Everything within Reason

Yes, you read it correctly. I f#cking hate windows. Why? Well, let me explain;

Microsoft has this nice feature called Automatic Updates. Basically nothing wrong with that. It makes sure that you have the latest patches and updates without having to think too much about it.

Every now and then you get a mildly annoying question if you want to reboot (no, off course not… I’m working at this moment), but you can postpone those during the day. So when you shutdown the laptop/PC at the end of the day, the changes are taken into effect, and you can be (pretty) sure that your system is up-to-date the next time you boot it up.
So far nothing wrong…….

Somehow there are certain updates which enforces a reboot of itself (see the screenshot below). This is a reboot from hell, because no matter what documents you have open, no matter how many things you need to save before restarting. This bug-from-hell (I have no other words for it), will close everything by force and reboots your system. And with force I really do mean force.

Automatic Update Reboot

Normally, when you close a program, you get a question if you would like to save the document if it has changed. Even when you shutdown the PC the official way, the shutdown process stops (actually, it hangs, because stuff stops responding) at those dialogs. Waiting for your input. But this enforced reboot ignores this all together.

After the first message appears on your screen you’ve got exactly 5 minutes to change its mind. So if you’re at lunch, or on the toilet, you might be in deep sh#t. Because when you come back, the OS has rebooted. Every open document (saved or NOT) is closed, and you can start over again.

The worst part is that a unwanted shutdown can (and will at some point) corrupt data. Something you don’t want, but just happened to me….

Damages:

• Corrupt Outlook PST file
  which was an archived mail file, which can be recovered from an earlier backup.
• Corrupt MS-Word document
  thankfully the auto-save function was enabled and recovery seemed to work. No idea what content is missing yet.
• Lost several notepad files which were open with several to-do things, and pieces of code I was working on.

And that’s why I love Apple OSX, and f#cking hate Windows.

B.t.w. I already blogged about this feature a while back, but I hadn’t lost any data that time. This time it’s personal.

Oh, and spare me the advise on reconfiguring Automatic Updates, because this feature should not even exist.

near you.

Mike's Money

I found a comment in my spam-queue this evening. And every now and then I wondered what those spammers were advertising. I know, I shouldn’t
Anyway, this led me to Mike’s Money Site dot com. Mike lives (according to the about part) in Ossendrecht, 06…. That rang a bell, because those ‘lonely sexy singles near you‘ ads on some website always think that I’m from Ossendrecht. Obviously they use a not-so-automagically-IP-GeoLocation tool to determine the location of an IP address. Those locations are in most cases the cities where the ISP is located (or their datacenters), and not your actual location.

This made me wonder; What if I came from e.g. Germany? So I opened TOR and surfed to Mike’s Money Site dot com. Tadaaaa… Suddenly Mike lives in Berlin, 16.

Anyway, douchebag Mike is offering some sort of pyramid-money-laundering-deal-scams. Because why would you sell the goose with the golden eggs? I wouldn’t.

Yet another way of social engineering. Making people think that they live nearby, and MIGHT be trustworthy that way.

and breaks the functionality @ Dutch Rabobank Internet Banking.

I got the Safari 4 update this morning, and with most Apple updates I just install them. After the update I launched it and was (at first) surprised at the Interface. It opened with ‘Top Sites’. An overview of Websites along with thumnails… Nice.

Since I had a web browser open, I launched the Rabobank Internet bankieren website. Since Apple boasts with the fact that Safari 4 passes like a gazillion Acid tests (and Microsoft like only 1)

Safari 4 ACIS tests results (according to Apple)

From another source:

On February 24 2009, Safari 4 was the first fully functional build browser to pass Acid3.[22]
On 08 June 2009, Safari 4 was the first official release version of a desktop browser to display a score of 100/100 and pass the Acid3 test.

The main page worked fine, but transferring funds leaves you with empty screens etc. There is no way of managing your money with Safari 4.
I haven’t search for workarounds, since I don’t want to search through knowledge bases, or sniffing through settings within Safari (or OSX). A browser should work.

So they might be perfect in a lab environment, but I’d rather have a less perfect browser which enables me to manage my money.

So, to summarize:

Safari 4: 100% ACID 3 proof, and a 100% failure rating in displaying websites
(since I only tried one website)

Anyway, back to FireFox for me.

B.t.w. I have tried the same with Internet Explorer 8 on a worklaptop (since it got pushed through my throat), and that one works fine. Even when it’s not in its compatibility view mode (for displaying non-standard websites). Must the one of the few times that Internet Explorer seems to work….

I’ve been experiencing some 500 errors on my blog (HTTP Error 500 - Internal server error). During these occasions, the SymCAImport tools seems to work fine, while the Wordpress installment hogs. So PHP screw-ups are less likely.

A brief conversation with the support department @ Dreamhost, suggested a Wordpress theme/plugin malfunction. So I downloaded the latest theme version, and deactivated most plugins. Let see how long thing keep working.
Anyone other ideas?

UPDATE: Got additional information from Dreamhost about the 500 errors. It seems that there was a ‘naughty’ person clogging up the cluster/server resources.

It seems that my hoster Dreamhost ran into some problems yesterday. Lot’s of websites returned ‘Internal Service Errors‘ or ‘ Service Temporarily Unavailable‘. These errors only occurred when addressing php content and not while accessing static html-files. So most likely a PHP (config) ‘feature’.

The thing that annoys me the most about this downtime is not that it lasted almost a day, but the lack of communication. No mention of problems on their status page, and support-feedback was also thin.

I rather have a couple of days downtime, and knowing what the problem is (hard disk crash, power failure, human error), than 1 hour and not (ever) knowing what happened.

Anyway, the problem seems to be solved (for now), but I’m keeping my fingers crossed on the feedback issue.

UPDATE: Got feedback from Dreamhost.com that everything should be working. No feedback (yet) on the cause of the problem though.

…. for me at this moment.

I’m still in the fase of migrating my Windows server to a more ‘reliable’ Operating System. The new server should cover the following basic functionalities:

• Filesharing (either via Samba or NFS)
• Webserver with PHP and Coldfusion
• SSH server
• RADIUS Server
• Central user database (e.g. an LDAP server)
• a NZB downloader of some sort
• etc.

Up till now I’ve tried several Linux distros (Ubuntu 7, Ubuntu 8, and CentOS 5), and none of them are that easy to configure. Read more…

A while back I wrote something about Path Finder as a probable Finder substitute. Well, it’s been a couple of months, and I must say that  I’m still using the crappy Apple Finder.

Why? Well, I guess that it kinda grows on you, eventhough Path Finder has ’some’ neat features. It just didn’t feel like a real substitute. It felt more like an add-on.

So, back to Finder with its little annoyances like;

• Not being able to move or delete files when the OS is busy creating the thumbnails.
• No Cut&Paste (⌘-x, ⌘-v) in the file system.
• ⌘-o to open files instead of hitting the Enter-key.
• Sort folders before files. Not mixing them.
• Clock/Date format (I want the date also to be visible).
• Manual refresh option for (share) folders.
• etc.
  

I have high hopes up for Snow Leopard. Hope that Finder gets a real good overhaul.

A couple of months ago I found several websites selling electronics and photo gear for ridiculous low prices (which also ended my Google Adsense account). Prices were less than half the lowest legal price. Those websites were all scams, and were advertising through Google Ads. Trying to pry you from your hard earned money.

The last couple of days new scam-websites are showing up on the Internet. This time they are more advanced. They even have had VALID SSL certificates (issued from a GoDaddy CA), and still use Google Ads to target the victims.

e-holater SSL Certificate

Why are they scam-websites? Well, If it’s to good too be true, it probably is. And somehow you can’t pay by credit card from abroad (so no insurance).

Holater currently ONLY accepts international payment via Bank Wire Transfer.International credit cards and checks are not accepted.

So you’re left with money transfers, and we all know what the insurance is on that. None, nada, zip.

Note that the following websites are considered fraudulent by ME (and some of the victims of these websites). They will be portrayed like this unless several others prove me otherwise.

The following section gets updated when necessary. Websites found so far:

WARNING: When these websites are taken offline, a domain forwarder might be used to redirect you to other non-relevant websites. These sites may include offensive material. Please follow these links at your own risk. If you find such a link, report them in the comments, and I’ll remove the link.

Active Scammer Websites

PE Export / Export Panama / Hexport

URL: http://www.pe-export.com [mirror] (http://www.hexport.com [mirror])
Nick is back. ‘Nick Naylor’ was also the guy behind Panama Export (which seems offline). According to the whois, this domain is his new playground. Prices are low (as usual), and the layout etc. are exactly the same as his former website panama-export (contact page).When I write this (May 27, 2009), the website seems to be closed (or they’re filtering on my IP range again). They use a script to transfer me to Panama-Export.com (which forwards to an ads-page or something). My guess is that the website will be operational soon (and offline soon afterward).

UPDATE: Finally found the hexport.com screenshots I needed (ain’t the Internet a wonderfull thing). Anyway, what I already suspected is that hexport.com and pe-export.com are identical. Only the name is different.

The hexport.com screenshots: index (with video playing), products, Contact Us, FAQ, Guarantee, Testimonials The pe-export.com movie (Seems that ‘Nick’ is really going pro with the ads), As seen in…

Wootech Worldwide

URL: http://www.wootechworld.com / http://www.wootech-world.com [mirror]
A duplicate form the ‘older’ scam websites like e-holater etc. Prices are still too good to be true. Even the Nikon 14-24 lens is back with a new default product id (1090485). Just compare the Anepax and Wootech screenshots for the Nikon 14-24 lens.

According to the whois database information they ‘exist’ since May 5th, 2009. I have found the cheap GoDaddy SSL certificate (details).It seems that the website (hosted @ 194.165.4.81) won’t resolve @ my local ISP’s DNS server. I can access the website using TOR. I guess they’re blocking IP ranges now :). They’re gonna miss out on lot’s of XS4ALL customers this way :).

I ‘purchased’ a Nikon D300 at the website for a lousy €790. Just to get my hand on some additional screenshots and the banking information on these scammers.

Note that even though they have an SSL certificate, they don’t use it (yet). The entire account registration process and ordering is done without the use of SSL.

Good Electronics Shop

URL: http://www.goodelectronicsshop.com (mirror)
Chinese and prices too good to be true. Also, no Credit Card payments possible. Only Western Unions and Bank Transfers (contradicting payment info 1, 2). And we all know what happens with those….. Besides, what’s the difference between these [1, 2] items?No https connections during the (spam enabling bogus) registration and ordering process, and the domain name was registered on April 6, 2009.

digsaleltd@yahoo.com, digsaleltd@gmail.com, digsaleltd@hotmail.com

Any sales offerings with these e-mail addresses can be considered fraudulous.

Camera Giants Inc.

URL: http://www.cameragiantsinc.com (mirror)
Prices are too good to be true. Domain was registered 18-jan-2009, and the SSL certificate is one of the cheapest available from Comodo. No address available, only a PO Box in Emeryville.

Sonic Cameras

URL: http://soniccameras.com (mirror)
Shady

My Affordable Camera

URL: http://myaffordablecamera.com (mirror)
Resides in Russia, ultra low prices, and accepts Western Union only -> Scammer (in my opinion).

If you find other websites with the same characteristics, please report them in the comments, and I’ll add them to the list. Read more…

The LX3 is in my possession for a couple of weeks, and last weekend I noticed something annoying. When I imported the photos in Adobe Lightroom, some of the photos were imported as RAW, and some as JPG.

By default I set my cameras on RAW (if they support it). When I purchased the LX3 there was no RAW importer for Lightroom or Photoshop, so I shot in RAW+JPG. This way I could see the photos and could work with the RAW files when a proper RAW converter (Adobe Camera RAW) cae along.

I checked the format settings and these were set at RAW, so where did those JPG’s came from?
After some searching I found that the iA mode of the camera (intelligent Auto) decides which image quality setting to use. Something I didn’t find in the manual (or I read over it).

Anyway, it’s annoying as hell.

WebTrust broken?

When a CA issues a SSL certificate they (the registration authority) should verify certain information provided by the requester. This includes at least the domain name ownership and preferably the person or company tied to the domain name ownership. Basic stuff really, but what happens when certificates get issued without any verification? Well, this happened to Mozilla [2].

Basically the complete trust framework collapses (for that CA). Especially combined with hosts file and/or DNS hijacking. What if this incident isn’t the first? What if some cybercrook got some SSL certs due to similar mistakes of your favorite bank? You’re no longer sure if the https connection of your bank really terminates on the servers of your bank. They could just as easily terminate on a server in Russia or Albania. Which leaves you with an empty bank account (most likely).

If the certificate is issued (signed) by a Comodo Root CA (as it was in this case), your browser accepts this as a valid/trusted CA and for the user everything seems fine. This takes me back to the issue of all those trusted root certification authorities in the average OS or browser.
This time, it’s a Comodo affiliate that’s screwed up (there’s no other way of describing this), but what are the chances that some of those trusted 100+ CA’s make a mistake? The bigger the list, the bigger the chance of wrongfully issues (SSL) certificates.

By the way, if you’re using an older browser (pre IE6 e.g.), chances are that SSL certificate revocation checking is disabled by default. So even when the revoke they certificate you still wouldn’t know…. You can verifiy this by opening the Internet Explorer options section and checking the Advanced tab.