trog's haus

I thought this post was great, in the Slashdot thread about Julian Assange, the (Australian!) man behind Wikileaks:

Secrecy is entrusted to the government on the assumption that it will only be used when truly needed.

However the same power can be and is abused to subvert the freedom of its own people, as misappropriation for personal gain by powerful people and used to cover up ineffective, improper, illegal or immoral activity.

Whistle blowers object to these abuses and fight against it in the only way possible, by removing the shroud of secrecy and revealing these violations of trust to the public.

Mistakes may be made, but revealing the abuse of trust by the government is vital to the continuation of freedom and democracy.

Source – user Nadaka. I Googled the text and it seems to be original, not a quote – I thought it was a good, concise summary about why Wikileaks is handy.

So for the last few months, I (via the QGL mailing list) have been receiving a bunch of what I called ‘spam’ from some douchebag, Frank Walker. This obnoxious person has compiled a list of various mailing addresses – including MPs like Tony Abbott and Malcolm Turnbull and various interest groups – and has been spamming anti-Labor political propaganda (primarily about global warming) for a few months.

Frank Walker does not respond to unsubscribe requests. There’s no useful information identifying him – in fact, I have reason to believe ‘Frank Walker’ is a pseudonym, as shortly before he arrived in my Inbox I was getting a bunch of extremely similar emails from another name and email address. I complained to the ISP about this behaviour and shortly after, Frank Walker arrived on the scene. Possibly a coincidence, but who knows? But in short, he violates pretty much every section of the “What is spam?” rulebook for Australians.

I contacted the ACMA about Mr Walker, assuming that this qualified as spam. The ACMA got back to me very quickly and confirmed that it is, surprisingly, not spam. It’s not commercial in nature:

it does not appear to be commercial in nature and therefore unlikely to
be, for the purposes of the spam act, considered a unsolicited commercial message.

Most annoying.

Fortunately I have technical know-how to simply block these stupid emails on our mail server. Others are not so lucky – several of the unwilling recipients of this drivel have replied-to-all (yes, everyone is just included in one big “to” line; Mr Walker either is ignorant of the Bcc field or has done this intentionally to really piss everyone off) asking to be unsubscribed. I assume, like my unsubscribe request, that it was ignored.

If you’re getting Mr Walker’s silly emails, with their propaganda (the latest genius post is “KEVIN RUDDS REPORT CARD”, the contents of which are quite predictable) and silly references to nutbag blogs, then simply mark him as spam in your mail client and it will eventually go away – but remember, it’s not really spam!

(For what it’s worth, I’m no rabid Labor supporter. I think their policies, particularly when it comes to technology, are uninformed or outright stupid, like the Internet filter.)

Update: This person has changed email addresses and is now identified as ‘Annie Walker’ of freedomlover69@gmail.com. Clearly an intentional effort to evade spam filters.

Update: This person has changed email addresses and is now identified as ‘William Jones’ of communistfighter@gmail.com.

Update 2010/08/30: Another new email address, this time ‘John Richardson’ of therealfacts4u@gmail.com.

While at the Games Developers Conference, I have lost my beloved iPod touch in the vicinity of the St Regis Hotel in San Francisco, in the area of 3rd and Mission Streets. If anyone has found it or finds it later, please let me know!@#

It is in a loose-fitting black silicon case. The front picture is a Parisian rooftop, though the battery is probably flat by now.

I desperately would like to get it back for the plane ride home so I can use it for reading and playing Sudoku.

My GPG installation (Windows binaries, some ancient version) has worked flawlessly for several years, but I just went to run my usual mail backup script after some minor changes – I installed enigmail for Thunderbird. This act, or some related act, appeared to mess up something in my keyring.

At first I thought it was that it had unsigned my keys, but a closer look indicated it was something to do with the trust database. I thought this would be a trivial problem to solve (ie, I’d be able to Google the error message and be given a nice, simple howto to follow), but I was surprised – there was a bunch of useless stuff.

Anyway, the warning appears to be related to there being no ultimately trusted key (funnily enough). That is, you haven’t specified a “root” key that you have declared as the one that you trust to make all other decisions (I’ve had 4 beers and might not be articulating the purpose of this well).

However, the fix is pretty simple. You just need to specify your key as “ultimately trusted”.

The easiest way to do this (assuming you are using GnuPG command line like I am) is to just edit your key and make it trusted:

1) gpg –edit-key [your key id]
2) select the key (I just typed ’1′ and hit enter; you can confirm by typing ‘list’
3) type ‘trust’ to change the ownertrust
4) select option 5, “I trust ultimately”, then say ‘yes’ to the confirmation
5) type ‘quit’

…and you’re done.

A while back, ANZ offered me the opportunity to receive some of my statements as ‘e-statements’. While I fully approve of the move away from paper, I must confess I was slightly disappointed to find out that they’d be emailing me notices about these e-statements – one of the big reasons I think Australia (or at least, ANZ) has done well in the fight against phishing is because they’ve simply not ever sent any emails out, ever. Contrast this to a US bank (Wells Fargo) – within days of signing up I’d received a huge variety of emails, making it easy to see why so many US citizens get scammed so easily.

I typically ignore these emails but as part of my ever-growing interest in how email works and how people use it, I checked out my most recent one, and was interested to see the following disclaimer in the email footer:

ANZ does not guarantee the integrity of this communication, or that it is free from errors, viruses or interference. As email is transmitted via the Internet, which is an unsecure environment, ANZ cannot ensure that an email is not interfered with during transmission.

Clearly they’ve never heard of public cryptography! Of course, even if they had, and the email was encrypted and/or digitally signed, that last sentence wold probably still exist from a sheer cover-their-ass perspective.

Still, I’m looking forward to the day when my bank (and other sites) let me enter in my public key as part of my account settings so all correspondence from them can be encrypted. I’m continually surprised that so few sites do this. I’m keen to integrate something like this into AusGamers – not that we really need it, but just because I think it would be cool to do.

It should be noted though that their emails include /no/ links at all and are sent in plain text.

I went to www.birch.com.au the other day to look up some timetables and they’ve replaced it with a new loud glary site that I couldn’t get working instantly. I turned off Javascript and found they have a mobile site as well, which is at http://m.greaterunion.com.au – it offers a really simple interface to quickly get timetables for their cinemas all across Australia.

Except, as jadz0r points out, it appears to be subject to XSS vulnerabilities, so use at your own risk.

Astroturfing (the practice of companies pretending to be ‘regular people’ and posting product or service recommendations on forums or blogs) is becoming a big issue. It’s becoming an increasing pain in the ass for us on AusGamers – as our site grows, we get more people drifting in from search engines on random keywords trying to pimp various products.

Unfortunately for this particular campaign – which is surprisingly subtle, giving the sheer obviousness of most of the others we get – it’s going to backfire, because I’m trying a new strategy. Rather than just blowing the whole post away, I’ve posted a link to a competitor.

We’ve been thinking for a while how to stop things like this. The most obvious strategy is to simply not allow new users to post URLs. This is what we’ll probably end up doing – before a user is allowed to post a URL, they must have at least (say) 10 regular posts to prove they’re actually interested in contributing to the community. The number will probably have to be tweaked a little.

There’s a bunch of other ways – approving first posts by new users, stopping them from creating new threads altogether, etc. At the end of the day I think the require-some-posts method works for us because we want to encourage a community of active users that regularly post useful information, and post counts is a simple (if not completely accurate) method of deriving some base level of trust – if they’ve got 100 posts, they’re more likely to be useful (simply because they haven’t been banned for astroturfing).

For a few months I’ve been getting emails from Chase, which appears to be a financial establishment of some kind. These emails are addressed to a ‘Barbra Harrison’, who is not me. These are coming to my Gmail address – a fairly common occurrence, as many people mistakenly think they own my Gmail address.

People not knowing their email address – or simply mistyping it by accident – is a ridiculously common occurrence. In fact, I was working on how to mitigate it on AusGamers just before writing this. It seems a little scary though that people would screw up their actual email address in anything related to their bank or financial institutions.

But what’s worse is the emails don’t provide me with a clear way to notify the bank that they’re coming to the wrong place. I’ve tried replying to them a few times (despite the notice saying they won’t read them – sometimes they do). I’ve tried navigating their website, but it’s a maze and the only way I can seem to do it easily is to either log in with the account details of Barbra (which I might be able to retrieve as I am in control of the email address she submitted for her online account!), or call them.

I was a little amused when I got this email from them today:

I decided to spend a bit more time reading the email to see what my options are. I can unsubscribe from mailouts – which I don’t want to do, because my email address might still be attached to Barbra’s account, which is not great for anyone. I can report it as fraud, which I don’t want to do because it’s not really appropriate.

The FAQs have one useful question: “I don’t have an account with Chase, but I’m getting e-mail about my Chase account. How does that happen?” The answer to that, however, assumes that I’m the victim of a phishing attempt. I’m confident that is not the case here.

They have an email address for other inquiries – emailquestion at chase.com. I always feel like mailing addresses like this is a total waste of time, but I’ll give it a go – for Barbra.

Update: emailquestion@chase.com bounces:The original message was received at Tue, 4 Aug 2009 20:44:45 -0400 (EDT)
from sg3.svr.us.jpmchase.net [155.180.248.7]

—– The following addresses had permanent fatal errors —–

(reason: 550 5.2.0 /var/mail/t000900: irregular file)

They sure make it hard.

My brother and our mate spent about four hours on Monday night running through the Monty Hall Problem trying to wrap our heads around the numbers. My brother was convinced that Deal or No Deal was the same problem as Monty Hall. Our mate was convinced otherwise; I tended to agree with him based on my initial thoughts, but having some experience with the weird unintuitive nature of the Monty Hall Problem I deferred a decision until I’d thought about it some more.

This culminated in the creation of some PHP scripts to run a few zillion trials of both problems. The one for Deal or No Deal was quite simple to conceive and it seemed pretty clear almost straight away that it was not the same thing, especially after I started working on the Monty Hall version. Fortunately I found someone else had already done it in PHP so I just played with that.

Anyway, it’s probably obvious to anyone that knows a lot about conditional probability, but they’re not the same problem.

If anyone cares, the PHP script for the Deal or No Deal stuff is up here.

f you ever need to take a screenshot of a website then CutyCapt is probably worth a gander:

CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP.

Doesn’t seem to be able to pick up Flash objects though and save them (which makes sense, as it’s just a simple renderer based on WebKit), but it’s still pretty handy.