Category Archives: Ramblings

Smartphones + small screens = Phishing!

1 minute, 13 seconds

I just read internet’s famous Cory Doctorow’s very interesting post about how he got phished (!). What struck me was not his whole parasite-perfect-timing-phone-reset scenario. The take away for me was that on a small screen you can’t see the entire URL of where you’re going. I can imagine a scenario where phishers look up your friends on facetwitt, send you a “personal” note with a perfectly crafted URL to fit you iphonedroid’s browser. Your phone would hide the fact that you’re not logging into the site you think you are. Yikes!

I’m currently abstaining from all social networking sites. They’re totally awesome and fun and a great way to keep in touch with friends far and near. However, my security hackles go up too high with them, so I’ll have to be happy with my blog and its 4 readers instead of an intensely well read facebook wall (that’s what the kids call it, right?).

Phishers often depend on super popular site like twittface to spam you with a note from a service you’ll likely be using. I laugh these off because I don’t use any them. But if I was a phisher, I’d programmatically crawl the feeds to figure who your friends are and who you actively communicate with. I’d then watch out for nouns and verbs you’d expect in a message based on the vernacular your lil’ group uses, and then I’d phish you like a bunch of mom’s on their iMacs (my mom and her iMac excluded, of course!).

This post largely written on WordPress for Android in casual carpool. Fun!

How to embed Vimeo Videos: The hard way

0 minutes, 48 seconds

I’ve been chatting with my friend about how to embed Vimeo videos on his site. He was trying to figure a way to do html5 and flash and auto-detect if you’re a desktop browser or a mobile browser (or an iPad). By using JavaScript he could show the user the right video. I’ve accepted this challenge and I introduce: Plip’s Vimeo JavaScript Embedder v.01. One thing I didn’t do was scour the Vimeo forums to see if this had been done. What I did set out to do was:

  • Learn Vimeo Simple API
  • Write code some one had requested
  • Have a programming goal that I could prove could be done in just one night

Arguably, I may not have achieved the last item as I actually haven’t tested it on a mobile device yet (yeah, I’m a lazy, lazy man), but I’m pretty sure it’ll work on a WebKit device.

It should be noted, I don’t think I’m a very good JavaScript coder and this is version .01. Even so, should I add a “JavaScript” category?!

Will the real 404 please stand up?

0 minutes, 46 seconds

One of the laptops in the house died recently. The svelte new Dell Latitude 13 showed up as its replacement, and it’s great. However, it’s running a factory set up version of IE8. I don’t use IE8, opting for the fox (for debugging) or the goog (for speed) instead, but I noticed that the totally awesome plip 404 page was being usurped in IE8. This will not stand! Just as I will not have my ISP taking over DNS for domains that don’t resolve, I will not have my browser decide what a 404 page should look like.

At first I found some sites that suggested a different header or that you could make your 404 page more than 512 bytes. While this will work, and will work every *every* user, I was curious about a client side setting. Enter “show friendly http error message” check box:

Just uncheck that guy in your IE settings and welcome back fugly plip 404 messages. Interesting enough, there’s all kinds of wackiness in Microsoft land about this. Read on if you care!

True Cost

3 minutes, 34 seconds

When we consume products in the US, what is the true cost? Most folks would think it’s simply the dollars they shell out of their wallet for the item they just purchased. If it’s just a monetary exchange, then price is king and entirely defines an item’s true cost. You should always pay the lowest amount possible for the highest quality goods.

To that end, Amazon’s native Android app is pretty great. Say you’re in your local widget shop, just down the street and they have Model A Widgets for $59.99. Whip out your phone, scan the bar code and BEEP, you see Amazon has it for $39.99. What’s that? It’s on Amazon Prime too? Sign me up! I get it 2 day shipping and tax free!

What if you’re looking for an audio cable. You could make one out of the spare parts bucket you’ve got in your garage, or you could get shiny new one online for $75.00. But whats this? It’s marked down to $4.72? Well, that’s over a 90% discount, sign me up for that deal too!

What about food? Should I pay triple for an Avocado because it has the “Organic” label on it? No way jose! The ones in the bin right next to it are cheaper and bigger to boot.

If you know me, you know this is not what I believe. I believe that the true cost of that widget includes not only the revenue you deprive your local shop of, but the neighborhood’s loss when it’s full of big box stores. I once was told by a fake cop I couldn’t park my bicycle in front the big box store I was trying to patronize because it wasn’t allowed. See, the entire box store mall setup was on private property, so they could set arbitrary rules that made no sense and then kick you off their property if you ride a bike and park it “funny”. Yes, a bit of a rant, I know, but I consider that the true cost of keeping your local shops in business.

The food has the same true cost. We should ensure our local farmers can make a living wage off the food they sell. Further, we should not by crap that will so pumped full of craziness, including preservatives that last forever. Eating this deprives us of healthy bodies which in turn cost the health care system money to fix.

Sadly, this post has a hypocritical end. I bought the cable. It came two days latter to my office. I suspect there’s some little boy in a sweat shop who doesn’t like me. I could have pulled out my soldering iron, found the scrap cable parts in my wires bucket and pieced together the cable I need. But nope, I just clicked “buy” instead.

Any one know of a good place online to by this sort of item and pay the true cost for it?

Update: One of our fine (few?) readers wrote in:

Interesting post. Here is an article, though a few years old now, that I may have alluded to in the past: Food That Travels Well

It doesn’t address electronics, but food. The main point being that distance itself isn’t the only variable in the “true cost” of something equation, at least environmentally.

Good point! Looking at the true cost inherently means you open the cost equation wider and wider, thus covering more and more factors. In this case, the fact that farmers can’t graze their sheep and are forced to use feed bumps up the net pollution for equation.

This should give us pause to know more about what we consume and what resources that consumption demands. A good, but admittedly hard to find, solution is something like Polyface farms as featured in Michael Pollan’s Botany of Desire. What’s hard to find here is the solution to the massive equation to figure the true cost of eating a good steak. In general, we, as lazy consumers, don’t want to be on the line for counting every carbon footprint, health care cost, and increase in child slavery. Instead, we want a simple, “If I do A, B will happen” type of solution. It doesn’t exist.

Here’s another tip of an iceberg along the lines, of “just do A…”:

The geophysicists Gidon Eschel and Pamela Martin have estimated that if every American reduced meat consumption by just 20%, the greenhouse gas savings would be the same as if we all switched from a normal sedan to a hybrid Prius – Meat: Making Global Warming Worse

There’s a great exhibit at the Academy of Science that explores this fact and demonstrates it in a way that even a 10 year old can grok.

More food for thought, indeed! Also, I very thoroughly checked the “Rambling” category in this update too ;)

Privacy, Intent and Expectation

1 minute, 58 seconds

Our favorite search engine Google does a lot of analysis of what people search for. They represent such a huge percent of the search market that they can actually deduce real world facts from virtual world searches. This is pretty impressive. For comparison, if 20 people come to plip.com and read about how to secure their passwords, I can probably deduce much of nothing about the US population as a whole. Google, on the other hand, can deduce flu trends from around the country based of searches on their site. In a more real time scenario (and a bit more PR’ey), they had their own “Google search olympics” based on searches during the real olympics. Average joe users are OK with this level of privacy about their searches because it is massively aggregated, thus there is no chance of picking Joe from Jane in the resulting data. Further, Google’s intent is to be helpful with their statistical deductions. Finally, you have the expectation that your search metadata might be used in some way, if not explicitly stated as much.

This whole set up got me thinking: what about other huge companies that could expose similar data that maybe you would not be so OK with? My ISP is Comcast. They’ve been involved in some filtering/privacy issues in the past, but have otherwise kept their hands pretty clean. What if Comcast released their own data explorer (think Google’s, of course) based on net usage across the country broken up by zip code. Would the posh upstate New York neighborhood be OK if they were rated the #1 porn consumer per capita on weeknights between 11pm and midnight? Yes, of course, this is a fictitious stat, but the point is that likely no one would be OK with this level privacy because they don’t want anyone to know.

There is a fine line between a company’s intent and your what your expectation of privacy is. Somehow we’re OK with what Google does (because they can do no evil, right?), but we might not be OK with Facebook auto-sharing your data with another company (real !) or if RIMM, with over 40% of the smartphone market, decided to guesstimate what percent of its users were having extramarital affairs based on emails going through their servers (fake).

Aggregated data is out there and you should be aware that every move you make across every platform you use, physical or virtual, is being tracked.

Follow up reading/things that I couldn’t cram in above:

Bees, Flowers and Videots

0 minutes, 21 seconds

Out for a walk to lovely Ici on an equally lovely day. Good news! Flowers and bees are awesome. So is multi-shot on the digicam – love it. Bad news! Videots has closed! I dunno about the “scam artist” part in that Berkeleyside article though. I happily bought credits there knowing they might go under some day. If you’re looking for a really knowledgeable shop in the east bay, check out the Video Room. Folks agree, they know their stuff.

Yahoo mail hacked?

2 minutes, 30 seconds

I’ve had three friends with yahoo accounts send me email that was clearly not them sending it. It was a spammer. One friend had every contact emailed, in alphabetical order, in groups of 10. The symptoms seem to be:

  • Emails are really sent from yahoo account, there’s a copy in the “sent mail” folder
  • Password is changed such that you need to call yahoo or otherwise reset your password
  • Groups of 10 people emailed

Another geek friend reported the same with a number of his friends who have yahoo email getting hacked as well. Him contacting me prompted this post to get awareness out there ( you know, to all 3 of you who read this). No real news on the interwebs, leave this post: Who Hijacked Yahoo Mail?

Here’s the nice view of the email (sensitive data yas been obscured with “***********”)::

From: Anders ***********
To: egwit, awarnow, avkirby, starsister77, apnun, ann, jara, apollostwinsis., haywoodashley, me
date: Tue, Feb 16, 2010 at 3:06 PM
subject: Bettina Mischkalla

http://nmprint.com.au/go.friend.php

Here’s the raw email I got from my friend’s hacked account (sensitive data yas been obscured with “***********”):

                   
          
Delivered-To: mrjones@***********.com
Received: by 10.231.143.16 with SMTP id s16cs151659ibu;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received: by 10.140.58.10 with SMTP id g10mr4771311rva.57.1266361611517;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Return-Path: 
Received: from ***********.com (***********.com [207.29.224.50])
        by mx.google.com with ESMTP id 31si10777747pzk.62.2010.02.16.15.06.51;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of 
mrjones@***********.com designates 207.29.224.50 as permitted sender) 
client-ip=207.29.224.50;
Authentication-Results: mx.google.com; spf=pass (google.com: best 
guess record for domain of mrjones@***********.com designates 
207.29.224.50 as permitted sender) smtp.mail=mrjones@***********.com; 
dkim=neutral (body hash did not verify) header.i=@yahoo.com
Received: by ***********.com (Postfix, from userid 501)
	id 2AFAC968B7C; Tue, 16 Feb 2010 15:06:45 -0800 (PST)
X-Original-To: mrjones@***********.com
Delivered-To: mrjones@***********.com
Received: from web53107.mail.re2.yahoo.com (web53107.mail.re2.yahoo.com 
[206.190.49.57])
	by ***********.com (Postfix) with SMTP id 7D7D4968B58
	for ; Tue, 16 Feb 2010 15:06:38 -0800 (PST)
Received: (qmail 11051 invoked by uid 60001); 16 Feb 2010 23:06:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; 
s=s1024; t=1266361597; bh=oJtmpSDF9JfgKjw+1+Q+Wqxiiq1f0Qc9sio+EdymNik=;
 h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
 MIME-Version:Content-Type; b=oFCN9QuJ13WOanJxxKZHrcbLHOZOMviKII3sm
 Wu/Rno7BWX4i8mBO6CHijcUGJPj/7P1ryPEfVSCB/k72CUbSHcHaJZIpLbF0EXwLje
 uVvkTB/BaeMHhTn5DPbW2h7bcKCvt0AlwfUXUQ+1K3t2zpBH1slw/eUoJqEEVx58A2Ew=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
  MIME-Version:Content-Type;
  b=kzg14b6v1xa8NPMqRfu5XCsz4dFXa7bASb6Vj3Epb6I74/a8t5rVPWCOBfPtR1C
  2Bg67H5UqE3nmdd/hqTKWmUfOKh/g2rhEuXX23ghs080LTudbyqwF0hQSLVmPlhAQ
  RcedYf86UYfC5Ox8SpH/76T2gc+LRlqglfPenlpLRzw=;
Message-ID: 
X-YMail-OSG: ppvFaJUVM1kacZ05sJo0wMYepvD5By3Oxe96QISv6KgKBxmq0_Q1r1
8k75jrUQId8bPmqNP8IjHUU8OBB8bfkioPzwwMw7pj1Br2YORw.qhjM8uWFe8yr_wQv
i7YEAoLhtQvNnyTU.5SLv6lIQFUrTxp6huhu1iOVzwW5PtokoZoBQLQ82lLd_jMg1L6
9lCXsoRvQi6C5PTDrobDdUz7VOj3h0yRWEFf00zgrQ.Vs9kf2cU2epyUdQQuJ_juBPx
accPy7psP2vYnb7ErtxGxfUayl85HvFPG575oMywmq6e8PKqpKz04xXdgwqhgZ6g5qs
5_feAiiHiTH5Tz5gpTdCCuzNThjs3436jDWaTpWx8-
Received: from [66.196.86.118] by web53107.mail.re2.yahoo.com via 
HTTP; Tue, 16 Feb 2010 15:06:37 PST
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Tue, 16 Feb 2010 15:06:37 -0800 (PST)
From: Anders ***********
Subject: Bettina Mischkalla
To: "egwit@***********.com" ,
  "awarnow@***********.com" ,
  "avkirby@***********.com" ,
  "starsister77@***********.com" ,
  "apnun@***********.com" ,
   "ann@***********.com" ,
  "jara@***********.com" ,
  "apollostwinsister@***********.com" ,
  "haywoodashley@***********.com" ,
  "mrjones@***********.com" 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii


http://nmprint.com.au/go.friend.php

Oakland & SF Photos, Coffee and Scotch Whiskey

1 minute, 25 seconds

Ok, this’ll be a good ramble. In order of the photos below, first up is the PG&E embarcadero substation. Huge buildings that have no windows are not for humans. They seem to always be for some utility company. Weird and cool looking. Next up is a shot of a late I made at work. Microfoam is looking good, latte art, not so much. We’ll get there, just you wait and see. Next up, the shocking truth about the price of a bottle of decent scotch. The first is Eddie’s Liquors which has a bottle for $70. Then Trador Joe’s has the same bottle for $37. Shocking! After than is the 411 30th building in oakland. Some what unassuming until you check out the details (art deco?) of the lobby. I love this old stuff.

Last night I did a ride from our house, through downtown oakland, through china town, past laney, all the way south down to the park street bridge, all the way around alameda, and the double back almost the same way you came. Along the way I went through the defunct airforce base. The next photo after 411 30th shots are the HUGE doors (no street view) on the base. I love ’em! On the way back I stumbled upon The Hotel Oakland. Woah! This building is 1 square block and looks like it’s from New York city. It’s on 13th off of Broadway, who knew?! Wikipedia suggests it’s on the list of Alameda County Historical Landmarks and some random site has this history:

“A residence and health center for the elderly. The building housed the finest hotel in Oakland until it went out of business in the Great Depression; in 1943 it became an army hospital and by the 1960s a VA hospital. From 1963 to 1979 it was vacant, before being reborn into its current use.”

Lastly, a sunset shot of the good ol tribune tower. Hi Modern Cafe!

On Comcast Internet

0 minutes, 23 seconds

Two quick points about Comcast High Speed Internet (HSI):