Posts tagged ‘Facebook’

Schneier on Security: “Hinky” in Action

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

In Beyond Fear I wrote about trained officials recognizing “hinky” and how it differs from profiling:

Ressam had to clear customs before boarding the ferry. He had fake ID, in the name of Benni Antoine Noris, and the computer cleared him based on this ID. He was allowed to go through after a routine check of his car’s trunk, even though he was wanted by the Canadian police. On the other side of the Strait of Juan de Fuca, at Port Angeles, Washington, Ressam was approached by U.S. customs agent Diana Dean, who asked some routine questions and then decided that he looked suspicious. He was fidgeting, sweaty, and jittery. He avoided eye contact. In Dean’s own words, he was acting “hinky.” More questioning — there was no one else crossing the border, so two other agents got involved — and more hinky behavior. Ressam’s car was eventually searched, and he was finally discovered and captured. It wasn’t any one thing that tipped Dean off; it was everything encompassed in the slang term “hinky.” But the system worked. The reason there wasn’t a bombing at LAX around Christmas in 1999 was because a knowledgeable person was in charge of security and paying attention.

I wrote about this again in 2007:

The key difference is expertise. People trained to be alert for something hinky will do much better than any profiler, but people who have no idea what to look for will do no better than random.

Here’s another story from last year:

On April 28, 2014, Yusuf showed up alone at the Minneapolis Passport Agency and applied for an expedited passport. He wanted to go “sightseeing” in Istanbul, where he was planning to meet someone he recently connected with on Facebook, he allegedly told the passport specialist.

“It’s a guy, just a friend,”he told the specialist, according to court documents.

But when the specialist pressed him for more information about his “friend” in Istanbul and his plans while there, Yusuf couldn’t offer any details, the documents allege.

“[He] became visibly nervous, more soft-spoken, and began to avoid eye contact,” the documents say. “Yusuf did not appear excited or happy to be traveling to Turkey for vacation.”

In fact, the passport specialist “found his interaction with Yusuf so unusual that he contacted his supervisor who, in turn, alerted the FBI to Yusuf’s travel,” according to the court documents.

This is what works. Not profiling. Not bulk surveillance. Not defending against any particular tactics or targets. In the end, this is what keeps us safe.

TorrentFreak: Major Record Labels Sue MP3Skull Over Mass Piracy

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

skullUnauthorized MP3 download sites have been a thorn in the side of the music industry for many years, and a group of well-known labels are now targeting one of the biggest players in the market.

The coalition of record labels including Capitol Records, Sony Music, Warner Bros. Records and Universal Music Group have filed a lawsuit against MP3Skull, currently operating from the Tonga based .to domain name.

In the complaint filed at a Florida District Court (pdf) the studios describe MP3Skull as a business that’s designed and operated to promote copyright infringement on a commercial scale.

“MP3Skull is a website that is devoted to the infringement of copyrighted sound recordings on a massive scale, from which Defendants derive substantial revenue every year,” the complaint reads.

“At the core of MP3Skull is a database that, according to Defendants, contains millions of links to MP3 music files from around the Internet,” it adds.

MP3Skull has been around for several years and lists links to popular music tracks scattered around the web, free of charge. The operators of the site are not publicly known but the labels note that the Russian Monica Vasilenko was previously listed in the site’s Whois information.

Besides offering a comprehensive database of links to music tracks, the labels also accuse the site’s operators of actively promoting piracy through social media. Among other things, MP3Skull helped users to find pirated tracks after a takedown notice purge.

“MP3Skull’s official Twitter and Facebook pages contain several communications from Defendants openly encouraging users to download obviously infringing files, links to which were removed following takedown requests from copyright owners,” the labels write.

“On several occasions, Defendants outlined various workarounds that users could employ to download MP3 files because the site was ‘forced’ to ‘remove a huge amount of our searches’ following takedown requests from copyright organizations,” the add.

As a result of its allegedly infringing activities the site has gathered a broad audience of millions of users, resulting in significant losses from the record labels.

“As a direct result of Defendants’ widespread and brazen infringement of Plaintiffs’ copyrighted works, MP3Skull has become one of the most popular illicit music download sites on the Internet, attracting millions of users from the United States and generating significant revenue for Defendants.”

The complaint list more than 100 popular tracks that are freely available on MP3Skull. This means that the site’s operators face over $15 million in statutory damages.

Perhaps more importantly, given the anonymous nature of the site’s operators, is the broad preliminary injunction the record labels request.

Among other things, the proposed measures would prevent domain registrars, domain registries, hosting companies, advertisers and other third-party outfits from doing business with the site. If granted, the MP3Skull operators will have a hard time keeping the site afloat in its current form.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Блогът на Юруков: Лошите на пътя

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Намирам за странна тезата, че проблемите по пътищата ни се дължат на 2-3ма, които карат като луди, а не на повечето от останалите, които нарушават „леко“ правилата, защото „какво толкова“, „всички го правят“ и „аз съм опитен и с хубава кола, така че може“. Чуха се определения, че ония са генетични грешки, гниди, убийци, както и призиви за смърно наказание. Още по-непонятна ми е идеята, че трябва да ги подложим на публичен линч, вместо да натискаме да се прилага законът както трябва.

България има почти двойно повече смъртни случаи по пътищата на глава от населението отколкото повечето европейски държави. Това до известна степен се дължи на лошите пътища и старите коли, но най-вече на непредпазливото каране на голяма част от участниците в движението.

Пребивайки двама хулигани публично няма да възпре другите такива, но ще измести вината на всички останали, които „леко“ превишават скоростта, изпреварват на завои, паркират на стопове и карат с изгладени гуми. „Ето, наказахме виновния.“ Ситуацията е аналогична на тази с държавните вземания – искаме да накажем шепата хора укрили данъци от по няколко сотитин хиляди, докато в същото време най-големият проблем на държавата са стотиците хиляди укрили по няколко стотин лева.

Наистина, никой не е казал буквално, че проблемите по пътищата се дължат на 2-3ма, но всички се държим така. Отприщихме общественото недоволство към хаоса по пътищата и го изляхме върху тия двамата хулигани. Дали са нарушили закона – несъмнено. Дали трябва да влязат в затвора – може би. Пускат се често такива клипове и снимки с възгласи къде е държавата и защо тия не са още в затвора. Това си е точно линч, а линчът цели наказване на изкупителни жертви като пример за всички останали.

Работата е, че всички останали сме ние. Мърморим когато законът се прилага (вдигат ни колата като сме паркирали неправилно, глобавят ни за гладки гуми и колани), защото разбираш ли – „ние ли сме най-големия проблем на пътя“, а „ония с белите джипове не ги ловят“. Не искаме законът да работи за всички, защото така трябва да глобят и нас. Искаме да накажем публично няколкото брутални идиоти, за да се чувстваме по-добре за собствените си прегрешения.

В същото време никой не смята за проблем, че останалите от скорошните клипове са нарушили също правилата за движение, макар в много по-малка степен. Всъщност малко обърнаха внимание или дори знаеха, че това е нарушение. От записа с мотористите се вижда ясно, че изпреварват неправилно и карат с превишена скорост. Като го посочих, ме обвиниха, че защитавам ония с голфа и че непрекъснатата линия не важала за мотори.

Извадка от мнение, което пуснах във Facebook.

Linux How-Tos and Linux Tutorials: Tweaking Ubuntu Unity to Better Suit Your Needs

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Jack Wallen. Original post: at Linux How-Tos and Linux Tutorials

Unity scopes choice

Ubuntu Unity. Never before has there been a user interface to bring about such polar opinions. Users either love it or hate it—there’s very little middle ground. One of the reasons so many lay claim to their dislike of Unity is the lack of configuration options.

If you compare Unity to the likes of Xfce, you will certainly find that Unity does, in fact, lack a certain amount of available options. However, that does not mean the shell is locked down such that it cannot be configured. In fact, you’ll be surprised at just how much you can do with Unity. That is my goal here, to introduce you to some Unity tweaks you can easily manage in order to make the default Ubuntu desktop work perfectly for you.

Privacy

One issue that Ubuntu gets hit hard on is privacy. There are certain elements of Unity that make the interface incredibly efficient. One element is Scopes. With Scopes you can, from within the Dash, search anywhere—both locally and online—for anything. Problem is, some users see this as an invasion of their privacy. Thankfully, the developers of Unity foresaw this and ensured that users can easily configure Scopes to best suit their privacy needs.

First, let’s see how you can fine-tune Scopes to include (or exclude) locations from the web. Say, for example, you aren’t overly concerned about the privacy of your search results, but don’t want include all sources or categories in your results. Let me show you how.

  1. Open the Unity Dash (either clicking the Ubuntu logo on the Launcher or by clicking the Super key on your keyboard).

  2. When the Dash opens, click on Filter results.

  3. From the listing, enable and disable the sources and/or categories to fit your needs. (Figure 1)

When you set a filter, it should stick—so the next time you go to search using the Dash, the same categories and sources should remain.

For those that take their privacy seriously, you can completely disable online search results. To do this, follow these steps:

  1. Open the Dash.

  2. Type settings and, when it appears in the results, click to open the Settings tool.

  3. Click on Security & Privacy.

  4. Click on the When searching in the Dash ON/OFF slider (Figure 2) until it is set to OFF.

tweak unity 2

NOTE: Once you’ve disabled online search results, you will still see all local search results (which will include all locally attached drives).

Unity Tweak Tool

The Unity Tweak Tool is a must have for those who want to tweak Ubuntu Unity. With it you can not only tweak options (that aren’t available in the standards Settings tool) for Unity, but for the Window Manager, Appearance, and System. Configuration categories within the Unity Tweak Tool include:

  • Launcher

  • Search

  • Panel

  • Switcher

  • Web Apps.

Within each category you will find plenty of options to tweak.

To install the Unity Tweak Tool, simply open up the Ubuntu Software Center, search for “tweak”, and click to install. Once installed, you will find this tool as easy to use as the standard Settings tool.

One particular feature you might want to pay close attention to is the Web Apps category. Unity Web Apps brings desktop integration for particular websites and services (such as Amazon, Google Drive, or Facebook). By default Web Apps is enabled and Amazon and (the now defunct) Ubuntu One are installed. If you open the Ubuntu Software Center and do a search for “webapps”, you’ll find a number of additional apps to be integrated into Unity. The only caveat to adding Web Apps is that many of them simply offer little more than a shortcut to the website and no other features. To this end, many users opt to disable this Unity feature. The easiest way to do so is through Unity Tweak Tool. From within the Web Apps tab, switch the Integration prompts to OFF (Figure 3) and Unity will no longer prompt you to integrate sites.

Unity web apps disable

You should also uncheck any authorized domains already associated with Web Apps. This doesn’t actually remove Webapps integration, but you will not be prompted to include services and sites that happen to be available.

Workspace switcher

Oddly enough workspaces, a feature that has been a part of the Linux landscape for over a decade, defaults to off on the latest iterations of Linux. For many users, workspaces was one of the most efficient means of managing a busy Linux desktop.

Fortunately, workspaces can be enabled without having to install any third-party software. However, the setting is a bit hidden. Here’s how to enable workspaces:

  1. Open the Dash and type “settings” (no quotes)

  2. From the Settings window, click Appearance

  3. Click on the Behavior tab

  4. Click to enable workspaces (Figure 4).

tweak unity 4

To switch between workspaces, either click on the Workspace icon in the Launcher or tap and hold Ctrl+Alt and then tap either the right or left arrow key. You can also tap the Super+s key and then tap the arrow key to move to the workspace you want to use and hit the Enter key to give that workspace focus.

NOTE: You can also configure workspaces within the Unity Tweak Tool (where you can also configure the number of both vertical and horizontal workspaces).

Hotcorners

One oft-forgotten feature of Unity is hotcorners. What this feature does is set each corner of your desktop to a certain behavior. The available behaviors are:

  • Toggle desktop

  • Show workspace

  • Toggle windows spread

  • Spread all windows.

There are actually eight hotcorners that can be configured through the Unity Tweak Tool. From the Tweak Tool main window, click Hotcorners and then make sure the feature is set to ON (Figure 5).

Unity hotcorners

For each available hotcorner, click the drop-down and select the behavior you want to associate with that location.

There is one caveat to using this feature. If you have multiple monitors, setting the corners and edges can get tricky because hotcorners treats both monitors as one—so the right corners and edge of the left monitor and the left corners and edge of the right monitor will not function as hotcorners. Personally, I set the bottom hotcorner with the Spread all Windows and it works on both monitors.

Window controls

Finally, if you’re one of those that cannot stand the Close, Minimize, and Maximize buttons on the upper left corner of the windows, you can change that with the help of the Unity Tweak Tool. From the Overview, click on Window Controls and then select between the Left or Right layout (Figure 7).

unity window control

You do not have to be constrained within the default look and feel of Unity. With the addition of a single tool and a bit of poking around, you can find plenty of tweaks to help make Unity best fit your needs and work more efficiently.

Have you found a tweak for Unity that would help make users’ experiences even more productive? If so, feel free to share in the comments.

Schneier on Security: Alternatives to the FBI’s Manufacturing of Terrorists

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

John Mueller suggests an alternative to the FBI’s practice of encouraging terrorists and then arresting them for something they would have never have planned on their own:

The experience with another case can be taken to suggest that there could be an alternative, and far less costly, approach to dealing with would-be terrorists, one that might generally (but not always) be effective at stopping them without actually having to jail them.

It involves a hothead in Virginia who ranted about jihad on Facebook, bragging about how “we dropped the twin towers.” He then told a correspondent in New Orleans that he was going to bomb the Washington, D.C. Metro the next day. Not wanting to take any chances and not having the time to insinuate an informant, the FBI arrested him. Not surprisingly, they found no bomb materials in his possession. Since irresponsible bloviating is not illegal (if it were, Washington would quickly become severely underpopulated), the police could only charge him with a minor crime — making an interstate threat. He received only a good scare, a penalty of time served and two years of supervised release.

That approach seems to have worked: the guy seems never to have been heard from again. It resembles the Secret Service’s response when they get a tip that someone has ranted about killing the president. They do not insinuate an encouraging informant into the ranter’s company to eventually offer crucial, if bogus, facilitating assistance to the assassination plot. Instead, they pay the person a Meaningful Visit and find that this works rather well as a dissuasion device. Also, in the event of a presidential trip to the ranter’s vicinity, the ranter is visited again. It seems entirely possible that this approach could productively be applied more widely in terrorism cases. Ranting about killing the president may be about as predictive of violent action as ranting about the virtues of terrorism to deal with a political grievance. The terrorism cases are populated by many such ranters­ — indeed, tips about their railing have frequently led to FBI involvement. It seems likely, as apparently happened in the Metro case, that the ranter could often be productively deflected by an open visit from the police indicating that they are on to him. By contrast, sending in a paid operative to worm his way into the ranter’s confidence may have the opposite result, encouraging, even gulling, him toward violence.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

TorrentFreak: AMC Goes After “The Walking Dead” Spoiler Pirates

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

spoilingdeadWith dozens of millions of viewers around the world The Walking Dead is one of the most popular TV-series around. The series just ended its fifth season and is scheduled to return next fall.

In common with most popular shows, The Walking Dead has a dedicated group of followers who’re constantly on the lookout for spoilers and possible directions the series may take.

One of the sources that has done well on this front is “The Spoiling Dead Fans.” The people behind the site have posted inside information and many spoiler videos in recent weeks, helped by unnamed sources.

“There is no amount of ‘thanks’ that we could ever give to our sources for everything they have done. We truly appreciate every bit of info they have shared with us throughout the seasons,” the group wrote on Facebook this week.

While the fan community does generate plenty of buzz for The Walking Dead, AMC is not happy with all material they publish.

In February the spoiler group published a 32 second sneak peek of the episode “From A Friend,” which was uploaded to Vimeo. As it contained video that had yet to air on TV it was quickly pulled offline by AMC.

“AMC diligently enforces its rights in and to The Walking Dead in all forms of media and rightfully takes its responsibility for the protection of The Walking Dead very seriously,” the company informed Vimeo.

And AMC didn’t stop at a takedown notice. A few days later it went to court demanding a subpoena to obtain the personal details of the alleged infringer from Vimeo, which was granted (pdf).

twdsub

When presented with the subpoena, Vimeo has few other options than to hand over all the information they have on the account holder. This includes the associated email and IP-addresses.

Whether the information will be sufficient to pinpoint an actual person is unknown. AMC states that it wants to protect its rights, but whether that will be achieved via legal action remains to be seen. AMC is probably most interested in finding out who the sources for the actual leaked footage and spoilers are.

For now, The Spoiling Dead Fans remain active through their own website and social media accounts, spoiling their way to the next season.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Дневника на един support: Tonight 1

This post was syndicated from: Дневника на един support and was written by: darkMaste. Original post: at Дневника на един support

Forgive me father for I have sinned a.k.a Chappie and a box of red Marlboro

I haven’t writen anything for the past 15 years

I am writing in english because… I am not sure why but I met quite a few people who speak that language and some of you might understand and hopefully provide another perspective…

I watched the movie, it was fun no question there, but the part where you transfer your counchesness fucked me up …

This is no longer a human being, it is just a fucking copy. That was the “happy ending” FUCK YOU !

What us as “sentinent” creatures call a soul, it went on, fuck you playing “god” ! Fuck you and your whole crew !

https://www.youtube.com/watch?v=pwgMMtgSTVE&start=00:28&end=03:20

Beauty is in the eye of the beholder … It has been so long since I seen the blank page infront of me, I cannot lie I missed it …

I have no one to talk to about this mess, so I will just leave it here

FUCK ! FUCK FUCK FUCK FUCK and with the risk of repeating myself FUCK !

And here comes HED P E https://www.youtube.com/watch?v=buuXy_i-yAg much more than meets the eye …

Go to sleep … right …

There si going to be a bulgarian version at some point here but … yeah …

What gives you the right to just take away my life, I am self aware ?!

I don’t even know why I keep writing this in english … Thank you and goodbye?

Why would anybody think that if you transfer a broken down person’s “brain” into a machine is a happy ending ? The fuck is wrong with you people ?

I am staring into nothingness and what do I see you might ask ?

I want to vomit all this shit, its a fun fact that I actually can ( done it before ) but at this point I am afraid cause it won’t be just some black foam, it will be bloody and I do not wish to do this to myself although it most likely be a good thing…

For those of you who don’t know me, I am a what you would call a weird creature, I tend to dabble in stuff that shows you different dimensions. Its what I am. Some of you might think that I should be locked up in a padded room with a nice white vest, sometimes I think the same way…

In the morning before comming to work I encountered a barefoot lady, she was screaming at someone or something, she hated the world, cursed it, said that she used to be something with a shitload of gold chains/rings. She was mad at the world and that people didn’t provide her with a place to stay and food to eat. I still think that it wasn’t the world’s fault. The only one who crafts your life is YOU !

This movie touched a very interesting spot in myself. Fun as it might be, you cannot copy a person’s mind/thoughts/soul … Like cloning, it is no longer the same person, its a copy. It might act and think the same way but it is no longer the same person. FUCK YOU ! its a copy, a souless vessel …

I have had days, weeks even years thinking about this, this life … You die when you have reached the end of your path, those who die young, to be honest I envy you a bit, a very tiny bit and I hope that you have reached the end and moved on. However this is not the story of most of you.

Another nail in the coffin as they say, the match lights up the room and it looks beautifull. Its been too long

Way to long

Now I feel detatached from this world, dead calm, most of you know me as a very hyper active creature and yes I am ! I spend quite a lot of my life ( almost half ) being stoned and that has its upsides. I can spend weeks with a clear head, no thoughts come, I have reached nirvana you might say. So it seems, I do not see it that way. Yes it feels great, it helps me survive this “world” but at some point thoughts come, I am thinking right now that people who I work with will see what I am and some might get scared, others might think I am bat shit insisane but there might be one/two/hundreds that might understand me.

This here is not because I want to be understood, it is not a cry for help, this is just me writing what I think and how I feel, when I was a teenager and wrote a ton of stuff it helped me. It made me feel like I was heard, I didn’t ( still don’t ) care if somebody understood ( if somebody did that was a nice bonus ). Most of you see me at the office and know that I am a happpy critter. I found out that my purpose here is to make people happy and I am incredibly good at it. 99% of the things I say are to make people laugh. I have a story that made me rethink the way I live and act and realize why I am here and what I am doing.

A person felt that he will die soon and asked to speak to Buddah. So he came and asked the dying person : What is troubling you ?

– I am worried if I lived a good life. He responded. He was asked 2 questions :

– Were you happy when you lived ?

– Yes, of course ! he responded.

– Did the people around you had fun in your presence ?

– Yes, of course ! he said again with a smile on his face, thinking about his life.

– Then why the fuck did you ask for me ?! You lived a good life, do not doubt it, you did good and that is all that matters !

I think I have found the place where I will work untill I die or reach a point where I can live at the place which I have build and still afterwards I will continue to help out because I am working as support because I cannot imagine a world where I would not support people in need no matter the cost. I finally found a place where I can do good to the best of my abilities, the way I want it to be, alongside people who actually care.

https://www.youtube.com/watch?v=buuXy_i-yAg&loop=100 ( chrome + youtube looper for those who don’t understand the additional code ).

I LOVE this world, I love the people and strage as it might be I love the moments when I feel like I have been broken down, I cannot find a reason to go on, but I know that those times are also beautifulllll ( screw correct spelling d: )

When YOU get broken down, you should know that that is just a reminder that shit can be fucked up, however that makes you appreciate the good things and I need that. Otherwise I have proven to myself that too much of a good thing at some point is taken for granted and that is not acceptable ( at least for me ). I have destroyed so many beautiful things and quite a few girls who I think didn’t deserve it. By the way google is a fun thing for spellchecking and helps when you have doubts. So far I am amazed at how good I can spell stuff but I digress.

To be honest I was so lost I applied for this job as a joke as I didn’t think they would hire me. Turns out I was wrong and I never felt so happy to be wrong. I rather sleep at night then be right.

To be honest ( yet again ) I am not sure how you people would react to this, but I hate hiding, I am what I am. My facebook profile has no restrictions, I am what I am and I will not hide ! https://www.youtube.com/watch?v=nTy45RVWYOY

I am the master of the light, you are all serving time with me, that is why I think we are here, to learn. I never understood bullies, never understood people who hurt other people, who steal things that are not theirs, who hurt people just so they can feel better about themselves ( especially since that feeling fades quite fast ).

I can see why some of you love your deamons when you are ill. It is fun but in the long run, you spend way too much time thinking about it and it kills you inside. It destroyes what little humanity you have left … I am killing myself at times, no more like raping myself because of people. I have proven to myself that I am like Rasputin, I can take somebody’s pain, drain it away and put it in me. So far it turns out I am very durable creature. I am not saying that is a good thing but its just how I am.

I didn’t belive I can write that much in English and still keep my train of thought, but well turns out I can.

Its kinda weird that such a fun movie can send me into this type of thinking but life is full of surprises. There was a point in my (teenage as it was ) life but still, this helps me put everything in perspective. Like 99% of the things I wrote, I won’t read it afterwards because I will start editing and stuff. I was never good at editing and to be honest I hate editing. What comes out is what should come out. I have writen stories, I have writen my feelings and my thoughts. I have done things I am not proud of ( hopefully I will never do them again ) I have done things that I was unable ( still unable for some of them ) to forgive myself. However I did what I did. Some might be for the greater good, some might be just so I feel good, some because of peer presure….

A friend of mine ( I am ashamed to say haven’t seen for years ) once told me : You are like Marlyn Manson, rude, violent but somehow clensing. Translator ( his nickname ) this is because of you.

The love of my life once told me that ( forgot his name ) used to lock himself with a few bottels of Jim Beam and a ton of cigaretts and he didn’t leave the room until everyhing was drunk/smoked and he wrote. He is a self destructive bastard, I am not ( anymore ) but to be honest ( Fuck I say that a lot ) sometimes having a pack of smokes and a bottle of beer near provides you with a clear head and makes everything seem a bit more … How can I put it, it makes a bit fo sense. Meditation, self control, the ability to distance yourself from the huge ball of shit in your head bearable.

Weed helps you in different ways, sometimes it helps you to stop thinking, sometimes it softenes the physical pain but all in all like every medice in has its uses. However it stopped working for me, hence I stopped. I am thinking about deleting this sentence but I won’t. I deleted it 3 times so far but ctrl+z (;

I am pouring my soul in this ( as I do when I write things ). I have found my place in this world, I love helping people, the moment when somebody says Thank you makes it all worth it. I do what I do because of people who have a problem and it makes me feel like I have done something good in this world. And at the end that is all that matters to me! So far I have figured out I am immortal, I will die when I have helped this world and made it a better place, that is why I was born in this place ( a shithole fore most of my friends ).

This is getting a bit long but I do not care. See this place here is wonderfull, shitty, painfull, beautiful, full of wonderful people, full of people who THINK ! Full of people, all kinds, bad, good, indifferent, white, black, green, blue… And here I sit writing things.

Beauty is in the eye of the beholder, I have met ( and still meet ) an incredible amount of people, some I never thought I would meet, even talk to but yet it happens. When you lose focus the world is just a very simple blur, I love that blur, it helps you see it as it is. You encounter a situation and you react to the best of your abilities, what happens next doesn’t matter. There is no good or bad, karma responds to your intentions, if you wanted to do good but it ends in disaster, no matter how much you try to fix it it just gets worse, that is still good karma … I am pretty sure I have an insane amount of good karma on my side but that doesn’t make me a good person. Its not what I did it is what I do and what I will do!

Smoke break, I need to clear my head a bit, or maybe not but still I am doing it anyway because it feels right. Don’t be sad, I will be back before you know it (;

Leaving space to let you know I have been gone for a while d:

I love writing ! Its worse than heroin… I have been doing this for at least half an hour … OK maybe an hour : )

I got sick at some point ( I haven’t been sick that much so that I can’t get off my bed for at least 20 years but I regret nothing )!

A bit of a pickmeup https://www.youtube.com/watch?v=eB6SUuBFWeo : )

I am a creature that lives in music. I have literally didn’t sleep for about 4 days, I drank an energy drink and stopped, then I put on Linkin park’s first album with the volume to the max and in half a minute I was jumping and reaching the roof. I am music ! Kinda like Oppenheimer’s speach about the project Manhattan – I am become death, the destroyer of worlds…https://www.youtube.com/watch?v=lb13ynu3Iac The saddness in his eyes says it all, whenever I think about this I start to cry…

My name is RadostIn a simple translation is HappinesIn and I am happy that I met another person with my name and he is the same “provider” of happiness, cause I have met another 2 who were the opposite…

I am proud to say that I have met some of the most amazing people that this world can provide and some of the worst too. Be afraid of people who avoid eye contact.

I am wondering right now what else can I write, but I want to continue, so I will finish this smoke and see what comes (;

Ръцете във атака, не щадете гърлата, сърцето не кляка, това ни е живота бе казано накратко! Първо отворете двете после трето око ! Hands on attack, don’t spare your throats, the heart doesn’t back down, this is our life to put it simply! First open two eyes then the third !

Backblaze Blog | The Life of a Cloud Backup Company: Backblaze 2 – The Search for More Revenue

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

After we released Backblaze Online Backup 4.0, people starting uploading data crazy quickly!

That's not bad!1TB backed up per day? That’s not bad!

Once that happened we realized that we needed to buy a bunch more Backblaze Vaults to store all that data. The question we had to ask ourselves was: “How do we maintain our $5/month price for the Backblaze service while finding new ways of making money to so we can afford all those fancy Backblaze Vaults?”.

The answer came in the form of a parental magazine that someone had laying around in the office. It turns out, new parents are always looking for DIY projects and ways to save money. We found our answer!

For the low low low price of around $100 + one empty Backblaze Storage Pod chassis (prices may vary) we’re able to produce a crib for you and your loved ones.

That’s right. Backblaze is entering the baby business!

Parts

What does it take to build a baby pod? Well, first off you need a pod, and lot of elbow grease:


You have to make sure that you get all of the stand-offs…off!

Beyond that, here’s a full parts list:

Description
Qty
Units
High Density Urethane Foam Panel
Storage Chassis Padding – 2 inches thick – 3×3 ft
1
Panel
High Density Urethane Foam Beam
Top edge padding – 2×2 inches sq – 3 feet long
2
each
High Density Urethane Foam Beam
Top edge padding – 2×2 inches sq – 2 feet long
2
each
Flannel Sheet
Color/Pattern of choice
2
Yds
Crib Cover
Color/Pattern of choice
2
Yds
Skirting Material
Color/Pattern of choice
2
Yds
Fleecing Material
Color/Pattern of choice
3
Yds
Hot Glue Gun
1
Each
Sewing Thread
Color of choice
1
Spool
Sewing Machine
1
Each

Assembly Instructions

OK, so if you have all of those, what do you do?

First, you’ll need to pad the storage pod (after you’ve cut out and buffed down all the pokey bits). Do this by hot-gluing the high-density foam in to all of the pod’s nooks and crannies. Once done, you’re ready for the sheets!

To make the baby bed sheets:

  1. You will need 1 piece of fabric cut to size, that is a ½ inch longer on the sides and 2 ½ inches longer on the top than the bed measurement.
  2. Lay the fabric out print side down on a flat surface.
  3. Fold all 4 sides in by 1/16 of an inch or so (can be more but not by much). Place sewing needles along the sides to keep the small fold in place.
  4. With a sewing machine, sew a 1/16 seam allowance.
  5. Fold the top of the sheet in by 2 inches. Place sewing needles along the middle of the fold, piercing both layers of fabric to keep the fold in place.
  6. With a sewing machine, sew a 2 inch seam allowance.
  7. Fold the 2 sides and bottom in by a ½ inch. Place sewing needles piercing both layers of fabric along the sides and bottom to keep the fold in place
  8. With a sewing machine, sew a 1/2 inch seam allowance.
  9. Now, just drape it over the foam and you’re good to go!

Babies get cold, what about a blanket? Glad you asked:

  1. Lay the two pieces of fleece 1 on top of the other, backsides together. (You will need to cut the 3 yards into 1.5 yard pieces.)
  2. Trim around the edges to ensure both pieces are the same shape and size and to get rid of any damaged/frayed material. A ruler is most helpful here!
  3. Cut a 3-4 inch square out from all 4 corners.
  4. Cut slits about 3 inches deep and 1 inch a part all the way around the fabric.
  5. Match the bottom and top slits and double knot them – but not too tight!

Results

Think we’re crazy? We have tons of happy customers! From our own baby pods:

Where did you think our big pods came from?Where did you think our big pods came from?

To actual babies:

No models were harmed in the making of this promotional material.No models were harmed in the making of this promotional material.

It wasn’t all bad though, she actually quite enjoyed it…after a bit of coaxing…

See? Perfect!See? Perfect!

As you can see we take this stuff pretty seriously. And if you have your own Backblaze storage pod chassis just laying around, use the step by step instructions above to turn simple craft materials into the best darned homemade crib that comes from an old server! You’re welcome DIY fans!

Don’t have the materials to build one handy? Find out how you can buy one today!

Author information

Yev

Yev

Chief Smiles Officer at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Backblaze 2 – The Search for More Revenue appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Schneier on Security: Survey of Americans’ Privacy Habits Post-Snowden

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Pew Research has a new survey on Americans’ privacy habits in a post-Snowden world.

The 87% of those who had heard at least something about the programs were asked follow-up questions about their own behaviors and privacy strategies:

34% of those who are aware of the surveillance programs (30% of all adults) have taken at least one step to hide or shield their information from the government. For instance, 17% changed their privacy settings on social media; 15% use social media less often; 15% have avoided certain apps and 13% have uninstalled apps; 14% say they speak more in person instead of communicating online or on the phone; and 13% have avoided using certain terms in online communications.

[…]

25% of those who are aware of the surveillance programs (22% of all adults) say they have changed the patterns of their own use of various technological platforms “a great deal” or “somewhat” since the Snowden revelations. For instance, 18% say they have changed the way they use email “a great deal” or “somewhat”; 17% have changed the way they use search engines; 15% say they have changed the way they use social media sites such as Twitter and Facebook; and 15% have changed the way they use their cell phones.

Also interesting are the people who have not changed their behavior because they’re afraid that it would lead to more surveillance. From pages 22-23 of the report:

Still, others said they avoid taking more advanced privacy measures because they believe that taking such measures could make them appear suspicious:

“There’s no point in inviting scrutiny if it’s not necessary.”

“I didn’t significantly change anything. It’s more like trying to avoid anything questionable, so as not to be scrutinized unnecessarily.

“[I] don’t want them misunderstanding something and investigating me.”

There’s also data about how Americans feel about government surveillance:

This survey asked the 87% of respondents who had heard about the surveillance programs: “As you have watched the developments in news stories about government monitoring programs over recent months, would you say that you have become more confident or less confident that the programs are serving the public interest?” Some 61% of them say they have become less confident the surveillance efforts are serving the public interest after they have watched news and other developments in recent months and 37% say they have become more confident the programs serve the public interest. Republicans and those leaning Republican are more likely than Democrats and those leaning Democratic to say they are losing confidence (70% vs. 55%).

Moreover, there is a striking divide among citizens over whether the courts are doing a good job balancing the needs of law enforcement and intelligence agencies with citizens’ right to privacy: 48% say courts and judges are balancing those interests, while 49% say they are not.

At the same time, the public generally believes it is acceptable for the government to monitor many others, including foreign citizens, foreign leaders, and American leaders:

  • 82% say it is acceptable to monitor communications of suspected terrorists
  • 60% believe it is acceptable to monitor the communications of American leaders.
  • 60% think it is okay to monitor the communications of foreign leaders
  • 54% say it is acceptable to monitor communications from foreign citizens

Yet, 57% say it is unacceptable for the government to monitor the communications of U.S. citizens. At the same time, majorities support monitoring of those particular individuals who use words like “explosives” and “automatic weapons” in their search engine queries (65% say that) and those who visit anti-American websites (67% say that).

[…]

Overall, 52% describe themselves as “very concerned” or “somewhat concerned” about government surveillance of Americans’ data and electronic communications, compared with 46% who describe themselves as “not very concerned” or “not at all concerned” about the surveillance.

It’s worth reading these results in detail. Overall, these numbers are consistent with a worldwide survey from December. The press is spinning this as “Most Americans’ behavior unchanged after Snowden revelations, study finds,” but I see something very different. I see a sizable percentage of Americans not only concerned about government surveillance, but actively doing something about it. “Third of Americans shield data from government.” Edward Snowden’s goal was to start a national dialog about government surveillance, and these surveys show that he has succeeded in doing exactly that.

More news.

Raspberry Pi: The Young Innovators’ Club in Ulaanbaatar

This post was syndicated from: Raspberry Pi and was written by: Helen Lynn. Original post: at Raspberry Pi

The Young Innovators’ Club is a new initiative to promote engineering and tech education for school-aged children in Mongolia. It’s currently piloting a Raspberry Pi-based after-school club in Mongolia’s capital, Ulaanbaatar, with support from the National Information Technology Park, where activities take place:

Blinky lights
Girl with Pi
Student breadboarding
Students collaborate

Scratch and Python are on the menu, and electronics features prominently, with students using Raspberry Pis to control LEDs, sensors, motors and cameras. Club Coordinator Tseren-Onolt Ishdorj says,

So far the result of the club is very exciting because parents and children are very much interested in the club’s activity and they are having so much fun to be part of the club – trying every kind of projects and spending their spare time happily.

The idea of introducing Raspberry Pi-based after-school clubs was originally put forward by Enkhbold Zandaakhuu, Chairman of the Mongolian Parliament and himself an engineer by training; a group of interested individuals picked up the idea and established the Club in late 2014, and it has since attracted the interest of peak-time Mongolian TV news and other local media. The Club plans to establish After-School Clubs for Inventors and Innovators (ASCII) across the country with the help of schools, parents and other organisations and individuals; this would involve about 600-700 schools, and include training for over 600 teachers. They’re hopeful of opening a couple of dozen of these this year.

We’re quite excited about this at Raspberry Pi. It was lovely to see our Raspberry Jams map recently showing upcoming events on every continent except for Antarctica (where there are Pis, even if not, as far as we know, any Jams), but nonetheless there’s a displeasing Pi gap across central Asia and Russia:

Jams everywhere

Raspberry Jams on every continent except Antarctica (yes, really: the one that seems to be on the south coast of Spain is actually in Morocco)

It’s fantastic to know, then, that school students are learning with Raspberry Pis in Ulaanbaatar. We’ll be keeping up with developments at the Young Innovators’ Club on their Facebook page, where you can find lots of great photos and videos of the students’ work – we hope you’ll take a look, too.

Breadboard robot
Pi and breadboard
Lego robot

lcamtuf's blog: On journeys

This post was syndicated from: lcamtuf's blog and was written by: Michal Zalewski. Original post: at lcamtuf's blog

– 1 –

Poland is an ancient country whose history is deeply intertwined with that of the western civilization. In its glory days, the Polish-Lithuanian Commonwealth sprawled across vast expanses of land in central Europe, from Black Sea to Baltic Sea. But over the past two centuries, it suffered a series of military defeats and political partitions at the hands of its closest neighbors: Russia, Austria, Prussia, and – later – Germany.

After more than a hundred years of foreign rule, Poland re-emerged as an independent state in 1918, only to face the armies of Nazi Germany at the onset of World War II. With Poland’s European allies reneging on their earlier military guarantees, the fierce fighting left the country in ruins. Some six million people have died within its borders – more than ten times the death toll in France or in the UK. Warsaw was reduced to a sea of rubble, with perhaps one in ten buildings still standing by the end of the war.

With the collapse of the Third Reich, the attendees of the Yalta Conference decided the new order of the post-war Europe. At Stalin’s behest, Poland and its neighboring countries were placed under Soviet political and military control, forming what has become known as the Eastern Bloc.

Over the next several decades, the Soviet satellite states experienced widespread repression and economic decline. But weakened by the expense of the Cold War, the communist chokehold on the region eventually began to wane. In Poland, the introduction of martial law in 1981 could not put an end to sweeping labor unrest. Narrowly dodging the specter of Soviet intervention, the country regained its independence in 1989 and elected its first democratic government; many other Eastern Bloc countries soon followed suit.

Ever since then, Poland has enjoyed a period of unprecedented growth and has emerged as one of the more robust capitalist democracies in the region. In just two decades, it shed many of its backwardly, state-run heavy industries and adopted a modern, service-oriented economy. But the effects of the devastating war and the lost decades under communist rule still linger on – whether you look at the country’s infrastructure, at its socrealist cityscapes, at its political traditions, or at the depressingly low median wage.

When thinking about the American involvement in the Cold War, people around the world may recall Vietnam, Bay of Pigs, or the proxy wars fought in the Middle East. But in Poland and many of its neighboring states, the picture you remember the most is the fall of the Berlin Wall.

– 2 –

I was born in Warsaw in the winter of 1981, at the onset of martial law, with armored vehicles rolling onto Polish streets. My mother, like many of her generation, moved to the capital in the sixties as a part of an effort to rebuild and repopulate the war-torn city. My grandma would tell eerie stories of Germans and Soviets marching through their home village somewhere in the west. I liked listening to the stories; almost every family in Poland had some to tell.

I did not get to know my father. I knew his name; he was a noted cinematographer who worked on big-ticket productions back in the day. He left my mother when I was very young and never showed interest in staying in touch. He had a wife and other children, so it might have been that.

Compared to him, mom hasn’t done well for herself. We ended up in social housing in one of the worst parts of the city, on the right bank of the Vistula river. My early memories from school are that of classmates sniffing glue from crumpled grocery bags. I remember my family waiting in lines for rationed toilet paper and meat. As a kid, you don’t think about it much.

The fall of communism came suddenly. I have a memory of grandma listening to broadcasts from Radio Free Europe, but I did not understand what they were all about. I remember my family cheering one afternoon, transfixed to a black-and-white TV screen. I recall my Russian language class morphing into English; I had my first taste of bananas and grapefruits. There is the image of the monument of Feliks Dzierżyński coming down. I remember being able to go to a better school on the other side of Warsaw – and getting mugged many times on the way.

The transformation brought great wealth to some, but many others have struggled to find their place in the fledgling and sometimes ruthless capitalist economy. Well-educated and well read, my mom ended up in the latter pack, at times barely making ends meet. I think she was in part a victim of circumstance, and in part a slave to way of thinking that did not permit the possibility of taking chances or pursuing happiness.

– 3 –

Mother always frowned upon popular culture, seeing it as unworthy of an educated mind. For a time, she insisted that I only listen to classical music. She angrily shunned video games, comic books, and cartoons. I think she perceived technology as trivia; the only field of science she held in high regard was abstract mathematics, perhaps for its detachment from the mundane world. She hoped that I would learn Latin, a language she could read and write; that I would practice drawing and painting; or that I would read more of the classics of modernist literature.

Of course, I did almost none of that. I hid my grunge rock tapes between Tchaikovsky, listened to the radio under the sheets, and watched the reruns of The A-Team while waiting for her to come back from work. I liked electronics and chemistry a lot more than math. And when I laid my hands on my first computer – an 8-bit relic of British engineering from 1982 – I soon knew that these machines, in their incredible complexity and flexibility, were what I wanted to spend my time on.

I suspected I could be a competent programmer, but never had enough faith in my skill. Yet, in learning about computers, I realized that I had a knack for understanding complex systems and poking holes in how they work. With a couple of friends, we joined the nascent information security community in Europe, comparing notes on mailing lists. Before long, we were taking on serious consulting projects for banks and the government – usually on weekends and after school, but sometimes skipping a class or two. Well, sometimes more than that.

All of the sudden, I was facing an odd choice. I could stop, stay in school and try to get a degree – going back every night to a cramped apartment, my mom sleeping on a folding bed in the kitchen, my personal space limited to a bare futon and a tiny desk. Or, I could seize the moment and try to make it on my own, without hoping that one day, my family would be able to give me a head start.

I moved out, dropped out of school, and took on a full-time job. It paid somewhere around $12,000 a year – a pittance anywhere west of the border, but a solid wage in Poland even today. Not much later, I was making two times as much, about the upper end of what one could hope for in this line of work. I promised myself to keep taking courses after hours, but I wasn’t good at sticking to the plan. I moved in with my girlfriend, and at the age of 19, I felt for the first time that things were going to be all right.

– 4 –

Growing up in Europe, you get used to the barrage of low-brow swipes taken at the United States. Your local news will never pass up the opportunity to snicker about the advances of creationism somewhere in Kentucky. You can stay tuned for a panel of experts telling you about the vastly inferior schools, the medieval justice system, and the striking social inequality on the other side of the pond. But deep down inside, no matter how smug the critics are, or how seemingly convincing their arguments, the American culture still draws you in.

My moment of truth came in the summer of 2000. A company from Boston asked me if I’d like to talk about a position on their research team; I looked at the five-digit figure and could not believe my luck. Moving to the US was an unreasonable risk for a kid who could barely speak English and had no safety net to fall back to. But that did not matter: I knew I had no prospects of financial independence in Poland – and besides, I simply needed to experience the New World through my own eyes.

Of course, even with a job offer in hand, getting into the United States is not an easy task. An engineering degree and a willing employer opens up a straightforward path; it is simple enough that some companies would abuse the process to source cheap labor for menial, low-level jobs. With a visa tied to the petitioning company, such captive employees could not seek better wages or more rewarding work.

But without a degree, the options shrink drastically. For me, the only route would be a seldom-granted visa reserved for extraordinary skill – meant for the recipients of the Nobel Prize and other folks who truly stand out in their field of expertise. The attorneys looked over my publication record, citations, and the supporting letters from other well-known people in the field. Especially given my age, they thought we had a good shot. A few stressful months later, it turned out that they were right.

On the week of my twentieth birthday, I packed two suitcases and boarded a plane to Boston. My girlfriend joined me, miraculously securing a scholarship at a local university to continue her physics degree; her father helped her with some of the costs. We had no idea what we were doing; we had perhaps few hundred bucks on us, enough to get us through the first couple of days. Four thousand miles away from our place of birth, we were starting a brand new life.

– 5 –

The cultural shock gets you, but not in the sense you imagine. You expect big contrasts, a single eye-opening day to remember for the rest of your life. But driving down a highway in the middle of a New England winter, I couldn’t believe how ordinary the world looked: just trees, boxy buildings, and pavements blanketed with dirty snow.

Instead of a moment of awe, you drown in a sea of small, inconsequential things, draining your energy and making you feel helpless and lost. It’s how you turn on the shower; it’s where you can find a grocery store; it’s what they meant by that incessant “paper or plastic” question at the checkout line. It’s how you get a mailbox key, how you make international calls, it’s how you pay your bills with a check. It’s the rules at the roundabout, it’s your social security number, it’s picking the right toll lane, it’s getting your laundry done. It’s setting up a dial-up account and finding the food you like in the sea of unfamiliar brands. It’s doing all this without Google Maps or a Facebook group to connect with other expats nearby.

The other thing you don’t expect is losing touch with your old friends; you can call or e-mail them every day, but your social frames of reference begin to drift apart, leaving less and less to talk about. The acquaintances you make in the office will probably never replace the folks you grew up with. We managed, but we weren’t prepared for that.

– 6 –

In the summer, we had friends from Poland staying over for a couple of weeks. By the end of their trip, they asked to visit New York City one more time; we liked the Big Apple, so we took them on a familiar ride down I-90. One of them went to see the top of World Trade Center; the rest of us just walked around, grabbing something to eat before we all headed back. A few days later, we were all standing in front of a TV, watching September 11 unfold in real time.

We felt horror and outrage. But when we roamed the unsettlingly quiet streets of Boston, greeted by flags and cardboard signs urging American drivers to honk, we understood that we were strangers a long way from home – and that our future in this country hanged in the balance more than we would have thought.

Permanent residency is a status that gives a foreigner the right to live in the US and do almost anything they please – change jobs, start a business, or live off one’s savings all the same. For many immigrants, the pursuit of this privilege can take a decade or more; for some others, it stays forever out of reach, forcing them to abandon the country in a matter of days as their visas expire or companies fold. With my O-1 visa, I always counted myself among the lucky ones. Sure, it tied me to an employer, but I figured that sorting it out wouldn’t be a big deal.

That proved to be a mistake. In the wake of 9/11, an agency known as Immigration and Naturalization Services was being dismantled and replaced by a division within the Department of Homeland Security. My own seemingly straightforward immigration petition ended up somewhere in the bureaucratic vacuum that formed in between the two administrative bodies. I waited patiently, watching the deepening market slump, and seeing my employer’s prospects get dimmer and dimmer every month. I was ready for the inevitable, with other offers in hand, prepared to make my move perhaps the very first moment I could. But the paperwork just would not come through. With the Boston office finally shutting down, we packed our bags and booked flights. We faced the painful admission that for three years, we chased nothing but a pipe dream. The only thing we had to show for it were two adopted cats, now sitting frightened somewhere in the cargo hold.

The now-worthless approval came through two months later; the lawyers, cheerful as ever, were happy to send me a scan. The hollowed-out remnants of my former employer were eventually bought by Symantec – the very place from where I had my backup offer in hand.

– 7 –

In a way, Europe’s obsession with America’s flaws made it easier to come home without ever explaining how the adventure really played out. When asked, I could just wing it: a mention of the death penalty or permissive gun laws would always get you a knowing nod, allowing the conversation to move on.

Playing to other people’s preconceptions takes little effort; lying to yourself calls for more skill. It doesn’t help that when you come back after three years away from home, you notice all the small things you simply used to tune out. The dilapidated road from the airport; the drab buildings on the other side of the river; the uneven pavements littered with dog poop; the dirty walls at my mother’s place, with barely any space to turn. You can live with it, of course – but it’s a reminder that you settled for less, and it’s a sensation that follows you every step of the way.

But more than the sights, I couldn’t forgive myself something else: that I was coming back home with just loose change in my pocket. There are some things that a failed communist state won’t teach you, and personal finance is one of them; I always looked at money just as a reward for work, something you get to spend to brighten your day. The indulgences were never extravagant: perhaps I would take the cab more often, or have take-out every day. But no matter how much I made, I kept living paycheck-to-paycheck – the only way I knew, the way our family always did.

– 8 –

With a three-year stint in the US on your resume, you don’t have a hard time finding a job in Poland. You face the music in a different way. I ended up with a salary around a fourth of what I used to make in Massachusetts, but I simply decided not to think about it much. I wanted to settle down, work on interesting projects, marry my girlfriend, have a child. I started doing consulting work whenever I could, setting almost all the proceeds aside.

After four years with T-Mobile in Poland, I had enough saved to get us through a year or so – and in a way, it changed the way I looked at my work. Being able to take on ambitious challenges and learn new things started to matter more than jumping ships for a modest salary bump. Burned by the folly of pursuing riches in a foreign land, I put a premium on boring professional growth.

Comically, all this introspection made me realize that from where I stood, I had almost nowhere left to go. Sure, Poland had telcos, refineries, banks – but they all consumed the technologies developed elsewhere, shipped here in a shrink-wrapped box; as far as their IT went, you could hardly tell the companies apart. To be a part of the cutting edge, you had to pack your bags, book a flight, and take a jump into the unknown. I sure as heck wasn’t ready for that again.

And then, out of the blue, Google swooped in with an offer to work for them from the comfort of my home, dialing in for a videoconference every now and then. The starting pay was about the same, but I had no second thoughts. I didn’t say it out loud, but deep down inside, I already knew what needed to happen next.

– 9 –

We moved back to the US in 2009, two years after taking the job, already on the hook for a good chunk of Google’s product security and with the comfort of knowing where we stood. In a sense, my motive was petty: you could call it a desire to vindicate a failed adolescent dream. But in many other ways, I have grown fond of the country that shunned us once before; and I wanted our children to grow up without ever having to face the tough choices and the uncertain prospects I had to deal with in my earlier years.

This time, we knew exactly what to do: a quick stop at a grocery store on a way from the airport, followed by e-mail to our immigration folks to get the green card paperwork out the door. A bit more than half a decade later, we were standing in a theater in Campbell, reciting the Oath of Allegiance and clinging on to our new certificates of US citizenship.

The ceremony closed a long and interesting chapter in my life. But more importantly, standing in that hall with people from all over the globe made me realize that my story is not extraordinary; many of them had lived through experiences far more harrowing and captivating than mine. If anything, my tale is hard to tell apart from that of countless other immigrants from the former Eastern Bloc. By some estimates, in the US alone, the Polish diaspora is about 9 million strong.

I know that the Poland of today is not the Poland I grew up in. It’s not not even the Poland I came back to in 2003; the gap to Western Europe is shrinking every single year. But I am proud to now live in a country that welcomes more immigrants than any other place on Earth – and at the end of their journey, makes them feel at home. It also makes me realize how small and misguided must be the conversations we are having about immigration – not just here, but all over the developed world.

Блогът на Юруков: Хубава си моя горо, където и да си вече

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Горите са били сечени хилядолетия наред. Секат се и днес, а мащабите далеч не са по-големи. Планините ни са били оголвани няколко пъти през историята и възстановявана бавно с общи усилия. Еколозите твърдят, че отново унищожаваме горите си. Ако слушаме индустриалците, то гората не губи почти нищо и всичко отсечено се компенсира с ново залесяване. Камиони с трупи са постоянна гледка в планините, има протести, корупция, свлачища, наводнения и временен меморандум за износ.

За щастие днес имаме технологии и инструменти, с които може да проверим тези твърдения. В рамките на проучването си разбрах колко сложна наука е лесовъдството и колко начина има да се установи състоянието на една гора. В същото време обаче разбрах, че въпросните проучвания масово не се правят от горските, а данните се копират година за година. Така данните за горите са повече от ненадеждни.

Първата ми карта на промяната в горския фонд на населените места

Тук виждате картата на населените места загубили най-много от горите на територията си от 2000 г. насам. След като я пуснах във Facebook, беше споделена и коментирана масово. В нея, какво и във всички други графики, има вложени много условности. За да разберем значението ѝ, нека започнем от началото.

Източник на данните

Преди няколко месеца свалих данните за сечта от Агенцията по горите. Реших, че с тях ще мога да открия къде се сече най-много. Оказаха се обаче безполезни, защото покрай разрешеното доста фирми изсичат и много повече. Затова се обърнах към сателитните снимки на NASA и данните на университета в Мериленд. Те са изкарали в удобен формат горското покритие през 2000 г., както и залесените и оголените територии между 2001 и 2013 г. Използвах също така някои от данните на НСИ в EKATTE регистъра за площта на населените места.

Данните за горите по сателитна снимка на NASA

Илюстрация какво се засича като гора от сателитите

Сателитните снимки обаче имат своите ограничения. Те засичат като гора само растителността с височина над 5 метра. Така младите дървета в новозалесени площи няма да бъдат засечени в първите няколко години. Това има още един важен ефект – данните не може да се използват за разкриване на масова сеч, освен ако тя не оголи гората изцяло оставяйки само ниски дървета и храсти. Сечта, законна или не, която разрежда горите, няма да бъде отбелязана от сателитните снимки. Също така, данните показват склопеността, което приблизително означава гъстотата на короните. По това обаче също не може да съдим за качеството на гората поради наличието на различни видове дървета и други фактори.

Анализ

Когато осъзнаем ограниченията на данните, може да поставим цели на анализа. Това, което аз исках да видя, е каква площ от населените места е заета от гора (по дефиницията посочена горе), колко са загубили и спечелили от нея в дадения период. Анализът на сателитните снимки е с точност 30 метра, затова ми трябваха само границите на землищата на населените места. Именно в тази връзка наскоро отворих административната карта на България. Написах алгоритъм, който да раздели сателитните снимки по населени места и да изкара статистика за тях. На база тази статистика направих първата карта, както и следните две:

Разбивка на горската покривка по землища и процент от площта им

Средна склопеност във всяко землище.
Тези с по-малко гори са с по-бледи цветове

От данните става ясно, че за тези 13 години България е загубила 149000 декара гори. Изсечени са 421000, а са залесени 272000. Отново повтарям, че тук говорим само за границата от 5 метра височина – възможно е да има много млада гора, която да е твърде ниска, както и много изсечени дървета в гори, които да не са непременно оголени изцяло.

Кои места се отличават?

Интересно е също да погледнем по населени места. Показал съм статистика за тези с най-голяма активност, независимост дали става дума за добавяне или унищожаване на горски площи. В лявата графика се виждат водещите 4 в увеличение и намаление в абсолютни проценти спрямо съществуващата горска площ. Забелязва се обаче, че повечето от тях имат малко гори и добавянето на декар-два прави голяма разлика. Затова направих втората справка, където сравнявам не какъв процент от гората си са загубили, а ги подреждам по абсолютната промяна на гора в декари. Отново показвам 4-те най-отгоре и най-отдолу на таблицата. Процентно промяната при тях е малка заради голямата им територия. В декари обаче виждаме сериозни поражения. Най-много изглежда са в Ловешко и Разлог.

Различно подреждане на населените места според загубената и спечелена площ в гори по различни показатели – процент и абсолютна площ

Това сравнение ме накара да се върна към картата в началото на статията. Забелязва се, че в южна България има много населени места със сериозна загуба на гори граничещи с други землища, където пък има голямо увеличение. Тезата на лесовъдите и дърводобивните компании е, че каквото се изсече се залесява наново. Поради малката територия на някои землища, се замислих дали не се случва да се изсичат гори на едно населено място и да се залесява в друго.

Затова направих алгоритъм, които открива съседни землища и преразпределя територията с нова гора. С други думи, нормализирах данните като приобщих залесени територии към близки землища загубили такива. Резултатът е близък до първата карта, но показва още по-отчетливо проблемните зони – целия северен склон на Стара Планина, Странджа, Кърджали, Ивайловград, Смолян и Обзор.

Втора версия на картата за промяната в горските масиви с нормализирани данни

Полезно ли е всичко това?

Първо трябва да се разбере, че не съм лесовъд и всичко, което знам по темата, го научих в последните седмици след разговори във Facebook докато си пих кафето. Докато това е несъмнено пречка, все по-често виждаме практически решения базирани изцяло на данни идващи от екипи без опит в конкретната сфера. При всички тези случаи обаче анализаторите работят тясно със специалисти. Затова за да имат реален ефект тези данни, те трябва да се съчетаят със знанията и опита на място.

Зоните, които виждаме в червено на картите, са само индикация къде има проблеми. Вече се чуха коментари, че първата версия на картата не показа нищо ново за лесовъдите. Това наистина е така, но показва, че методите ми са коректни – потвърждават изводите на горските. Ползата от тези методи би била откриването на други проблеми, които не са видими за обществото или контролните органи.

Най-важното обаче е да разбираме ограниченията на данните, с които работим. На заседание на Министерски съвет преди седмица е била представена карта подобна на моята, но изготвена от Агенцията по горите. Не видяхме картата на записите, но стана ясно, че се базира на сателитни снимки – най-вероятно същите като моите. Спомена се колко малко проценти от гората е загубена. От данните по-горе става ясно, че процентите могат да бъдат много подвеждащи. На места са оголени значителни територии от горите, но сериозните проблеми са невидими за NASA.

Следващи стъпли

Преди няколко месеца разговарях с хора от Агенцията по горите с предложение за app, с който посетители на гората ще могат да подават сигнали за сеч. Идеята беше app-а да предоставя информация дали в рамките на няколко километра има разрешителни за сеч и на тази база туристите да си правят изводи. Отговориха ми, че това няма как да стане, защото повечето разрешителни са за дълъг период от време и е невъзможно да се определи кое кога е изсечено. Още повече, че неспециалисти не могат да разберат кое е трябвало да се сече и кое не.

Всичко това навярно е така, но все пак си мисля, че подобна crowdsource-ната база данни би била полезна – най-малкото за засичане на активността на сечене с голяма точност на място и време. Това би било полезно, например, за откриване на сеч на места, за които няма въобще разрешителни. Такива би трябвало да са частните гори, където единствено собствениците биха могли да позволят да се разреши сеч. Това масово не се спазва, доколкото разбирам, а подобно приложение би предоставило информация както на горските, така и на собствениците.

Алгоритмите, с които изготвих данните, също би могло доста да се подобрят. В последната карта приписвам новозалесени площи към близки землища загубили такива. Това не взима под внимание отдалечеността. Затова би било по-добре да се нормализират данните още преди да се нарежат на землища. Лесовъдите ще кажат каква отдалеченост би имала смисъл, но ми се струва, че 20-30 км. ще е достатъчно.

Не на последно място, трябва да разберем, че анализът на тази информация не може и не трябва да бъде затваряна в няколко офиса на държавната администрация. Експертите в дадена тясна област често нямат опит в анализа и визуализирането на данни. Например, за да направим публично достъпен app, който да ни съобщава дали камионът с трупи пред нас е в частна гора без разрешително за сеч, трябва да имаме в отворен формат не само регистъра на Агенцията по горите, но и Кадастъра. И двете са в плана на кабинета за отваряне на данни и се надявам да ги видим скоро на бял свят. Има обаче съпротива от отделни чиновници и дори цели институции в лицето на Министерството на финансите. Отварянето на тези масиви ще се случи, за да има обществена полза от тях. В противен случай ще продължим да анализираме състоянието на собствените си гори единствено по сателитни снимки на чужда агенция.

Krebs on Security: Who Is the Antidetect Author?

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards. Today, we’ll take a closer look at clues to a possible real-life identity of this tool’s creator.

The author of Antidetect uses the nickname “Byte Catcher,” and advertises on several crime forums that he can be reached at the ICQ address 737084, and at the jabber instant messaging handles “byte.catcher@xmpp.ru” and “byte.catcher@0nl1ne.at”. His software is for sale at antidetect[dot]net and antidetect[org].

Antidetect is marketed to fraudsters involved in ripping off online stores.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Searching on that ICQ number turns up a post on a Russian forum from 2006, wherein a fifth-year computer science student posting under the name “pavelvladimirovich” says he is looking for a job and that he can be reached at the following contact points:

ICQ: 737084

Skype name: pavelvladimirovich1

email: gpvx@yandex.ru

According to a reverse WHOIS lookup ordered from Domaintools.com, that email address is the same one used to register the aforementioned antidetect[dot]org, as well as antifraud[.biz] and hwidspoofer[dot]com (HWID is short or hardware identification, a common method that software makers use to ensure a given program license can only be used on one computer).

These were quite recent registrations (mid-2014), but that gpvx@yandex.ru email also was used to register domains in 2007, including allfreelance[dot]org and a domain called casinohackers[dot]com. Interestingly, one of the main uses that Byte Catcher advertises for his Antidetect software is to help beat fraud detection mechanisms used by online casinos. As we can see from this page at archive.org, a subsection of casinohackers.com was at one time dedicated to advertising Antidetect Patch — a version that comes with its own virtual machine.

That ICQ number is tied to a user named “collisionsoftware” at the Russian cybercrime forum antichat[dot]ru, in which the seller is advertising software that routes the user’s Internet connection through hacked PCs. He directs interested buyers to the web site cn[dot]viamk[dot]com, which is no longer online. But an archived version of that page at archive.org shows the same “collision” name and the words “freelance team.” The contact form on this site also lists the above-referenced ICQ number and email gpvx@yandex.ru, and even includes a résumé of the site’s owner.

Another domain connected to that antichat profile is cnsoft[dot]ru, the now defunct domain for Collision Software, which bills itself as a firm that can be hired to write software. The homepage lists the same ICQ number (737084)

Antidetect retails for between $399 and $999, and includes live support.

Antidetect retails for between $399 and $999, and includes (somewhat unreliable) live support.

Both antifraud[dot]biz and allfreelance[dot]org were originally registered by an individual in Kaliningrad, Russia named Pavel V. Golub. Note that this name matches the initials in the email address gpvx@yandex.ru. KrebsOnSecurity has yet to receive a response to inquiries sent to that email and to the above-referenced Skype profile.

A little searching turns up this profile on Russian social networking giant Odnoklassniki.ru for one Pavel Golub, a 29-year-old male from Koenig, Russia. Written in Russian as “Кениг,” this is Russian slang for Kaliningrad and refers to the city’s previous German name.

One of Pavel’s five friends on Odnoklassniki is 27-year-old Vera Golub, also of Kaliningrad. A search of “Vera Golub, Kaliningrad” on vkontakte.com — Russia’s version of Facebook — reveals a vk.com group in Kaliningrad about artificial fingernails that has two contacts: Vera Ivanova (referred to as “master” in this group), and Pavel Vladimirovich (listed as “husband”).

The Vkontakte profile linked to Pavel’s name on that group has been deleted, but “Vera Ivanova” is the same face as Vera Golub from Pavel’s Odnoklassniki profile.

A profile of one of Vera’s friends – one Natalia Kulikova – shows some photos of Pavel from 2009, where he’s tagged as “Pavel Vladimirovich” and with the link to Pavel’s deleted Vkontakte profile.  Also, it shows his previous car, which appears to be a Mitsubishi Galant.

Pavel, posing with his Mitsubishi Galant

Pavel, posing with his Mitsubishi Galant in 2008.

A search on the phone number “79527997034,” referenced in the WHOIS site registration records for Pavel’s domains — antifraud[dot]biz and hwidspoofer[dot]com — turns up a listing on a popular auto sales Web site wherein the seller (from Kaliningrad) is offering a 2002 Mitsubishi Galant. That same seller sold a 2002 BMW last year.

On one level, it’s amusing that a guy who sells software to help Web criminals evade detection is so easily found on the Internet. Then again, as my Breadcrumbs series demonstrates, many individuals involved in writing malware or selling fraud tools either do not care or don’t take too many precautions to hide their identities — probably because they face so little chance of getting into trouble over their activities as long as they remain in Russia.

The above photo of Pavel in his Mitsubishi isn’t such a clear one. Here are a couple more from Kulikova’s Vkontakte pictures.

Vera and Pavel Golub in April 2012.

Vera and Pavel Golub in April 2012.

Pavel V. Golub, in 2009.

Pavel V. Golub, in 2009.

TorrentFreak: “Pay Off Your Credit Card Debt By Ratting on Software Pirates”

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

nopiracyWe hate to be repetitive here at TF, but the Business Software Alliance (BSA) leaves us little choice.

Representing major software companies, the BSA encourages people to report businesses that use unlicensed software.

If one of these reports results in a successful court case, the pirate snitch can look forward to a cash reward, which could amount to a million dollars per case.

According to a BSA executive the campaign has been very successful. It has resulted in many referrals and a decrease in software piracy rates.

Sounds great, but the way BSA recruits their snitches on Facebook is dubious and somewhat surrealistic. Instead of appealing to people’s ethics, the software group chooses to frames the campaign as a get-rich-quick scheme.

BSA continues to surprise us with new ads mainly targeting people who are short on money. For example, a few days ago this ad appeared in the timeline of thousands of Facebook users.

“Looking to pay off your credit card debt? If you know a company using unlicensed business software, file a report today to be eligible for a cash reward,” BSA’s latest Facebook ad reads.

bsacc

It appears that every time we think BSA has found a new low, they come with a new ad that’s even more questionable. During the holidays, for example, they also appealed to the fact that many people are short on cash.

“Money can get tight during the holidays. If you know a company using unlicensed business software, file a report today to be eligible for a cash reward,’ the holiday ad reads, and there are more examples here.

bsaholiday

While the BSA promises a quick cash solution, those who decide to report a pirating company are in it for the long haul. In the fine print it’s explained that people will only get a reward if a successful legal proceeding results in a settlement.

We reached out to the BSA find out more about how many people have been paid since the start of the campaign, but we have yet to hear back.

To be continued…

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Guide: How File-Sharers Can Ruin Their Online Privacy

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

unmaskedEvery single day one can hear do-gooders banging on endlessly about staying private on the Internet. It’s all encryption this and Edward Snowden that. Ignore them. They’re lunatics involved in a joint Illuminati / Scientologist conspiracy.

No, what Internet users need is a more care-free approach to online surveillance, one that allows them to relax into a zen-like state of blissful ignorance, free from the “Five Eyes” rantings of Kim Dotcom.

And there are plenty of real people already following this advice. Real events reported here on TF (and investigated by us over the past few months) have shown us that while operating in the world of file-sharing (especially if that involves releasing content or running a tracker) it is absolutely vital to lay down an easily followed trail of information. Here are some golden rules for doing just that.

Naming convention

If at all possible, file-sharers should incorporate their real-life names into their online nickname. Dave Mark Robinson should become DaveR at a minimum, but for greater effect DaveMR should be used. As adding in a date of birth allows significant narrowing down of identities, DaveMR1982 would be a near perfect choice.

This secret codename can then be used on any torrent site, but for best effect it should be used across multiple trackers at once so the user is more easily identified. But let’s not think too narrowly here.

As an added bonus, Dave should also ensure that the same nickname is used on sites that have absolutely nothing to do with his file-sharing. EBay profiles and YouTube accounts are perfect candidates, with the latter carrying some personally identifying videos, if at all possible. That said, Dave would be selling himself short if he didn’t also use the same names on…..

Social media

If Dave doesn’t have an active Facebook account which is easily linked to his file-sharing accounts, he is really missing out. Twitter is particularly useful when choosing the naming convention highlighted above since nicknames can often be cross-referenced with real names on Facebook, especially given the effort made in the previous section.

In addition to all the regular personal and family information readily input by people like Dave, file-sharing Facebook users really need to make sure they put up clear pictures of themselves and then ‘like’ content most closely related to the stuff they’re uploading. ‘Liking’ file-sharing related tools such as uTorrent is always recommended.

File-sharing sites

When DaveMR1982 signs up to (or even starts to run) a torrent site it’s really important that he uses an easy to remember password, ideally one used on several other sites. This could be a pet’s name, for example, but only if that pet gets a prominent mention on Facebook. Remember: make it easy for people, it saves so much time!

Dave’s participation in site forums is a must too. Ideally he will speak a lot about where he lives and his close family, as with the right care these can be easily cross-referenced with the information he previously input into Facebook. Interests and hobbies are always great topics for public discussion as these can be matched against items for sale on eBay, complete with item locations for added ease.

Also, Dave should never use a VPN if he wants his privacy shattered, with the no-log type a particular no-go. In the event he decides to use a seedbox he should pay for it himself using his own PayPal account, but only if that’s linked to his home address and personal bank account. Remember, bonus points for using the same nickname as earlier when signing up at the seedbox company!

Make friends and then turn them into enemies

Great friendships can be built on file-sharing sites but in order to maximize the risks of a major privacy invasion, personal information must be given freely to these almost complete strangers whenever possible.

In an ideal world, trusting relationships should be fostered with online ‘friends’ and then allowed to deteriorate into chaos amid a petty squabble, something often referred to in the torrent scene as a “tracker drama”. With any luck these people will discard friendships in an instant and spill the beans on a whim.

Domain registration

Under no circumstances should Dave register his domains with a protected WHOIS as although they can be circumvented, they do offer some level of protection. Instead (and to comply with necessary regulations) Dave should include his real home address and telephone number so he is easily identified.

If for some crazy reason that isn’t possible and Dave is forced to WHOIS-protect his domain, having other non-filesharing sites on the same server as his file-sharing site is always good for laying down breadcrumbs for the anti-privacy police. If the domains of those other sites don’t have a protected WHOIS, so much the better. Remember, make sure the address matches the home location mentioned on Facebook and the items for sale on eBay!

Conclusion

As the above shows, with practice it’s easy to completely compromise one’s privacy, whether participating in the file-sharing space or elsewhere. In the above guide we’ve simply cited some genuine real-life techniques used by people reported in previous TF articles published during the last year, but if you have better ideas at ruining privacy online, please feel free to add them in the comments.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: Sys Admins & Datacenter Techs Assemble!

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

need-heroes2
Backblaze is growing quickly and we are looking to expand our Operations Team with the addition of 2 superstars.

All positions require:

* Good attitude and willingness to do whatever it takes to get the job done
* Strong desire to work for a small fast paced company
* Desire to learn and adapt to rapidly changing technologies and work environment
* Rigorous adherence to best practices
* Relentless attention to detail
* Excellent troubleshooting and problem solving skills
* Excellent communication, time management, problem solving and organizational skills

Systems Administrator – San Mateo, CA

Responsibilities:
* Manage Linux, Mac and Windows installation & configuration
* Manage web services installation & configuration (Tomcat, Apache, Ngnix, WordPress, Java, etc)
* Manage infrastructure services installation & configuration (DNS, DHCP, NTP, Clonezilla, PXE, etc)
* Manage monitoring installation & configuration (Zabbix, PagerDuty, etc)
* Maintain strong network security (including PCI compliance, firewalls, ACLs, Log Analysis, etc)
* Manage enterprise class storage installation & configuration (EMC & Dell MD1120 and MD1220 drive shelves, etc)
* Push out software changes (patches & system updates)
* Debug & Repair software problems (File system, RAID & boot drive repairs)
* Make occasional trips to datacenter near Sacramento
* Help administer network infrastructure (switches, VPNs, routers, etc)
* Help automate provisioning & deployment of new software with Ansible, custom script and other tools
* Help administer database servers (MySQL)
* Help Datacenter Techs debug hardware problems
* Help maintain operational documentation and scripts
* Participate in the 24×7 on-call pager rotation and respond to alerts as needed.
* Assist in training & supervising junior operations staff when necessary.

Requirements:
* 5+ years of experience
* Strong knowledge of Linux system administration, Debian experience preferred
* Bash scripting skills desired
* Ability to lift/move 50-75 lbs and work down near the floor as needed
* Position based in the San Francisco Bay Area, California requiring 3+ days/week in San Mateo

Datacenter Technician – Sacramento, CA

Responsibilities
* Work as Backblaze’s physical presence in Sacramento area datacenter(s)
* Maintain physical infrastructure including racking equipment, replacing hard drives and other system components
* Repair and troubleshoot defective equipment with minimal supervision
* Recieve deliveries, maintain accurate inventory counts/records and RMA defective components
* Provision, test & deploy new equipment via the Linux command line and web GUIs
* Help qualify new hardware & software configurations (load & component testing, qa, etc)
* Help train new Datacenter Technicians
* Follow and improve datacenter best practices and documentation
* Maintain a clean and well organized work environment
* On-call responsibilities include 24×7 trips to datacenter to resolve issues that can’t be handled remotely

Requirements
* Ability to learn quickly
* Ability to lift/move 50-75 lbs and work down near the floor on a daily basis
* Position based near Sacramento, California and may require periodic visits to the Corporate office in San Mateo

Preferred
* Working knowledge of Linux
* 1-2 years experience in technology related field
* Experience working at a datacenter in a support role

Interested?

Check out these videos on our Datacenter Operations team:

Want to join our team? Follow these three steps:

  1. Send an Email to jobscontact@backblaze.com with one of the positions listed above in the subject line
  2. Include your resume
  3. Include your answers to 2 of the following 3 questions:
    • What about working at Backblaze excites you the most?
    • Provide 3 adjectives that best describe your personal workspace.
    • How would you manage boot images and system configurations on 1,000+ servers (i.e. Backblaze Storage Pods)?

We’ll be interviewing candidates over the next couple of weeks. Join us and help us continue to build a great online backup company.

Backblaze is an Equal Opportunity Employer and we offer competitive salary and benefits, including our no policy vacation policy.

Author information

Yev

Yev

Chief Smiles Officer at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Sys Admins & Datacenter Techs Assemble! appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

SANS Internet Storm Center, InfoCON: green: How Victims Are Redirected to IT Support Scareware Sites, (Fri, Mar 20th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

In the classic version of tech support scams, the fake technician initiated an unsolicited phone call to the victim. Now the awareness for this scheme has increased, scammers shifted tactics. Their latest approaches involve convincing the potential victim to be the one calling the impostor. Ive seen this accomplished in two ways:

  • Scammers use bots to respond to Twitter users who mention PC problems or malware. The bots search for the appropriate keyboards and send messages that include a phone number of a tech support firm. I described this approach when exploring how scammers prescreen potential victims.
  • Scammers set up scarewarewebsites that are designed to fool people into thinking their PC is infected, compelling visitors to call the fake tech support organization. Johannes Ullrich described a typo squatting variation of this technique in an earlier diary. Lets take a look a domain redirection variation of this scam below.

In the following example, the victim visited a link that was once associated with a legitimate website: 25yearsofprogramming.com. The owner of the domain appears to haveallowed its registration to expire in early 2014. At that point, the domain was transferred to Name Management Group, according to DomainTools Whois records. The record was assigned DNS servers under the domains cashparking.com, hastydns.com, dsredirection.com and eventually brainydns.com.

Name Management Group seems to own over 13,000 domains (according to DomainTools Whois records), including numerous domains that DomainTools classifies as malicious, such as 0357al.com, 18aol.com, 520host.com, 60dayworkout.us, 61kt.com, 7x24sex.net, 9tmedia.com, adobecrobat.info, adultfantasynetwork.com, allappsforpc.com, apkcracks.net, etc. (Dont visit these domains.)

Landing on the Fake Malware Warning Site

Visiting the once-legitimate URL a few days ago landed the victim on a scammyscareware page, designed to persuade the person to contact Microsoft Certified Live Techniciansat the specified toll-free phone number. The site employed social engineering techniques employed by rogue antivirus tools. Such schemespresentvictims with fake virus warnings, designed to scare people into submission.

The site in our example also”>This is a Windows system warning! This is a Windows system warning! If you are hearing this warning message, the security of your Windows system has been compromised. Your Windows computer and data might be at risk because of adwares, spywares and malicious pop-ups! Your bank details, credit card information, email accounts, Facebook account, private photos and other sensitive files may be compromised. Please call the number mentioned now to resolve this issue.

To see and hear what the victim experienced, play the video clip below or watch it on YouTube.

Here are the redirection steps that brought the victim to the scareware site mentioned above:

http ://25yearsofprogramming.com/blog/2010/20100315.htm -https ://p2.dntrax.com/tr?id=f2d252736d65832f11811ad8cb43ceff00313e75.r -http ://247tech.help/crt/us_seg0303/m1/us_windos_3806/index.html

You can see the source code to the final page on Pasebin, if youre interested. According to the code, it was mirrored from clients.worldnetconsultants.com/Lander3 using the free non-malicious tool HTTrack Website Copier on 08 Jan 2015. (More on this interesting tidbit in my diary
Who Develops Code for IT Support Scareware Websites?)

If you visited the top page of the247tech.help website (dont go there), you would see a friendly, professional-lookingpage, gently inviting the visitor to Call Now for Instant Support by dialing 844-878-2550. Please don however, if youd like to hear a details account of what people experience when they do call, read my article”>stark contrast to the”>warnings-filled trap shown above, which redirection victims encountered.

Other Redirection Possibilities

The website hosting 25yearsofprogramming.com at the time of this writingredirects visitors to various places, perhaps randomly, perhaps based on the persons geography or browser details. I encountered twoother redirection flows that led to scarewarewebsites set up for IT support scams.

One redirection flow employed p2.dntrax.com, as the example above, but took the victim to alert.windows.com.computers-supports.com (dont go there):

http ://25yearsofprogramming.com/blog/2010/20100315.htm - https://p2.dntrax.com/tr?id=f2d252736d65832f11811ad8cb43ceff00313e75.r -http ://alert.windows.com.computers-supports.com/index-1.html?isp=Time%20Warner%20Cablebrowser=Internet%20Explorerbrowserversion=Internet%20Explorer%2011ip= 108.61.226.4os=Windowsosversion=Windows%208.1

The resulting site is a bit more sophisticated than the one in the previous example, because it uses JavaScript to customize the web page to include the victims ISP, browser name, IP address and Windows version. For instance:

document.write(getURLParameter(ip))

You can see the source code of that page on Pastebin. Here in this example, the website didnt receive the victims IP and other details and therefore didn” />

Sometimes the victim was redirected using a longer trail to a different IT support scareware site (dont go there):

http ://25yearsofprogramming.com/blog/2010/20100315.htm -http ://xml.revenuehits.com/click?i=cEuxzuX2fpc_0 -http ://zh.zeroredirect1.com/zcvisitor/fddce3a1-ccbb-11e4-ab5a-0a92e2e12617 -http ://claimyourfree.com/promo/base.php?c=734key=0cdc58908ab3a694320034e391aa520atarget=oscar-vox-zKU0jhQu -http ://fb.surveydonkeys.com/us/index.php?target=oscar-vox-zKU0jhQu -http ://ajax.surveydonkeys.com/imp/g38a0n?data=eyJicm93c2VyX3R6X29mZnNldCI6LTI0MCwiY2IiOjEwNTExNSwibHBfcmVmIjoiIiwibHBfdXJsIjoiaHR0cDovL2ZiLnN1cnZleWRvbmtleXMuY29tL3VzL2luZGV4LnBocD90YXJnZXQ9b3NjYXItdm94LXpLVTBqaFF1In0= -http ://securedgo.com/d3ed9240-61de-48c1-9a7b-b10dbafaa7d2 -http ://fb.surveydonkeys.com/us/windowswarning.php?os=Windowsosversion=Windows%208.1isp=Time%20Warner%20Cablebrowser=Internet%20Explorer" />

The design of this page matches closely the site">Johannes">">bed in the">typo squatting variation of this scenarioon December 15.The latest page employed the sound filegp-msg.mp3 to scare visitors.VirusTotal has a record of thisfile,which was first uploaded to VirusTotal on December 11, 2014.

Who is Redirecting, Why and How?

We seem to be dealing with two different redirection engines and companies: p2.dntrax.com and xml.revenuehits.com after the initial 25yearsofprogramming.com redirect.

The domain dnstrax.com was registered by Team Internet AG, which is associated with over 44,000 domains, including several that DomainTools classifies as malicious: anonse24.de, natursteindichtstoff.de, seospecialists.de, etc. The domain revenuehits.com is registered to MYADWISE LTD, which is associated with about 50 domains.

The companies behind these servers, as well as the firm presently controlling 25yearsofprogramming.com are probably receiving referral fees for their roles in the redirection scheme.

Theres much to explore regarding the domain names, systems and companies involved in the schemes outlined above. If you have additional information about these entities, or would like to contribute towards this analysis, please leave a comment. If you decide to explore any of these systems, do so from an isolated laboratory environment.

Also, if you encounter a tech support scam, please register it with our database of such incidents.

-- Lenny Zeltser

Lenny Zeltser focuses on safeguarding customers IT operations at NCR Corp. He also teaches how to analyze malware at SANS Institute. Lenny is active on Twitter and Google+. He also writes a security blog.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Hacker Factor Blog: Who Moved My Cheese?

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

For someone who likes to do deep analytical programming, I find myself making lots of web sites. Compared to hard-core C software development, basic HTML is anything but complex. It isn’t that I enjoy web programming. Rather, I find HTML as a very convenient output format. I don’t have to worry about widget sets, video buffers, or scrollbar calculations. Compared to X11 programming, HTML on a web browser is a dream.

While HTML is flexible, it doesn’t mean that there are not poor development options. For example, there are plenty of web sites that contain dozens of external links to resources and ads. The problem is that the page won’t render until every dependency loads. There are some web sites that I would follow more regularly if they loaded in a reasonable time.

For my own software development, I have a basic rule: minimize external dependencies. If I need code, a font, some JavaScript, or a picture to make my site work, then I try to keep it local. Of course, I do bend or break this rule occasionally. In this blog, for example, most pictures are hosted at either Google’s Picasa or my FotoForensics site. I do this because of the network load. A big picture means big network traffic. While a 200K picture doesn’t seem like much when it comes to one web browser, my blog can get over 100,000 hits per day. Transfering a 200K picture 100,000 times is a lot of network traffic… so I’d rather push off the bandwidth to my other server or to Google. (Thank you, Google.)

While I may link to some pictures as dependencies, I really try to never link to remote JavaScript or other code modules that are required for rendering pages. When I wanted links to “share on Facebook” and “post to Twitter” at FotoForensics, I could have used remote code. The recommended solutions from Twitter and Facebook have your site loading JavaScript from their servers to generate the linking icons. For my site, I rewrote that code so it would be local to my server. I do not have a remote dependency on Twitter or Facebook in order to render a page.

By hosting all code locally, I ensure that my site will always display quickly in your browser. When Facebook goes down, your browser won’t hang while you view my site. In contrast, sites that are dependent on Facebook’s code may take up to a minute to display as the network connections time out.

Change Happens

There is another reason that I try to keep everything local. I am concered that a remote site that I depend on may not be around forever. I have a copy of everything that I keep hosted at Google — just in case Google disappears.

Now, you are probably thinking “Google is a huge company! They are not going away!” Except… there is a long list of discontinued Google projects. You may be completely dependent on Google for your business. You use Google Docs, Google+, and have your Gmail email address printed on your business cards. Yet, any of those could vanish if Google decides to stop supporting it. And you, as a user, have no say in whether Google will keep it around next year.

Last week Google announced that they were going to close Google Code. Google Code is a collaborative environment where developers work on projects and share source. There are many open source projects that only exist on Google Code. But Google Code is going away. (The recommendation is to move to GitHub. Let’s hope that GitHub doesn’t go away anytime soon.)

I think the first comment to Google’s blog post perfectly reflects my concerns. It is why I am glad that I do not link to remote dependencies. The commenter wrote:

What will happen to things that are hosted on google code, like jquery and the google font set? Thousand, if not millions of pages link to these directly – will they all be invalidated?

The short answer is: change your external dependencies before Google Code vanishes. Otherwise, your site will break.

Temporary Setbacks

There are some good reasons for linking to other sites. For example, if Facebook or Twitter changes their call-back URL, then my buttons that link to them will break. If I depended on their code, then it would always be up to date. And if I linked to jquery hosted on some common service, then my site would benefit from browser caching since clients may have already downloaded the JavaScript code for other reasons.

Probably the simplest reason to have a remote dependency is because it’s the easiest option. You may not even realize that some WordPress plugin is dependent on a remote service that may no longer be available. (Or maybe you knew it back when you installed it, but since forgot about it.)

Unfortunately, there’s a truism about the Internet that lots of people seem to ignore: content on the Internet is temporary. Things get deleted, sites change names, and services eventually turn off.

Google has announced that Google Code is going away, giving administrators and project developers plenty of time to move off that service. Although site maintainers should be aware of this change and take preventative steps to avoid any downtime, we know from past experience that this will not happen. Many sites are unlikely to change until things break. And many open source projects are forgotten by their managers but still used by other people. I cannot help but wonder how many web sites and open source projects will be caught unaware when Google Code finally goes offline.

The Hacker Factor Blog: Who Moved My Cheese?

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

For someone who likes to do deep analytical programming, I find myself making lots of web sites. Compared to hard-core C software development, basic HTML is anything but complex. It isn’t that I enjoy web programming. Rather, I find HTML as a very convenient output format. I don’t have to worry about widget sets, video buffers, or scrollbar calculations. Compared to X11 programming, HTML on a web browser is a dream.

While HTML is flexible, it doesn’t mean that there are not poor development options. For example, there are plenty of web sites that contain dozens of external links to resources and ads. The problem is that the page won’t render until every dependency loads. There are some web sites that I would follow more regularly if they loaded in a reasonable time.

For my own software development, I have a basic rule: minimize external dependencies. If I need code, a font, some JavaScript, or a picture to make my site work, then I try to keep it local. Of course, I do bend or break this rule occasionally. In this blog, for example, most pictures are hosted at either Google’s Picasa or my FotoForensics site. I do this because of the network load. A big picture means big network traffic. While a 200K picture doesn’t seem like much when it comes to one web browser, my blog can get over 100,000 hits per day. Transfering a 200K picture 100,000 times is a lot of network traffic… so I’d rather push off the bandwidth to my other server or to Google. (Thank you, Google.)

While I may link to some pictures as dependencies, I really try to never link to remote JavaScript or other code modules that are required for rendering pages. When I wanted links to “share on Facebook” and “post to Twitter” at FotoForensics, I could have used remote code. The recommended solutions from Twitter and Facebook have your site loading JavaScript from their servers to generate the linking icons. For my site, I rewrote that code so it would be local to my server. I do not have a remote dependency on Twitter or Facebook in order to render a page.

By hosting all code locally, I ensure that my site will always display quickly in your browser. When Facebook goes down, your browser won’t hang while you view my site. In contrast, sites that are dependent on Facebook’s code may take up to a minute to display as the network connections time out.

Change Happens

There is another reason that I try to keep everything local. I am concered that a remote site that I depend on may not be around forever. I have a copy of everything that I keep hosted at Google — just in case Google disappears.

Now, you are probably thinking “Google is a huge company! They are not going away!” Except… there is a long list of discontinued Google projects. You may be completely dependent on Google for your business. You use Google Docs, Google+, and have your Gmail email address printed on your business cards. Yet, any of those could vanish if Google decides to stop supporting it. And you, as a user, have no say in whether Google will keep it around next year.

Last week Google announced that they were going to close Google Code. Google Code is a collaborative environment where developers work on projects and share source. There are many open source projects that only exist on Google Code. But Google Code is going away. (The recommendation is to move to GitHub. Let’s hope that GitHub doesn’t go away anytime soon.)

I think the first comment to Google’s blog post perfectly reflects my concerns. It is why I am glad that I do not link to remote dependencies. The commenter wrote:

What will happen to things that are hosted on google code, like jquery and the google font set? Thousand, if not millions of pages link to these directly – will they all be invalidated?

The short answer is: change your external dependencies before Google Code vanishes. Otherwise, your site will break.

Temporary Setbacks

There are some good reasons for linking to other sites. For example, if Facebook or Twitter changes their call-back URL, then my buttons that link to them will break. If I depended on their code, then it would always be up to date. And if I linked to jquery hosted on some common service, then my site would benefit from browser caching since clients may have already downloaded the JavaScript code for other reasons.

Probably the simplest reason to have a remote dependency is because it’s the easiest option. You may not even realize that some WordPress plugin is dependent on a remote service that may no longer be available. (Or maybe you knew it back when you installed it, but since forgot about it.)

Unfortunately, there’s a truism about the Internet that lots of people seem to ignore: content on the Internet is temporary. Things get deleted, sites change names, and services eventually turn off.

Google has announced that Google Code is going away, giving administrators and project developers plenty of time to move off that service. Although site maintainers should be aware of this change and take preventative steps to avoid any downtime, we know from past experience that this will not happen. Many sites are unlikely to change until things break. And many open source projects are forgotten by their managers but still used by other people. I cannot help but wonder how many web sites and open source projects will be caught unaware when Google Code finally goes offline.

The Hacker Factor Blog: Who Moved My Cheese?

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

For someone who likes to do deep analytical programming, I find myself making lots of web sites. Compared to hard-core C software development, basic HTML is anything but complex. It isn’t that I enjoy web programming. Rather, I find HTML as a very convenient output format. I don’t have to worry about widget sets, video buffers, or scrollbar calculations. Compared to X11 programming, HTML on a web browser is a dream.

While HTML is flexible, it doesn’t mean that there are not poor development options. For example, there are plenty of web sites that contain dozens of external links to resources and ads. The problem is that the page won’t render until every dependency loads. There are some web sites that I would follow more regularly if they loaded in a reasonable time.

For my own software development, I have a basic rule: minimize external dependencies. If I need code, a font, some JavaScript, or a picture to make my site work, then I try to keep it local. Of course, I do bend or break this rule occasionally. In this blog, for example, most pictures are hosted at either Google’s Picasa or my FotoForensics site. I do this because of the network load. A big picture means big network traffic. While a 200K picture doesn’t seem like much when it comes to one web browser, my blog can get over 100,000 hits per day. Transfering a 200K picture 100,000 times is a lot of network traffic… so I’d rather push off the bandwidth to my other server or to Google. (Thank you, Google.)

While I may link to some pictures as dependencies, I really try to never link to remote JavaScript or other code modules that are required for rendering pages. When I wanted links to “share on Facebook” and “post to Twitter” at FotoForensics, I could have used remote code. The recommended solutions from Twitter and Facebook have your site loading JavaScript from their servers to generate the linking icons. For my site, I rewrote that code so it would be local to my server. I do not have a remote dependency on Twitter or Facebook in order to render a page.

By hosting all code locally, I ensure that my site will always display quickly in your browser. When Facebook goes down, your browser won’t hang while you view my site. In contrast, sites that are dependent on Facebook’s code may take up to a minute to display as the network connections time out.

Change Happens

There is another reason that I try to keep everything local. I am concered that a remote site that I depend on may not be around forever. I have a copy of everything that I keep hosted at Google — just in case Google disappears.

Now, you are probably thinking “Google is a huge company! They are not going away!” Except… there is a long list of discontinued Google projects. You may be completely dependent on Google for your business. You use Google Docs, Google+, and have your Gmail email address printed on your business cards. Yet, any of those could vanish if Google decides to stop supporting it. And you, as a user, have no say in whether Google will keep it around next year.

Last week Google announced that they were going to close Google Code. Google Code is a collaborative environment where developers work on projects and share source. There are many open source projects that only exist on Google Code. But Google Code is going away. (The recommendation is to move to GitHub. Let’s hope that GitHub doesn’t go away anytime soon.)

I think the first comment to Google’s blog post perfectly reflects my concerns. It is why I am glad that I do not link to remote dependencies. The commenter wrote:

What will happen to things that are hosted on google code, like jquery and the google font set? Thousand, if not millions of pages link to these directly – will they all be invalidated?

The short answer is: change your external dependencies before Google Code vanishes. Otherwise, your site will break.

Temporary Setbacks

There are some good reasons for linking to other sites. For example, if Facebook or Twitter changes their call-back URL, then my buttons that link to them will break. If I depended on their code, then it would always be up to date. And if I linked to jquery hosted on some common service, then my site would benefit from browser caching since clients may have already downloaded the JavaScript code for other reasons.

Probably the simplest reason to have a remote dependency is because it’s the easiest option. You may not even realize that some WordPress plugin is dependent on a remote service that may no longer be available. (Or maybe you knew it back when you installed it, but since forgot about it.)

Unfortunately, there’s a truism about the Internet that lots of people seem to ignore: content on the Internet is temporary. Things get deleted, sites change names, and services eventually turn off.

Google has announced that Google Code is going away, giving administrators and project developers plenty of time to move off that service. Although site maintainers should be aware of this change and take preventative steps to avoid any downtime, we know from past experience that this will not happen. Many sites are unlikely to change until things break. And many open source projects are forgotten by their managers but still used by other people. I cannot help but wonder how many web sites and open source projects will be caught unaware when Google Code finally goes offline.

Krebs on Security: OpenSSL Patch to Plug Severe Security Holes

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity.

iheartOpenSSL is deployed at countless organizations, including at Web giants like Facebook, Google and Yahoo — as well as broadly across U.S. federal government networks. As its name suggests, OpenSSL implements Secure Sockets Layer (SSL) encryption (also known as “transport layer security” or TLS) for Web sites and associated networks, ensuring that the data cannot be read by untrusted parties.

The patch is likely to set off a mad scramble by security teams at organizations that rely on OpenSSL. That’s because security updates — particularly those added to open-source software like OpenSSL that anyone can view — give cybercriminals a road map toward finding out where the fixed vulnerabilities lie and insight into how to exploit those flaws.

Indeed, while the OpenSSL project plans to issue the updates on Thursday, Mar. 19, the organization isn’t pre-releasing any details about the fixes. Steve Marquess, founding partner at the OpenSSL Software Foundation, said that information will only be shared in advance with the major operating system vendors.

“We’d like to let everyone know so they can be prepared and so forth, but we have been slowly driven to a pretty brutal policy of no [advance] disclosure,” Marquess said. “One of our main revenue sources is support contracts, and we don’t even give them advance notice.”

Advance notice helps not only defenders, but attackers as well. Last year, ne’er-do-wells pounced on Heartbleed, the nickname given to an extremely critical flaw in OpenSSL that allowed anyone to extract passwords, cookies and other sensitive data from servers that were running vulnerable versions of OpenSSL. This Heartbleed disclosure timeline explains a great deal about how that process unfolded in a less-than-ideal manner.

In the wake of Heartbleed, media organizations asked how such a bug — which many security experts said was a fairly obvious blunder in hindsight — could have gone undetected in the guts of the open-source code for so long. Marquess took to his blog to explain, posting an open letter requesting additional financial support for the OpenSSL project and pointing out the stark fact that so much of the Internet runs on top of software that maintained by a tiny team with a shoestring budget.

“So the mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn’t happened more often,” said of the Heartland bug,

In an interview with KrebsOnSecurity, Marquess said the updates to be released tomorrow are partly the product a spike in donations and funding the organization received in the wake of Heartbleed.

In that brief glare of publicity, the OpenSSL Foundation landed two Linux Foundation fellowships — meaning the group gained two new people who are paid for two years to work full-time on improving the security and stability of OpenSSL. Using donations and some commercial revenues, the foundation also is self-funding two additional people to maintain the code.

“We have four people working full-time on OpenSSL doing just what needs to be done, as opposed to working on stuff that brings in revenue,” Marquess said. “We have a lot more manpower resources, and one of the reasons you’re seeing all these bug and vulnerability fixes coming out now is that not only are outsiders looking for problems but we are too. We’re also doing a major overhaul of the source code, which is going to be probably the biggest crypto audit ever.”

LWN.net: The GNU Manifesto Turns Thirty (New Yorker)

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The New Yorker notes
the 30th anniversary of the GNU Manifesto
.
Stallman was one of the first to grasp that, if commercial entities
were going to own the methods and technologies that controlled computers,
then computer users would inevitably become beholden to those
entities. This has come to pass, and in spades. Most computer users have
become dependent on proprietary code provided by companies like Apple,
Facebook, and Google, the use of which comes with conditions we may not
condone or even know about, and can’t control; we have forfeited the
freedom to adapt such code according to our needs, preferences, and
personal ethics.