trog's haus

My GPG installation (Windows binaries, some ancient version) has worked flawlessly for several years, but I just went to run my usual mail backup script after some minor changes – I installed enigmail for Thunderbird. This act, or some related act, appeared to mess up something in my keyring.

At first I thought it was that it had unsigned my keys, but a closer look indicated it was something to do with the trust database. I thought this would be a trivial problem to solve (ie, I’d be able to Google the error message and be given a nice, simple howto to follow), but I was surprised – there was a bunch of useless stuff.

Anyway, the warning appears to be related to there being no ultimately trusted key (funnily enough). That is, you haven’t specified a “root” key that you have declared as the one that you trust to make all other decisions (I’ve had 4 beers and might not be articulating the purpose of this well).

However, the fix is pretty simple. You just need to specify your key as “ultimately trusted”.

The easiest way to do this (assuming you are using GnuPG command line like I am) is to just edit your key and make it trusted:

1) gpg –edit-key [your key id]
2) select the key (I just typed ‘1′ and hit enter; you can confirm by typing ‘list’
3) type ‘trust’ to change the ownertrust
4) select option 5, “I trust ultimately”, then say ‘yes’ to the confirmation
5) type ‘quit’

…and you’re done.

A while back, ANZ offered me the opportunity to receive some of my statements as ‘e-statements’. While I fully approve of the move away from paper, I must confess I was slightly disappointed to find out that they’d be emailing me notices about these e-statements – one of the big reasons I think Australia (or at least, ANZ) has done well in the fight against phishing is because they’ve simply not ever sent any emails out, ever. Contrast this to a US bank (Wells Fargo) – within days of signing up I’d received a huge variety of emails, making it easy to see why so many US citizens get scammed so easily.

I typically ignore these emails but as part of my ever-growing interest in how email works and how people use it, I checked out my most recent one, and was interested to see the following disclaimer in the email footer:

ANZ does not guarantee the integrity of this communication, or that it is free from errors, viruses or interference. As email is transmitted via the Internet, which is an unsecure environment, ANZ cannot ensure that an email is not interfered with during transmission.

Clearly they’ve never heard of public cryptography! Of course, even if they had, and the email was encrypted and/or digitally signed, that last sentence wold probably still exist from a sheer cover-their-ass perspective.

Still, I’m looking forward to the day when my bank (and other sites) let me enter in my public key as part of my account settings so all correspondence from them can be encrypted. I’m continually surprised that so few sites do this. I’m keen to integrate something like this into AusGamers – not that we really need it, but just because I think it would be cool to do.

It should be noted though that their emails include /no/ links at all and are sent in plain text.

I went to www.birch.com.au the other day to look up some timetables and they’ve replaced it with a new loud glary site that I couldn’t get working instantly. I turned off Javascript and found they have a mobile site as well, which is at http://m.greaterunion.com.au – it offers a really simple interface to quickly get timetables for their cinemas all across Australia.

Except, as jadz0r points out, it appears to be subject to XSS vulnerabilities, so use at your own risk.

Astroturfing (the practice of companies pretending to be ‘regular people’ and posting product or service recommendations on forums or blogs) is becoming a big issue. It’s becoming an increasing pain in the ass for us on AusGamers – as our site grows, we get more people drifting in from search engines on random keywords trying to pimp various products.

Unfortunately for this particular campaign – which is surprisingly subtle, giving the sheer obviousness of most of the others we get – it’s going to backfire, because I’m trying a new strategy. Rather than just blowing the whole post away, I’ve posted a link to a competitor.

We’ve been thinking for a while how to stop things like this. The most obvious strategy is to simply not allow new users to post URLs. This is what we’ll probably end up doing – before a user is allowed to post a URL, they must have at least (say) 10 regular posts to prove they’re actually interested in contributing to the community. The number will probably have to be tweaked a little.

There’s a bunch of other ways – approving first posts by new users, stopping them from creating new threads altogether, etc. At the end of the day I think the require-some-posts method works for us because we want to encourage a community of active users that regularly post useful information, and post counts is a simple (if not completely accurate) method of deriving some base level of trust – if they’ve got 100 posts, they’re more likely to be useful (simply because they haven’t been banned for astroturfing).

For a few months I’ve been getting emails from Chase, which appears to be a financial establishment of some kind. These emails are addressed to a ‘Barbra Harrison’, who is not me. These are coming to my Gmail address – a fairly common occurrence, as many people mistakenly think they own my Gmail address.

People not knowing their email address – or simply mistyping it by accident – is a ridiculously common occurrence. In fact, I was working on how to mitigate it on AusGamers just before writing this. It seems a little scary though that people would screw up their actual email address in anything related to their bank or financial institutions.

But what’s worse is the emails don’t provide me with a clear way to notify the bank that they’re coming to the wrong place. I’ve tried replying to them a few times (despite the notice saying they won’t read them – sometimes they do). I’ve tried navigating their website, but it’s a maze and the only way I can seem to do it easily is to either log in with the account details of Barbra (which I might be able to retrieve as I am in control of the email address she submitted for her online account!), or call them.

I was a little amused when I got this email from them today:

I decided to spend a bit more time reading the email to see what my options are. I can unsubscribe from mailouts – which I don’t want to do, because my email address might still be attached to Barbra’s account, which is not great for anyone. I can report it as fraud, which I don’t want to do because it’s not really appropriate.

The FAQs have one useful question: “I don’t have an account with Chase, but I’m getting e-mail about my Chase account. How does that happen?” The answer to that, however, assumes that I’m the victim of a phishing attempt. I’m confident that is not the case here.

They have an email address for other inquiries – emailquestion at chase.com. I always feel like mailing addresses like this is a total waste of time, but I’ll give it a go – for Barbra.

Update: emailquestion@chase.com bounces:The original message was received at Tue, 4 Aug 2009 20:44:45 -0400 (EDT)
from sg3.svr.us.jpmchase.net [155.180.248.7]

—– The following addresses had permanent fatal errors —–

(reason: 550 5.2.0 /var/mail/t000900: irregular file)

They sure make it hard.

My brother and our mate spent about four hours on Monday night running through the Monty Hall Problem trying to wrap our heads around the numbers. My brother was convinced that Deal or No Deal was the same problem as Monty Hall. Our mate was convinced otherwise; I tended to agree with him based on my initial thoughts, but having some experience with the weird unintuitive nature of the Monty Hall Problem I deferred a decision until I’d thought about it some more.

This culminated in the creation of some PHP scripts to run a few zillion trials of both problems. The one for Deal or No Deal was quite simple to conceive and it seemed pretty clear almost straight away that it was not the same thing, especially after I started working on the Monty Hall version. Fortunately I found someone else had already done it in PHP so I just played with that.

Anyway, it’s probably obvious to anyone that knows a lot about conditional probability, but they’re not the same problem.

If anyone cares, the PHP script for the Deal or No Deal stuff is up here.

f you ever need to take a screenshot of a website then CutyCapt is probably worth a gander:

CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP.

Doesn’t seem to be able to pick up Flash objects though and save them (which makes sense, as it’s just a simple renderer based on WebKit), but it’s still pretty handy.

A quick and nasty tip to removing (some versions of) Windows Live Messenger from the command line:

1) Start -> Run -> cmd.exe

2) msiexec /x {508CE775-4BA4-4748-82DF-FE28DA9F03B0}

I just got an email from Akamai announcing the launch of their Open Video Player initiative. I was immediately interested as this is something that I think the Internet really needs, because at the moment we’re mired in a horrible mesh of closed-source, proprietary systems like Adobe Flash and MPEG-4. With Microsoft pushing Silverlight as an alternative, the landscape isn’t really shaping up to look any better.

Unfortunately, despite the wording of the email and the official website with gratuitous use of the words “open” and “standards”, the end result appears to be nothing more than a bunch of resources to help you make generic video players using the same old proprietary technologies we’re using already – Adobe Flash and (heh) “Micorosft” Silverlight.

They also throw around the term “open source”, and have a SourceForge page for their Open Video Player (which includes two download options, Flash and Silverlight).

Now, there’s pretty much fuck-all documentation on the website about it – their “Resources” link in the menu just gives me a page full of videos that no sane person will want to watch. There’s no FAQ and their blog and forums links just go to their (as yet almost unused) SourceForge pages. A quick glance at the documentation and downloads seem to indicate there’s just a bunch of pre-defined classes and methods for getting video working relatively quickly, as well as a bunch of interfaces to (unsurprisingly) Akamai’s services.

I’m not exactly sure what they think is the standard they’re attempting to create here though. This looks like a thinly-veiled attempt by a bunch of commercial partners to increase their proprietary lock-in on one of the fastest-growing parts of the web – video.

Adobe already rule the roost with their system, so they get some sheen from being associated with this new “open, standard” system – having a solid, free, open source player (that hooks into Akamai for content distribution) can’t hurt them. Microsoft get more exposure for Silverlight, which they’ll start pimping desperately soon, no doubt. And all the other media and advertising partners get exposure as well for their various products and services.

And, of course, Akamai seem to get the most out of this by having a stack of players pre-programmed to support their network. So kudos to them for this as a marketing exercise. But bullshit has to be called on their attempt to try to declare this as a standard.

This “initiative” does nothing to help the web standardise on video. It MIGHT mean a more standardised experience for users as there will be more people using these free players. This, in itself, is a commendable achievement – releasing robust and flexible Flash and Silverlight applications as open source (although it should be noted that I can’t find any mention of what license these things are released under; it’s not included in the Flash download and I can’t see it on SourceForge or anywhere on the official site) will help a lot of people add video into their site.

Of course, if you’re making video and want people on the web to see it, you’d be mad not to use Flash at the moment. It has the highest install base, works on a pretty wide variety of systems, and (as much as the mass market gets used to anything in software), people are used to it. So the Flash player might be worth a gander anyway, but just don’t delude yourself into thinking you’re doing something opens and standards based because big companies just because a big company told you that you are.

The real standard

For those of that that are still holding out hope for a truly open video experience on the web – the HTML specification draft now includes a tentative mention of a new VIDEO tag, and the goal is purportedly to ensure that their recommended standard is completely open, to the point of using open source and non-proprietary codecs like Ogg Theora for video and Vorbis for audio.

A quick Google search indicates a few people (like this guy have gotten Theora working in Firefox, and Opera have been strong proponents of it for a while now.

Still, there’s opposition to it. Nokia made a fuss a while back by opposing inclusion of the Ogg stuff in the video tag (here’s some commentary about it).

But at the end of the day, it’ll be best for users if we have a truly open standard for web video – Akamai’s initiative is not it.

A quick wrapup of Oktoberfest, reproduced directly from my forum post on AusGamers.

Weekend before last I went to Munich for Oktoberfest, which is this quaint local custom where people in Germany invite everyone else in the world over and try to kill them with beer.

I didn’t really know a lot about it when I went there, other than the beer part, so I was quite surprised to rock up and walk around it – the outside bit has an Ekka/Show feel, with rides and heaps of food stalls and all sorts of stuff going on. It was absolutely packed to the bejebus (it was Saturday lunchtime by the time we arrived) and there were drunk people around, but also lots of families with their kids which I thought was a little weird.

Some of our friends had gotten there at 9am so they could get into one of the beer “tents” early (they’re not really tents as you might imagine – they’re basically massive buildings that can fit several thousand people and supply them with beer while they dance and sing and spew). We checked out where they were but there was a huge line, so we wandered off to an outdoors beerhall out of the actual fest area and had a beer and a bite to eat there (if you don’t like pork, avoid Germany).

We wandered back a bit later and met up with some other mates and got into a beer garden sort of area. Within about 5 seconds of stopping to look around, a dude came up to us and offered us beers (there were hundreds of people all around us – the custom is to tip well and so with the sort of ruthless German efficiency you might expect, as soon as these guys see a target they zoom in and offer beer). We sort of expected him to be gone for ages and were again amazed when he returned in seconds with 5 or 6 steins. Very cool.

This process repeated for a couple of hours until we decided to try to get inside the tent. We were pretty well toasted by this point and managed to bullshit our way in, despite the best efforts of the crowd (who we pushed in front of like jerks) and the security guards (who were doing their best to stop anyone else from coming in because the place was packed).

Once inside its an amazing sight. The tents are huge, stretching off into the distance and just jam-packed with people standing up on the tables singing, waving around massive beer steins, drinking, and the occasional (but rare) fight. Everything sort of got blurry at this point, but I suspect it was quite fun; we jumped up on a table and grabbed a stein and sang along with crazy German drinking songs coming from the huge band somewhere in the hall.

I didn’t actually get many decent photos – basically after a couple of beers I’d pretty much forgotten that I had my camera. The beers are served in steins that hold around 1 litre of beer, so it’s pretty hard going. I actually woke up the next day with bruised hands (amongst other things) from holding the steins and waving them around. We only had one broken stein incident when one of my mates tried to cheers someone a little too enthusiastically – they’re hard to break; they’re made of thick-ass glass and are quite heavy.

I forgot to get a photo of the area behind the tents – basically a grassy hill where everyone just goes and sits down – just covered with people that have wandered outside and passed out completely and utterly. There were quite a few maggot people wandering around but overall everyone was really well behaved, which I was very surprised about. The presence of German police was probably a big factor – these guys are scary looking dudes and I’m sure they’re on top of their game at this event, instantly aware of any problems and swarming in to take out people that look like they’re going to cause problems.

German beer is made under what they call the Reinheitsgebot, or the German Purity law, although there have been a few changes since it first came about in 1516 (!!!!!) and their beer is fucking awesome. You can drink a ton of it and it tastes great and the hangover effects are surprisingly minimal (theories I have heard are because of the lack of additives/preservatives etc in the beer – which I could believe).

We also did the compulsory (imo) trip to the Hofbrauhaus to try their awesome beer (it was a pretty significant WW2 place with Hitler doign a bunch of speeches there; it’s pretty amazing to think of the history in some of these places). The city itself is also pretty awesome with some great old buildings and cool restaurants and stuff.