available because some people buy the full version, so it would hurt everyone in the long run if I skipped all the links to the full version, understand?

Anyway, that's it for now. I'm off to get some things taken care off before I leave for 4 more days of work and then get into a large bird in the sky that's gonna take me to Ibiza.

Note to self : do NOT use the vacuum cleaner to clean a keyboard (while in use). It results in digging in the dustbin for missing keys!

Midday update : All XP machines patched to SP3, one Ubuntu installation salvaged and upgraded to Hardy Heron (8.04) and one missing "K" key retrieved and reattached to keyboard, lol. Left to do : shopping, and encrypting the complete windows partition on a laptop.

Afternoon update : Ubuntu has been removed, the partitions merged and the complete disk is currently being encrypted using AES. The initial test was good, so I've decided to go for full disk encryption. Lets hope I don't forget my pass phrase now :)

I just installed the latest beta release of Firefox 3.0 onto my machine (beta4) and while the change log and release notes are all referring to plugged memory leaks and improved performance, initial tests on my XP machine show something else. Sure enough, it is a beta release and my testing is far from scientific, but still.

Loading up my start page and then switching to another one, gets the stable release 2.0.0.12 up to just over 52.5MB in memory usage. When I do exactly the same with 3.0 beta 4, it needs 62MB, which is more, no matter how you look at it. Some of my extensions don't work yet, but mostly I'm missing my snazzy Pimpzilla skin. Guess I'll be uninstalling beta 4 soon and wait for beta 5 or the final release to appear before switching over. It'll give the developers more time to iron things out and get the extensions up to date as well.

Note : it's quite possible that your mileage may vary. Go give it a try if you're feeling adventurous.

I blog about the importance of keeping your software up to date on a rather regular base, but hardware needs to be checked as well. Before you think "I know nothing about hardware! It's only chips and shiny bits and bolts!" allow me to explain. Computers generate heat, and sometimes even a lot of heat. In order to keep things cool, there are a bunch of fans installed in your computer. Your CPU will have one, the motherboard may have one, the video card has one, the power supply has one... See where I'm going? Each of them is essential to the performance and life of the component it cools. Turn off your machine, make sure the power is off and open it up and take a look inside. Dusty, ain't it?

I used the vacuum too get rid of all of the dust, but allow me to warn you that it's not the best of ideas. Computers are delicate machines and they won't like a madman with a vacuum at full power rubbing the chips, motherboard and bumping into the hard drive(s). They don't like water either, so unless you are very careful with the vacuum cleaner (use it at the lowest setting) you can use a can of compressed air to gently flush away the dust that has gathered on and under the fans. Allow me to divulge that a heat sink covered in dust does a pretty bad job getting rid of excess heat.

If the compressed air doesn't get rid of the really clogged up fins or fans, try using a dry cotton swab - the kind you use to clean your ears with, but please : use an unused one, lol - and gently loosen things up before giving the compressed air another go.

Your machine - and in the end, your wallet - will love you for it.

Note : 4 critical patches for Microsoft products to appear on Tuesday. Remember to patch, and patch early.

Update : Amazing! Even under full load, the CPU is running approximately 10 degrees Celsius cooler then it was before I cleaned it out.

Recently I've decided to shut my main computer down when leaving for work. Not only does it save the hardware, but it also saves a bunch of energy. When I got home today, I fired up the machine while heading over to the living room to greet Tai and play with him a bit. When I was done playing - he wasn't, lol - I started working on the computer not noticing anything weird. I logged in to Second Life and then it hit me that I wasn't hearing any sound. Not the gentle splashing noises of the waves breaking on the shoreline - I live in a tropical sim, remember? - nor teleporting, typing sounds. Strange! Maybe another SL problem? I fire up a video and get nothing. It plays for 2 seconds without audio, then freezes on video too.

Time to check some cables and connectors - I had already checked volume settings and such, in the odd case I clicked somewhere that I shouldn't have and changed some setting without realizing it - but they all appeared in order, and taking the 2 second play time before freezing on video too, it would suggest a driver or software issue, not hardware.

After stopping and restarting the Windows Audio Service in the control panel, I've got full audio capability again. I have no clue why it failed - the status was "started" - but stopping it and firing it up again solved things. In case it happens to you, you know where to look. Alternatively, reboot the machine completely. Or smack it on the side really really hard repeatedly, preferably when the disks are just spinning up. It won't make your audio work any better, but it'll reduce stress levels and make a loud "bang" noise, which beats silence, doesn't it? It may also result in the need to purchase a new computer, hopefully one that doesn't suffer from the sound of silence disease.

The Microsoft windows patches for the month are available, or should be very soon. Software affected includes Internet Explorer 7, Microsoft Word, VBScript, Microsoft Works and Office Publisher, as well as the windows TCP/IP stack, and some IIS vulnerabilities that allow remote code execution. Out of the 11 patches, 5 are deemed important, 6 are even critical. If you'd like to use your windows based computer relatively safely for the next couple of days, patch it now. According to the SANS institute, no exploits are publicly known, but I think it may be well under 48 hours before the first are in the wild.

I think the time has come to wake everyone up again about the importance of securing your computer. You do lock your doors when leaving your house or parking your car, and your valuables are stored in a vault somewhere, right? The time that you used your computer just to type out a letter or play some game is long gone. Your computer will contain traces of your identity, may have bank account information stored on it, your passwords and ID for the online stock market, e-mail account information, you name it. If you never thought about it, now is the time to start doing so.

Why do bring up all this? Because I've got an excellent story to share with you all, and while the specifics are beyond me and I never actually thought about it, the story in itself hardly comes as a surprise. Thanks for the scoop, Dad. I probably would have missed it otherwise (too many news feeds to follow).

According to these articles (article 1, article 2), researchers have found a way to print directly to your network connected printer, by including some malicious code to a web page. Yes, obviously that would allow spammers to deliver spam directly to your printer (aaargh!) but also could lead to your confidential data being printed on some printer halfway across the world. And nothing you would be able to do about it.

Well, as long as XSS (aka Cross Site Scripting) exploits and vulnerabilities exist, you can bet your money that they'll be (ab)used sooner rather than later. While browser developers scramble to close the holes, there is something you can do : turn off your printer and only turn it on when you actually need it. Simple as that.

While that would partially restrict the impact of this exploit, the underlying cause remains. Another option - if you use Firefox, that is - is to install the NoScript browser addon. It was specifically coded to prevent and catch XSS exploits. It's not the prince on the white horse, nor the savior of the universe, but the less options the bad guys get to manipulate your data and your browser sessions, the harder it'll be to succeed.

Note : I specifically point to this firefox addon because I tend to use and love it. If there are similar scripts or extensions for IE, Opera, Safari or whatever browser you may be using, please feel free to let me know. I'll happily include a link in this post.

Most people are focused on the upcoming festivities, but once everyone is done partying, it may be wise to clean out and tune up the browser you use every day. Every day new exploits are released - think QuickTime, Adobe Flash, PNG, ... - and some plugins may help you stay more safe while getting rid of a ton of unwanted content at the same time. Here are some of the extensions I sometimes use. The list is not complete though :)

Browser :
firefox (2.0.0.11)

Browser extensions :
NoScript (1.1.9.6 stable or 1.1.9.95 development)
AdBlock Plus (0.7.5.3)
Download Statusbar (0.9.5.2)
Forecastfox (0.9.6)

(note : all versions up to date as this post is being written)

not there yet. I had installed POPfile on the machine of someone who is far from an experienced user a while ago and today he sent me some usage statistics that I requested.

Messages classified: 635
Classification errors: 14
Accuracy: 97,79%

Not too bad for a light e-mail user with not that much exposure to spam, but we ain't there yet. I'd like the installation to reach well over 99% accuracy before I'll even consider turning on automatic trashing based on POPfile classification.

For comparison, here are the stats of my POPfile install :

Messages classified: 13,880
Classification errors: 29
Accuracy: 99.79%
Last reset : June 25th 2007

So now you immediately understand why I need to run a mail proxy and various other related tools at home... close to 14,000 messages in under 4 months time - a bit scary, ain't it?

Oh, while I got your attention, make sure check out these links to security advisories and update your installed versions accordingly : Java Sun JRE (1.6 update 3), Adobe Acrobat and Acrobat Reader (8.1.1) and Real Player (10.5)

For those that consider these patches trivial or non urgent : POC or exploit code is available and in the wild.

Went to the movies with J. last night and after a good meal we ended up watching Disturbia. Not a bad movie, but not spectacular either. I'd label it as "mindless filler thriller" if I had to. Nevertheless, fun was had.

Today I'm returning to a client that had called in my help last week, and while it seemed all the issues were successfully tackled, he did mail me that one wasn't fixed. Allow me to quickly describe what happens, and what my plan of attack is for today :

As soon as the customer pops a CF card in his card reader, or connects his digital camera to the computer, a blue window pops up. Not a blue screen, phew, but a blue window. There is no text on this window, not even a title bar, no buttons to push, and no way to close it again. We can slide it to the side, but it remains an irritating bugger.

So, as I was unable to find out last week what program was causing the issue - I'm guessing an old and possible no longer installed photo manipulation program - today I've expanded my toolkit with ProcessExplorer V11.02, and if that doesn't tell me what program is launching that broken pop up window, then nothing will I guess. So, the plan of attack is quite simple, though potentially full of obstacles as well :

1. Install ProcessExplorer
2. Connect CF Card or camera
3. Wait for blue window to appear
4. Find process that changed or appeared
5. Find out what program is connected to the process
6. Look online to find updates or tech support for said program
7. Fix the issue and head back home

I was looking at some website statistics and it turns out that a whopping 68.8% of my visitors have an older (and insecure) version of the Adobe flash player installed in their browser. Let's all work together to get that percentage down, shall we?

Get Adobe Flashplayer. Latest release for windows is 9.0 r47, latest release for linux is 9.0 r48.

After installing, try removing files of the old install that may be scattered all over your harddisk. An easy way to find out where those are lurking is by using the secunia Personal Software Inspector, which can be downloaded here : Secunia PSI (0.1.0.2 beta).

That's it for now, I'm off to install and educate an end-user on using POPfile to help him deal with spam. It'll be a long day...

From the Spybot team I received this mail as I was asleep :

Hello,

thank you for reporting and sending in the pfmapi16.dll for analysis. It appears to be a false positive. The upcoming detection update should not flag the file as Win32.OnlineGames anymore. Please contact us if the file should still be marked as malicious.

From my customer this mail came in : Around 9:30 the file was still marked as infected, however after the latest update, around 15:30 the infection was silently cleared and my system was reported as clean. Thanks for your help!

Everyone happy I guess...

The other file (mentioned in a previous post) that was detected as infected by Win32.OnlineGames has indeed been confirmed a false positive by the spybot team. I just returned from my client where I ran another scan, forwarded all the reports and the file to myself and I just finished reporting my findings and suspicion to the spybot team.

It's entirely possible that since the issue is known already that it'll be fixed in the update that's scheduled to be released tomorrow already fixes our false positive, but it could be that ours is a different one that needs analyzing as well, so I'll see what happens next.

On Saturday evening I received a mail from one of the people that calls me in a couple of times a year to check the computers of his wife and him, and he wrote that he was possibly infected as Spybot S&D generated a warning on one of his scans. I've worked with Spybot S&D quite a lot and find it one heck of a tool, so I took his mail rather serious. I proposed to come over Sunday afternoon after working an early shift, to see what the problem was, and how to get rid of it.

Since I asked him to send me all information about the possible virus/trojan before coming over I packed my VundoFix tools and updated HiJack!This and all my other anti-spyware tools. When I arrived sure enough S&D reported a win32.onlinegames trojan to reside in pfmapi16.dll. I ran HiJack!This, took a look at the logfile created and found no trace of Vundo infection. I ran a specific scan for Vundo, but that too was negative.

Even after several attempts to get S&D to clean or remove the trojan, it remained present. I decided to verify the infection and sent the file to Virustotal for a second opinion. Out of 30 scanners that analyzed the pfmapi16.dll file, none reported it as being infected. Strange, very strange. This leads me to believe that a false positive is generated on the DLL file, but as I promised my "client" I would verify on other machines. Note : detection for Win32.OnlineGames was added to Spybot S&D on August 1st 2007.

I called B&H to see if I could pop in and verify the possible false positive on any of their machines and they said I was welcome. D&M were also on their way, so it would be a nice meeting. I checked two machines, no Win32.OnlineGames trojans found, but those are english XP machines, not German ones. When I checked my machines, none of the S&D installs gave me a trojan infection. This only makes me more convinced that there is a possible false positive on a german XP version in the latest detection updates.

Today I found a post on the forum where another German S&D uses claims to have a potential false positive on a file named Ctrsct16.dll, which also resides in the system32 folder. He has sent the file in for further analysis and I'll be doing the same tomorrow, as I think we are both seeing the same incorrect detection.

Will be continued...

Another rather technical entry, but as I ran into some trouble and had a very hard time getting it fixed, I can only assume others may run into the same, hence more information is better.

I run Ubuntu on my laptop and had the superb idea to install the AVG free antivirus program, which totally failed. After downloading the package, I ran into an error that told me the file could not be opened. When I launched the package-manager again, it complained that the package avg75fld was broken and couldn't be found. Running sudo apt-get clean from a terminal window didn't fix a thing and my package manager remained as broken as it could be.

After searching the ubuntu forums, I was finally able to get rid of the error and the broken package by running sudo dpkg -P --force-all avg75fld from a terminal window.

Note : according to the thread in the forums, one should not use this option lightly as forcing a remove could lead to all kinds of problems, so it is clearly a case of user beware!

Anyway I took the plunge and got rid of the avg package. While the scanner performs well on most windows systems, I'd suggest steering clear of it on linux!

I just got a mail stating that some of my domain names needed to be renewed, so I headed over to my registrar to check which ones needed my attention. I found 5 domains that needed to be renewed soon and I decided to drop one and renew four. As I was almost ready to check out and pay for my purchase I had the common sense to check online whether there were no promotional codes that I could use to lower the total cost. A quick browse gave me the code PETE2 that took off 20% of my order (only valid on orders over $40). Yay!

If you are a GoDaddy customer and about to renew a bunch of domain names, log in and enter promo code PETE2 to save : GoDaddy.com

This is gonna be an entry that fellow geeks may find interesting, but I assume the majority of people will find quite boring. However, even for them, there may be a lesson to be learned.

I just installed the new beta release of the Secunia Personal Software Inspector (download here : Secunia PSI beta) and the initial scan scored my system at 89% up-to-date. I had a few insecure programs installed, and some others got an end-of-life warning. Some uninstalling, rebooting and installs later, I managed to get my rate up to 97% - which is much better, but still not perfect. (Update on July 26th : I'm up to 98% now, with just two end-of-life programs left)

Two tools I currently use - not regular though - have gotten an end-of-life warning and one is plain insecure and should get a service pack applied asap. I don't recall why that hasn't been done yet, I guess I tried it before and it failed back then, and I forgot about it. I'll see if I can patch it and remove or replace the two programs that are no longer supported. The less vectors for attack and intrusion, the better.

Please feel free to run and download the tool yourself and post your initial score in a comment. Then install as many updates and patches as possible, and post your new rate. The one who manages to score best will get... absolutely nothing. Well, not from me anyway, but they'll get to work on a more secure system that is less prone to getting abused. Which should be all the incentive you need :)

Thanks to the excellent advice and instructions published in the castlecops MRP wiki, I was finally able to remove that damn Vundo adware infection that I somehow had gotten. I'm currently processing over a 120 mails that had come in over the past 4 days, most of them being spam so it'll take me but a click on a couple of buttons to zap those.

While going over all the programs installed on my machine, I noticed that QuickTime wasn't updated yet, and the adobe flash player had a new version available as well. Coupled with an even stricter update policy and IT security for my machines, I hope to stay adware free for at least the near future - it's always a battle and a constant evolution on the side of the attackers as well as those defending and coding removal tools.

Around 9AM I started cleaning the machine, hoping to be able to bring it back to life without too many problems. It's 13h49 as I start writing this entry and I've not gotten one step further :(

The problem is this : two DLL files are linked to the WinLogon registry entry, causing them to be be loaded the second I boot into windows. Once they are loaded, I can't remove the files themselves, and if I manually delete the registry entries that refer to those files, they add them again. It's a catch 22 as far as I'm concerned. I may try booting into linux using a live CD, and see if I can kill those DLL's then, since windows ain't running, the files shouldn't be in use or protected.

I've ran Spybot S&D, I've ran AVG AntiSpyware, I cleaned up my system using CCleaner and I've attempted to run Trend Micro Housecall, which unfortunately often caused my browser to crash. I may give it another try soon though. HiJack!This does find the rogue entries, and tries to remove them, but fails as the running process interferes. I've asked for help on the CastleCops forums, hoping the expert volunteers there may be able to help out getting this crap out of my system.

Half a day wasted with this already and not all too pleased with it. I had other plans for the day...

I'll be running a couple of more checks, but this morning a first check gave my main machine a clean bill of health. A secondary check is running as I write this, and once I get home tonight - though it may be postponed till tomorrow - I'll be running at least two more scans before considering the box to be free of bugs.

The warning below still stands till I'm 100% certain the nasties have been eradicated.

Yesterday I noticed some things weren't as usual on one of my computers. The machine was throwing errors when trying to launch IE - which I rarely do anyway - and I suspected something was amiss : and right I was. A couple of scans and checks later, it seems it has become compromised by something referred to as "torpig".

It certainly is a pig as I have not yet managed to remove it. I am glad however that even though one machine has become infected, my defense in depth techniques have safeguarded all the other machines in the network.

I've been working on it for a couple of minutes just now, but I need to head off to bed and get some sleep coz tomorrow it's gonna be another long day. Thursday I'll be picking the system apart to see if I can clean the box while maintaining data integrity, and if that's not the case I'll take the only course of action possible : format and complete reinstall. Something I'm definitely not looking forward to, though on the other hand I can't keep on working on an infected machine either. Anyway, it's shut down and disconnected from the network as well as from the internet while I gather information about my little unwanted guest.

It certainly is a setback as I was hoping to get other things done on Thursday, but this has just become my new priority task. I can't afford to loose my main machine to some crappy trojan/spyware program.

The best thing about this all is that I can be almost certain the infection occurred less than 24 hours ago, which leaves the window of opportunity for an external entity to really snoop around on my machine rather short.

Consider this a very serious notice that if you happen to receive a mail from me that looks weird - well, more weird than is usually the case - or that you didn't ask for, it should be deleted, shredded and evaporated without opening it. At least till I post here that everything is at status green again.

For those that may still think spam is not really a problem :

Over the past three years (March 10th 2004 till June 25th 2007) 171.339 e-mails went through my spam filters and proxies. Of those one hundred and seventy one thousand three hundred thirty nine mails, 162.310 mails were classified as spam (94.73%).

Luckily, my spam solution has a running average accuracy of 99.55%, leaving only 759 mails incorrectly classified. Those stats are just for my first layer of mail classification. The incorrectly classified mails are not instantly discarded, but all mail is presented to a second layer, where I glance over them - usually very quickly as I know the first layer of defense has a proven track record - and change an incorrectly classified mail if there is one. That change is then also made in the first layer proxy settings which will make it more accurate next time it comes across a similar mail.

Is your inner geek satisfied now?

Yesterday I booted the laptop (an Amilo L7300) into Ubuntu and when checking for updates, was promptly given the option to upgrade to version 7.04, the latest release. I had already read on A Geek In Korea that the upgrade from Edge Eft (6.10) to Feisty Fawn (7.04) was quite painless, so I gave it a shot. The update went without a hitch indeed : after downloading about 62MB of files, it installed, removed obsolete packages, cleaned up the system and rebooted.

One little snag though... I can't set my desktop resolution any higher that 800x600, where I'm very certain it was at 1024x768 earlier. If anyone has the solution to get Feisty Fawn running at that resolution on an S3 IGP Unichrome Pro videocard, I'd like to hear it.

I have a similar problem when running Second Life on the laptop by the way : after the latest update to 1.5.0.2, text is pretty much unreadable and very hazy. Yet the card works without a hitch at 1024x768 in windows XP Home. Solutions? Tell me!

Note : there are no newer drivers for the videocard as far as I'm aware.

I usually am against many of the extra "tools" that you can download from the internet and tie into your browser since the majority is either nothing but a front end for spyware, adware or pretty emoticons. The Alexa Toolbar is different though : created and supported by Alexa Web Search it offers me a quick view on some stats about the sites I visit, they offer related sites as well as who links to the site. Sure, it may only appeal to my inner geek, but maybe you'll like it too, who knows.

An IE version can be downloaded from Alexa Toolbar Download. Firefox has a plugin that you can find at SearchStatus : Firefox SEO Toolbar. Enjoy!

This post was done using a brand new install of ubuntu linux on my laptop. A simple install and 139 patches later - also a breeze to download and install - I've moved myself to a new OS. Well, not permanently as I still run XP on this box as well, but I like this one quite a lot. I'll see how things progress over time. I need to get the wireless connection working, but that seems as simple as getting the correct WPA2 key installed.

I think I'll do that over the weekend. Before you all go thinking I did nothing but geek things today, I also got two loads of laundry done!

Firefox 2.0.0.2 was released, I recommend updating to it to fix some vulnerabilities. I don't recommend updating the addon forecastfox 0.9.5 though, as it contains a bug which results in settings not being saved. Very annoying!

I hope it's fixed soon, because I find it quite a handy addon...

Update : Fixed, version 9.5.1 was released a few hours ago. Use the update mechanism to get the fixed version.

It's Monday morning and I've been up since 6h30 and awake since five. Talk about a totally fucked up sleeping schedule! Last night my dad called me and woke me up... at 18h15. I had pulled an all nighter and finally went to bed around eleven planning to get back up around two and head over there to take a look at his computer problems.

I did go there and fixed the issues, but a tad bit later than planned. It was well past 7PM when I finally looked at the troubled machine, but by 11:30 it had undergone an upgrade to XP Professional SP2 (a legit copy!), had been fulled patches and checked and freed of spyware (there was little to be found, phew); had flash updated, Opera uninstalled, as well as some other programs no longer used.

The second machine I had nearby - actually one roll of the chair away - was given a new install of Java and all older versions got removed. Ancient flash installs got their head chopped off too and some minor tweaks were done.

All things considered a rather productive afternoon/evening and one less machine open to (easy) abuse by hackers, virus and malware authors or spammers.

Oh, I finally found an easy way to update Apple Quicktime to the secure 7.1.3.191 version - even a new install from the Apple website still hands out the insecure 7.1.3.100 version, boo Apple! - and I'll be providing the instructions here (assuming QT is installed in the default directory) :

1. open Windows Explorer
2. navigate to C:\Program Files\QuickTime and check the version of QuickTimePlayer.exe
3. if it is 7.1.3.191, all is well, lower versions are insecure and/or out of date
4. if it has a lower version number, navigate to C:\Program Files\Apple Software Update and run SoftwareUpdate.exe
5. Download and install the update to Apple Software Update
6. Download and install the Security Update 2007-001
7. Verify the version number of QuickTimePlayer.exe and see if it's 7.1.3.191
8. Done!

I get home this morning, log on for a quick mail check and every POP connection times out. Surfing (http on port 80) works fine, just no mail arriving. Strange! Could be the mail server(s) of my ISP being down, but as I've got servers in use all over the globe, that would just be too bizarre.

Immediately I think about the patches installed yesterday, but notice nothing irregular about them. Checked the firewall settings - those weren't changed in any way - yet still no POP connections possible.

The I recalled the first rule in IT : if something doesn't work, reboot it.

I did. I promptly saw tens of mails rolling in of which most were spam. I think I've never been so happy to see spam in my mailbox ;)

Off to bed now. And don't let my small mail problem hold you back from patching your windows machines ASAP! It was after all probably not related to the patches released on Patching Tuesday

If you have been considering "upgrading" your machine from XP to Vista, but find the price charged by MS a bit too steep, take a look at this article : How to install a Vista upgrade on any PC.

So far I have not experienced any slowdowns but Hackers Attacked Key Net Traffic Computers on tuesday. More coverage at The Register : DDoSers bombard Military root server (and more) and at SecurityFocus : Attack seriously slows two root servers.

Remember people... you too play a role in making sure these core servers stay safe. If you keep your personal machine(s) up to date and clean, it is much harder for others to abuse your system in a large scale attack such as this one!

I fired up my copy of Microsoft Baseline Security Analyzer and was promptly warned that a newer version (2.01) was available. I downloaded it (here) and removed the old version. However, the installation of the new version failed to complete as there was a problem registering serversecure.dll and xmldb.dll with error code "HRESULT - 2147221164". Nice... even a second attempt failed, so now I had the newest copy of the security analyzer, but couldn't get it installed.

Thanks to some searching I found that running the "regsvr32 c:\windows\system32\atl.dll" command fixed the corrupted information concerning the registration state of atl.dll, and fixed the registration problems with the two other dll's as well. Strange if you ask me, but hey... it works.

I don't know yet whether I should consider this good or bad news, but the fact is that I'm back online for now. Instead of replacing the splitters first, I decided to take the firewall out of the loop and that solved the problem. With a direct connect from the main box to the ADSL modem, there are zero connection problems, which probably means the firewall is at fault.

It could - I assume - also mean some cat 5 cable is faulty, disrupting the connection between the modem and the firewall, but it seems rather unlikely. I'll have to do some more testing to know for sure. It's a good day to stay inside anyway, with windspeeds up to 110 km/h predicted I don't feel like going out unless really necessary.

Notice : you may see FK disappear for short periods of time - if everything goes well that is - due to some maintenance being performed. If we return the latest version should be running under FastCGI resulting in an increased performance. I'm not sure whether that performance will be noticeable by end users/readers or mostly on the back end/server. Time will tell :)

Update : The new version seems to be running, but I can't get FastCGI working. Whenever I change the extensions to .fcgi and update my config file to point to them, they return a "file not found" error. If you have any clue on how to solve this - yes, the files do exist and the permissions are correct if you ask me - please let me know!

The internet connection didn't magically fix itself while I was out. I think I've got my work cut out for me tomorrow. My first guess? The modem somehow got fucked up. I've checked the firewall and everything seems fine with it. Both the firewall as well as the modem were restarted (power down, not just a reset) and I still can't get anything beyond an IP assigned by the DHCP server in the firewall.

First work tomorrow is replace the DSL splitters, though I'm quite certain those are not the problem - they are just the easiest to replace. After that, I'm taking the firewall out of the loop and connecting the modem directly to the main box to see the result of that. If the modem is fucked, I'll know it right away.

Anyway, if you don't hear back from me right away (IM, mail, comments, whatever) it's probably due to a very limited connection. I don't feel like sending unsecured data over a network that ain't mine, and is open to everyone who happens to feel like connecting.

While happily browsing away today, suddenly I ran into DNS trouble. I tried disabling the network connection, but that somehow failed. After a reboot, I still get no look up from the DNS. The firewall is up and running - logging in is no problem, I verified all settings even though they haven't changed a bit - and the DSL modem was rebooted. It synchronizes fine, so the physical connection is up as well. I'm stumped right now as what the problem is, but it is clearly not isolated to the first computer. None of the other machines can resolve names to IP's either.

So, off I hop onto a wireless connection of a neighbor, and I check the Skynet network status page : all is fine according to them. Not if you ask me, but I don't have the time to troubleshoot more now as I have to head off to work.

It better be fixed when I get back home.

Oh, Nadia : I received a reply from EDPnet, and they do support newsgroups and even the binaries. If you want, I'll forward the links to the documentation online to you once I'm fully connected again.

I've been working on the laptop of a colleague from work, as he complained that it was almost impossible to use anymore. He described it pretty much like this : "There are tons of windows that open, it's very slow and generally a pain in the ass to work with". It's not the first time I hear descriptions such as that one, and I'm usually not really impressed by the amount of spyware, adware and viruses installed on the machine. Seeing that this was a 4 month old laptop, with all but the most recent windows patches installed, I was impressed.

A first scan with SpyBot returned 286 malware related entries. After uninstalling an expired copy of Norton Antivirus and installing AVG Free, 195 virus related files were discovered. I also uninstalled WinSoftware AntiVirusPro 2006 (adware!) and made sure the OS was patched to the latest level.

A couple of hours and several scans later - I went to bed in the mean time - the laptop is almost performing up to it's specs and only a couple of stubborn malware entries remain. One of them being CmdServices, and Ad-Aware as well as SpyBot SD have trouble completely getting rid of it. I think it may be time to do some manual registry surgery!

I admit, I found this article interesting : Computer Warming a Privacy Risk. If you're even more of a geek than I am, you can find the presentation in PDF format here : Detecting temperature through clock skew (5.6MB)

There's one problem with this technique if you ask me : if tor servers are not dedicated, they will be used for other tasks as well, and the intensity of these tasks will also affect the amount of heat produced, thus resulting in fluctuations not caused solely by this technique. Even when attacking a dedicated tor server, others use the same server and the load and temperature will change frequently. I'm not a security researcher though...

I got up before eight and have been working behind the scenes of this blog since. Several tiny alterations have been made, though most if not all will be unnoticeable to you. It ranges from adding alternative descriptions to the videos posted recently, to replacing deprecated html tags with their css counterparts. Nothing spectacular yet it should make the site more accessible to people with a handicap or using text readers.

It takes a little extra effort to get these things right, but there are several tools to make your life easier. Today I used the Readability Test to get a first impression, then Watchfire WebXACT was used to verify the page, and I also ran it against the Cynthia Says content accessibility validator.

I admit there's lots of work to be done - especially if I want to go from the current W3C WCAG P1 level that the pages gets now to a Priority 3. On the other hand... how many individual webmasters do you know that actually care about these things? At least I work to improve the accessibility of this blog.

I can't really thing of better description of myself right now. As I spent quite some time last night reconfiguring the print server, I tested and retested everything, or so I thought. When I wanted to print some documents from the old desktop, nothing appeared apart from some errors. Strangely enough, everything works when originating from the laptop, so the print server itself should be up and running.

Now is the time to smack myself in the head : I forgot to update the installed printer so it reflects the changes made. It was still pointing to LPT1, while it's now attached to the network! No wonder nothing printed :) With that sorted, I'm up to date on my finances and filing statements now and off to grab some food and prepare for a night shift.

It's a couple of minutes past four - in the morning - and I'm about to head off to bed. While watching some addictive documentaries on Nation Geographic I've been running some tests on my network. I think there's quite some work left to be done in order to find and hopefully fix all possible attack vectors, if such a thing can be done at all.

I grabbed a copy of the Nessus scanner and ran some tests against some of the clients here, one being the print server. A first scan returned 11 warnings and 4 holes if recall correctly. A couple of configuration changes later, I cut the amount of warnings for the print server is cut back to 2 warnings and only 1 attack vector remains unpatched. There's little I can do about that though as this piece of hard and software is obsolete and no longer maintained nor supported. I'll set up filters on the network to prevent attacks.

Yeah, this was a pretty boring entry, I know :) Off to bed now!

I was able to disassemble and reassemble the dashboard much quicker today, I guess I'm getting used to it. However, I seem to have one spare Torx 20 screw, I wonder where that came from?!

I don't know if anyone has paid attention to the spam they receive, and especially the return addresses used in them. I have been a victim of joe jobbing before, but after I made some changes all unrouted mail that arrives at my domains ends up in the eternal bit bin. Problem solved? Not really as bounces still end up at my domain(s), but I don't have to deal with them anymore. But that's not the point I was trying to bring accross.

Take a look at the first part of the e-mail address. Don't you notice anything special? If you don't, you probably don't receive enough spam :) Here's a list of (partial) return addresses I know for certain :

Deboranovack - Deborahterreri - Deborasdesigns - Deborayen - Deborahsm55 - Deboramvianna

All of these are titled 'It's [insert name here]". I ran the mail headers through some tools and they originate from various IP addresses all over the world. Going by my gut instinct, this spam run is being performed through a series of infected zombie PC's, a botnet.

Now do you understand why it's important to keep up to date on patches, have a firewall running and correctly configured, keep the virus scanner up to date and not to open mails that promise instant sex with 69 virgins, or images of those acts? Your ignorance makes me deal with crap I don't want to spend time on - I'd rather be having sex with 69 virgins!

After having moved quite a lot of domain names through various registrars, the records got quite polluted. Due to constant abuse of my domains in spam runs - not that there is anything to abuse, but they used them as return address to catch the heat (joe jobbing) - I tried making some changes to one domain to see if it would get things back under my control. After making the changes last week, things didn't cool down.

When I checked some records today, it turned out the changes were still pending because the old name servers remained active! This left me with domains registered at Register B, while the domain were still reflecting the name servers of Register A. Not too healthy a situation, so I just spent some time checking all records and making changes as needed.

There is a slight possibility that you may see some domains disappear every now and then as the changes are propagated through the internet, but none of the changes made should interfere with friedkitten.com - or .org, .net, .info, .eu, .tv and .be for that matter.

I've got yet to see a reply to my post about the comment problem that occurred last week - either people don't understand the problem, or they don't have a solution for it I suppose. Over time it'll become an open but cold case...

Off to the store now to see if I can get some good but affordable 13cm speakers to replace those currently in the car. This afternoon I'll call Smart Center Sint-Niklaas and order the bass bins. Installation on tuesday or wednesday depending on delivery time. (bass bins are ordered and this is what I'll be attempting : fortwo soundupgrade.

For everyone that has been waiting for it anxiously - probably just me - it is possible to grab firefox 2.0 even though the mozilla homepage still lists 1.5.0.7 as the latest available version : check some of the local FTP mirrors (I grabbed mine at ftp.uni-erlangen.de) and you'll see 2.0 is available already.

Note : some extensions "broke" after installing the brand new 2.0 branch, but I guess they'll be updated to work on 2.0 soon enough. Pimpzilla has a a 3.35 version available which seems to work on firefox 2.0. Happy testing!

For the really geeky people out here, here's an overview of browser versions used to visit www.friedkitten.com :

IE : 52.21 % (89% uses v6.0, 4.24% uses the latest 7.0 version)
firefox : 41.15% (96% uses v1.5.0.7, 1.08% uses soon to be released 2.0)
Netscape : 2.65% (100% uses v7.2 - hi dad!)
Opera : 2.21%
Safari : 1.33% (hi Ash!)
Konqueror : 0.44%

I've been using Eudora for the past 10 years or so, much to my delight. I've always loved the client and in fact I even purchased a license for it. When I read a couple of days ago that a new version was available, I installed it and the install promptly downgraded my version from Paid Mode to Sponsored Mode - thus showing ads in the client.

It seems my license had to be renewed, yet at the same time Qualcomm announces that Eudora will become an open source program, under the wings of the Mozilla Foundation. The client will be free to everyone once it has become OS which is expected to be somewhere in 2007. Not bad as I'm all in favor of open source software, but then again Qualcomm wants me to shell out another USD19.95 to keep my current client in paid mode till the free version arrives? Not bloody likely!

So today I started migrating away from Eudora and towards Thunderbird - a client I already use on another machine. Installation was a breeze, importing messages went quite smoothly, but somehow I couldn't get the addressbook imported. Whenever I tried using the Import tool, it just stated : no addressbooks found. I exported my Eudora addressbook in csv format, imported it in TB and ended up with a totally garbled mess. Not the solution either.

Luckily, thanks to the excellent TB support forums, I found the solution : rename the Eudora addressbook file (NNdbase.nnt) to NNdbase.txt and it'll easily import into Thunderbird. Fixed!

I'll use this opportunity to clean out the old mailboxes and get rid of long forgotten messages while I finetune everything to my liking. I'll sort of miss my trusty Eudora, but it's time to move on.

Is anyone of you familiar with Murphy? Yeah, the same Murphy from Murphy's Law : "Whatever can go wrong, will go wrong".

As I finished cleaning up the place - not that it looks any better now, quite the contrary - I moved the rack to the other side of the room and started moving IT appliances around. I moved the DSL modem to the rack, and then came to the conclusion my phone cable wouldn't stretch that far (For those unaware of physics laws, phone cables don't stretch at all). I knew I had tons of phone cable around somewhere... but where? I dug through all my boxes filled with remainders of IT related things, and sure enough I found phone cable, lots of it. And all of them came up short. When I finally dug one up that was long enough, it turned out to have an RJ11 connector on one side, and an RJ45 (ISDN) plug on the other side.

Which makes sense, as I stripped it off a DSL modem that was connected to an ISDN line in The Netherlands, but it wouldn't fit here. I grabbed my trusty cable cutter and plug tang and removed the RJ45 connector. Then it turned out I had no RJ11 connectors to replace it with. Crap!

Leaving that for what it is, I moved over the wireless router, and started pulling Cat 5 through the room to reconnect everything. Not a problem in sight, except... All my UTP cables were too short. Not much, but just like phone cables, they don't really stretch. Off to the shop for network cable, RJ11 plugs (or pre-made phone cable). I finally got 2x5m Cat5 UTP cables and 4.6m of high quality phone cable. Ten minutes after I arrived home, my three machines were connected and online again. What an afternoon, but the outcome will be totally geeky :)

I'll delay the introduction of the Netgear router to the mix till friday afternoon or saturday. Sunday I'll be driving around in my Smart for most of the day (smart meeting in Ostend) and monday is back to work for a night shift.

Kenny, I'll see if I can make some photographs of the current setup, though there is little to see about a bunch of things stuck into a rack...

Click to enlarge the thumbnail and see some explenation about what is what. I still have to move a printer to the rack, tidy up the power strips, and once I'm done (or started) moving my files from the old desktop to the new one, the old one will be placed at the bottom. On top of the rack - out of sight of the photo - is the wireless router, because they tend not to work too well inside a metal cage. I still have to test that connection, will do that later. Off to have some spaghetti first, then off to bed!

While borrowing Joco's car on wednesday to pick up that rack, I damaged it, it turns out. It probably happened while unloading the rack by myself, and I hadn't noticed it in the dark, otherwise I would have told him right away. Today I went over to assess the damage and sure enough, there are scratches and paint is gone where I unloaded the rack. I feel damn bad about it too, I really should have been more careful with things that ain't mine! I hope to hear from him soon, so we can settle this thing - not that there are hard feelings or something like that, but I'd like to put it behind us.

Tuesday, I'll be off for a full day, and then I hope to install some new gear. The idea is to connect my DSL modem to the new router, which will provide some more security than the current setup, and hook my wireless linksys router up to the wired router, so it also sits behind the firewall.

Schematically, it would be something like this :

Internet - ISP - DSL modem - Netgear Router/Firewall - LAN - Linksys router - Wireless.

The linksys should not pass out IP addressess, but rather pass on those gotten from the netgear router, so all clients are in the same IP range. Later on, I could add another wireless AP, which I can then open up so everyone can connect and get basic (but strictly bandwidth limited) access to the web, and I log everything and run a constant sniffer on the subnet to see what passess, including passwords and such. I think it is a nice social experiment to see who sends unencrypted data over a "free" AP they don't know. I know I certainly don't.

That'll be a project which may or may not happen, depending on whether or not I can split the open AP away from my LAN so nothing can cross between my secure network and the free-for-all network, while at the same time seriously limiting the damage that can be done through the free AP. I certainly don't want hacking, spam or any other suspicious activity happening through an IP assigned to me.

I scrapped the mobile phone repair attempts for the day, and after getting in touch with Joco and the ebay seller, I picked up Joco's mini van and drove off to Ostend to pick up my 19 inch rack. And a nice one it is too, especially considering the fact that I paid 36 euro for it!

The drive was easy - GPS is such a usable tool - and we were able to get the rack downstairs and loaded into the car without too much problems. The side panels and front door were taken off, so that lightened the weight considerably. Then after getting home with it, I realized I had a bit of an issue : we loaded the rack into the car by the two of us (the seller and I) but when I got home, it was just me. I got the door and side panels out, then disassembled the remaining 2 trays and carried all of that upstairs, using the elevator. Now, the frame which still is heavy, is something else. Using some very creative carrying techniques I got it in front of the elevator, but now I had to make it fit. Metal bars don't give way too easily and you can't just bend them in order to fit.

After taking some measurements, I decided it would fit, and it sure did - barely. I had about 5mm to spare at each side, but it got up alright! I had to take the stairs though ;)

Once it was unloaded and inside - right in the middle of my hall, but inside nevertheless - I took the car back to Joco and Eef after filling it up for 50%. Joco warned me not to risk returning it topped up, so I complied, lol.

The past 2 hours I've spent cleaning the rack and assembling it again. I've done two trays already and the side panels are latched on as well, but the rest will have to wait for tomorrow. Off to bed now after I've caught up with mails and other outstanding things.

Oh, that other rack I was following on ebay, that sold for 153.5 euro, more than I was willing to shell out for it anyway, even if it was nicer.

I should be on my way to Neerpelt, but I clearly am not (yet). I'll be leaving soon though, once I finish writing this entry.

A couple of minutes ago, I got my SPF records published for the friedkitten.com domain, after some mailing back and forth with my webhost. They were professional and excellent as always, pointing out benefits and disadvantages but leaving the final decision up to me. After getting their informed opinion, I decided to go through with it, as there is little to lose for me.

SPF is not an anti spam tool, but rather an anti forgery tool. It should prevent unauthorized people from sending mail in your name, though much of that depends the checks done by the receiving party. If no one checks the validity of the SPF record, they don't benefit from the added layer. Even if checking, one can still accept, question (accepts but moves to a specific mailbox for instance), or refuse the mail, based on the outcome of the check.

It's a vicious circle, I'm well aware of that. If no one publishes SPF records, people will not rely on them to decide what's potentially legit or fake. If no one checks the records, why would you publish them? I went ahead and had them published for one domain so far. I'll now be monitoring if any problems arise - if not, more of my domains will have their SPF records published.

For the time being, I suggest you don't refuse mail that fails the SPF check on friedkitten.com, especially since this is just a first test case. But please, do check if you can. Gmail, the mail service of google, for instance does check SPF records, but appears not to reject based on the outcome.

Note : right now most SPF checking will be done - if any is going on - by the mailservers of the company/ISP/organization you use. End users have little options to verify SPF records themselves as far as I know. If you know of any tools, feel free to leave a comment with explenation or an URL for me to check.

Security aware users of friedkitten.eu or fans of the local friedkitten.be blog, already know that firefox 1.5.0.5 should now be jumping the fence, leaving the vulnerable 1.5.0.4 version behind. If you didn't get the update, please do so now by going to the Help menu in firefox and click "Check for Updates". A small download and exactly one firefox restart later you're good to go again.

If you're still using - I'd almost wrote "trusty" - old IE, follow that firefox 1.5.0.5 link above to change your browsing experience for the better.

If you're a McAfee user, you may not be able to switch to firefox entirely, as I just found out. Now that on the new box IE has been degraded to the "can't uninstall but don't use it either" browser ir turns out that the nice people at McAfuck write tools that can only be updated using internet explorer. Say what?

"Oh sir, you're interested in this nice new vault? Oh, you're buying it too? Very good sir! When will you be picking it up? In two minutes? Wonderful!" (insert sound of money and cashregisters)

2 minutes later.

"Oh, I'm sorry sir, but you can't transport our vault with that shiney new Lexxxus pickup truck that'll hold the weight of ten vaults. Our vaults can only be transported by an old Nirvana Van that'll come very close to the edge of breaking down." (Note the lack of sound of money or cashregisters now)

Yeah, if I recall correctly - and I do, even at 9 in the morning after once again way too little sleep - I said I disliked the McAfee Security Suite from the start, even if I got it for free. I just clicked the Seach for Updates button and what pops up? A page from McAfee stating : "Please note that Microsoft Internet Explorer 5.5 or higher is required to download and install McAfee products." Lets see if we can trick McAfee into working with a better browser by switching the User Agent of firefox to IE 6.0...

After switching the UA, and reloading the IE required page, we're suddenly greeted by a page claiming they detected netscape as our primary browser and an offer to download McAfee Clinic Activator which will support Application installations and updates. For the heck of it, lets see what happens next...

I download the McAfee Clinic Activator yet it doesn't show up in the extension overview. After a restart of firefox, and another attempt to download and install updates, we're greeted by a blank page. The source shows it doesn't lack content though, but it doesn't display either. I guess you really need IE to update your virusscanner...

Time to harass the McAfee support habibs :)

Nice... If you want to use the McAfee support pages to contact a "live technician" you first have to run a virtual technician which will check your setup. It requires... Internet Explorer. So much for being helpful, though I must admit they offer to download a standalone version. I won't even bother and just look for my Uninstall button instead!

McAfee Personal Firewall Plus.. Uninstalled
McAfee SpamKiller... Uninstalled
McAfee VirusScan... Uninstalled
McAfee Security Center... Uninstalled
Reboot!

Because KDS and Nadia asked what the hell the last entry was about, here's some extra information.

If you've got a wireless network at home, you want your wireless device (laptop for instance, or PDA) to connect somewhere, right? The connection is made to the Access Point (AP) which may also double as a switch, router, DSL modem. The connection between the client and the AP can be protected using a number of techniques, of which WEP is probably the one known by most people. WEP encryption is not secure, and if possible it would be better to use WPA or WPA2. Thruth be said that even WEP provides a basic security and while it can be "cracked" it'll take a while to do so because you'll need a number of packets before one can crack the key.

But I digress because WEP, WPA and WPA2 have nothing to do with wardriving. As you may know, your AP may advertise it's presence by broadcasting it's SSID, so others can see it. What the SSID is set to doesn't really matter, and some people leave it at the default, or change it to something funny or anything that makes sense to them. It's also possible to stop your AP from broadcasting it's SSID, but that doesn't mean the signal can't be picked up.

Now, when wardriving, we use a mobile device (usually, it's a bit more difficult to walk or drive around with a full desktop on the seat next to you) such as a laptop or PDA. In the device a wireless network card is present and usually an external antenna is connected to it so the range of detection goes up. The antenna picks up the signals from Access Points present pretty much everywhere and displays them on screen, and/or logs them to a file. I use netstumbler to scan, but KisMac or Kismet are also available, iIt all depends what operating system your scanning device runs. We do NOT log in to networks, crack WEP keys or access the (often open) network in any way! We just drive around and map the area, just as if you were to walk around your neighborhood and write down the names of the people next to their doorbell. You don't ring the doorbell in order to do so, nor do you push the door open or break it down. You just see who's around and what information they're giving out.

In order to make wardriving more interesting, you can attach a GPS device to the setup, so coordinates can be logged as well, and you can later put all the found AP's onto a nice map. For the time being, I've not done this yet, as I lack a GPS device :(

So, to answer KDS's question "Why was it good for you?" : because I'm a Geek at heart and only now realize how much radiowaves are sent through the air without most people knowing ;)

It was good with a capital G. Oops, so that should read "It was Good". I'm not talking about my first time having sex, because that's quite a few years ago, but today I did my first ever real wardrive. My senao pcmcia card with 5dBi magmount antenna arrived by mail today - ordered on friday, late in the evening - so I immediately started setting things up, but that proved to be a bit of a challenge. The drivers were supplied, but each time I launched the file, it would open a dialog, allowing me to click NEXT and that was it. It just froze, but when I checked for running processes (not applications!) it clearly showed to be running. After loads of reboots and killing various programs that are always running on my laptop, I got the card installed.

I'm still struggling with the order it needs to get it running from the first time after booting the laptop again, but it won't be long before I get the hang of it. I drove off to work, the antenna placed close to the windscreen on the hood, because unfortunately... smarts don't have a metallic roof, so magnetic foots don't attach to the roof. Anyway, that problem will probably be dealt with tomorrow (super glue and a small piece of metal maybe) and off I went.

I drove the 40 kilometers to work, while netstumbler was happily "boing"ing away pretty much all the time. When I check the number of AP's found, I was pretty suprised : 346!! Knowing that quite a major part of my route is out in the middle of nowhere, and on highways, I really didn't expect such a result. On the way back I got 284 AP's and then the laptop went into hibernation mode because it ran out of juice. Damn! Anyway, I've ordered a universal car charger so that problem should be solved shortly as well.

The antenna works great, but I find a 2 meter cable to be on the short side, because that seriously limits where the laptop can sit and where the antenna can be placed. I think 2m is long enough when running from a PDA out of a backpack for instance, but from a car... quite short. Unless you don't mind drilling right through the roof that is.

Tomorrow, I'll go get two new harddisks because the shop I'd like to purchase from is not open on mondays. A new computer has been ordered as well, and I hope to receive it shortly. This means however, that I have to go to the bank now to make a payment...

A quick overview of the new system : Intel Dual Core 2.8GHZ processor, 250GB SATA HD, 1024MB RAM, a fancy Ultra Sharp Flat Panel 19" Monitor (I was still using an old CRT monitor so far), ATI X600 SE videocard (not the most fancy, but should be enough for my needs).

Update : Murphy strikes back, or so it seems. I just received a mail that there is a problem with my order, so I should get in touch. When do they send out such a mail? At 16h41, and their offices closes at 17h00, so that will have to wait till tomorrow :( I just tried contacting the Brussels branch, but that just forwards me to The Netherlands and they happily say "the sales division is closed for now, please call back tomorrow". Online sales, quick and easy? My Ass!

Damn... when I got up this morning and turned on the monitor of my desktop, I was once again greeted by a screen that had letters flashing "Critical" all over it : it's clear that yesterday's RAID warning wasn't a coincidence, one of the drives is indeed starting to fail. I powered the system down and am now contemplating my options.

Surely I'll have to back up as much as possible before the drive crashes beyond repair, even though it's only one disk. All the information is still available on the mirror but as we all know, Murphy rarely travels alone.

I could start hunting for a two new Mator 80GB HD's (D740X-6L) right now, and replace the failing disk. Then once the raid mirror is back up and functional, replace the good drive as well so I'm good for another couple of years. This would be the cheapest and fastest path to fixing the problem.

I could configure and order a completely new system, which means quite some hoops to jump through and a fair amount of work to be done. I'd have to copy all the data and configure and finetune the new system to my liking, and knowing myself, that will take time and irritate the hell out of me. On the other hand, it would give me a nice and up to date new box to play with. New toys are always nice :)

Or I could do both... replace the (failing) disk(s) and order a new system at the same time. Then I can use the new machine for everyday work, and use the old one to install linux onto, run and IDS on it, things like that. But I've already decided that if I get a new system, I don't need a fancy latest state of the art configuration. I mostly use it to browse the web, do some photo manipulation and play video's on it.

Oh, the options and the decisions...

Skype (2.5.0.113 - new features and bugfixes)
WinAmp (5.24 - security patch)

A 0-day exploit has been reported in Excel, but no patch is available yet. Read more at secunia. While there, take a look at the Microsoft Windows Hyperlink Object Library Buffer Overflow as well.

Apple seems very determined to infect as much machines with their iTunes software, as possible. I just tried installing QuickTime 7.1 - because my older QT version told me 7.1 contains important security fixes - but alas, one can no longer install just QuickTime. It now comes "bundled" with iTunes, making it a download of over 30MB! I don't need iTunes, I don't want iTunes, so why should I be forced to download it, install it, and then remove it again to just keep the component I need? You tell me!

I could understand Apple promoting iTunes when a user wants to download and install QT, but at least give someone the opportunity to opt out, or deselect the additional download. Seems Apple is going the MS way :(

I just sent Apple feedback about this issue, so maybe, some day, they may realize that their users are adult enough to decide for themselves what they want/need.

Update : "notasblindasyou" graciously pointed out that there is a standalone version of QuickTime : QuickTime standalone version. I must have had stuff in my eyes for not noticing it. Sorry Apple people!

First a little update on the machines currently in for maintenance/repair :

Laptop from S. : Clean install of Win 2K + SP4 v2 (Roll Up 1) completed.
Desktop from N. : fixed and picked up (Hint : pleased with the service?)
Desktop from A. : First analysis done. Need original XP CD to proceed.

I just installed a patch on my laptop to fix a quick battery drain. According to The Register, not all causes for the high consumption are fixed, but 1 out of 3 is better than no patch at all, right?

A quick first update on N.'s desktop : infected with nasties such as Sex.List, CommandService, Smitfraud-C, CoolWWWSearch.BadZoneMap, CoolWWWSearch.WinRes, DeskWizz, NetWork Monitor, and that's only halfway through the first scan.

Once I can get rid of CommandService and Network Monitor (they're related), I think I'll have a good shot at getting rid of all the rest as well. Especially the fact that some of the adware programs constantly monitor the network and download and re-install themselves makes it harder to remove. So, what did I do so far? I booted it up, connected it to the LAN, updated the virusscanner (failed), updated Ad-Aware (successful), downloaded/installed/updated Spybot S&D (successful), did a windows update (failed), edited the hostfile (removed a bunch of entries), download/installed Firefox (successful) and then disconnected from the LAN immediately. Reboot, and start working...

This once again shows that "regular computer users" are very unlikely to be able to free themselves of all nasties the have made their PC their new home. And unless you can get rid of ALL of them, there's more than enough vectors to get infected within seconds.

I don't know if spring actually affects computers, but it sure seems like it. Two weeks ago, S. asked me if I could take a look at his laptop, because it failed on him. Over the weekend, N. mailed me to see if I could check her desktop because it was infected with a trojan/virus/adware/spyware and giving her trouble. Yesterday afternoon, a colleage A. asked me the same, because his desktop is throwing a fit too.

Today, N. dropped off her machine and I started working on it, and it sure seems troublesome. Something is running havoc on it, but so far I've not been able to identify the culprit. It ain't MyTob, that I'm sure about. I'll look into it more on thursday, my day off. The laptop form S. sits on my desk because I don't have a sure way of fixing it yet. It seems like a hardware problem, though I'm not sure. More analysis on thursday as well I suppose.

Today's plans include downloading Knoppix (4.02 CD version, just over 700MB, happening as I write), building a more up to date version of VPM (including Tor 1.0.17, and Firefox 1.5.0.1) and installing that on the USB stick. The build on the VPM page contains slightly outdated programs, so I'll be attempting to get a grab on linux, and build my own tarball. That'll keep me busy for the day I suppose.

I'm doing some laundry in the mean time, and I've soaked and washed two pillows already, as Tai didn't like me staying out late last night and pissed on one of them. He did the other one earlier last week. I tell you, he's an unforgiving bundle of joy, that cat of mine.

Update : over 3 hours later, I've booted and shut down Knoppix about 5 or 6 times, and didn't get any further than "cannot change ownership" while doing some tar operation on libevent-1.1a.tar.gz. I did however learn how to mount and remount a USB stick in read/write mode, and that *nix systems like "CR" and not "CR/LF" like windows systems. Did that help me get my VPM up to date? Not in the least, but I feel like I've learned something...

Update 2 : Tai is a damn whiney cat. Always wanting attention, cuddles and miaowing away. If I wanted that much attention or responsability, I'd have kids! All I wanted was a silent presence, and now I'm stuck with an omni-present clingy furry creature that hates being left alone. I love him, but come on... this is getting ridiculous!

I've been keeping myself busy with these things lately - especially reading up, comparing, gathering information, asking questions :

- Fedora
- Tor and #tor on irc.oftc.net
- Dell Poweredge 1850

Eventually, these things should go on the box as well (if I ever decide to go ahead and get acquainted with a *nix system, buy that server, get a colo, maintain it and get it up and running) :

- freenet
- Mixminion Type III anonymous remailer

I've been noticing some strange behaviour on my laptop lately, and when it happened again today, I decided to look into it. I'm working normally, and suddenly a small pop-up tells me my virusscanner is trying to access a certain IP adress using POP3, even though I'm not - as far as I'm aware - running any application that would need POP3 access at the time.

I quickly opened a command prompt and a netstat session did indeed confirm an attempt to reach an ip address linked to bethere.co.uk, which makes NO sense at all. I'm not in the UK, I'm not using a UK provider and no one I know is either. It only happens on the latptop, so my first idea was that someone is messing with my wireless link to the desktop machine. However, I've set up my link using WPA2 with a completely random and strong key, so that shouldn't be possible.

I could suspect tor, but there is no real reason to do so, apart from the fact that when this happened earlier, it stopped after I removed the application. However, when I check tor and the bandwidth it uses, there is no activity at all, which sounds right as it is not in use all the time. I only fire up tor and the proxies when I need some additional privacy, and the speed with which data arrives is less important. Is someone trying to use my installed tor client to send out mail? That again should be impossible since I have it configured as a client, not a server, and by default it doesn't allow POP3. My idea is that it ain't caused by tor.

I quickly ran my antivirus, spyware and adware tools to see if anything got past my defenses, but nothing has shown up so far. The firewall is up, the virusscanner is up to date, yet something tries to create a POP3 connection to a UK based host. Go figure.

Update : I have now finetuned my netstat capture to not only list the open connections and their state, but also which binary is responsable for creating them, sorted by protocol. This should be enough to find out more about the perpetrator. My e-mail scanner log files it under AutoPOP3, which really doesn't ring a bell. To be sure I've upped my default log information from medium to high, so I hope to get some more info.

If anyone happens to know where this mysterious POP3 connection to bethere.co.uk originates from, I'd be happy to find out. The IP address it tries to connect to is 87.194.29.236.bethere.co.uk and the brand and model of the laptop is an Fujitsu-Siemens Amilo L7300. I must say that I've found similar questions from people online wondering why their AVG Mailscanner suddenly feels like connecting to foreign servers. To be continued, no doubt.

Note : I'm not running eMule, eDonkey, or any other filesharing programs, nor are they installed on my machine(s).

Update : Guess what. The PID of the offending program is 1264 in my case. I check the running processes and shows up? Tor. Crap. Off to read up and possibly talk to the developers of it. Solved : thanks to some volunteers in the #tor IRC channel (irc.oftc.net) the mystery was solved. Tor keeps some connections open and 87.194.29.236 is the address of a dir server, which runs on port 110, thus is captured by my mailscanner. Whether I find it "wise" to run a dirserver on a port specified for mail remains to be seen, but the mystery is solved. Off to throw something in the donation bin for tor now...

Programs updated
FileZilla was updated to version 2.2.18 on December 26th.
Ethereal was updated to 0.10.14 on December 27th.

Security
An unpatched bug exists in the handling of WMF files in Windows. It is actively being exploited, thus rather important that you are aware of it. For the time being there is no patch, see Microsoft Security Advisory (912840).

You can unregister the vulnerable dll though, by following these instructions :

- Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and click OK.

This will prevent Windows Picture and Fax Viewer from starting when a .wmf is accessed.

To restore functionality, follow these instructions :

- Click Start, click Run, type “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks), and click OK.

I just downloaded a demo copy of Airopeek NX, weighing in at just over 30MB, to come to the conclusion it doesn't wanna play nice with my Ralink RT2500 wireless network card. I could always install or run Linux on the laptop, but I don't feel like it. Toying around with wireless networks is not that high on my list to to switch OS.

Note : I've been up since 9h30, which is way too early if you ask me.

I just replaced my old 300 watt PSU for a brand new 400 watt PSU. I didn't really need the extra power, but I did need the stability. It's actually the first time ever that the PSU gives me trouble - before it always was the motherboard, or the drives giving up. Not really suprising though if you know I run my machine 24/7, 365 days a year. Sometimes components just can't live up to the demand I suppose.

Anyway, things seem to be running fairly smoothly, I just have to look into some USB devices windows was complaining about, I may have to point out where to find the drivers again, but that shouldn't be too hard. Off to clean the ferret cage, and entertain them. I'll put on Nid & Sancy while doing so.

While I was skyping with Joco, I suddenly heard an audio alert in my headset. The fun thing was that Joco was able to hear it too, which really supprised me. I wonder what else people can hear while skyping?

Anyway, the computer just shat itself again, but at least now I've got an idea what the problem may be : an irregular voltage line in my PSU. It's expected to supply about 3.3V constantly, but every now and then it drops to 2.80, which is too low. I just had an alert for the past 3 minutes or so, and now it's back up to a healthy 3.26 volt - pretty bizzare if you ask me! I guess that means I'll be shopping for a new PSU tomorrow. I hope I can find one for an acceptable price, according to Joco they're rather expensive, when looking for a high performance, low noise one.

Gonna give my dad a call now, he's much more a techy than I'll ever be, and electricals is not really my forté. I'm better with software and general maintenance, mail, AV solutions, blogging (setup, maintenance, ...). Which reminds me, I just set up a basic blog for another friend of mine, who will be creating his personal place on the web - away from his professional site(s).

I was happily working (read : playing games online) when a little window popped up : CPU temperature critical - Sytem shutting down.

I clicked cancel while I reached under the desk to get a quick idea of the seriousness of the warning. The machine was hot, but it always is. I checked the PSU fan - because it wouldn't be the first time that one fails - and it was working fine, and a noticeable flow of hot air was exiting from the casing. The warning popped up again : CPU temperature critical. System shutting down. I quickly maximized the system monitor and there it was, blinking in red : CPU temperature at 71° Celsius!

I once again cancelled the warning while rapidly closing whatever windows and applications I didn't really need. I dropped my internet connection, close the usenet reader, browser, local proxy/spamfilter(s), RSS reader and who knows what else. In the mean time I was also checking whether I could get the side panel off the box to let some fresh air in and see what the problem was. After all, a CPU normally doesn't overheat without good reason, so I figure the cooler must have fubar'd. However, the noise coming from the machine was quite normal, and I guess I'd notice if a fan wasn't working.

Crap - for once I actually had screw in the back of the panel and of course no emergency open heart surgery tools were to be found nearby. In other words, I was looking for a screwdriver. Nowhere! I usually have one somewhere on my desk, hidden under whatever may be on top, but not today. I finally scrambled for my toolbox and yes... a screwdriver. By the time I found it, I had also started a manual shutdown procedure for the machine, not willing to take any chances. The last thing I can use is a fried CPU!

All of this happened in under 20 seconds, but by the time I was able to get the side panel off, the machine had shut down so bye bye chance to actually see what caused the problem in the first place. Aaargh! Anyway, I turned it back on, grabbed my vacuumcleaner and sucked away all the dust I could find inside. I grabbed a flashlight and checked all coolers inside (CPU, Videocard, overal system cooler, PSU fan, Motherboard fan, and I probably missed some others) and they were all happily whirring along. Strange...

I grabbed my small drill and cut some extra holes into the front panel for good measure - although I know very well that won't affect CPU temperature, in a best case scenario it may lower overal sytem temperature a tenth of a degree - and reassembled everything. So, now I still have no clue what occurred just there, but at least I have a clean PC now. I also tied up some cables to optimize airflow, but that was more a "make sure no cable can get stuck in the fan and slow it down" thing than anything else.

While you were reading this, you were just drawn into the story, weren't you? You were waiting for the next cliffhanger, the next high... I know, I can make opening and cleaning out a computer as exciting as a blockbuster hollywood action movie. Not that those are anything to measure up against but hey... I try!

Most of you won't find this exciting at all, but for the few that may, check out this "old skool virus fighting story" :

An ordinary day at work; testing F-PROT's OS/2 version, answering support calls and writing the upcoming Update Bulletin. It's over five o'clock, time to get home - the fall is far advanced and I'll have to get my lawn sown before winter sets on.

The phone rings and shatters these thoughts. The call comes from Symbolic, our distributor in Italy. Jeremy Gumbley, who works in Symbolic's technical support, is on the line.

Jeremy gives it to me in a nutshell: A person had just dropped by and told him that a new, unknown virus had been found in one Italian university. Continue reading at F-Secure blog.

Firefox 1.5 was released yesterday, which certainly explains why I had a hard time connecting to some Mozilla pages earlier on. I just installed the latest stable release and then ran into the expected incompatible themes and extensions.

Here's what I had installed earlier, and whether or not I was able to get it to work with 1.5 :

Themes :
Qute - success - installed beta version 3.01 from the homepage
FireFox Modern - unsuccessful, 1.1.3 is not (yet?) compatible with FF1.5
PimpZilla - successfull, installed the 2.9.9 beta release

Extensions :
ForecastFox 0.8.2.4 - compatible with 1.5 but connection errors (fixed)
SwitchProxyTool - beta version for FF1.5 available - installed through extensionsmirror.nl
HTTPLiveHeaders - successfully updated to 0.11
Tabbrowser Preferences - version 1.2.8.7 works with FF1.5, 1.3.0 expected
Google PageRank Status - success - updated to 0.9.6
User Agent Switcher - disabled after install of FF1.5, extension reinstall fixed it
Download Manager Tweak - installed 0.7.1 (homepage currently hard to reach)

Overall success rate by moving from firefox 1.07 to firefox 1.5 one two day(s) after official release when it comes to extensions and themes : 66.6% 90%

Today was more or less hell at work. For starters, my backup operator didn't show til ten as he had a meeting first and work was just over the top. Guards being called for duties all over the site and loads and loads of people arriving on site at the same time. Hard to get a grip on at times, but I handled it pretty well, even if I have to say so myself.

I certainly hope tomorrow is a little better but I fear not : it's an official holiday but the the revision starting in the evening, I think at least 50% of the people will be around and needing assistance. Which we will be able to provide, but in very small doses, one by one I suppose.

Oh... I almost hate to say "I told you so" but here it is : First Trojan using Sony DRM spotted. It took a bit longer to appear than I guestimated, but not that much longer.

Users are not the only ones suffering from all of this though : Sony better prepares to suffer too - Sony hit by lawsuits over root kit, EFF Confirms Secret Software on 19 CDs and analyzes the End Users License.

Remember the Sony/BMG rootkit install I wrote about a few days ago? A patch for it was released that removes the cloaking behaviour, but the rootkit itself remains in place. More info on Sony to offer patch for 'rootkit' DRM at The Register.

Now I wonder how many non-geeks know about this rootkit? There has been quite some buzz over it in blogland and on various techy websites, but the main population remains clueless. As predicted, some World of Warcraft cheaters have already used the (now optionally patched) cloaking of the Sony/BMG rootkit to hide their cheats from the WoW security module "the Warden". Info on Security Focus this time : World of Warcraft hackers using Sony BMG rootkit.

This just shows how a bad implementation of an even worse idea can exponentially lead to chaos. For now it's cheating at games, but if you ask me, it'll be only days, if not hours before new virus/trojan/adware/spyware variants will be seeded to the internet prefixing their files with "$sys$". While the amount of machines currently "infected" with the rootkit is anyones guess, the virus authors have nothing to lose and everything to gain.

If the targetted machine has the rootkit installed, the malicious code - be it virus, trojan, worm, ad or spyware - will be even harder to detect (and thus remove). If the rootkit is not present, nothing changes for the virus author.

With the increased Bagle activity over the past days, as well as the SDBot virus spreading through IM, specifically targetting AIM - and we all know AOL users usually ain't the brightest star in the sky - the future looks rather depressing if you ask me.

However, things like this brighten my day : A first solar system prototype measuring 23 feet in diameter and 16 inches high, produces an astonishing 6.5 KW of electricity. Check out the manufacturers website (Pyron Solar) for more details, tech specs and video.

This morning as I left for training - which is interesting but tomorrow I hope to learn something new for real - I set Olga to work, and when I got home around 13h00 she was stuck next to the toilet, as she had run out of power. I'm recharging her as we speak.

While typing out this post, I'm doing a check-up on the PC of a colleague and let me tell you this : I've seen some PC's infested with spyware, adware and viruses, but this one is one of the worst cases so far! A first scan with Ad-Aware using up to date reference files returned 530 entries. A second scan gave me another 35. Scanning again using a different account resulted in 118 entries.

Spybot S&D found 88 additional problems and a first virusscan (not up to date) reported 4 infected files - I had those removed. I'm currently running a new virusscan, this time updated up to today, and the screen tells me another Trojan horse has been spotted. No wonder André told me his machine was slow, unresponsive and generally behaving erratic!

I'm off to the store for food and some other things I need, while the scan continues, and when I get back I'll give him a call because one of the accounts is password protected and I want to scan it as well.

This time my dad was having some problems with one of the older machines, so I popped over, had a yummy dinner and chats before I started working on the machine. We installed a new disk, partitioned it, formatted, installed windows XP, some patches and then reinstalled some of the software he often uses. Works like a charm now, and faster than under windows 2000 as well.

That may be due to the fact that while replacing the disk we noticed the cooler that was on the old disk wasn't working properly : instead of blowing hot air away from the disk, it was sucking in dust and spreading it all over the drive! It was covered in a thick layer of dust, so that certainly would add to the problem. It seems the coolers got their polarity switched (not our fault but rather a manufacturing defect), so we turned the cooler around to get the correct effect. The machine should run much better now.

The joys of working on computers, you know :) A colleague from work may bring his machine along on monday so I can take a look at it as well, as he was complaining about it being sluggish and behaving weirdly. More adventures into PC land!

Why do I charge people that I know personally though have nothing but an acquintance relationship with less than people I get to know as customers first? I'll have to take care of that and set the record straight starting january 2006. That way I hope to redefine the interaction with said family as strictly business. I don't talk, meet or hear them anyway, unless one of their computers is acting up. Suits me fine to just do business with them then.

The main machine had problems with "oledlg.dll" reporting it as corrupt/bad, whatever. First question that pops in my mind is "How did they manage to replace a windows system file with an incorrect/illegal file?" because that is something tricky, even if one knows how to proceed. And believe me, they don't know!

Fixed that (sfc /scannow), installed latest versions of Ad-aware and scanned the machine, then ran Spybot S&D for good measure, defragged the drive and extended their subscription for the virusscanner - which had expired somewhere in June! Installed one more XP patch and then I moved onto the secondary PC, used by one of the sons. Apparently since the last time I had been there, he decided to install windows XP onto it. Not my problem, earlier on it was windows Me and that was way too often my problem.

He just had some tiny problems with pop-up and getting disconnected. 3 hours later I had gotten rid of 78 virus infected files, over 300 instances of spy and adware and installed 17 XP patches that had been downloaded to the machine but never were installed. Go figure. I dropped SP2 onto the old box as well (128MB ram, yikes) for good measure hoping it will slow down the amount of trojans and virusses he always manages to gather on his machine. A new and up-to-date virusscanner as a cherry on top of the cake should keep everything under control for the time being.

Time wasted : 6 hours.
Time charged : 3.5 hours

This has to stop, next time she pays the going rate, no more discounts. It's not as if she returns any favors, so why would I cut her any slack?

It had been giving me write back delayed errors for a couple of days, but now my 250GB external La Cie Porsche drive seems to have died on me completely. I unplugged it and connected it to another USB 2.0 port, but the little led on the side doesn't even turn green/yellow anymore, just bright red. When booting XP, the device is not recognized and when I search for new hardware it reports "device cannot start".

I'm screwed, ain't I? Sure enough the disk was not filled to the brim - phew - but still I think there was about 80GB worth of data on it. Not the most important data admittedly, yet I'd like to recover some if not all before the drive is declared dead officially, or is sent in for repair. I think I'll first have to see if it's still under warranty as it is not that old yet.

Luckily I did register my disk when I bought it, so I just requested my password to be mailed to me again. Let's see if that actually changes anything when it comes to warranty.

Update : It doesn't work when directly connected to a USB port on my desktop, but it is accessible when attached to the powered USB hub. Trying to recover and save data now.

Believe it or not, this is the first ever entry made on this blog using my own secured wireless network. It took me a while to get the client and the router to play along and use the same WPA key, but in the end I got it all correct. This neighborhood has just gotten a new secured wireless network.

Because I am (just a little) bit paranoid, I've decided not only to implement WPA-PSK with a TKIP encryption, but I've turned on MAC address filtering as well. This should create an extra hoop to jump through in case someone manages to get inside the network in the first place. The default network name has of course been changed, and a strong password has been set up for administration of the router.

I've got an excellent connection in the apartment, so I should be able to use this thing anywhere I want. I'll try blogging from my terrace next time - probably on friday, providing the weather is fine - this post was brought to you from my bedroom.

Now I really have to run and get ready for work!

Mighty expensive one, that's for sure but as of this second - until the next reboot proves me wrong of course - I'm back online with my main box as well. I went to the store to grab a Thompson Ethernet modem, and the cheapest I could get was one in an Skynet ADSL installation pack. €39,- is not that much, considering it has two ADSL splitters included as well and those are sold seperately for nine euro a piece if I recall correctly. That way I'll have spares in case something happens to the ones I've got now.

Anyway, next thing up the list is getting the modem to talk to the Linksys router, so I can stop borrowing wireless access from a neighbor. It's getting rather urgent since most people are back off to work and I've only got 2 unsecured wireless networks in the neighborhood now so it seems. If those drop off before I can get everything set up, I'm screwed again :)

Shouldn't forget to leave for work in time!

Progress! I got up, toyed around on the new machine a bit and then decided to give the Allied Data Technologies modem another try, upload the 5.15 firmware again etc. The firmware itself went OK, but then suddenly something went wrong with the profile or so it seems. Which is truely bizarre as that same profile uploaded without problems yesterday.

At least I now have confirmation that the modem is truely dead : it won't even detect a lan connection anymore, nor does it react to the softkey which would tell it to return to default mode. This time I really killed it I think. Ah well... too bad because it certainly is a good modem with tons of features and options. I may contact ADT Holland and see if I can get it repaired for not too much money, but I'll go out and pick up a new cheapo adsl modem for the time being, so I can (hopefully) get this wireless stuff working after all.

I should really have kept KISS and LITHA in mind before I started working on it. Always remember : don't fix it if it ain't broken.

Bleh, no dice. Even downgrading to 4.30 and subsequentially to firmware 4.28 doesn't seem to help. Not even a dns request goes through making the modem nothing more than an expensive box with pretty leds. That majorly sucks, believe me. Why do things like this always happen on the few days off that I have? (Answer : because on days off I get bored and do things I shouldn't try in the first place.)

Even though I can't seem to get or keep an windows box running properly (well, that's not entirely true, it has been running just fine for the past 2 or is it three years already. And with running I mean pretty much 24/7) I got the superb idea to try and install some linux version on this brand new laptop. I don't know yet what brand, type or version it'll be, or if I'll go ahead at all, but I'm grabbing a copy of the latest release of Knoppix right now, so I can test the CD/DVD burner in this baby and see if most bits and pieces are recognized in Linux. I already found some drivers for my wireless Ralink RT2500 card, so that's one less problem.

I won't be any installing before I got my main box up and connected again though, as I can't risk losing all connectivity. Yeah, it may sound pathetic, but a connection to the online world is equally if not more important as a telephone for me. Hell, I rarely even use a telephone!

Getting up a few minutes past nine on the first day off, it sounds so dumb, doesn't it? On the other hand, that means I slept a full 5 hours longer than the previous days, which makes it sound good.

I somehow missed this technical advisory yesterday, sorry! Mozilla releases Firefox 1.05 security upgrade, fixing the following problems :
MFSA 2005-56 (Code execution through shared function objects)
MFSA 2005-55 (XHTML node spoofing)
MFSA 2005-54 (Javascript prompt origin spoofing)
MFSA 2005-53 (Standalone applications can run arbitrary code through the browser)
MFSA 2005-52 (Same origin violation: frame calling top.focus())
MFSA 2005-51 (The return of frame-injection spoofing)
MFSA 2005-50 (Possibly exploitable crash in InstallVersion.compareTo())
MFSA 2005-49 (Script injection from Firefox sidebar panel using data:)
MFSA 2005-48 (Same-origin violation with InstallTrigger callback)
MFSA 2005-47 (Code execution via "Set as Wallpaper")
MFSA 2005-46 (XBL scripts ran even when Javascript disabled)
MFSA 2005-45 (Content-generated event vulnerabilities)

My advice? Upgrade. Keep in mind though that some extentions may break on this new version, so if some of those are essential for you, you may want to wait until those are bumped to a compatible version as well.

Off to pick up a robot now, then off to the city to see if I can find some nice second-hand books. Got things to do, I tell ya!

This post will be consisting of mostly technical stuff, so if you just want to know where you have to click in order to be up to date, scroll to the bottom for the links.

Tor is a tool that increases your online anonimity by routing your requests through various tor-servers. IF you feel like it, one can even run their own tor server to add to the network and increase overall performance. I've just installed the most recent stable client (0.1.0.11) and have been playing with it. I combined it with privoxy for increased security and web filtering. Browser (http as well as https) requests are now sent to privoxy - a local proxy - that then connects to the tor network and requests the data through multiple hops. If one would want to go even one step further, tor and privoxy could be used to talk/use freenet, but that's something I won't be setting up soon. I've toyed around with freenet before, but gave up after a while. Either to becoming disintrested in it, or because I found it too much hassle, I don't recall...

Now, take into account that routing your requests over various hops makes browser quite a bit slower, I think that's obvious. So, I set up my proxy switcher extension in Firefox to include Privoxy and Tor, and when I surf normally and/or need a fast connection, I disable my proxies. Whenever I feel like I need more anonimity and can accept a slower connection I switch to Privoxy and Tor within 2 clicks, easy like that. If you want to know more on how exactly I did this, get in touch (my mail address is available on this page, it just takes a little effort!).

Tomorrow I'll be driving over to Peter to pick up a Roomba SE in his shop. I figure that if I'm gonna buy one of those robo-vacuums anyway, I might as well drive a bit further and buy it at a friends shop, even though I've got a local Eldi 6 miles up the road.

While playing GI (link a few posts down) last night, Raveman was complaining that he tried robbing someone in the game, and he was sent to jail for 3 days. Mind you, those are 3 days in real time, not just game time. Being idiots that we are, both Joco and I wanted to try robbing someone too. Joco failed and went to jail for three days. I had studied stealing in the university so figured I would succeed. I failed, and was sitting in a cell next to Joco and Raveman. Joco almost couldn't snap out of this laughing enough to breathe. Lol... we rock, I tell you!

Oh... the links I promised : July 2005 Microsoft Security Bulletin - MS05-35 (Critical) - MS05-36 (Critical) - MS05-37 (Critical)

before I head off to bed - early shift tomorrow :( - I just wanted to throw up some links that may be interesting to others as well :

Movable Type version 3.17 was released yesterday. It's a non-critical update, so only if you suffer from some the bugs that were fixed, you benefit from installing it. I installed in anyway, and it was pretty easy. Link : Sixapart releases MT3.17

FileZilla was bumped to version 2.2.14, fixing some smaller bugs, you can find a changelog here.

I installed and tested the Skype video plugin by Dialcom earlier today, and it works though it - not unexpectedly I suppose - slows things down a bit. Grab a copy of the beta version at the Video4Skype website. Obviously useless if you don't have/use the Skype VoIP client yet.

The Register has an interesting article about a coordinated malware attack, go read it if you find those things interesting. Up the same alley is the cover story in BusinessWeek about taking down the ShadowCrew : Hacker Hunters. Interesting read, but only for those looking for a quick overview. If you want something more technical, read about the Attack on Bluetooth Pairing over at Bruce Schneier's blog, or even read the full paper by Yaniv Shaked and Avishai Wool.

Last night I was messing about a bit on the computer when I got the idea that the temperature of both the processor as well as the case itself was running quite hot. The Pentium 4 (2.53Ghz) was running at 68° Celsius and the case temperature was up to 36°. It had been fluctuating a bit over the past few days, but I decided to check it out anyway. All fans are working as expected, so I didn't really have a clue as to what was causing the higher temperatures. I took off the left hand panel and this morning the core temp was down to 64° Celsius and the case cooled down to 31°!

Was it possible that airflow was so bad? When I woke up this morning around 1PM I took my dremel out and started widening the air sleeves on one panel to improve the flow of fresh air into the case. Let me tell you that a dremel may not exactly be the right tool to cut through computer cases, but somehow I got quite a bit done before my cutter was reduced to nothing but a metal rod. A quick removal of leftover metal bits - never wise to have those around computer equipment - later I took the vacuumcleaner out and got rid of as much dust in the case as possible.

I just replaced the panel and the case temp is already back up to 34° Celsius, which is still 2 degrees better as previously. Core temp is at 65° right now, although I expect it to rise to 66°, possibly even 67° again. If the little mods I did don't solve things, I may have to take it a bit further. Adding another fan is always an option, but I prefer to avoid that to keep noise levels down. The damn thing is sounding like a jetplane as it is!

If you happen to run an MT3.14 install, and have MT-Blacklist 2.04b as well as MT-SpamLookUp 2.0 installed, you may have noticed some errors in your main MT activity log. The errors look like this :

Plugin error: plugins/Blacklist/Blacklist.pl Can't locate Blacklist/Plugin.pm in @INC (@INC contains: /public_html/friedkitten/cgi-bin/plugins/Blacklist/lib ./extlib ./lib /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1

The error is related to MT-Blacklist, not to MT-SpamLookUp. The trick to get rid of the error is to edit the file Blacklist.pl which usually can be found in the plugins directory where you installed MT, then look in the subdirectory "Blacklist". On line 20, you'll notice the referrence :

use lib 'plugins/Blacklist/lib';

Edit that path so it becomes an absolute path, looking like :

use lib 'home/username/public_html/cgi-bin/mt/plugins/Blacklist/lib';

Of course, you'll have to change the path used in the example above to reflect your own setup. If you've got questions, don't ask me :) Instead check in the MT-Blacklist forums.

For those of you that are technologically challenged, I suggest you only read the conclusion of this post. Those of you that know and understand a bit more, or are willing to wrap their heads around new tricks, read on.

Based on output from one machine to another - whether connected through the internet or locally - it's been quite easy to identify one machine from the next. Apart from just telling what was broadcasted by sniffing TCP/IP traffic, it was also possible to tell how many machines were hiding behind a NAT device such as a router. Various tools have existed both in Open Source as well as commercial packages to help accomplish these tasks, often with quite suprisingly good results. Of course usage of these tools requires quite some technical knowledge, not only to properly set them up and capture what is needed, but also to analyze the output.

A paper was just published that pushes everything even further : it seems to be possible to identify a machine with quite a certainty, without the owner or user knowing about it. It's not based on a MAC address - because that would be too easy to spoof or replace - and it works no matter where the machine is. The trick seems to be to measure clock cycles and more specifically the skews in it. Every computer has an internal clock (and I don't mean the one you see on your screen) and they all have their own cycle. Now Ph.D. student Tadayoshi Kohno found several ways to track this, and thus identify what machine is responsable for a certain cycle pattern.

Sure enough, it is the same as with fingerprints on humans : if anyone has your fingerprints, they may be able to match other prints to yours, putting you in certain places, but they still may not have your identity. The same goes for clock cycles. Monitoring TCP/IP streams, they actually do remote fingerprinting, which leads to certain patterns becoming visible. Now, if a clock cycle pattern is recorded, it is possible to check that against other streams, resulting in a match if the same machine broadcasts again.

Let's take it a step further. You've got a laptop you use and travel around with. The data stream that leaves your laptop is analyzed and a clock cycle pattern recorded. You travel around the world, and in various locations you connect to the internet and check mail, browse sites. If the datastreams were analyzed again, they would match the pattern recorded earlier on, thus putting you in different locations at the times of the broadcasts. Without you knowing it, that is.

At least one possible use for it would to be to track corporate laptops. In addition to GPS transmitters that are often embedded in high-end machines that contain very valuable corporate info, clock cycle patterns can be analyzed and recorded before the laptop is handed over to the designated user. Should the laptop disappear one day, it is theorethically possible to find it back by analyzing datastreams on the internet. Sure enough that would mean all streams are analyzed all the time, which at this point seems quite unprobable as well as impossible, but it may not stay that way.

Conclusion : new and ever changing and improving techniques are now able to track any machine as it connects and broadcasts information, no matter where or when this happens. This reduces anonimity to practially none, unless we find a way to deal with this. This means that we should either drop or enforce a new version of the TCP/IP protocol that doesn't reflects clock cycles in it's timestamp, or securely connect to an uncomprimised machine which handles all broadcasts to the external network, relaying the TCP/IP requests with it's own timestamp. This would still lead to 1 pattern being recorded, but making tracking specific machines more difficult. An interesting development in fingerprinting and tracking for sure.

Links : Machine fingerprinting using Nmap - TCP Fingerprinting - Remote Physical Device Fingerprinting Paper (PDF, 10MB)

I've only slept for a few hours, so this entry may not be all that coherent.

Send-Safe is a software tool used by spammers to control and spam through hundreds if not thousands of infected PC's, usually connected by broadband. These PC's are infected by various trojans, giving the "owners" of those devious tools full control over the machine of an often clueless and unsuspecting computer user. These botnets are then leased out for various purposes such as spam runs, DoS attacks or covering the tracks of other illegal activities.

The days that spamming was done by an individual that thought sending their message to hundreds of mailboxes was a good idea, is long gone. Well, those small-scale operations still occur every now and then, and they are as annoying as the professional spammer flooding our inbox, but the magnitude is quite different. Spamming has become - over the years - a trade of professionals, with huge resources, technical excellence and a total disregard for laws or common courtesy.

It is big bucks people... According to an article on F-Secure, the Send-Safe program actually works on a license verification system. This allows the creators of the tool to verify whether a user of their program has paid the expensive license each time he fires up the spam software. It also allows the maintainers of the botnets to limit access to it, thus keep it going longer and profit from it as much as possible.

Do you start to understand why keeping your personal machine clean and virus free is that important now? Let there be no mistake that the spam gangs (or the virus gangs, although they seem to be less affiliated, for now) are tied to groups of people that don't mind getting their hands dirty. They don't "just spam", but are quite likely also related to more traditional "white collar" crimes such as insurance fraud, phising, money laundering, identity theft...

I just ordered an account upgrade at my webhost, because I've got quite some domains and projects that I'd like to expand. Here are the new details for those interested, and between brackets the details of my previous hosting plan.

400 MB disk space (up from 325MB)
22000 MB transfer per month (up from 19Gig)
60 e-mail addresses (up from 40)
20 addon domains (up from 10 - this is my main reason to upgrade)
5 MySQL databases (up from 4)

Note : MT 3.15 (bugfix release) just became available. Off to check it out - and installed successfully.

I've been digging a bit deeper into Project Honeypot and decided to donate at least one MX entry to it. I'm currently waiting for a reply from my host, as I seem unable to set up the A record and the MX entry myself using CPanel. I'm new to most of this mailserver stuff, so I might have missed something, but I'm sure I'll learn as I go along.

I know, 't was another boring entry, but I promise to make at least one real life post somewhere this week. Maybe.

A short overview of some of the anti-spam measures I've currently installed.

MT-Blacklist : This one needs little introduction I think. Originally created by Jay Allen, this plugin now has become a supported part of Movable Type. Jay Allen joined 6A as well. The last version supports auto-updating, auto-comment denial, moderation and more lovely things.

MT-DBSL : Created by Brad Choate. Checks the IP address of the comment submitter against a DBSL list. This should instantly block everyone using an open proxy. Turned on and set to moderate right now. Will move to auto-deny after a (short) test period. If you are blocked, contact me. And make sure your computer is not a zombie!

Project Honeypot : A long-term anti-spam measure. Tracks spammers through the use of honeypot addresses. Will not affect you or this blog, but provides interesting data in the long run.

Nofollow Tag : Supported by a few search engines already, this tag prevents spiders from following the link it is attached to. In this case, it means that dumping URL's in a comment won't do you any good, spammer. If the spiders don't follow your links, they don't index them, and your pagerank doesn't increase. End of story :)

As you can see, this little blog of mine is slowly becoming more readable again. Let's be very clear though : don't expect everything to work as expected, since there are a lot more files to be re-edited and code to be examined in order to get even close to my MT2.661 blog version.

If only I remembered how I did things way back in the day - or where I found the neccessary info to make the modifications I did... it would certainly make things easier. Ah well, it's a good think though that I did all of those little tweaks myself, otherwise I'd be totally lost right now.

Some links seem to point to the same file right now (example : permanent link and comments) but those are things I'll correct or understand better after I'm done fiddling and open the manual that comes with this thingy. Yeah, I'm hacking undocumented old code, changing it comply with new tags, formats and functions, yet I don't care to open the manual. I've visited the support forums though for quick answers when I'm kinda stuck.

Will I ever learn? Probably not :)

I fixed the text area size problem. It only takes a bit of editing styles.css in the directory containing your static files. I suggest using metapad (very powerful freeware notepad replacement for Windows OS's) and then searching for textarea in the CSS file. You should find two entries, replace the default to whatever you like, and upload the new file to the correct place. Voila, one thing solved. Off to work some more on the layout and changed templates now.

I come home, to an absolute silence. My computer seems to have turned itself off. Now, I know that happens every once in a while, and the cause is usually not the machine itself, but the UPS that shits itself. I agree that having a UPS that shits itself and thus turns off the machine it is suppost to protect doesn't make much sense, but please... don't ask :)

I turn everything back on and start surfing, reading mail and everything seems to be normal. Suddenly I'm staring at a black screen and the damn thing reboots itself. Uh? As soon as it's back up, the first thing I check is the firewall. Might it be disabled and is some remote script (or scriptkiddie) rebooting my machine? Nopez, it's up and working as it should. Then I suddenly notice a change in the noise level and once again the box shits itself.

Turns out the fan of the powersupply is flaky, and thus the thing overheats massively. I got it running again now, but I don't know how long it'll last. I've already taken off one cover to help fresh air flow in and disperse heat, and now I'm off to look for a replacement powersupply, preferably a silent one. If anyone has suggestions (don't you have one of those silent power supplies, Joco?) lemme know!

Update : the PSU seems to be running fine for now. Was it just a temporary problem, I sure hope so! I've been looking into silent PSU's and the true no-noise models are still very hefty in price, but the Zalman ZM400B-APS (ATX - 400 Watt PSU) seems to fit both my needs as well as my budget. I might order one in case this OEM one goes tits up.

Just spent 15 minutes analyzing what had happened to the blog of a friend. She IM'ed me this "Serv... what is going on with my blog???".

Now, let me get this straight : I'm not hosting her blog, nor do I have anything to do with the daily maintenance of it. I just happen to have it set up for her, on a webhost of her choice, so she turned to me first to find something out. Apparently, everything had been defaulted back to the initial settings, which left her locked out, all posts gone and no way to easily gain access again. My first idea was that someone had hacked into the account, but upon analyzing the databases there was not evidence of something like it happening.

I went in through her domain controlpanel, accessed the database, removed the old password, created a new password, dropped it in the DB so she regained access. The thing is though, she's lost pretty much everything stored in that database. Some of it being things that were unique - as in not saved anywhere else. People, please... make sure you make backups!

I backed up all the sites I host/maintain today - when did you?

Oh, if you're running windows XP, with Service Pack 1 (ouch!) and use IE (even more ouch!) make sure you install the latest iframe vulnerability patch released by Microsoft (MS04-040). Don't do it tomorrow. Do it today!

Mozilla Firefox has reached version 1.0 and has been officially released. As some of you might already have noticed, due to the overwhelming success the Mozilla/firefox and link sites are very difficult to reach. Quite some of the FTP sites are flooded with users as well, so here are some extra direct links to help distribute the load on servers :

Main FTP : ftp://ftp.mozilla.org/pub/mozilla.org/
FTP Mirror Europe 1 : ftp://ftp.uni-erlangen.de/pub/mozilla.org/
FTP Mirror USA 1 : ftp://mozilla.isc.org/pub/mozilla.org/
FTP Mirror USA 2 : ftp://mozilla.ussg.indiana.edu/pub/mozilla.org/

Note : make sure you browse to the correct directory! You'll be looking for something like firefox - releases - 1.0. Then depending on your OS you'll have to decide what directory to use. Windows based OS'es need too look in the Win32 dir, Linux users need linux-i686 and Mac users should obviously go for Mac.

The first release candidate (RC1) has been released for Firefox and a final release is expected on November 9th. Mind you, if you are currently running the PR build, and you don't feel like being annoyed because a bunch of extentions don't work in the current RC1, don't upgrade but rather wait for the final release.

PuTTy has been updated to version 0.56 to fix a serious security hole in SSH2, and since FileZilla relies on PuTYy technology for its secure FTP connections, FileZilla has been patched to version 2.2.9.

Ethereal is onto version 0.10.7, and Eudora 6.2.0.8 is available as a beta release. A new stable release (1.2.6) of GnuPG is available, and a new version (v3.23b) of GPGkeys - part of GPGshell - has been released to fix two slightly annoying but non-critical errors.

If you use any of the programs mentioned above, I suggest looking into upgrading. I would rate the FileZilla and PuTTy upgrades as essential because of the security implications, whereas the Eudora, GnuPG, Ethereal, Firefox and GPGKeys updates are not really critical right now.

Remember the rule : don't fix what ain't broken. Keeping that in mind, I did install Firefox RC1, Ethereal network Analyzer 0.10.7, the FileZilla update as well as the GPGkeys patched version. I'm a geek, what can I say?

Had a meeting to look at various refinancing options, and I was a bit surprised yet disappointed as well. It seems that if I go for long term security (fixed rate) the amount I can save monthly is not earth shaking. I was hoping for more, but I guess that only is possible if I'm willing to take some risk and allow for possible rises.

When we took out our mortgage about 5.5 years ago - has it only been that long? - we (the ex and I) both decided to play it safe. I still (partially) feel the same way, even though there are benefits for taking risks. Ain't there always?

The good thing is that in my case, the bank would almost without a doubt accept my application, and have no additionnal requirements such as opening an account with them, using their insurance offers and such. Which is a great thing because I'd hate to change banks, account numbers and things like that. And taking on another account and bank just for the mortgage doesn't make sense, I've got plently of accounts and banks do deal with as it is.

Hm... I need some input of you people - keep in mind my current monthly payment is 534.76 :

Option 1 :
Case A : refinance and pay 508.90 monthly for 15 years (fixed)
Case B : refinance and pay 463.73 monthly with possible rise to 537.74
Case C : refinance and pay 460.65 monthly with possible rise to 548.53

Option 2 :
Case A : Refinance + quite some cash, pay 461.21 monthly for 15 years (fixed)

Option 3 :
Case A : Refinance and pay 370.76 with possible rise to 467.31 (20 years)
Case B : Refinance and pay 373.96 with possible rise to 454.81 (20 years)
Case C : Refinance and pay 429.64 for 20 years (fixed)

I've already scrapped the options I won't consider (either because they are too long term, or the monthly payment could rise to much), but I left them in to give you a complete list of options.

No thanks. I've been playing around with PGP a bit, or should I say GPG/gnuPG to be correct? After reading some messages in a Eudora newsgroup I decided to check out the plugin again and reinstall gnuPG - I had it installed before but never really used it.

As of today, I think I'll be signing my outgoing messages so people that receive them can verify their authenticity. Encrypting mail is not yet an option as no one I know uses PGP/GPG let alone knows anything about it as far as I'm aware.

Of course you can say that there is no need at all to sign, let alone encrypt regular mail because I don't have anything to hide, on the other hand... what's the problem if I do? Why should anyone be upset that I encrypt and protect my mail? It doesn't affect you, does it, unless maybe you were interested in the content of it from the beginning :p

Links : gnuPG - PG plugin for Eudora - Intro to Crypto (PDF format)

POPFile 0.22.0 - Excellent local mail proxy to deal with spam (released 2004-09-08)
BSplayer 1.02.812 - Superb freeware replacement for mediaplayer (released 2004-09-14)
Firefox 1.0PR - Alternative browser and my all time favorite (released 2004-09-14)

Additional Notes
Firefox - Be advised that the newest Firefox release might not support your older extentions, or that a newer version of those extentions is not yet available. If you actively need and use extentions, check first and possibly delay the upgrade.
BSPlayer - check out the excellent Desktop mode that BSplayer has - it'll allow you to play pornmovies* on your desktop (in the background) while still being able to do regular tasks and have everything else available. This might be the ultimate Windows Media Player killer. * It also can play regular movies in desktop mode, but those are less fun :)
POPFile - Faster, more stable and all of it without dropping accuracy. Upgrade takes a few minutes if you've got a large corpus.

I just stumbled upon a document that lists browser usage statistics over the year, as well as a short history for each browser. Maybe a bit too Geeky for the average internet user, but mighty interesting nonetheless if you ask me!

Browser Usage Overview

Just keep in mind that you cannot just rely on statistics, because they can often be misleading.

Since SP2 was released to the masses today - it's available on windowsupdate - I'll be installing it shortly. If you don't see/read/hear from me back today, something must gave gone seriously wrong. Otherwise, I'll be back in an hour or so.

While installing it, I'll have pizza (leftover from yesterday) and do laundry. I intent to make it a good day, no matter what :)

Update : So far so good. It took about 30 minutes to download and install SP2 and came in at a nice 95.3MB for my fully patched and updated system. I'm about to check the new additions/changes and then install new firewall software (and not use the built-in one).

why a certain ISP has such a bad name amongst it's clients, let alone all the RBL's its mailservers are on.

Don't know what the crap I'm talking about? I just received a "personal" automated message from the "Internet Fraud Team" of my ISP, stating the following :

Thank you for your e-mail informing us that you have received spam in your electronic mailbox. To be able to properly handle your complaint, however, we will need additional information.

This is exactly why I know it's an automated reply. The complaint was about usenet spamming, not e-mail spam. (Score : 0 out of 1)

The address of the sender, in and of itself, is not reliable when it comes to determining where the spam came from. The reason is that the address is probably a phony one generated by the person sending the spam. What we require in order to be able to investigate are the so-called "properties" of these e-mails. To access the properties of an e-mail, right-click the e-mail's subject and select "Properties." Then click "Details" and "Message Source."

Duh... I know that, idiots. I do wonder however whether the Internet Fraud Team knows it too? They include instructions to find the "properties" of an e-mail - which it wasn't - for a mail client I don't use. (Score : 0 out of 3)

The Order in Council (royal decree) of 11 March 2003 implemented certain important changes in the law of which you should be aware. From now on, we must also have the body of the message in order to determine whether the conditions imposed under the law on "spamming" have been met. Thus we ask that from now on you please add the bodies of messages to the headers already requested.

Automated reply anyone? I did provide all headers, routing information and the body of the message. (Score : 1 out of 2 - for talking about a message, no longer about a mail. But I guess that was just a lucky coincidence.)

The next step then is to resubmit your complaint. Please do so using the forms on our portal, which you can access by clicking this link: http://www.belgacom.be/abuse. Alternatively, you can resubmit your complaint by sending an e-mail to abuse@skynet.be.

So I can get the same automated reply once more? No thanks, I've got better ways to waste my time. (Score : 0 out of 1)

Please include this information in your e-mail itself and not as attachments. In most cases, attachments are filtered out for security reasons, which could result in your complaint not being processed.

Finally something that makes sense. (Score 1 out of 1)

Please note that without the header and body of the message we will unfortunately be unable to handle your complaint.

I don't need further proof that even with all the correct information, you'll be unable to handle the complaint. But thanks for trying.

I've snipped off their phonenumber and other contact info, as they didn't really add anything more to a sadly lost cause.

I'm almost finished bringing my colleague's PC back to life. After those first 209 objects that Ad-Aware detected, the 40 entries in spybot SD, and the 19 virus/trojan horses, I updated detection rules and found another 42 spyware entries (and fixed them) scanned the machine one last time to catch 2 more trojan download files.

Patched it with 54 critical and important hotfixes, rebooted and installed another 22 optional patches. SP1 is out of the question since it seems the SN is blocked... maybe a key generator could be a solution to make sure the box is more secure?

In the mean time, my trusty MS Explorer IntelliMouse - which has served me well over the past 3 years - seems to be running into trouble more and more. It very frequently loses its USB connection, and then takes a few seconds to be detected again, or even requries a manual re-connect to enable it again. I think I'll have to get myself a new one, don't I?

As I was running a newer version of SiSoftware SANDRA, I noticed I could finetune some more things on my box, so I set out to find the newest drivers for some devices. One of them were drivers for my AC97 onboard sound, the others were an updated version of the old BT Bluetooth drivers that had been sitting on my computer, never used for the past 2 years.

However, since I recently bought a new mobile phone, I decided to connect it to my PC using bluetooth. No problems at all an in a matter of minutes my Z600 was happily chatting to my PC. This was on version 1.something.somethingelse.

MSI Live Update 3 had version 1.4.3.3 so I grabbed that one to replace the old drivers and it uninstalled the old crap, removed the backup files, then nicely placed the updated drivers in the correct locations and I was done. Or so I thought.

After a reboot, it turned out I always got the error "Your bluetooth software license does not include use with this Bluetooth device. [6]" when I tried opening the BT Tray application. After clicking OK, it asked for a license.dat file. What the fuck? I don't have a license file, nor have I ever needed one! Apart from that, this is legit software, to go with a legitimately bought MSI PC2PC Bluetooth device! Not one to give up easily, I set out, searching for a spark of hope to solve this mysterious license crap.

The MSI site and tech support proved less than informative, but somewhere hidden deep in it's english forums, I found a link to Jons Guides : Bluetooth Help Guide. Not really thinking I would find what I needed, I decided to read the introduction anyway. Within seconds, I found download locations for the updated 1.4.3.4 version by IBM, an .inf file with info on the newest devices, as well as a patcher so deal with the license file (I think).

I followed all the instructions to the letter and... it works. My Z600 is once again connected to my computer, and the bluetooth software seems to have a whole lot more options as well.

What can I say? Jon saved my day!

Note : if you break/disable/invalidate your phone, don't complain to me. Read and try the things below on your own responsability!

Oh, now that I'm linking and spreading geek info anyway, you probably wanna know how to check the firmware number on your Sony Ericsson phone (don't know if it'll work on all phones, but it does on mine)? Press the following keys : "RIGHT * LEFT LEFT * LEFT * 1 1" and the first word gives you the firmware revision. While you're in the service menu, take a look around - for simlocks, configuration etc. ;-)

I usually go on an update searching frenzy. I check whether or not I've got the latest releases for the software I regulary use, I check what is to be expected in the near future and do other geeky things like that.

Since most programs were up to date - I got bored a few days back as well - and I decided to wait a bit before installing Windows XP SP2 even though it is available, just not on Windows Update yet, I found this nice site filled with Firefox info, tips and tricks. One of the things caught my eye : running Firefox from a USB stick, with all the finetuning you want, plugins, settings and all.

I immediately set out to create a sticked version of my firefox install, so that wherever I go, I've got my trusted browser with me. I stripped out most of my regular bookmarks, and limited the amount of available cache to 5 MB instead of the usual 50MB, to save space on the USB stick. After a bit of fiddling with settings, options and things like that, it seems to work fine. And it doesn't leave a trace in the registry of the host computer, it doesn't clutter up the system, but instead fully runs from a removable device. Nice, what else can I say?

This concludes my Geek Project for the day, off to bed now!

When I carefully picked and selected the computer I'm currently using two years ago, I never even thought it would lack in diskspace. 2 80GB disks in a RAID 1 (mirroring) setup - "secure and large enough" I thought. Well, the system still runs secure, but I've been running out of space constantly the past weeks/months.

I either go out and grab a pair of nice 160GB drives, doubling my available space, or I go for an external solution connected by USB2 or FireWire. Since I don't have FW on this box - but I probably will when I get a new one - it would be wise to get a setup that both runs of USB2 and FW. Looking at prices, a Maxtor OneTouch (FW + USB) external 250GB disk, doing 7200 rpm, 8MB cache would cost me about 240 euro. Two new 160GB disks to stick in the RAID1 would cost me about 200 euro.

Now, I think that if I moved the less important data to an external solution, the 80GB would be more than enough to carry the important things, so in time I think I'll just get an extra disk.

Heather accepted the prize, so I'll be shipping it to her on thursday.

with the newest 0.9.1 release of Firefox. I had been running 0.8, then 0.9 and decided to install/upgrade to the 0.9.1 version that was supposedly a bugfix release. Instead of fixing bugs, it introduced some as far as I can see. Installation was a breeze, but after trying to have other applications pass data to Firefox, it always complained about a file not being found, yet it opened the requested URL just fine.

Some digging in the forums helped, as it seems there sometimes is a problem on how Firefox registeres iteself as the default browser in windows XP. This results in extra windows being opened, complaining that some file is missing and so on. Here's how to fix it (Firefox 0.8/0.9/0.9.1 on Windows XP!) :

Open Explorer
Pick the Tools Menu, then Folder Options
Select the File Types tab
Search for Extentions:None Filetype: URL:HyperText Transfer Protocol
Click Advanced
Select the Action "Open" option and click the edit button
If there's something like %1",,-1,0,,,, in the DDE Message field, clear it
Hit OK, and OK again.

Repeat steps for URL:HyperText Transfer Protocol with Privacy

You should now be able to enjoy Firefox again as it was intended. Surfing the web with an "alternative browser" is not always the easiest thing to do, but the Nerd/Geek factor makes up for it easily, and I've not one day regretted switching away from IE and towards Mozilla.

A small history of my browser usage :

I first started off using IE, but only to download and install Netscape 4.08, back in the days. I've used that one for nearly 2 years, and then switched to Opera. I've been using Opera for quite some time and then gave the NS6 beta a try. That one sucked majorly and as a result I threw out all Netscape products and went searching for something else. I stumbled upon Mozilla and started using Mozilla 1.3 if I recall correctly. I still kept Opera around and up to date though. Upgrading releases up to Mozilla 1.6 when I learned about Firefox 0.7 and gave it a chance as well. Within a couple of days I was convinced, and I've been using Firefox every since.

The only other browser left on my system is IE, and the only reason is that Microsoft refuses to open up http://windowsupdate.microsoft.com to non-IE browsers.

Firefox 0.9
FileZilla 2.2.7a

I've just reinstalled Ethereal 0.10.4 to do some packetsniffing on my own network. While it's scary to see all your - supposedly safe and good - passwords fly by in plain text, it's a great way to find out the password for that old mail account you once set up, and check regulary, but you don't recall the password from.

Maybe I should start playing with some SSH tunneling to some of the mailservers I use?

I just found out that Belgacom (or is it Skynet these days? One can't keep up with their name changing) is upgrading all ADSL subscriptions to a higher upload speed. It's about time I'd say. This means that if all goes according to plan, I'll be having a 256kbit/s upload instead of a 192kbit/s at the end of this month. Something that comes in handy when I have to upload larger files to an FTP or mail them to someone.

The geek in me is filled with joy.

What quite some people - me including - have been suspecting and thinking all along, seems to have been proven today : there is a strong connection between spammers and virus distributors. While you might still argue that the oppurtunity makes the thief, I think the article below shows clearly that spammers and virus distributors are becoming more professional and join forces to accomplish their goals.

This is the original C'T Magazine article (in german) and here are english translations of it : Uncovered: Trojans as Spam Robots, Trojans and Spam.

As you might have noticed, I specifically said "virus distributors" not "virus creators" even though that in some cases, they might be one and the same person. However, what we see more and more is that the creation is done and the code published as proof-of-concept by the author, where other parties distribute the code and bring the virus to life in a real environment. Whether that was or wasn't the intention of the virus author remains to be seen, and while the statement "if you create a virus you will want to release it too" seems to be the most popular right now, I'm not sure I agree with it.

Cars can be used to transport from point A to B (and save people), but they also can be used as weapons (mass destruction, anyone?) and take lives. It's not the object itself that is "evil" or "bad" but the way it is used that causes a certain result. Same goes for viruses as far as I can see. While right now most virus code is (ab)used in damaging way, I'm certain quite some technical characteristics of the code can be used for good things too.

Well, I got a bit side-tracked there, didn't I? What point was I trying to make? Ah... I remember. The professionalisation of spamming. Back in the days, a spammer got himself (or herself) a dial-up account, and started sending out UCE and UBE (spam) mails to thousands of people. Now that official institutions are putting (so far inefficient) laws into place, and companies are launching spam blocking software and filters, spammers need to revert to other options. After they started running their own networks and set up their own ISP's, the next step is a constant abuse of unprotected resources on the internet.

More and more machines are permanently connected, but although the machines have become faster and more stable, the users have not, even on the contrary. Each day thousands if not millions of new machines join the web, but the owners/users have had no training, or don't have a clue about where they stick their head in. Whether or not that is due to the flaws of computers and their operating systems, or due to the stupidity of the users, or a lack of "official" education is besides the point, because the end result is the same : another resource ripe for picking and abuse.

As spammers need this new can of resources to stay open and remain accessible at all time, they need a constant flow of new exploits as well. Since they can't do it themselves (yet?) they rely on others to do the dirty work : infect the machines.

As I said before, right now there still are three parties involved :

virus creator - virus distributor - spammer

but how long will it take before the virus creators realize that their "hard work" is abused by both the distributor and the spammer? Quite a few authors will stop publishing their proof-of-concept code on the web, or provide it for analysis to AV companies before they publish it openly. Others will cut out the middle man and request payment from the spammers and/or create specially crafted code for a hefty price. After the code/virus is written and sold, the spammer calls in the distributor to let the beast loose.

Where do we start in fighting all this? I honestly wouldn't know, but legislation is not the answer. Professional spammers don't care about laws, that should be obvious. I think the only way to get a grip on the problem is to educate the users... but that is not a simple fix or short term solution.

It'll take at least 2 generations to change the attitude, so don't expect spam to go anywhere in the next 50 years. Except in your inbox that is.

Analysis of the (possible virus) sample I submitted has started.

Update : Analysis has been completed, it's confirmed as a new virus. Yay, I discovered a new virus... as you can see, it's quite important that even if you have an AV solution to stay alert and think for yourself. Here's the information as provided by the techies at Sophos :

Description:

W32/SoSmall-A is an internet worm which spreads by emailing itself to addresses found within files on the local hard drive that have extensions of DBX, EML, IMM, IMH, MSG or V03.

The subject of the email is randomly selected from:

"Is this the Smallest C++ MassMailer????"
"I don't understand"
"I can't recall what happened but"
"SoBig SoSmall"
"Virus Alert: W32.Nodoom.A@mm"
"Shit happens"
"Happy Birthday"

the message text is selected from:

"Is this what where all about?"
"MessageLabs are the first to report of the new Nodoom Internet Worm
Please install the patch attached in this email to prevent outbreaks"
"Can you recall what happened at the party last friday?
I'm having serious problems, i really should stop smoking!
Maybe the picture files attached will explain it to you..."
"SoSmall, SoCold, SoNice, SoGood, SoWarm.."
"please explain me this attachment, it confused me.."
"Here are the files you asked for, cheers"

and the attachment filename is Setup.zip.

The "From:" field contains an email addresses randomly chosen from those
found on the local computer.

The worm attempts to exploit a known vulnerability in Microsoft Internet Explorer 5.01/5.5, so that the attachment is run automatically when the email message is opened.

When first run, the worm copies itself to the Windows System folder as ctsls.exe and creates the following registry entry, so that ctsls.exe is run automatically each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Ctsls=SYSTEM%\ctsls.exe

A file named Ynit.tmp is created in the Windows System folder to store a
base64 encoded version of the worm.

Some versions of this worm display a message box with the text "Error", "Start" and when attempting to email themselves display a message box containing the randomly selected subject line and a message box containing the randomly selected message text.

I just received a mail that was sent from another customer at my ISP. All my personal virus triggers went off by looking at the layout, headers and attachment filename, but my - otherwise very good - virusscanner didn't notice anything out of the ordinary. I've submitted the sample to Sophos for testing and analyzing. Here's the mail - with stripped headers - as I received it.

Return-Path: <MAILER-DAEMON@ten.skynet.be>
Received: from inav004.isp.belgacom.be (inav004.isp.belgacom.be [195.238.3.237])
by ten.skynet.be (8.12.9/8.12.9/Skynet-MAILSTORE-2.14) with ESMTP id i1GBvUqB003912
for <adress stripped>; Mon, 16 Feb 2004 12:57:30 +0100
(envelope-from <>)
Received: from inas009.isp.belgacom.be (inas009.isp.belgacom.be [195.238.2.7])
by inav004.isp.belgacom.be (8.12.9/8.12.9/Skynet-IN-AV-2.02) with ESMTP id i1GBvFNw009099
for <adress stripped>; Mon, 16 Feb 2004 12:57:25 +0100
(envelope-from <>)
Received: from inmx002.isp.belgacom.be (inmx002.isp.belgacom.be [195.238.3.7])
by inas009.isp.belgacom.be (8.12.9/8.12.9/Skynet-IN-AS-2.03) with ESMTP id i1GBuxAq002937
for <adress stripped>; Mon, 16 Feb 2004 12:57:00 +0100
(envelope-from <>)
Received: from hurricane.skynet.be (hurricane.skynet.be [195.238.2.86])
by inmx002.isp.belgacom.be (8.12.9/8.12.9/Skynet-IN-PRIVATE-2.32) with ESMTP id i1GBuoYp026480
for <adress stripped>; Mon, 16 Feb 2004 12:56:51 +0100
(envelope-from <>)
Received: from THUISPC (187-17.240.81.adsl.skynet.be [81.240.17.187])
by hurricane.skynet.be (8.12.9/8.12.9/Skynet-OUT-2.21) with SMTP id i1GBuhBK026593
for <adress stripped>; Mon, 16 Feb 2004 12:56:43 +0100
(envelope-from <>)
Date: Mon, 16 Feb 2004 12:56:43 +0100
Message-Id: <200402161156.i1GBuhBK026593@hurricane.skynet.be>
To: <adress stripped>
Subject: Is this the Smallest C++ MassMailer???
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_5_2356906.2356547"
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (inav004.isp.belgacom.be)
X-RAVMilter-Version: 8.4.3(snapshot 20030212) (hurricane.skynet.be)
X-UIDL: 70a7d8db0f15950be1cca8ae9d477ab0
Status: U

Content-Type: text/plain;
charset:"iso-8859-1"

SoSmall, SoCold, SoNice, SoGood, SoWarm..

Attachment : Setup.zip
---------------------------------------

Could this be the next installment of the SoBig series? The "SoSmall, SoCold, SoNice, SoGood, SoWarm.." line could be a pointer, who knows? Anyway, what really confuses me is that neither my scanner, nor the RAV solution that my ISP uses has detected anything strange. It passed all these checks without triggering anything - so it's either brand new and so far unknown virus, or a false alert.

Looking at the headers - and I'm not an expert at all - it tells me the thing has mailed itself from a broadband user to me, avoiding the ISP SMTP server to send itself. This leads me to believe that whatever lurks in setup.zip has it's own SMTP engine...

I hope for the latter, but on the other hand, I'd be exited to know I helped stop a new epidemic.

Have you been a good surfer and updated/patched your IE6 browser with the critical MS04-004 (832894) cumulative patch that was released february 2nd?

Well, have you tried accessing SSL protected sites since that day? Have you experienced problems accessing shopping carts, checkout pages or secured sites? Search no further : MS04-004/832894 changed the way IE resends data to a website when the initial connection request was closed or reset. You might as well see this happening in other applications that rely on the wininet functions from IE, and believe me... lots of 3rd party applications use those.

Check out KB831167 at the Microsoft site to find a cure/fix/patch. Products affected :

Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows : Windows XP SP1 - Windows XP 64-Bit Edition SP1 - Windows XP - Windows 2000 SP2/3/4 - Windows NT Workstation, Server, and Terminal Server Edition 4.0 SP6a - Windows 98 and 98SE - Windows Millennium Edition.

Upgrading the photogallery to a newer release, and I killed the eCommerce package for the time being until I can work on doing a manual reinstall of it.

I've seen some weird things happening with the automated cPanel install routine, and that doesn't really help to figure out how to configure and customize it. I'll probably attempt a manual install tonight or tomorrow.

Not that it influences or even has anything to do with the blog, but I had to write something, didn't I?

I frigging HATE dns propagation delays. I just upgraded my current web account to stuff one more mySQL database onto it, so I could play around with some scrips that require a database. That went without a hitch, as I just had to send a mail to my hosts support team and within minutes it was added.

Then I proceded to create (yet another) subdomain on one of my main domains to keep all my testing separated from live sites and I installed the script through the control panel. It was a breeze...

I finished the install, logged with the admin account, no problem. In the middle of checking out all the options and changing some of the settings my browser starts complaining the subdomain can't be found anymore. Crap. There I am, stuck again because the DNS changes now first gotta reach my ISP's DNS servers before I'll be actually be able to continue my work. And unfortunately, I *know* that my ISP propably has the lamest DNS updates imaginable.

Oh well... off to work some more on the analyzing portion of the project I suppose.

I'm off to see if I can "save" the computer of a certain someone who upgraded from XP Home to XP professional and has now ran into all kinds of problems, and doesn't want to lose all his data (again). He's getting used to losing his e-mails though :p

Be back somewhere late(r) tonight.

After having Mozilla (the full suite), Mozilla Firebird (the standalone browser) and Thunderbird (the mail client), things are changing. Today version 0.8 of Mozilla Firebird was released and baptised "Firefox". This was - according to the press release - done to avoid confusion with other OSS projects.

I don't care how they call it, as long as it works - I'm off to install the new, foxy application. The Mozilla Firefox product page can be found here : Mozilla Firefox - the next generation browser. Please note that downloading can be a bit of a hassle right now, as the page is flooded with requests for the latest version.

I had more success by using an FTP client and logging in to the FTP server (ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.8/) right away.

I've gotten quite a lot of domain names over the past years. Today I decided to start dropping some. I just renewed 15 domains, and decided to drop at least 9 others in the .com, .net and .org TLD's. I just can't keep on renewing domains that I don't intend to develop or sell anytime soon.

This entry is staying on top for a while

Regular blog updates will be posted below

Have you received spam that appears to have come from my e-mail address?? I have NOTHING to do with that. I'm the victim of a Joe Job, where a spammer used my address as the reply address to spam mail he send out. I did not send you any spam, let that be very clear!

What can you do?

1. Report the spam mail with full headers to your ISP and/or the authorities dealing with spam, UBE and UCE.

2. If you want to get in touch with the ISP of the spammer - if possible at all - submit the spam mail to SpamCop to get a quick overview of the originating server and what servers and accounts have been used and abused by these spammer(s). (requires free registration before you can use it)

3. Doing step 2 will clearly show you that I am NOT involved in this, short of being the victim, just like you.

How can you protect yourself?

1. Turn off HTML in your mails. Don't allow your mail client to load images and scripts. These are often used to track that their mail has been received and confirms the spammer that your address is a good one. Here's an example of such a tracker : http://xxxx.xxxx@nidueh.info/adsx/xxxx.gif

I've replaced the code with xxxx because I of course don't want to spammer to know my address is good. If your browser or e-mail client shows the mail, it'll request the gif image xxxx.gif from the spammers server, and by a quick analyzing of their logfiles they can verify what addresses read the mail. They're sneaky bastards.

2. Make sure your computer is not infected with trojans, ar viruses. Quite a lot of viruses released over the past year attempt to turn your PC into a Zombie - it comes under control of spamgangs who then use it as an open proxy to relay their illegal activities. The result is that you get all the heat and they get away without a scratch.

I've contacted joker.com - because they are the registrar of the domain used in the spam - to see if they can kill the domain asap. Apparently no action has been taken so far (january 25th)

Update january 23rd : As if that first spam run wasn't enough, my address has now been forged in a mail promoting "unique herbs" that'll make your dick bigger, better etc. The fun thing is that the spammer doesn't even have web bugs, trackers or an URL in the mail. If you ask me, that's enough proof that only complete morons use spam and UCE to make a point.

Update january 25th : yet another spam run in which I've been Joe Jobbed, this time for viagra, or maybe I should write "V1agr@!" ? I'm getting fed up and tired with these idiots, but I won't budge. I've contacted both my registrar and hosting provider, informing them of the ongoing attacks, so they are aware that (incorrect) angry complaints might be coming their way.

Undeliverable (bounced) mails received so far : 117 (since january 22nd)

Regular blog updates will be posted below

I've been finetuning and adding some defence to the blog, especially in regard to comment spam and trackbacks. Currently 64 IP's of known and confirmed open proxies - almost all operating from China - have been put onto a ban list, and while it shouldn't affect 99,99% of my regular comment writers, it might have some unforseen consequences.

I added a warning to the comment posting screen and actually considered installing a CAPTCHA system as well, but that would have required me to hack into a few MT modules and with the recent releases of new versions, possible incompatibilities with other plugins etc, I decided not to implement it for now. Maybe one day if the situation calls for it.

If you run into problems, just gimme a yell, will you? I'll then look into it and possibly even fix it ;)

I just received a first "bounce" mail and a quick inspection told me what I feared : one of my e-mail address is used in a spam run which will probably result in it being flooded with bounces soon, or - if I'm "lucky" - the spammer had a good and up to date list with only a very low percentage of bad addresses. In that case a ton of idiots will contact their ISP to complain that I spammed them - something I clearly didn't do.

Analyze the headers, fuckers! You'll notice soon enough that I have nothing to do with it! Anyway, I really really would like to see a working verify-before-accept mail system put in use soon, or set up a Tagged Message Delivery Agent (see TMDA) although that wouldn't save me from forged return addresses being dropped in mails.

I've got junkmail quite well under control here, yet I don't like - even hate - my domains and addresses getting connected to spam mail, and if I get the chance to hunt down and terminate spammers, I do.

Signatures for some new virusses have been released, so now would be a good time to make sure your AV scanner is up-to-date. Mozilla 1.6 was released, go check it out. I've been playing with my webcams again - had to dust some of them off, and follow cables to actually find them.

They are not broadcasting for the general public though, I may bring them - and the complete webcam site - back online some day, but I think it is just a new spark of interest for the time being.

I've been using the Microsoft IntelliMouse Explorer for the past 3, maybe even 4 years and I've loced it from day one. It's a slightly large unit so for people with tiny hands it could be a problem, but not for me. However, over the past days it's been behanving erractically.

At the most inconvenient times it decides to disconnect itself from the USB connection, and then power back on a few seconds later and reconnect, restoring functionality. Quite irritating if you ask me, especially because there seems to be no cause and effect relation. It sometimes happens when I'm moving it around, sometimes when it's not in use at all. Anyway, as long as it powers back up afterwards, I don't mind if that much - it's just a slight interruption that pisses me off, but nothing more.

However, I'd say that in about 20% of the cases, the unit powers down and remains down. I don't get the USB disconnect/reconnect audio warning, it just seems to die and remain that way. The only solution is to either sit and wait for it to come back - something that can take everywhere from 10 seconds to minutes, even hours - or to pull the USB cable and reinsert it. Both solutions are a pain in the ass I must say. That's the reason why I hooked up a spare USB mouse to my USB hub - if the IntelliMouse dies on me, I just move my hand slightly and continue working with the replacement rodent.

Mind you, all of this is occuring with a unit that is at least 3 or 4 years old, and has been used extensively. I suppose that my choice to stick with the MS product is a clear indication of how good it actually is, even if it fucks up every now and then. Maybe it would be time to get a new one?

Links : MS IntelliMouse Explorer customer reviews at Amazon - Is the IntelliMouse a very sick pointer? - MS IntelliMouse Explorer Review - IntelliMouse Explorer, The mouse of the future? - Microsoft IntelliMouse Explorer

I've been progressing in my PHP book, although I still haven't gotten much further than the first example code (order processing without MySQL connection) - but I've added some validation to the input like catching zero'ed fields, negative input and such.

It brings back memories - yikes. I'll probably have a gigantic nightmare tonight when I (mentally) start testing conditions to see if all exceptions are caught.

Anyway, if you want to play around with the script, go here.

63 lines of code, "just" to do something you could do easier on a calculator, it makes me wonder. On the other hand, it's a great way to get used to the syntax (arrggh, those damn ' instead of ") and to omptimize code later on. Strangly enough, I've never been good at coding myself, but I rocked when it came to optimizing code someone else wrote.

Note : after I posted this, I realized that at least one condition was not handled the way I think it should have been. So I dove back into the code to fix it, but after staring at the code for 10 minutes trying to get the exact conditional if that I needed, I gave up. I might look at it again tomorrow, or somewhere next week. Only 820 more pages to grasp and store in my brain :)

Yay, I've started some reading in that gigantic - and scary - PHP and MySQL webdevelopment book, and managed to pass data from a form to PHP variables and display them.

While I never was any good at programming - I used to take courses in C++ and Cobol in school - PHP is more geared towards where I spend 95% of my time : online and on the web.

One thing ain't clear though :

&variable only works when register_globals is turned on in php.ini
$_POST['variable'] only works for versions after PHP 4.1.0
$HTTP_POST_VARS['variable'] is guaranteed to work on every server at present time, though is being depreciated, thus could result in broken code in the future.

Starting from PHP 4.2.0, the default setting for register_globals is off, so unless the server admin turns it on in the php config file, using &variable won't work. In some examples I've noticed that they perform a litte trick to copy the content of $HTTP_POST_VARS['variable'] to &variable, but I don't see the benefits. Especially not when both types are relying on uncertain conditions (the first one being depreciated and the latter requiring a setting that's off by default).

Why not immediately go for a use of $_POST, $_GET or $_REQUEST instead and make the minimum requirement PHP 4.1.0? The current version is 4.3.3, so that should be possible, and keep code usable in future versions as well.

I just downloaded and installed OpenOffice 1.1.0 on my box here, to see how userfriendly and easy it is to use after having worked with the MS Office suite most of my life. Sure, back in the days there also was WP5.x or something alike, but that is actually prehistoric now.

Installation was pretty easy, no hassle and swiftly. I opted not to change the way files are handled for now, so .doc documents are still launched by MS Word, although I can send them to OO as well. Did a quick test with opening some documents in Write (the OO version of Word) and it seems pretty easy to get used to.

I might play around with it more in the future, although I hardly use the Office suite much - most of my quick and easy notes are done in a notepad replacement called Metapad. I've blogged about Metapad before, if you want a review or a link, search this blog, or google for it.

I'm especially interested in installing a bunch of dictionaries in various languages in OO, as I find myself in a bit of a bad spot when it comes to editing/correcting and writing pieces in other languages.

So I didn't get the (re)desgin and hosting contract for that site. Oh well, it's a thing less to worry about. Even though I had cut my fees by over 60%, he decided that one of his customers would get the job. By looking at how quickly he replied to my offer, I think he decided not to give me the job in advance. It's a shame, but at least now it ain't my problem anymore.

I'll be taking down the redirection tonight - why should I continue providing resources for a site I don't host or design?

I was hoping to get a letter from ABVV today - 'coz Zwork told me he got one yesterday - but my mailbox was pretty empty when I checked earlier on. Maybe tomorrow?

Don't start messing around with mail settings and try to tackle SSL connections at 4h30 - especially not when you've never used the secure connection option before, you haven't got a clue what certificate is presented from the server to the client, and you're pissed off - extremely pissed off - because Skynet blocks outgoing SMTP port 25, which means you can't reach any of the 4 other mailservers that you should be able to access. Sure, I can use the relay server of Skynet, but what's next, Skynet telling me I'm only allowed to browse to their website?

I'm not paying for a crippled service. They either add the domains I need to their allowed rcpthosts, or I'll have another talk with the regulation institutions overseeing telecom in Belgium.

I'm really really off to bed now... catch you on the flipside!

Update : Everything seems to be working right now. Very bizarre. I really shouldn't attempt this kind of things in the middle of the night. Ignore the technical rant posted above - I'm a fool.

I just took a quick look in the attachment directory of my mail program. Aaaaarrrggghhh! All those powerpoint presentations that are funny to see once, maybe twice.

The MP3's you receive, the .vcf crap address cards that people think are interesting to attach to all their mail, the tons of jokes, word documents and gags. It adds up quickly : I just deleted 454 files, totalling 158MB! And that's without dealing with all the excel and word documents that currently remain, or the zipfiles that I gotta take a closer look at first.

Don't get me wrong, I don't mind getting a joke, movie or cartoon by mail... it's just the that I often get the same things 2,3 or 5 times by various people. It adds up.

When I'm done clearing out the files, I'm gonna start clearing out the mails, which promises to be interesting... and a pain in the ass :)

If there's a CSS2 wizzard passing by, reading this message and willing to gimme a hand, please do so. While the template itself looks OK (and validates!), there is one thing that I just can't get correct - but I've changed the current template in such a subtle way that you won't notice. I would like to get it fixed though, as I'd love to use a good and fully working template to start adding on to.

It has to do with vertical borders and margin overlapping I presume, but after staring at the code for several hours, I've got a incredible headache, my eyes hurt and I'm not a single pixel closer to a solution.

Please leave a message and I'll send you an url to the css template, as well as a description of the problem. If you manage to fix it, superb! If you manage to explain why it didn't work, even better! In both cases you'll get a link here, a huge thank you, and a bunch of those cool friedkitten.com stickers mailed to you!

Jay Allen's MT-Blacklist 1.61beta, Firetrust MailWasher Pro 3.3 and POPfile 0.20.1 (fixes cache issue that resulted in very slow mail processing).

Released a few days ago - I wonder how I managed to miss it?

- Mozilla Firebird 0.7
- Mozilla 1.5

For those of you in the dark about what Mozilla is and what the difference is between Mozilla Firebird and Mozilla, a short explenation (from the FAQ) :

What's the difference between Mozilla Firebird and Mozilla?

Mozilla (Application Suite) is a complete suite of web related applications, such as a browser, a mail/news client, a chat client and much more. Mozilla Firebird is just a browser, which makes it a better choice if you already have a mail client for example. Also, since Mozilla Firebird is smaller than the whole Mozilla suite, it's faster and easier to use.

Note, though, that Mozilla Firebird is not just the standalone Mozilla browser. The user interface in Mozilla Firebird differs from Mozilla in many ways. For example, Mozilla Firebird has customizable toolbars.

I've been using Mozilla as my default browser for quite a few years now, and I never used the built in News or Mail client, which means I was basically installing a complete package of which I then stripped 80% of it's functionality. Stupid decision on my part, I agree.

Note : After reading through the Tips & Tricks page for Firebird, I added (experimental) pipelining, nearly instant rendering and some changed search preferences to my user profile, as well as installed Tabbrowser extentions. Now, I've got pretty much everything I need - Firebird has just become my default browser!

I should have trusted my gut feeling on it after all. I just managed to kill a Fujitsu-Siemens Amilo D notebook, which is nothing special you might think. However, the notebook is a couple of thousand miles away from where I am : it's in Bejing, China.

What happened? Xia Mei Rosie posted a question for help in regard to her notbook seriously overheating after 30 minutes. I was one of the people to reply to her question and after checking the obvious things (airduckts free etc) I dug a little deeper. The bios on her notebook was release F50, whereas in F53 some adjustements were made to powersaving and thermal controls. So I suggested she'd attempt a bios upgrade, but I also warned her that - while it's not particulary difficult - in case it would go wrong, it would require intervention from Fujitsu-Siemens to get it running again.

Over a timespan of nearly 2 weeks I worked with her to get the correct model number, what OS it had, all the techy details before knowing for sure what bios upgrade is needed. Then came the task of creating a dos boot disk, and just that simple thing took nearly 4 days. Today - finally? - we (well, actually she) went ahead and flashed the bios while being in an internet caf� and having me at the other side of the world, giving her dos commands. She said "I'm off to do the upgrade now *brave smile*".

Next message I get is "oh, it's fucked, fucked up, totally fucked". I thought at first that she was kidding me, but apparently she's not. The flasher reported that it was done, press any key to reboot and then the notebook just died. Sudden power off and that was it. Now (after trying reboot, cold boot, remove power/battery) it just gives the F-S boot screen, they the F2-F12 setup option after which it cycles again and returns to the F-S screen.

If you ask me... it's pretty dead and only a visit to an authorized F-S can reanimate it. To make things more complex - you didn't think this was a ordinary simple bios replacement, did you? - the Amilo D series notebook is only sold in Europe, not in the Far East. China, in other words, doesn't have/know that model of notebook. She'll have to call Internation Support in the UK, and they'll probably claim that they can't support users in China. I've send her a list of local chinese authorised dealers for the Lifebook model, in the hope she can get a bit of help there.

I doubt that she'd need a complete new motherboard, a replacement bios chip should do the trick. I hope...

Note : I think I might have to re-evaluate my qualities as a support technician after things like this. Surely, the fact that there hardly any english computers or technicians in China, or that her notebook is running a french version of windows XP should not matter, but it did complicate things a bit. As I said : I should have backed out way before going on the bios upgrade path, especially with a user that is not used to advanced techy stuff. My bad I suppose, and I feel guilty even though I warned her several times.

can it be to get a DNS update into your server, and keep the correct data in it? The new domain has been pointing to the correct IP address for the past 2 days, and it still was a few hours ago. I didn't change a thing, and I get back home from helping over at Jess and Johan's place and guess what : it points back to the old site!

It really pisses me off since that blocks my plans to update the new site and add more content to it. I can't even reach it by tracert, as it keeps timing out at fas-1-1-1-ias-be-ant-ar01.KPNbelgium.be [194.119.224.53]. Stupid fuckers!

I really really hate propagation times, especially if I'm waiting for a DNS change to get to a server located at the other side of the world. I just changed the nameservers of one of my .be domains to point to my US server, and even though it changes are already listed on DNS.be, the US server hasn't picked up on the changes yet. It still sees the old nameservers, and thus can't create the needed mappings and redirections.

I've already uploaded a bunch of MT scripts for the new site, and although I'm not yet sure that I'll be using them to update the site when it goes live, it seems like the easiest way right now. After all, with some clever template hacking I can make the site look exactly like I want, and still keep all MT functions that I need/want.

I'm off to waste some time till the server picks up on those DNS changes. Last time I did a simple redirection/forward for 5 of my domains, it took nearly 48 hours to work. I really hope this baby is faster!

Update : About 2 hours after I initiated the DNS change the server in the USA picked it up and I was able to make the redirection changes. However, now I'm stuck again since my crappy local (Belgian) ISP has not yet picked up the change, and the site still reverts to the old one. Skynet, wake the fuck up and refresh your DNS files!

Nadia, here's the non-techy (well, as much as possible) explenation of the domain wildcarding trick Verisign installed.

Example domain : friedkitten.com

If you enter friedkitten.com in your browser, you are directed right to this website. If you enter "friedkiten.com" (or any other non-existing domain in the .com and .net TLD) you are directed to Site Finder (sitefinder.verisign.com) instead of getting an error message that the domain was not found.

While Verisign considers this a way of "helping lost surfers" the obvious reason is cash. If you can (re)direct millions of surfers to a site that you own, imagine what advertising wealth that site could generate - and don't forget the data-gathering capabilities of it!

So far, so good... sort of. Because of the wildcarding of .com and .net, every possible name you enter in your browser, will now resolve - even if it directs you to site finder. A technical measure that was installed to combat spam and still is in use by lots of mailservers, is to verify the domain before accepting mail. Which means that a spammer could not send mail from domain "iuy99-ziorzdfe.com", unless that domain actually existed.

If the mailserver checked the domain and it didn't resolve, mail was not accepted. However, thanks to Site Finder, every domain resolves, so spammers can now use the fakest domains they want to (apparently) send spam from, as the mailserver will verify the existence, get a result back (domain ok) and accept the spam. Apart from that fact, the "domain does not exist" error message delivered to the mailserver is much smaller as the load that Site Finder creates, thus the mailservers need extra bandwidth for the increased datastream.

Still a "too far from my bed" show? You're the proud owner of a mobile phone, and it allows you to access the internet. It doesn't care how long you are connected to the net, as you are billed for the amount of data you transmit or receive. You enter friedkitten.com and reach this site (which reminds me that I should look into creating a wap/i-mode version of it). If you enter a non-existing URL, you get 4.7KB stuffed down your connection, something you didn't ask for, but will be paying for.

Does this explenation satisfy your inquiring mind?

Firetrust released Mailwasher Pro 3.20 today, go check it out if you don't use it yet, or upgrade if you got MWP 3.1 running.

Qualcomm launched Eudora 6.0 on September 4th and offers some new functionality compared to 5.21. Both of the e-mail tools mentioned support IMAP and SSL connections... if only my ISP would offer those as well!

Opera 7.20 also saw the light today and is according to early adapters improved and faster as it's 7.11 predecessor. If you're looking for an alternative to the dreaded IE, make sure you give Opera a chance. Or you could try the stable Mozilla 1.4.1 browser, and if you're willing to test beta software, Mozilla 1.5 RC-1.

In other news : ICANN slapped Verisign on the wrist too days ago for wildcarding all (non-existent) .com and .net domains and thus redirecting millions of surfers to their SiteFinder site. So far Verisign plays it hard and stands by their decision, claiming it is "a powerful tool that improves Web navigation for users." in their press release. Since that press release also contained a feedback address, I did send them a mail last night, wich promptly resulted in an automated answer. You can find both below.

Dear,

Wildcarding millions of .com and .net domain names in the hope a typo will generate revenue for your own benefit - and in the mean time breaking all kinds of mechanisms used to battle the ever increasing spam problem on the web - sounds like a clear breach of moral and ethical standards, not to mention legal standards.

I would be highly in favor of verisign suspending the wildcarding immediately and end the hijacking of millions of internet users daily. Of course unless the idea behind the wildcarding is to increase the registration of domain names and all their variations, of course through Verisign. Well, rest assured that I will not be registering any domain name in the future through a company that goes postal on the internet.

Wait, ain't Verisign an american company? Ah, that explains it I suppose. If the president can decide to go to war with whomever and whenever he likes, pushing the UN aside as he sees fit, I suppose the "American Dream" allows US companies to do the same. Just keep into consideration that Bush is begging the UN right now to intervene and support him, as his popularity has dropped to the lowest ever and he can't get the public to believe the lies anymore.

Solo missions like this, they always bite you in the ass... when you least expect it.

Kind regards,

ServMe.

Their reply :

Dear Customer,
(I'm not a customer of yours, not will I ever be)
Thank you for contacting VeriSign Customer Service.

Thank you for contacting Customer Service. (Great line, but it looks suspiciously like the one before? Wait, maybe there's a difference between Verisign Customer Support and Customer Support?) We understand you have experienced a technical issue related to the introduction of our Site Finder service. For immediate assistance, please refer to the Technical FAQs we have posted on our site at:
(I have not experienced a technical issue with SiteFinder, I want that thing off the web!)
http://www.verisign.com/nds/naming/sitefinder/

If you continue to experience problems, please email us at sitefinder@verisign-grs.com (Please people... don't hold back! Tell them what fools they are) and our technical support will address your issue promptly.

We remain committed to ensuring that Site Finder improves Web navigation and the user experience.

Thank you.

If you require further assistance please contact us by replying to this email.

Best Regards,

David Reid
Customer Service
VeriSign, Inc.
www.verisign.com
sitefinder@verisign-grs.com

(Mental remarks in (italics) by me)

Seems I missed the release of Eudora 6 earlier this month! I think I'll better go take a look to see what's new.

Version 1.4 of Gallery was released according to the announcement I just received, so that's another piece of nifty software I gotta take a look at.

Fort� Inc. has still not released their 2.0 version of Agent/Free Agent and but I would have loved to test that one too. Especially since I was a bit too trigger happy with the delete button a few days ago and SOMEHOW killed half of the program files as well as 95% of saved data. Maybe I should have thought twice before confirming the delete, alas I didn't. It was only seconds later that I noticed there were so few icons and files in the Agent directory that I slapped my self on the forehead. Damn! Oh well, I reinstalled and am now busy tracking down interesting newsgroups. If you know any, please tell me about it!

I wrote down some details of the subjects we're gonna see in that Windows 2003 Server - Linux course (should I be accepted)

First we start off with some theorets and rehersal/freshening up of TCP/IP, HTTP, DNS, as well as various other protocols, and terminology. Then we move to the windows part which includes configuring Windows XP on desktops, network installation and configuration, XP 2003 Server installation, configuration and maintenance, Exchange Server, ISS configuration and installation, SQL server configuration and installation and finally ISA server installation and configuration. This is scheduled to last about 7 weeks.

The Linux part is about 2 weeks and includes installation and configuration of Red Hat and SuSe Linux distro's, creating users etc, as well as setting up a Samba (file and printing) server and Apache webserver. As you can see the Linux part is much shorter but it will be a very welcome introduction to it for me.

Courses also include getting these two systems to work together, as well as regular tests to see if everybody 'got' it. According to the professor who presented the program, 8 tests are scheduled, every time on a - aargh - monday morning.

Looking forward to it? Yes and no. If I get accepted, I'll be happy since it'll allow/force me to move on, but I'm definitely not looking forward to getting up that early to catch a bus/tram or ride my bike.

It's been a while since the last (boring) technical post, so I decided to come up with some new things.

This is might be intersting for techies that often find themselves using notepad, yet miss some functionality. A couple of months ago, I ran across Metapad 3.5 thanks to someone at a technical forum recommending it. I downloaded it, played around with it for a while and promptly forgot about it. However, because I needed "line count" ability for the second part of this techy post - neither notepad nor wordpad have that function - I remembered Metapad.

After using it for a few minutes I decided to replace notepad completely and use metapad instead. Since I don't really like using "Open With" all the time, I completely replaced notepad.exe with metapad. Works like a charm and as predicted in the Metapad FAQ, Windows XP complains about an unknown system file but you can easily make it accept the replacement. If you find yourself using notepad to code quick snippets of anything, or use it as a quick 'n dirty debugger, definitely check out Metapad - you'll be amazed by it's extra functions!

Secondly, I upgraded popfile 0.19.0 to 0.19.1 and performed the MailWasher Pro hack again (to prevent either no history, or too much history and double entries) but apparently something went wrong as MW seems now unable to retrieve messages through the PF proxy. Weird! Either I find out what the problem is, or I revert back to 0.19.0 (I've done some tests and went back to 0.19.0 for the time being - even without the MW hacks it didn't seem to work).

I can't do much else but state it loud and clearly : avoid Scarlet (former Planet Internet) at all costs! While I haven't got a clue how "good" they are connectionwise as an ISP - I haven't used them over the past 2 years - but they certainly suck when it comes to mailservers and e-mail security.

I keep on receiving between 5 and 10 Sobig.F (or Sobig-F if you prefer) virus e-mail every few minutes. I've now contacted Scarlet/PI support to kill at least one of my aliases on the mailbox in the hope it'll at least diminish the constant stream of mails. Unfortunately, Scarlet/PI is unable (or doesn't want) to take acting against the virus, whereas they could easily block all mails containing a .pif extention at serverlevel. It would lower the irritation level of their customers, prevent bouncing the messages right back (more traffic), and prevent possible further spreading of the virus.

I know Belgacom/Skynet has implemented such a solution within hours after the mass mailing started, so don't tell me it's technically impossible.

My conclusion? Scarlet is incompetent!

I'm only awake for about an hour or so, maybe a tad bit longer and already I'm tired. What have I done in that short amount of time? Deleted mails, read some mails, answered some technical support question and chatted to some peeps. Nothing that makes your terribly tired, I agree.

OK, now to answer some questions that Shelley was wondering about. I used to be with ISP "A" when I first connected to the internet, now some 12 years ago. I still have that account and the webspace that goes with it. Some of my domains point to that webspace as well. A few years back I switched from dial-up to a DSL connection, and switched to ISP "B" because ISP "A" didn't offer DSL at that time. However, I had not cancelled my account at "A" since it was still in use.

Therefore I technically have two ISP's : one I recently started using and is my main connection to the internet, and the old one which still serves me mail (and mostly spam). Add to that 29 TLD domains, and about 11 ccTLD's and you can imagine the amount of crap flowing in every now and then. Luckily, a large portion of those domain are not (yet) developed and thus don't add to the problem.

Most of the domain related mail is forwarded, redirected and routed to other accounts, but I admit that I should really clean up some of the domains, change mail addresses and such. I could also drop ISP "A" since it's not really in use anymore, but the problem is that the mail address connected to that service has been used for a zillion things, and I don't recall all the passwords for those after 2 computer crashes and not feeling like recovering all the data.

This year I've been busy moving all domains to the same registrar (actually two since TLD and ccTLD are different) and only 1 webhost. I hope to have completed all of that mid next year. It would make things easier to handle. Then I suspect I'll drop ISP "A" as well.

Nice infection rate Sobig-F has... I just checked my mail and 53 out of a total 90 messages were virus infected. Luckily I'm well protected : the first anti-spam tool has a successful detection rate of 98.66%, combined with the second one it gives me a nice 100% and it's only after those two plus a visual check are passed that any mail is able to reach my inbox. Which is protected by a realtime virusscanner, and my mailclient is not one of the more common ones ie. Outlook/Outlook Express.

Anyway, here's a tip to recognize Sobig-F attachements easily : they all are around 100Kb and (currently) the mails use a multitude of subject lines. For a full list of details, check the link I provided in my previous post.

Dimi, while that IT manager will be in some kind of problem, he is sort of correct. It is a worldwide infection, but it can be fought successfully. Janssens Pharmaceutica for instance suffered from the Blaster disinfection worm Nachia (aka Welchia or Welchi) and had a bit of a hard time due to the extreme network traffic it caused on their networks, but they were able to contain and clean up.

As they admitted, due to their excellent and always on call IT departement they managed to isolate the problems quickly, but if it happens to a smaller company with no specialized IT staff, it's like shooting fish in a barrel.

A few days back I released Honeypot.be - Spamtracker into the world. While this is a site that has no real meaning to most of you, I've put it out there to track the movement and IP addresses of spam harvesting bots that grab e-mail addresses.

Yes, that's pretty technical, I know. Let me try to explain it in a less geeky way. A spambot or e-mail harvester surfs zillions of pages on the internet. Whenever they get to a page, they scan for e-mail addresses and add those to their database. Either later on, or in real time, the e-mail addresses are spammed with the things we all love : spam mails. Technically speaking, these bots don't work much different as your average search engine spider.

So, what I did was this : whenever an agent (User Agent, UA) hits the page, their IP address is included into the e-mail address presented on the page. The UA starts reading the page and stumbles upon that unique e-mail address. They add it to their database and/or use it to send their spam immediately.

Now, I don't read the messages send to those addresses, but I strip the IP addess of it when they come in. Thanks to the fact that the spam harvester bots are dumb, they have actually send me a mail saying "Hey, I'm a spam harvesting bot, and I accessed grabbed your e-mail address from this IP address at this exact time". The only thing I need to do, is publish that IP address on the site - in case others want to block access to it as well, and add it to an .htaccess file that denies access from that IP address.

What's the catch? There is a possibility that the IP address that I logged wasn't the one of the spammer, but one of a proxy, or a hacked machine. Now, to me, it doesn't matter. The IP address was used in a e-mail harvesting session, so if I want to, I can block it. I can even serve a special page to those addresses explaining why they have been blocked.

Still not interesting for the average websurfer, I agree. However, the more spam harvesting UA's that hit the page, the more IP's I can block and publish on the site. Which could allow you to prevent those bots from harvesting your pages/e-mail addresses as well, which will in the looooong run, make e-mail harvesting a pain in the ass for the spammers, or they'll need to move to new IP addresses more often.

How can you help out? Easy, just add a link to "http://www.honeypot.be" to your site or blog, even if it is for one day. The more search engines and users that pick up on it, the more likely it is that spammers will hit it and divulge their evil ways.

Note : Yes, I'm fully aware that the setup can be abused. However, this is not a fool proof setup, or a tightly secured technical operation. If this somehow pays off (time invested vs data gathered) I will add more details and automate it even more, allowing others to easily benefit from the knowledge gained.

I've been toying around with some CSS and layouts and came up with this for another domain of mine : invalid.be - Domain HQ. It's nor flashy, nor colorful but I don't think those are requirements for a professional site, are they?

I just got back from that guy where I've been several times in the past few weeks - he called me a few times during the week but I was able to help him out by phone each time. However, he also reported that his printer (Lexmark X85 All-in-one) kept on throwing problems at him.

At times the USB connection to the computer was suddenly lost then after a reboot it found a new device etc etc. I took a look around on the Lexmark site and noticed there was a patch to solve some problems with the X85 and windows XP, especially in regard to USB connections. Since he even has problems getting connected to the internet - the knowledge of when to click once and when to doubleclick escapes him every now and then - I wasn't even gonna try and send him the patch and help him install it over the phone. So I went over to his place, uninstalled the previous driver, ran the clean utility of Lexmark and then installed the newest drivers with the patch included.

I did a few tests, reboots, cold boots and the printer remained accessible. I hope this indeed solves it, since he's the only one to have experienced that behaviour before. Typical end-user behaviour I suspect :)

Oh, the joys of end-user support!

Note : Little Wabbit, I read your comment, and was very pleased by it. I'd love to be able to contact you though, without getting you in trouble all the time.

Fuck... I just got a call from that man where I was last friday to answer his PC related questions and solve his problems. Apparently, he made the same mistake as last time and forgot to open the connection and now he's complaining that he can't surf or send out mails. It doesn't suprise me, you know?!

He claims to receive a "unknown username or password" when connecting, but I already checked his ISP status page and they don't list any problem. He also told me that he bought a new printer/scanner combo on saturday and he "managed to install it for 80% or so, but then something went wrong" so that might be fun too.

Anyway, I'm off to his place to check out the problem. Too bad the weather sucks bigtime today, I'll probably drown myself on the way over there.

While in Europe and the USA new laws and regulations concerning spam are brought into effect, spammers are being jailed, and large ISPs get - even more - fed up with spam and all problems it causes, so far the flock of unsuspecting sheep also known as surfers, are a long way from home.

On an average day I receive about one hundred e-mails in my various mailboxes. About 1% to 5% of those mails are things I actually want to read, or requested. After installing MailWasher - often referred to in the past - I've now added yet another layer of defence : POPfile. A freeware open source project that acts like a proxy between your mailclient and the mailserver of your ISP.

Quick overview :

1. Your mailclient tries to connect to the ISP mailserver
2. POPfile intercepts that call (rough explenation here!)
3. POPfile uses the password and login ID to retrieve mail from the ISP mailserver
4. POPfile runs mail through Bayesian filters and learns as it goes along
5. It rewrites the headers (if set up to do so)
6. It presents the mail to the mail client
7. The mail client then examines the headers and removes the spam.

That's for a regular setup as far as I know. Mine is slightly different, since MWP sits between the mail client and POPfile, but you get the point, right?

Interesting concept to say the least and while you may not see immediate changes, over time more and more spam will be caught by your various filters.

It's not a solution for the spam problem itself, but it sure lowers the times you get irritated because of spam flooding the mailboxes.

That title is for dad :) I went over there yesterday and had a lovely evening - as usual. Dimi and I were on a roll concerning the use of Mozilla by my dad, and were cracking jokes related to Netscape and Moz all the time.

Anyway, we managed to restore some of his mail - let's not go into exactly why and how it all disappeared, but the long and confusing story includes the words Netscape 7.01, Mozilla, User, Uninstall, Install, Cache & Delete. After a wonderful meal at a restaurant called Oliver we headed back home and then tackled some other computer problems. While Dimi was working on Dad's PC, I was updating and checking the one of Hilda. Lots of patches installed on both of them.

We also ran some benchmark tests on dad's PC because it is so incredibly slugglish, and it turned out one of the harddisk is performing pretty bad. Well, maybe I should even avoid the word "perform". Dimi is convinced that's the bottleneck, so either swapping some drives or installing a new one will be the way to go. In the mean time we moved the swapfile to a faster disk so the overall access time should go down, and the beast should lose some of it's sluggishness.

Installed Opera - with a netscape skin - as well, and he'll be testing that one for a while, to see if he likes it more. While working on the various problem he told me that distinguishing links on my site was kinda hard as there wasn't enough color difference between text and links, and I turned off the standard underline for links.

Being considerate and open for positive criticism all the time, I started thinking about it. It's the first time I've heard the remark that my links were hard to notice, and it makes me wonder... did anyone else also have problems with it? Or maybe you didn't even know there were links in some of the posts at all? Maybe 75% of all my readers/visitors have not been able to find and follow the embedded links! Scary thought, so I decided to toy around with the CSS file a bit in order to find a nice balance between visuals and navigationability (is that even a word? If not, consider it patented now!)

Links that are unvisited, should be black and underlined. When hovering over a link with your mouse, it should turn blue-ish with both a line above and under it. Links you've followed before should almost blend into the text, with just a tiny color difference.

Comments on the new link setup are much appreciated!

How some people treat their PC. While I was attempting to copy the newest virus signatures to the harddisk, it turns out the floppy drive didn't work at all. I checked it and noticed the floppy cable (going from the motherboard to the floppydrive) was installed incorrectly. I can understand that floppy's are not used that much anymore, but hey... if you buy a computer, you test it, right?

It's not that this is such a brand new machine, but I doubt the cable could have swapped itself during it's lifetime. After toying around with it for a while I managed to copy the newest signatures to the harddisk. I also deleted all the apparent trojan files I could find and will now do a full system scan with an up to date scanner.

I know it might be useless since I'll end up formatting the complete thing anyway, but when I start resizing disks etc, I don't want any unwanted guests lurking around.

Waking up and reading that your blog still is the slowest one to load compared to a bunch of other ones is quite a wake up call. Damn!

I did run some more tests and might have a few other tricks up my sleeve that don't affect the appearance or navigation for my readers. However, the biggest problem seems to be the sheer amount of data on it. I could cut back further on the number of posts that stay on the main page, but as I know that some people slack a few days and then suddenly catch up, that would spoil the experience for them. Maybe I should just write less? :)

Phyre Bitzsche, no I'm not a native English speaker, but I've chosen the english language because it does give me a larger possible audience, and because I consider it the most common language when it comes to internet and all things computer. Chinese and spanish are even more common, but unfortunately, I speak neither of them. This blog is a combination of the fact that I want that audience and at the same time am not repressed by it. I write exactly what I mean and don't hold back.

I could blog in Dutch as well - since that's my mothertongue - but I often know the word in english, whereas the word in dutch draws a big blank.

After reading Kapil's additional information regarding the BS robot reporting my page as not running the required BS ad, I did some test. Kapil claimed it loads too slow, and I must admit that is I write several entries a day, the amount of data that needs to be loaded is indeed rather high.

In order to improve stability and loading speed - one also has to think about the less fortunate that don't have cable or DSL access - I've changed some things around.

Instead of connecting to 4 different servers to successfully load the page, I've moved one image to my own server, and brought the required connections back to 3. It might seem nothing, but it should shave of a few milliseconds of the loading time.

The total amout of GFX loaded was just over 16,5 kilobytes, and due to some finetuning I brought it back to 13,5 kilobytes. Once again, not much but...

I kept 14 days worth of entries listed on my front page before they were moved to the archive, and I've cut that down to 7 now. The archives are pretty obvious to find, so it's shouldn't cause too much problems for anyone. The amount of data saved by that depends on the amount of posts I did, but right now it got rid of a nice 40 kilobytes. Reported loading times are now as follows :

14.4k - 66.13 seconds
28.8k - 36.07 seconds
56k - 21.30 seconds
ISDN (128k) - 17.76 seconds
T1 (1.44 MB) - 6.60 seconds

If it loads on a 56K modem in under 25 seconds, it'll do for me. I might do some other tweaks later on, but bringing the page up to XHTML standards, as well as including alternative texts and controls for blind people using read-aloud software has it's implications. I'm just not willing to cut into either of those two. In fact, I'm doing a whole lot more than most webmasters do. After all, I'm not blind and I'm on a 3.3 megabit connection, so loading times or support for the visually impaired don't really concern me. It's just that I'm so damn nice ;)

Note : Phyre Bitzsche, I was fired about 2.5 months ago when the company I worked for went bankrupt. Apart from 7 months of severance pay, I am also claiming 4.5 months of pay I didn't get, and such.

The fund I'm referring to is enstated by the government to pay employees that claim the money from the company, but where there is nothing to be sold. In that case, the fund pays the employee, within reason and limitations. It could however take 1 to 2 years before one actually gets anything.

Just got a call from someone who knows someone that has a lot of PC problems right now. As far as I can tell right now, the machine seems to have been hacked severely, additional accounts have been installed and files and documents altered.

In addition to that, some hardware problems have shown up as well, but I'm not yet convinced that both of these things are related to eachother. It is a possibility, but I'm thinking coincidence.

I'll receive the box on thursday probably and take a look at it and see what the best way of dealing with it is. First mission will be to create a safe backup - the owner already made one he claims, but making backups from an infected machine is not really smart - and then decide the actual amount of damage done.

Going on the data I've got right now, I'll probably reinstall the machine and run benchmarks and stress tests on it to figure out if there are indeed hardware problems involved as well. If so, it's up to the owner to decide what he wants to do.

And the worst thing is that the user will have learned nothing from all the good advice several people have been giving him over the years. I'm a nice guy and willing to help everyone out - once, within limits - but I refuse to work for ignorant people that don't want to learn. They're out on their own.

I often hear that I'm paranoid and too strict. But I see machines biting the dust on a regular base, and mine is usually not one of them.

OK... since Marianne was like number 10 who asked for photo's (also in regard to all the other photo's I still have on my HD somewhere) I've started installing a nice PHP package that should allow me to set up a nice photo album.

However, the thing is a pain to configure - I've got a rought version running now - and needs all kinds of extra libraries installed on the webserver. The main package is up, but I'm not yet able to upload pictures to it. Which, of course, makes it kind of useless right now.

Give me another 48 hours to see if I can solve all the techy problems.

Just while I was posting a new entry at another website, watching a new movie and downloading another one, the old UPS deciced to throw a fit and interrupt power to my machine. I actually thought these things were uninterruptable power supplies? I guess mine deciced to join the dark side.

Well, it's a very old unit that I bought over 6 years ago and even when I got it, it was secondhand. Never replaced batteries in it, so it wouldn't even save me if the power failed. I guess I'll have to get a new one some day, but it is totally not high on my list. Should anyone have an UPS that needs to disappear, get in touch!

Or just order me one and ship it to me.

I'm currently experiencing a lot of problems reaching this site, or getting it to load properly - it sometimes fails to load the CSS file apparently. Connections to the backend of the blog are slow as well.

I don't know if anyone else is having the same problems, but I'm investigating and have contacted the hosting company to verify. More updates will follow.

Update : it seems like it was only a 5 minute disruption of some kind. Right now it loads blazing fast again and everything seems to be OK. I'll keep monitoring though. If you run into problems, please provide feedback and if possible ping/tracert logs + your location (country). Please ping/trace to friedkitten.neversilent.org and *not* to friedkitten.com.

Just got confirmation that the payment for the transfer of the 6 domain names has arrived. They asked me to confirm that the whois data was correct, but as I tend to keep that up to date, that was no problem. It does show though that a good registrar checks that before initiating any transfer.

I hope to be receiving the "confirm transfer" requests later today, or possibly tomorrow - as the Skynet servers are slow once more. Mails send to me at 10h43 only arriving at 13h19... that's slow, especially if time is an important factor to complete certain things. At least they're not completely down (I shouldn't say that out loud I suppose... I might curse my luck).

I've been having a few problems playing audio CD's thru winamp. It detects the CD, seems to be playing it correctly and reports a sampling rate of 14H. I was rather suspicious of that rating but found out that it means 1400 kilobits, whereas MP3's usually are only 192kbits. However, no sound. Nothing, complete silence.

Faulty CD? Maybe, so I popped in another one. Yes, after removing the first one. Same results. Tried the windows media player, and that one works fine. For some very strange reason winamp (I'm using 2.91) doesn't like audio CD's anymore. It plays MP3's perfectly though.

So today I got fed up with it and started searching... not much information was found when googling for it, so I headed over to the winamp forums. Apparently I'm not the only one to experience weird behaviour, and the most common suggestion was to install a new CD-reader software tool. Or turn on/off Digital Extraction on the drives. I tried that first, to no avail.

And then I had the excellent idea to take a look in the sound properties... The CD player was muted?! I flicked the switch, opened winamp and voila : SOUND!

Incredible, not? So if you're ever experiencing something like winamp not delivering any sound from audio CD's while it seems to play them fine, whereas windows media player plays them without any problem, look in the audio properties. For some reason windows media player overrules the muted cd audio, and winamp complies with it.

I've just transferred about € 183 from my account to the account of my new registrar in order to get them to request the transfer of 6 domain names currently registered with PI.

If that is succesful I'll have saved myself about € 75 which is not bad. Apart from the lower cost, I'll also have a better service and more possibilities. In the mean time I've found some other registrars that offer even lower rates, but lower is not always better.

Note : The transfer of these 6 domains has got nothing to do with friedkitten.com or any other live domain that I'm running. This move only has implications for some .be ccTLD's that are not really in use.

I just upgraded (or replaced?) my trusty old Mozilla 1.2.1 version with the newer stable 1.3.1 release. I actually did try it earlier on, but somehow I wasn't pleased at all with it back then. Of course I installed it right on top of the older version, as I had been doing that for every mozilla upgrade I'd done so far.

Maybe that was the reason the thing wasn't up to par, as this time around it works flawlessly - and I installed it after uninstalling the previous version. I've checked out some pages that use CSS, flash, quicktime and various tables and they all look good. I might even switch to the 1.4.1 beta release later on this week.

Oh... and I think - but that could be highly subjective - that the 1.3.1 version is even faster as the 1.2.1. Has any other geek noticed the same, or am I loosing it ?

Links : Mozilla

OK... the driver disk is not readable on my PC either. Which leaves me with a small problem : how to identify this USB/Lan adaptor. Does anyone know what brand it is and - I know I'm probably pushing my luck here - maybe even where to find drivers for it for windows ME?

Details : Left side is LAN connection, right side is USB. It has a red led, with Act/Link written next to in in white letters. Bottom has barcode 037911200512. I opened it up, it has a realtek (RTL8150L - 28015S1 - 241E Taiwan) chip in it, and another chip bears the markings GTS FC-618SM 2K225Z.

It doesn't help me much, but maybe there are geekier people out there that recognize this 10/100M LAN Card (that's what the box calls it, but there is no mention of company, country of origin - probably taiwan anyway - or other indication.

Update : I hooked it up to my own box and it immediately found a new USB device. It was reported as an SMC USB to network converter... and then my otherwise very stable XP machine BSOD'ed on me. I'm *not* gonna hook it up again.

I don't get it... I just got a call from the women that picked up her PC about an hour ago - I told her she could call me since there was still an USB network adaptor to be installed and such - and it seems the computer doesn't want to boot. It's always complaining about not finding the keyboard. So, I figured she put the PS/2 connections of the keyboard and mouse in the wrong connector. Asked her to change them around and reboot. No avail.

Sometimes it finds the keyboard, sometimes it doesn't. I'll be heading there tomorrow - on my bike - to go and check out the problem. She'll be out for a few days, but the kids are home.

Some computer just are not compatible with their users... I've been running that PC here for 5 days, did stress and benchmark tests on it, everything works fine. They take it home and it breaks. And it's not even one of those wireless keyboards with a lot of connection buttons Zoe ;)

Oh well... I guess they can't help it.

Getting that computer running again sounded so simple, yet it seems not to be that easy. I've uninstalled quite some stuff and it keeps on crashing right after it launches windows ME. After fighting with it for over 3 hours I've reverted to resizing the one partition it had (40 gig) into 1 time 20GB (which contains the crashing windows ME), 1 time 15GB that they can use for data, and a 5GB partition where I just finished installing Windows 2000 to.

That way I can keep the small windows 2000 partition in NTFS - making it less easy to access from windows ME - and run whatever tools I need on the windows ME FAT32 partitions as I see fit. Yes, that includes making a backup of the current data to a CD, so I can format the complete windows partition and reinstall it. It will certainly fuck up my windows 2000 bootloader, but I'll make rescue disks first so I can easily repear it.

Note : I've come to an agreement with a new registrar, and will be transferring the first 6 domain names to them mid-june.

I just got another PC in that has been behaving very erraticaly the past few weeks, if not months. According to the owner it often shuts down in an incorrect way, then presents a BIOS setup screen when rebooting, loses LAN connection, and now doesn't even boot into Windows ME anymore.

Well, most IT minded people know that windows ME is the worst OS Microsoft ever created, so it doesn't really come as a suprise to me. My task - should I choose to accept it - is to back up all the data, if necessary format the thing and get it up and running again.

Apparently, I have accepted the mission, as the thing is sitting in my computer room. It doesn't look too good though, and it might take quite some hours to figure out how to get it stable enough to back everything up to CD before I kill it. Oh well... it keeps me busy.

Last night I got a call from my dad, who has been noticing some strange things going on on his windows 2000 PC. It seems like it keeps on filling up the C: drive with a multitude of files. I've done a quick search on the web for such behaviour, but couldn't find anything right away. I'll have to head over there and look at it in person. IT support and troubleshooting is hard enough as it is, doing it by phone really doesn't make it any easier.

Update : The possible culprit (MS-Connect/Portal) has been identified, but I'm running an AdAware session to be certain. Since I can't connect that PC to the web right now I just downloaded the last update on my own PC, then copied it to the other one - works like a charm and is scanning right now.

I think I've found myself a new registrar for my .be ccTLD's. Well, no one (registrars I mean) reacted on my open offer to send details, so I went out and searched for a new registrar myself.

Today I got 6 letters from my current registrar that a domain is about to expire, and they don't feel like giving me a discount although I've got at least 10 domains registered with them. That leaves me no choice but to go elsewhere. Who I'll be moving to is not important right now, but the fact that I can lower the total cost of registration with € 100 per year makes it pretty interesting.

Apart from that, I'll also have a control panel where I can do most of the things myself, 24/7 whereas my current registrar offers nothing of that kind.

Since "IAM" will be down for 24 to possibly 36 hours, I've got spare time. While I was browsing around on the web, I suddenly remembered the 'old' LG Electronics USB webcam that I still have connected to the PC.

However, where the hell is the thing hiding. Following the USB connector from the hub, lead me right to the camera. One has gotta be smart ;)

I toyed around with it for a few seconds, thinking about the possibilites when I suddenly realized I needed drivers for the thing. I recall having quite some problems getting it running under windows 2000, but after a quick search on one of the old CD's and a verification on the LG website I knew I had XP compatible drivers. Install, and yes... it runs. Quality is rather crap to be honest, but it runs.

Then a quick look and install of webcam 32 and I was all set. Well, almost. After tuning the old website a bit to reflect the change in ISP, I was almost cheering. Then it turned out that Mozilla has a problem initiating the java applet, something I actually knew about. I never found a solution before, but I didn't really look for one either. This time I digged a little deeper and found another java applet called Camzor.class. Download, config, upload and test... works like a charm. Another problem tackled.

Now... the initial idea : dismantle the webcam casing, check out the internals and figure out a way to rebuild it to comply to my needs. And what exactly am I trying to do, you may wonder?

Everybody knows videophones and intercoms and things like it, right? I want something alike, but only using a webconnection, cheapo webcamera and some ingenuity. I've got a peephole in my front door (well, the one that leads to the public hallway), and figure that if I set up the camera behind the hole, trigger it only on change/movement and then upload those captures, I'd always know who was at my door, and when. I'm not claiming to be doing something new here, not at all, but it just seemed fun to see how far I could get in 36 hours.

I already dismantled the camera, checked if video quality would be acceptable to recognize people through the peephole and that is OK. The hard part seems to be the fact that the complete camera mainboard and lens/CCD are in one piece, and covered with metal shielding. I could strip all the shielding, but I think it's actually used somehow to pass signals. You can see for yourself in the photo's below.

I'll have to study it a bit more and if that doesn't seem to work, either find another way around it (maybe by using a mirror to divert the camera angle) or get my hands on a webcam that has more adaptable components (read cable connection from the mainboard to the actual lens/CCD). Does anyone of you, dear readers, still have an old webcamera at hand that could possibly fit my needs? If so, please let me know!

Yay! I just - well about half an hour ago - got back from my sisters' plavce where I installed the PC and did a zillion of "after-full-install" tasks. It immediately had LAN access and the soundblaster drivers that I thought would be correct did the job.

Downloaded and installed a bunch of servicepacks, hotfixes and patches, too many reboots and voila... it's up and running. The only thing (still) failing is the philips CDD3610 cd-rewriter, but I've had one myself many moons ago, and it was crap to begin with. Constant calibration errors and a new firmware couldn't fix it. I guess they'll have to invest in a cheapo new model.

The only thing left for her to do now is to configure her mailclient, connect the firebox and configure it as well, and that's it.

And the best part (for me that is)? I threw away a lot of old CD's, papers and stuff that I didn't need anymore.

My desk even looks clean. Well... I mean you can actually see the wood it's made of now - in some parts.

Yups... the new OS is installed. However, and I should have noticed it, it installed itself "alongside" the current OS, and not "instead" as I selected. Crap... I just wasted about an hour for nothing. Well, maybe not nothing as I now know that all the hardware is correctly detected.

I've hunted down a more up to date Bios as well, so I'll install that one first, then reinstall the OS.

Update : The bios update has been completed, and apparently without any problem. Well, at least no problem I can spot right now. The thing still boots and reports a new bios version and date so...

Update 2 : OS is installed now and seems to work quite fine. Tomorrow I plan to install all required applications. While I was waiting for the machine to save settings, reboot, and do drive checks I did a bios update on my box as well. I'm extremely pleased with the support and website of MSI, the manufacturer of my mainboard. (Check out their site)

I just started working on my sisters machine, as it is in dire need of a complete reinstall. It's a P2-350, 128MB Ram but it still runs pretty well, although windows has become rather unstable and often has quirks.

I've already formatted, merged and reformatted 2 of the current 4 partitions in order to have only 2 left in the end. I'm also gonna pop in an extra CD-rom reader (24 speed) and see if I can get the current CD-writer to behave properly. I'm under the impression the writer itself is still OK, but she told me she was unable to write a proper CD. In this case, it would be handy though, as there's about 1.2GB of data that needs to be saved. The computer is copying that right now - for the past 15 minutes - to the new partition, so that shouldn't be any problem, yet I'd love to have it on CD as well. Yust in case, you know.

As soon as the thing is done I'll install the extra CD-reader, then see if the current OS detects it and can read from it. If that turns out OK, I'm going to clean-install something more stable on it (still windows based though) and see where that gets me. Then I should check out the ISA soundcard, and possibly replace it with one I still got (I got both a PCI and ISA version laying around) and reinstall the modem as well.

Then test the thing and all of that will (or should) be done by tomorrow evening. I haven't got a clue if something interesting is on the telly tonight, so I might skip a part of that to-do list to tomorrow.

Well, that's my evening and night it seems. Do I mind working on computers on a saturday evening? Not at all, I like it. You know, geeks and nerds don't have a life - and wouldn't know what to do with if they had ;)

OK, I've just been browsing around a bit for a new registrar for my .be (ccTLD) domains. I'm very pleased with the international registrar I've got, but I'm getting fed up with the relatively high costs of my .be domain names.

All Belgian internetproviders, webdesigners or hosting providers are free to apply and make me an offer.

This is what I require :

1. Subscriber to the Domain Ethix code
2. Invisible forwarding either by frame or permanent redirect (anywhere I want)
3. 24/7 Control Panel to access/change/view settings, redirects, DNS
4. Unlimited e-mail forwarding, preferably with catch-all (*@domainname.be type)
5. At least 3 years of experience with domain registration or webhosting
6. Solid support which can be reached when needed.

Optional :

1. Spamcontrol (Spamassasin, ...) on the mail addresses
2. POP3 account or webmail
3. Uptime guarantee, Service Level Agreement (usually BS anyway)

What am I willing to transfer to you (so that you know exactly what we are talking about) :

About 15 .be domain names, of which at least 6 shall be transferred within 3 months, the rest will be done within about a year (they have just been renewed).

What am I NOT looking for :

1. Offers to develop / host a domain / do webdesign
2. Registration combined and limited to hosting deals

What may I consider :

1. Sale of some domain names.

All offers or enquiries should be received at this address : registrarATfriedkitten.D0T.com with full details by May 19th 2003 at the latest. All offers arriving after the deadline will not be considered.

It seems like Microsoft has updated the Q811493/MS03-13 bulletin with the following information :

Why has Microsoft reissued this bulletin?

Subsequent to the release of this bulletin and the associated patches, a performance related problem was identified with the Windows XP Service Pack 1 version of the patch. This problem is unrelated to the security vulnerability discussed in this bulletin, however the problem has caused some customers to notice performance degradation on Windows XP SP1 systems after applying the patch.

What is Microsoft doing about the performance problem with the Windows XP SP1 patch?

Microsoft is actively investigating the performance related problems and will re-issue the Windows XP SP1 patch when it has been corrected and fully tested.

I'm running Windows XP SP1. What should I do until Microsoft reissues the patch for Windows XP SP1?

Windows XP Service Pack 1 customers are encouraged to review this security bulletin - and in particular the Severity Rating matrix and assessment above - to assess whether their particular environments demand that the patch should be applied immediately or whether their particular level of risk permits delaying deployment of the patch until it is revised and the performance issue corrected. Customers who can not wait to deploy the patch are encouraged to test it to see whether the performance problems affect them before deploying the patch broadly.

It should be noted that the patch is still effective in addressing the local elevation of privileges security vulnerability discussed in this bulletin.

When will Microsoft reissue the Windows XP SP1 patch?

Microsoft is actively working on the revised fix and will re-issue it as soon as it has been built and fully tested.

In other words... there is not yet a solution short of uninstalling the patch.

I'm not sure I've actually posted something about it before, but I've been experiencing a lot of problems with my computer over the past week. It has slowed down considerably, often has programs not responding and things like that. I was already thinking that one of the 40 gig disks in the raid array was gonna go belly up soon, but today I learned that it actually has something to do with Q811493.

Q811493 is a windows XP (both 32-bit and 64-bit version) hotfix, released on april 16th 2003, updated on april 17th. Technet Bulletin MS03-013 has details about the hotfix.

Since another site mentioned it being a combination of the hotfix and virusscanners (such as EZ Anti-virus Realtime , MacAfee version 7 and Sophos AV) I contacted Sophos support to verify the information presented.

Within minutes (if not seconds) I received the following mail :

Hello ServMe

Yes there is an issue between Sophos and Microsoft's hotfix Q811493 and
development is aware of it. At the moment the only workaround is to either
uninstall the hotfix, or uninstall the software- quite a dilemna. We will
keep you informed as to what the next steps are going to be.

Regards

Sophos Support (actual name removed)

Is that good and fast support or what? At least now I can confirm that there is indeed a problem with *extreme* (no kidding here!!) slowdowns on XP machines after applying Q811493, in combination with certain anti-virus products.

Since I always go for security, I'll just wait till either Microsoft, or Sophos comes up with a patch or workaround for this problem. In the mean time, both the virusscanner and the Q811493 patch remain installed.

OK, I'm done finetuning the output that's being delivered to the page by blogamp. I've decided to only show the last 3 songs, otherwise it would make the page look too busy. Like there is not yet enough already :)

If you want to play around with it yourself, click on the "powered by blogamp" at the bottom of the list, and download the plugin. It doesn't need much (webspace, winamp, and songs) to set up, and I think everyone can do this.

I did hack into the javascript though, in order to get it to display how I like it. I imagine that I can remove at least another 25% of the code if I wanted to, as I only use certain functions. Might do that later on.

I'm locutus of borg, and I'm getting bloody trigger happy! I've been busy installing a plugin of winamp to update the blog while playing tunes, and I needed to reset my FTP password to something else. Why? Because I forgot the bloody password.

So, I log in to the control panel, change the password and voila... changed. Except for that Syntax Mismatch errror that suddenly turns up. Well, not problem, let's try anyway. 530 login incorrect. Oh, let's just open a ticket at the webhost and let them take a look at it. Send in ticket, has all information required. Answer within 5 minutes... yes, I've got a wonderful webhost indeed.

Change the hostname in your FTP program from xxx to yyy. You cannot login to xxx directly as it's a subdomain of zzz and therefore you should use yyy. No problem, although I've been logging into xxx for the past year without ANY problem. The problem started when I tried changing the password through the control panel. I change the hostname and try to log in : 530 - login incorrect.

Of course you moron! I knew it wasn't gonna work. Why the hell did I get the one person that does crappy support? Anyway, after my friendly but dedicated reply that I tried his suggestion, but that it didn't correct the problem, it's gone quiet. Very quiet. Just got a reply... he thinks it's "odd". Off to do some more mailing :)

Update : The problem is solved. Apparently some of the control panel skins have scripting errors in them, and that can lead to things like this.

I still don't have the blogamp plugin working though. According to the logfile the webconnection works fine now, but

OK... of course it won't output anything if I forget to turn on the plugin again! I just need to findtune the output a bit now, as it shows *way* too much info. I'll be wasting my time on that for the next few minutes.

I've been playing around with some comment counting plugin for MT, written by bmk who blogs at emptypages.org. It's supposed to give the top 5 of the commenters, along with the number of comments they made. The plugin allows quite a lot of options, making it customizable to your liking.

I must admit that I had some problems getting it to work at first, since it always returned blanks, but after renaming the script itself, it suddenly turned up. According to bmk, the scriptname shouldn't be important, and could be anything.

I tend to believe her - why shouldn't I? - but can only report what I experienced. Changing the script back to the old name doesn't make the numbers disappear though. Could it be that only at the first instance the name is important? Hey... I'm just guessing :)

For people that like more MT hacks, check out MT-Plugins

I'm toying around with the MT Track Back functionality. You can ignore most of it for now, and maybe even in the future :)

My victim for T-Back testing is Cy, who went shopping for a purse a few days ago.

I'm definitely looking into changing friedkitten.com to an addon domain instead of a framed redirection. What does this mean for you - avid readers - is the following : maybe a few moments of downtime, some things that stop working for a while but nothing serious. I'll be around, informing you of all the things you didn't wanna know in the first place.

However, those that have linked to me, should be aware that the only valid URL for this blog is www.friedkitten.com, whereas links that currently point to http://friedkitten.neversilent.org/blog/ might - and eventually will - stop working.

I therefore urge everyone to check their links and change it to www.friedkitten.com if needed.

Why? Oh why do you do such technical things? Good question, and there are actually some good answers for it. First of all, the links that people use have been wrong in the past. Moving it to one and only one domain without redirects will settle that matter for once and for all. Secondly, searchengines don't like framed redirects, and it does lower your ranking. I'm much less of a searchengine addict as I used to be a few years ago, but I still value the ability for people to find information.

So, in short, if I decide to go through with all of this, it will be for the best of this blog - and therefore for myself. It'll allow me to change some things around, and look to the future with a technically open mind.

Update : While I was looking at some stats I noticed some interesting things. Off all the traffic that comes from search engines, 61.1 percent came from Google. Yahoo (16.1%) and MSN (8.8%) came in second and third.

When looking at search terms, on top of the list is "Rikku naked" (I don't blame anyone for searching for that!), followed by people who want to have "blowjob instructions" (uh?) or want look for "cactus data shield crack" (no suprise).

The strangest referral (external link) I found must be one from www.iaea.org as that is the International Atomic Energy Agency. I wonder if they consider my rants and writings nuclear?

I could say "I told you" but I'm not gonna do so. I just remembered the little javascript error that bugged rendering in IE, so I ran through the source of the page (the main template source is 472 lines) and was able to find it in a few seconds. It certainly pays off to remember what and where you've been altering code...

I apparently included an equal sign somewhere, and that caused the error. I don't think I would have picked up on it last night, although I usually fiddle with the code during the night. I just seem to be more concentrated from late in the evening till around 02h00. However, picking up on tiny errors sometimes becomes a bit challenging then, so I debug those in the morning and during the day. When all that's wrapped up, I can again do more challenging things later that night.

Yes, one has to keep one busy :)

OK... I'm hacking up the Movable Type templates once more - actually enabling the Track Back functionality that I ripped out of it in the beginning - so if you see strange things going on, it's just me.

All of this is caused by the fact that Mena & Ben wrote a "Track Back for Dummies" guide. I still don't understand TB though. I guess I'll have to read it once more when I'm actually awake, or see how it works in a live environment. Enlighten me!

Update : It seems the functionality is back, and without messing up too much. I do get a javascript error in IE somehow, but since IE is not really my browser of choice, I don't care. I will probably care enough in the morning though and hunt that little bugger all day long if needed.

I received the brand new CD of Melanie C as a birthday gift from Jess & Johan a few days ago. The album really rocks, although it is 'softer' as her first solo album, "Northern Star", released back in 1999. I've already listened to it a few times on my Hi-Fi system, but when I inserted it in my PC today to listen to it, it popped up some installation routine. What the fuck?

Apparently, the Melanie C - Reason CD is protected by a culprit that goes by the name Cactus Data Shield, aka CDS200. Wait... the company or person that tells me what to do or what to use in order to listen to music that was legally obtained, still needs to be born.

I'm not accepting any extra installation routine, crappy players or anything of the kind. If I buy a new CD, I want to be able to play it where I want. In my case, that's on my computer, as I spend about 75 of my time around them.

So, I went on a search to see if I could crack the protection. Follow me!

First step : What's CDS200 and how does it work? It was created by a Israely company called MidBar Tech Ltd. but aqcuired by Macrovision. Interesting to know, but not really what I need. The coders are not gonna tell me how to crack their shit, are they?

Second step : How do I beat CDS200? A very nice article by the peeps at CDR-Info explains a lot about Cactus Data Shield. Read the complete article here.

Step three : Tools that could come in handy are CloneCD, Feurio! 1.66 and Exact Audio Copy. A first attempt with Feurio gives me only track 1, and fails the rest of the tracks. Damn. Let's fire up CloneCD and see how far we can get with that.

CloneCD has ripped right through the copy protection, and I've got a real audio CD playing now. However, there are audible skips in some of the tracks, so that doesn't seem to be the best solution either. I think I'll have to see what I can do with EAC. In case that doesn't work, I can still revert to IsoBuster.

I'll keep you posted...

Damn... after doing a reboot, I suddenly lost all drive mapping capabilities (using the "net" command) on my Windows 2000 workstation at the office.

I was able to rather quickly find out that a path setting seemed fucked up. I did check my path and environment settings in the control panel, and by verificifation in a command prompt, and it seems the %SystemRoot% variable is not expanded as it should be.

This behaviour is controlled and influenced by a registry setting, that seems to have been changed from REG_EXPAND_SZ to REG_SZ. The only info I don't have right now is where that registry key hides. If I find the correct key, I'll able to manipulate it and fix the problem. What caused it, remains a big question though.

Update : The key controlling how the %SystemRoot% variable is expanded hides in HKLM\System\CurrentControlSet\Control\Session Manager\Environment - Keep in mind that in order to be able to create REG_EXPAND_SZ keys you need to use regedt32 and not regedit.

Update 2 : I was able to succesfully manipulate the key and now have a fully functional system again. Remember to export your registry before editing, unless you either really know what you are doing, or like taking risks. When I dumped the complete registryfile to disk, it was just over 32MB, so you can forget putting it on a floppy. Or you can opt to only export the keys you intend to edit.

Update 3 : I've just learned that the "OpenSSH for Windows" installation I did a while back is to blame for the %SystemRoot% registry key change. The author has posted a patch on his website, and claims the bug will be corrected in a new release. I'm off to check if the company server suffers from the same, and I'll check my home system as well.

Sorry for the very brief downtime, but I finally got around to upgrading Movable Type to release 2.6x. I'll run this one for a few hours and if it doesn't pose too much problems, I'll upgrade another blog as well.

Not even reverting to an earlier system restore point in windows XP has resolved the matter. I'm seriously fucked it seems. Damn! I'm convinced there is a problem with the connection on this local machine, but I can't find what it is. I hope to be able to solve it this weekend, unless I want to go totally crazy :(

After completely disabling my firewall, large uploads are possible, and don't time out anymore. Very strange if you ask me. I did however remove one advanced rule when I was toying around with TightVNC and OpenSSH, but unfortunately, I don' remember what it said. I tried upgrading to the latest build of the firewall, but that didn't correct anything. At least now I know what the problem is, and just need to find a solution for it :)

Note : this also means the problems I'm experiencing right now are not related to installing the latest MS patch for IE6.0 SP1, installing OpenSSH or TightVNC. The apparent reason seems to be my own stupidity.

I have got no clue what's going on, but I'm unable to post long entries to the blog for some reason. I tried with short ones like this one, and those are fine. Longer ones like the Technical I did a few hours ago won't post.

I already verified server status (all green) and uninstalled the two new programs I've added just some time ago, all to no avail. It's not IE or Mozilla related, as neither is able to post.

Update : Just put some new firmware on the modem, and as I suspected, that was not the culprit. Need to do more testing :(

This is going to be a rather technical post. Unless you are up to it, and interested in boring technicalities, I suggest you skip right to the next post. However, I can't promise you'll find that one more interesting.

While at work today, I started thinking about changes that I'll have to implement sooner or later, and I decided to go ahead and run some tests already. I had read a very interesting article in C'T magazine about securing and tunneling protocols by using SSH. Since SSH is *nix based though, I first had to find a windows port that would do the same. Luckily, the CD carried a windows version, but the author of that piece of ported software has quit. Lexa McKenna has taken over and I grabbed the newest release in his download section.

The idea will be to tunnel certain protocols through SSH to secure them, and I'm especially thinking about TightVNC. I've installed TightVNC (grab version 1.28 here) on a few desktops already, and it does what I want it to do. It'll give me the option to support more users and do it faster too. I'd just like to have an option to make sure users don't mess around with the settings and passwords. Well, you can't have it all I suppose.

So... next week I plan to check out SHH tunneling and TighVNC finetuning, on thursday I'll be off to InfoSecurity, and that will be it probably. I'll also be working on some proxy server testing that I have to do - more for myself as it is directly needed for the job - as it will come in handy when expanding the current number of computers with at least 50%. One needs to be prepared.

I might be working on upgrading Movable Type for this weblog, as well as on Alex Blogje during the weekend, so there might be some downtime and things that don't work as they should. Never despair though... I'm on it :)

Because I noticed a sudden spike in searches leading to my page about the MainPean dialer and malware, I'll point to the info I have posted before. I'll also add one (or maybe two) very valuable tips :

1. Don't accept or save files that are suddenly appearing in a pop-up or "Save" window if you didn't ask for them specifically.
2. Throw out Internet Explorer 5, 5.5 or 6 and get a browser that has a better rendering engine and more customizable (read safer) settings. Go grab Mozilla 1.2.1 and use that one instead.

Oh my... I know I'm gonna get flamed for saying that, but hey... it's true. Tabbed browsing, pop-up blocker, customizable javascript settings and standards compliant! What else can a true geek/nerd/freak ask for? Don't take my word for it though, see for yourself...

Read the original post here. You can download Ad-Aware 6.0 from the Lavasoft homepage. (Don't forget to run the update utility before starting a scan, a recently updated reference file is available!)

You can find the MainPean company here (page is in german)

A rather interesting study on the operation of helpdesks and callcenters.

Why is it so interesting? Because I'm in the process of studying and evaluating a helpdesk/callcenter setup. I'm sure it'll turn out as a HELLDESK though... as most helpdesks do if you put the right type of operators on it ;)

While I was browsing some sites today, I suddenly got a trigger to save an .exe file. I of course know better than that, so I declined. I'm not suprised, things like that happen all the time.

When I scanned my box with the brand new Ad-Aware (version 6 has been released) I did find a registry key from a dialer! What? I didn't save the file, yet somehow a dialer key was inserted into my registry! That's pretty strange, so I set out to get at least an idea what this MainPean dialer key was. It didn't take me too long to find out that it is indeed a dialer, created by a german company called MainPean. I flushed the registry key out, and will continue my business.

I do wonder however, how less techy people can defend themselves from dialers, spyware, trojans and malware that seem to float around everywhere... It's a bad bad world, let me tell you that. I'll continue fighting evil in a few hours, but now I'm off for a long hot bath :)

Here we go again... it's been a rather long time since they fucked up this majorly, but Skynet sucks once more! The news server (usenet) has been having problems for the last 2 months, and while it was definitely better the past 2 weeks, we've returned to the "wait-for-a-long-time-and-then-get-a-timeout" post retrieving mechanism.

Webmail only works in 20% of the time, and connecting to the POP3 server to retreive or send mail fails frequently. Apparently they focussed more on upgrading their linespeed to 3.3 Mbit instead of realizing that they also need servers that can handle the load. My advice to everyone right now : avoid skynet!