Posts tagged ‘Facebook’

Backblaze Blog | The Life of a Cloud Backup Company: What Would You Do With a Storage Pod?

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Andy Klein. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

Empty Backblaze Storage Pods
Backblaze Storage Pod 027 has been running 24/7/365 storing customer data for the past 7 years. Pod 027 has served us well, but now it is time to retire. Pod 027 is one of 20 Backblaze Storage Pods being retired. In this group are version 1 and version 2 Storage Pods. They have been removed from service, their drives, motherboard, SATA cards, backplanes, wiring, and power supplies, all removed. What remains is Backblaze history – 20 Backblaze Storage Pod chassis that helped launch our company.

It’s not time to be sad, Pod 027 and friends are ready for the next phase in their collective life, but what should that be? We’ve had some ideas. We could sell them, but we’re not sure anyone would buy them. We could make another Backblaze “B”, but given our tight quarters, having another “B” is a tough sell. We could make them into desks or maybe build a few more baby cribs – all good ideas, but these Pods deserve something special. That’s where you come in.

Wanted, your ideas

What you would do with your very own Backblaze Storage Pod chassis? Would you use your Storage Pod to house your digital media collection, build a really big bird feeder or turn a Storage Pod into a work of art inspired by works of Patrick Amoit? No idea is too crazy, cool, or clever, the last thing we want to do is give them to Mel the Metal Guy for scrap.

Storage pods available

We currently have 20 Backblaze Storage Pod metal chassis. They are roughly 18” wide, 29” long and 7” high in size and weigh about 25 pounds or 11.3 kilograms. They are rolled steel and of course painted Red. They are used, so they have a few scratches and small dents, but they all have the Backblaze front plate. The drives, boards, wires, power supply etc., have been removed.

Storage Pod 027

Why are they available?

Backblaze is migrating from standalone Backblaze Storage Pods to Backblaze Vaults. The version 1 and version 2 Storage Pods are not vault compatible without a number of physical changes that are not financially practical. Unless you’re building your own Backblaze Vault, these pods will work for you.

blog_empty_storage_pod_v1

Submitting your winning idea

To submit your idea for what you would do with your very own Storage Pod chassis, go to our Facebook page at www.facebook.com/backblaze and post your idea there. Photos along with the submission are encouraged and the liberal use of Photoshop is expected. We’ll collect submissions through 11:59 pm (Pacific Daylight Time) on June 15, 2015. Late or improperly submitted submissions will not be accepted.

What happens if you WIN!

Winners will be announced in late June. We’ll post the winning ideas on our blog and our Facebook page and we’ll contact winners via Facebook. For those winners receiving a Storage Pod, Backblaze will pay for packaging and shipping to you. We’ll choose the shipping method and timeframe. Expedited shipping and insurance, if desired, will be at the winner’s expense.

What are you waiting for?

Over the years Storage Pod 027 along with the other 19 Storage Pods have done an awesome job storing and restoring data. They’ve served us well. Here’s your chance to make their retirement a memorable experience. Send in your submission today.

In the weeds…

  1. Backblaze reserves the exclusive right to accept or reject submissions for any reason without explanation. Rejected submissions may be removed from the Backblaze Facebook page if deemed inappropriate.
  2. You will not receive compensation for your submission.
  3. Submissions are considered in the public domain.
  4. Submissions may be used by Backblaze for promotional purposes.
  5. Backblaze reserves the exclusive right to select the winning entries.

The post What Would You Do With a Storage Pod? appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

TorrentFreak: H33T.to Mysteriously Disappears….But Can Be Found

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

People being unable to access a particular torrent site is perhaps the most common complaint in the file-sharing world today, and that should come as little surprise considering the elements at play.

While citizens of the U.S. largely enjoy unfettered access to any site, file-sharers in Europe have to deal with website blocking on a grand scale. Add domain seizures, pressure on webhosts and sundry raids that effect everyone into the mix, it’s perhaps surprising just how well sites are coping.

One site with a checkered recent uptime history is H33T. At times one of the world’s Top 10 torrent sites, H33T has fought through some very public spats with copyright holders and has been blocked in the UK since 2013 after music industry group BPI obtained a High Court order against the country’s six ISPs.

Recently H33T disappeared again but with no comment from anyone running the site (if anyone is, day to day), millions of the site’s users were left wondering what the following message from Cloudflare means for the future.

“You’ve requested a page on a website (h33t.to) that is on the CloudFlare network. CloudFlare is currently not routing the requested domain (h33t.to). There are two potential causes of this,” Cloudflare explains.

cloud-h33t

From the above it’s clear that Cloudflare isn’t currently a helpful service for those trying to access the site. The big question, however, is whether H33T is functioning somewhere and Cloudflare is the issue, or whether it’s gone altogether. Time to bypass Cloudflare to find out.

A few minutes of detective work turn up two potential direct IP addresses for H33T, one registered to a Canadian datacenter and the other located in the tiny 115-island country of Seychelles. At first, both appear useless, with the Canadian IP doing nothing and the Seychelles IP directing straight back to Google.

However, by adding the latter IP to the Windows hosts file and then accessing H33T.to in the usual way……

h33t-block

….H33T magically springs to life.

Perhaps surprisingly the site seems entirely operational, with torrents uploaded as recently as today. Exactly what the problem is remains unclear, but serious issues with Cloudflare that have persisted for many days seem to be the culprit.

Why these haven’t been fixed is a question likely to go unanswered. The site’s once-popular Facebook page hasn’t been updated since October 2014 and still lists the long-defunct URL H33T.com as the site’s main domain.

In the meantime and not withstanding hosts edits, proxies such as this one are keeping the site alive. Only time will tell if Cloudflare will re-enable the site – the company does not discuss individual cases.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: Recent Breaches a Boon to Extortionists

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for financial gain.

Within hours after data on tens (if not hundreds) of thousands of mSpy users leaked onto the Deep Web, miscreants on the “Hell” forum (reachable only via Tor) were busy extracting countless Apple iTunes usernames and passwords from the archive.

“Apple Id accounts you can use Tor to login perfectly safe! Good method so far use ‘Find My phone,’” wrote Ping, a moderator on the forum. “Wipe data and set a message that they been hacked and the only way to get their data back is to pay a ransom.”

"Hell" forum users discuss extorting mSpy users who had iTunes account credentials compromised in the breach.

“Hell” forum users discuss extorting mSpy users who had iTunes account credentials compromised in the breach.

mSpy works on non-jailbroken iPhones and iPads, but the user loading the program needs to supply the iTunes username and password to load mSpy onto the device. The tough part about a breach at a company like mSpy is that many “users” will not know they need to change their iTunes account passwords because they don’t know they have the application installed in the first place!

Late last week, several publications reported that the database for Adult Friend Finder’s users was being sold online for the Bitcoin equivalent of about USD $17,000. Unfortunately, that same database seems to be circulating quickly around the Deep Web, including on the aforementioned Hell forum.

In an update posted to its site on Friday, AFF owner FriendFinder Networks sought to assure registered users there was no evidence that any financial information or passwords were compromised.

Nevertheless, the AFF breach clearly threatens to inundate breached users with tons more spam, and potentially makes it easy to identify subscribers in real life. Such a connection could expose users to blackmail attempts: I spent roughly 10 minutes popping email addresses from the leaked AFF users list into Facebook, and managed to locate more than a dozen active Facebook accounts apparently tied to married men.

A description posted to the "Hell" forum listing the attributes of the Adult Friend Finder user database.

A description posted to the “Hell” forum listing the attributes of the Adult Friend Finder user database.

According to a note posted by the aforementioned Hell moderator Ping (this user is also administrator of the Deep Web forum The Real Deal), the AFF database has been traded online since March 2015, but it only received widespread media attention last week.

Lauren Weinstein's Blog: Seeking Anecdotes Regarding “Older” Persons’ Use of Web Services

This post was syndicated from: Lauren Weinstein's Blog and was written by: Lauren. Original post: at Lauren Weinstein's Blog

Greetings. I’m seeking anecdotes regarding the use of Web services (e.g. as provided by Google, Facebook, Twitter, etc.) by “older” users. Keeping in mind that our memories, vision, and other key attributes typically begin to degrade by the time we reach our 20s, I’m not specifying any particular age ranges here. Please email whatever you can to: experiences@vortex.com I’m especially…

yovko in a nutshell: Мрън

This post was syndicated from: yovko in a nutshell and was written by: Yovko Lambrev. Original post: at yovko in a nutshell

Преди няколко дни се върнах в Барселона след първото си кратко отскачане до България от февруари насам. Принципно не си падам по генерализациите и обобщенията, макар че признавам, че понякога ми е трудно да ги избегна. Отделно, че винаги съм се дразнел на сравнения от типа тук и там. Но беше неизбежно всички да ме питат дали сме свикнали, харесва ли ни…

Не знам дали съм свикнал. Твърде ми е рано да свикна, още повече, че бизнесът ми е в България, продължавам да работя с клиентите си от България, в главата ми се въртят идеи за нови проекти, повече или по-малко свързани с България. Прекарах 14 години в София и така и не свикнах особено с нея, така че това със свикването при мен никога не е било много на фокус. Още повече в съвременния свят и днешните дву- или тричасови разстояния с low-cost авиокомпания до всяка точка на Европа.

Не се чувствам емигрирал. Просто временно живея другаде. Без някакъв конкретен срок. Имам няколко задачки, които трябва да свърша – за Опънинтегра, за себе си, за семейството си. Част от тях вече започнах, други предстоят. Иска ми се в някакъв момент да постигна ако не пълна, то поне значителна независимост от физическата география, от мястото, където временно или за постоянно съм избрал да пребивавам. Абсолютен фен съм на т.нар. distributed компании.

Това което, обаче, неминуемо прави впечатление, когато се отдръпнеш на 2-3 хиляди километра от София, дори за няколко месеца е… мрънкането. Чува се! Уха! Така здраво се чува… Предимно от България, усилено от днешните псевдообщности на all-in-one multipurpose социалките и най-вече шибания facebook. Но не само. Дори хора, които са напуснали България от години пазят тази наша съкровена отличителна черта като свидна национална идентичност. Световни шампиони сме по мрънкане… Без конкуренция!

Това, което много ми харесва тук в Барселона е живото усещане за общност. Хората общуват – на улицата, на пазара, в магазините, в учрежденията. Минах през значителна част от испанската бюрократична машина за да setup-на скромното си бизнес-присъствие тук (данъчни служби, социални и емиграционни служби, общински…) – нито едно нещо не мога да кажа, че е фундаментално по-различно, по-подредено или по-добре от България, нито бумащината, нито опашките, но… с едно изключение – отношението. Хората пред и зад гишето имат общата нагласа и възприятие, че имат обща цел – да са си взаимно от полза. Никой не ме върна, защото нещо не съм разбрал, никой не се намръщи, че не говоря добре нито един от двата официални езика. На едно място жената зад гишето стана да ми донесе стол за да не стоя прав (при положение, че заедно със заекването на кастилски, работата ми с нея беше под 3 минути).

“Хората в метрото са отчаяни”, сподели един познат. “Не е както преди. Някои имат по двама безработни вкъщи, а някои са с по две ипотеки.” А друга наша приятелка ни разказва, че “Mossos d’Esquadra вади по 10-20 семейства от жилищата им на улицата всеки ден, защото не могат да погасяват задълженията си”. И двамата са българи – и са прави. Европейската криза бушува тежко в Испания – младежката безработица е 50%, строителният бум отпреди кризата и алчните банки са подвели мнозина и са стъжнили живота им, но… Елате в България да видите хората в метрото :)

Всичко е въпрос на отправна гледна точка. В България било мръсно и грозно. Сигурно, но аз и Париж не съм го видал много спретнат. В България е пълно с безстопанствени кучета – абсолютно вярно. Тук за три месеца не съм видял едно, но пък основно занимание на подсъзнанието ми, когато се прибирам или излизам от къщи е да внимавам да не настъпя някое кучешко произведение. Толкова са много. Само в Лисабон съм виждал повече. Явно тук не се трогват особено да си събират творенията на домашните любимци. Пред входа на метростанцията ми група тийнейджъри правят свинщини и купчини боклуци през два дни. Никой копче не им казва. За сметка на това в квартала ми се бунтуват през 2 дни срещу някаква глупава антена на мобилен оператор, от която има належаща нужда, но местните галфони, четат и събират псевдонаучни факти, колко били вредни антените и си държат телефоните на 50 сантиметра, говорейки на високоговорител. Мрън! :)

Няма идеални ситуации, места и отношения. Но това, което прави малката разлика сила с огромен потенциал е как гледаш на нещата – позитивно или не. В крайна сметка проблемите са нещо, което провокира търсене на решения за тях. Дори с възможности за бизнес. Мрънкането работа не върши! Никаква.

Светът е такъв, какъвто е! И познайте кой го е направил такъв? Марсианците ли? Май ние, а?… Е, значи точно пак от същите зависи някак да го променим. Понякога не е лесно! Друг път е отчайващо трудно. Но никой няма полза от изначалната нагласа, че няма да се получи. Сигурно е, че няма да стане по-добре само ако изобщо не опитваш.

А България веднага ще стане по-малко зле, ако погледнем на нещата с мисълта как да ги оправим вместо да мрънкаме и заменим болезнения си индивидуализъм и с желание да потърсим това, което ни прави общност (извън facebook).

Оригинален линк: “Мрън” – Някои права запазени

Krebs on Security: Security Firm Redefines APT: African Phishing Threat

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.

The report was released by Colorado Springs, Colo.-based security vendor root9B, which touts a number of former National Security Agency (NSA) and Department of Defense cybersecurity experts among its ranks. The report attracted coverage by multiple media outlets, including, Fox News, PoliticoSC Magazine and The Hill. root9B said it had unearthed plans by a Russian hacking gang known variously as the Sofacy Group and APT28. APT is short for “advanced persistent threat,” and it’s a term much used among companies that sell cybersecurity services in response to breaches from state-funded adversaries in China and Russia that are bent on stealing trade secrets via extremely stealthy attacks.

The cover art for the root9B report.

The cover art for the root9B report.

“While performing surveillance for a root9B client, the company discovered malware generally associated with nation state attacks,” root9B CEO Eric Hipkins wrote of the scheme, which he said was targeted financial institutions such as Bank of America, Regions Bank and TD Bank, among others.

“It is the first instance of a Sofacy or other attack being discovered, identified and reported before an attack occurred,” Hipkins said. “Our team did an amazing job of uncovering what could have been a significant event for the international banking community. We’ve spent the past three days informing the proper authorities in Washington and the UAE, as well as the CISOs at the financial organizations.”

However, according to an analysis of the domains reportedly used by the criminals in the planned attack, perhaps root9B should clarify what it means by APT. Unless the company is holding back key details about their research, their definition of APT can more accurately be described as “African Phishing Threat.”

The report correctly identifies several key email addresses and physical addresses that the fraudsters used in common across all of the fake bank domains. But root9B appears to have scant evidence connecting the individual(s) who registered those domains to the Sofacy APT gang. Indeed, a reading of their analysis suggests their sole connection is that some of the fake bank domains used a domain name server previously associated with Sofacy activity: carbon2go[dot]com (warning: malicious host that will likely set off antivirus alerts).

The problem with that linkage is although carbon2go[dot]com was in fact at one time associated with activity emanating from the Sofacy APT group, Sofacy is hardly the only bad actor using that dodgy name server. There is plenty of other badness unrelated to Sofacy that calls Carbon2go home for their DNS operations, including these clowns.

From what I can tell, the vast majority of the report documents activity stemming from Nigerian scammers who have been conducting run-of-the-mill bank phishing scams for almost a decade now and have left quite a trail.

rolexzadFor example, most of the wordage in this report from root9B discusses fake domains registered to one or two email addresses, including “adeweb2001@yahoo.com,” adeweb2007@yahoo.com,” and “rolexzad@yahoo.com”.

Each of these emails have long been associated with phishing sites erected by apparent Nigerian scammers. They are tied to this Facebook profile for a Showunmi Oluwaseun, who lists his job as CEO of a rather fishy-sounding organization called Rolexzad Fishery Nig. Ltd.

The domain rolexad[dot]com was flagged as early as 2008 by aa419.com, a volunteer group that seeks to shut down phishing sites — particularly those emanating from Nigerian scammers (hence the reference to the Nigerian criminal code 419, which outlaws various confidence scams and frauds). That domain also references the above-mentioned email addresses. Here’s another phishy bank domain registered by this same scammer, dating all the way back to 2005!

Bob Zito, a spokesperson for root9B, said “the root9B team stands by the report as 100 percent accurate and it has been received very favorably by the proper authorities in Washington (and others in the cyber community, including other cyber firms).”
I wanted to know if I was alone in finding fault with the root9B report, so I reached out to Jaime Blasco, vice president and chief scientist at AlienVault — one of the security firms that first published the initial findings on the Sofacy/APT28 group back in October 2014. Blasco called the root9B research “very poor” (full disclosure: AlienVault is one of several advertisers on this blog).
“Actually, there isn’t a link between what root9B published and Sofacy activity,” he said. “The only link is there was a DNS server that was used by a Sofacy domain and the banking stuff root9B published. It doesn’t mean they are related by any means. I’m really surprised that it got a lot of media attention due to the poor research they did, and [their use] of [terms] like ‘zeroday hahes’ in the report really blew my mind. Apart from that it really looks like a ‘marketing report/we want media coverage asap,’ since days after that report they published their Q1 financial results and probably that increased the value of their penny stocks.”

Blasco’s comments may sound harsh, but it is true that root9B CEO Joe Grano bought large quantities of the firm’s stock roughly a week before issuing this report. On May 14, 2015, root9B issued its first quarter 2015 financial results.

There is an old adage: If the only tool you have is a hammer, you tend to treat everything as if it were a nail. In this case, if all you do is APT research, then you’ll likely see APT actors everywhere you look. 

Дневника на един support: Малко хардуерец се продава тук

This post was syndicated from: Дневника на един support and was written by: darkMaste. Original post: at Дневника на един support

Малко хардуерец се продава тук :
Hard western digital wd 1600js 160gb 40 кинта
Кутия за външен хард  Coba nitroX xtended С адаптер 50 кинта
Дъно Gigabyte F2A55-DS3  и  Amd A4 4000  3.2ghz Dual core 150 кинта
sapphire R9 280X два броя по 450 кинта ( ако се земат и двата броя може да се говори за отстъка )

За контактност с мене
Skype – SmallDickNinja
https://www.facebook.com/SmallDickNinja

TorrentFreak: Facebook Shuts Down ExtraTorrent’s Official Page

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

etfacebookWith regular competitions and frequent status updates ExtraTorrent has a very active community on Facebook.

Or had, we should say.

After sailing clear for nearly three years, Facebook decided to pull the plug on the site this morning citing a third-party copyright complaint.

“We have removed or disabled access to the following content that you have posted on Facebook because we received a notice from a third-party that the content infringes their copyright(s),” Facebook wrote.

According to Facebook the ExtraTorrent page was considered to be a repeat copyright infringer, but the staff of the torrent site refutes this characterization.

ExtraTorrent’s staff tells TF that they were careful not to link directly to infringing content after Facebook warned them two years ago. However, Google cache does show occasional links to pages that list pirated movies.

Facebook’s takedown message
extratorrent-facebook-page-removed

The last notice ExtraTorrent received from Facebook came in yesterday. This takedown notice complained about a post from two years ago which linked to a torrent of the film Elysium.

“This post was published in 2013. It’s very curious. Looks like Facebook removed the ExtraTorrent Page because of a post from 2013,” ET’s staff tells us.

This is not the first time that ExtraTorrent has been kicked from Facebook. The same happened three years ago when the site’s official page had roughly 140,000 fans.

Despite the new setback, the torrent site is not giving up on Facebook just yet. They quickly launched a new page which quickly gathered thousands of followers, and many more are sure to follow.

Extratorrent’s new Facebook page
extraface

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Errata Security: Revolutionaries vs. Lawyers

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

I am not a lawyer; I am a revolutionary. I mention this in response to Volokh posts [1, 2] on whether the First Amendment protects filming police. It doesn’t — it’s an obvious stretch, and relies upon concepts like a protected “journalist” class who enjoys rights denied to the common person. Instead, the Ninth Amendment, combined with the Declaration of Independence, is what makes filming police a right.

The Ninth Amendment simply says the people have more rights than those enumerated by the Bill of Rights. There are two ways of reading this. Some lawyers take the narrow view, that this doesn’t confer any additional rights, but is just a hint on how to read the Constitution. Some take a more expansive view, that there are a vast number of human rights out there, waiting to be discovered. For example, some wanted to use the Ninth Amendment to insist “abortion” was a human right in Roe v. Wade. Generally, lawyers take the narrow view, because the expansive view becomes ultimately unworkable when everything is a potential “right”.

I’m not a lawyer, but a revolutionary. For me, rights come not from the Constitution. Bill of Rights, or Supreme Court decision. They come from the Declaration of Independence, the “natural rights” assertion, but also things like the following phrase used to justify the colony’s revolution:

…when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them [the people] under absolute Despotism, it is their right, it is their duty, to throw off such Government…

The state inevitably strives to protect its privilege and power at the expense of the people. The Bill of Rights exists to check this — so that we don’t need to resort to revolution every few decades. The First Amendment protects free speech not because this is a good thing, but because it’s the sort of the thing the state wants to suppress to protect itself.

In this context, therefore, abortion isn’t a “right”. Abortion neither helps nor harms the despot’s power. Whether or not it’s a good thing, whether it should be legal, or even whether the constitution should mention abortion, isn’t the issue. The only issue here is how it relates to government power.

Thus, we know that “recording police” is a right under the Declaration of Independence. The police want to suppress it, because it challenges their despotism. We’ve seen this in the last year, as films of police malfeasance has led to numerous protests around the country. If filming the police were illegal in the United States, this would be an usurpation that would justify revolt.

Everyone knows this, so they struggle to fit it within the constitution. In the article above, a judge uses fancy rhetoric to try to shoehorn it into the First Amendment. I suggest they stop resisting the Ninth and use that instead. They don’t have to accept an infinite number of “rights” in order to use those clearly described in the Declaration of Independence. The courts should simply say filming police helps us resist despots, and is therefore protected by the Ninth Amendment channeling the Declaration of Independence.

The same sort of argument happens with the Fourth Amendment right to privacy. The current legal climate talks about a reasonable expectation of privacy. This is wrong. The correct reasoning should start with a reasonable expectation of abuse by a despot.

Under current reasoning about privacy, government can collect all phone records, credit card bills, and airline receipts — without a warrant. That’s because since this information is shared with a third party, the company you are doing business with, you don’t have a “reasonable expectation of privacy”.

Under my argument about the Ninth, this should change. We all know that a despot is likely to abuse these records to maintain their power. Therefore, in order to protect against a despot, the people have the right that this information should be accessible only with a warrant, and that all accesses by the government should be transparent to the public (none of this secret “parallel construction” nonsense).

We all know there is a problem here needing resolution. Cyberspace has put our “personal effects” in the cloud, where third parties have access to them, that we still want to be “private”. We struggle with how that third party (like Facebook) might invade that privacy. We struggle with how the government might invade that privacy. It’s a substantial enough change that I don’t thing precedence guides us, not Katz, not Smith v Maryland. I think the only guidance comes from the founding documents. The current state of affairs means that cyberspace has made personal effects obsolete — I don’t think this is correct.

Lastly, this brings me to crypto backdoors. The government is angry because even if Apple were to help them, they still cannot decrypt your iPhone. The government wants Apple to put in a backdoor, giving the police a “Golden Key” that will decrypt any phone. The government reasonably argues that backdoors would only be used with a search warrant, and thus, government has the authority to enforce backdoors. The average citizen deserves the protection of the law against criminals who would use crypto to hide their evil deeds from the police. When an evil person has kidnapped, raped, and murdered your daughter, all data from their encrypted phone should be available to the police in order to convict them.

But here’s the thing. In the modern, interconnected world, we can only organize a revolution against our despotic government if we can send backdoor-free messages among ourselves. This is unlikely to be much of a concern in the United States, of course, but it’s a concern throughout the rest of the world, like Russia and China. The Arab Spring was a powerful demonstration of how modern technology mobilized the populace to force regime change. Despots with crypto backdoors would be able to prevent such things.

I use Russia/China here, but I shouldn’t have to. Many argue that since America is free, and the government under the control of the people, that we operate under different rules than those other despotic countries. The Snowden revelations prove this wrong. Snowden revealed a secret, illegal, mass surveillance program that had been operating for six years under the auspices of all three branches (executive, legislative, judicial) and both Parties (Republican and Democrat). Thus, it is false that our government can be trusted with despotic powers. Instead, our government can only be trusted because we deny it despotic powers.

QED: the people have the right to backdoor-free crypto.

I write this because I often hang out with lawyers. They have a masterful command of all the legal decisions and precedent, such as the Katz decision on privacy. It’s not that I disrespect their vast knowledge on the subject, or deny their reasoning is solid. It’s that I just don’t care. I’m a revolutionary. Cyberspace, 9/11, and the war on drugs has led to an alarming number of intolerable despotic usurpations. If you lawyer people believe nothing in the Constitution or Bill of Rights can prevent this, then it’s our right, even our duty, to throw off the current system and institute one that can.

The Hacker Factor Blog: Email Delivery Errors

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Email seems like a necessary evil. While I dislike spam, I like the non-immediate nature of the communication and the fact that messages can queue up (for better or for worse). And best of all, I can script actions for handling emails. If the email matches certain signatures, then the script can mark it as spam. If it comes from certain colleagues, then the script can mark it as urgent. In this regard, I think email is better than most communication methods.

Other forms of communication have their niche, but they also have their limitations. For example:

  • Phone. If the phone is there for my convenience, then why do I have to drop everything to answer it? (Dropping everything is not convenient.) And I have never had an answering machine show me the subject of the call before listening to it. Most answering machines require you to listen to message in the order they were received.

  • Chat rooms. Does anyone still use IRC or Jabber/XMPP? Real-time chat rooms are good if everyone is online at the same time. But if we’re all online and working together on a project, then it is just as easy to do a conference call on the phone, via Skype, or using any of those other VoIP protocols. Then again, most chat rooms do have ways to log conversations — which can be great for documenting progress.
  • Twitter. You rarely see details in 140 characters. It’s also hard to go back and see previous messages. And if you are following lots of people (or a few prolific people), then you might miss something important. (I view Twitter like the UDP of social communications… it’s alright to miss a few packets.)
  • Text messages. These are almost as bad as Twitter. At least with Twitter, I’m not charged per message.
  • Message boards. Whether it’s forum software, comments on a blog, or a private wall page at Facebook, message boards are everywhere. You can set topics, have threaded replies, etc. However, messages are restricted to members. If I am not a member of the message board, then I cannot leave you a message. (Message boards without membership requirements are either moderated or flooded with spam.) And there may be no easy way for someone to search or recall previous discussions.
  • Private messages. LinkedIn, Facebook, Flickr, Imgur, Reddit… Most services have ways to send private messages between members. This is fine if everyone you know uses those services. But messages are limited to the service.

In contrast, email permits large messages to be sent in a timely manner to people who use different services. If I cannot get to the message immediately, then it will sit in my mailbox — I will get to it when it is convenient. I can use my home email system to write to friends, regardless of whether they use Gmail, Yahoo, or Facebook. There are even email-to-anything and anything-to-email crossover systems, like If-this-then-that. Even Google Voice happily sends me email when someone leaves a message. (Google Voice also tries to translate the voice mail to text in the email. I know it’s from my brother when Google writes, “Unable to transcribe this message.”)

Clear Notifications

As automated tasks go, it is very common to have email sent as a notification. My RAID emails me monthly with the current status (“everything’s shiny!”) When one of my Linux servers had a memory failure, it emailed me.

Over at FotoForensics, I built an internal messaging system. As an administrator, I get notices about certain system events. I’ve even linked these messages with email — administrators get email when something important is queued up and needs a response. This really helps simplify maintenance — I usually get an email from the system every few days.

When users submit comments, I get a message. And I’ve designed the system to allow me to respond to the user via email. (This is why the comment form asks for an email address.) For the FotoForensics Lab service, I even configured a double-opt-in system so users can request accounts without my assistance.

And therein lies a problem… The easier it is to send messages, the easier it is to abuse it with spam. Over the decades, people have employed layers upon layers of spam detectors and heuristics to mitigate abuse.

With all of the layers of anti-spam crap that people use, creating a system that can send a status email or a double-opt-in message to anyone who requests contact can get complicated. It’s not as simple as calling a PHP function to send an email. In my experience, the PHP mail() function will succeed less than half of the time; usually the PHP mail() messages get discarded by spam filters.

Enabling Email

Even though my system works most of the time, I still have to fight with it occasionally in order to make sure that users receive responses to inquires. Some of the battles I had to fight so far:

  • Blacklists. Before you begin, make sure that your network address is not on any blacklists. If your network address was previously used by a spammer, then you’ve inherited a blacklisted address and nobody will receive your emails. Getting removed from blacklists ranges from difficult to impossible. And as long as your system is blacklisted, most people will not receive your emails.

  • Scripts. Lots of spammers use scripts. If you use a pre-packaged script to generate outgoing email, then it is likely to be identified as spam. This happens because different tools generate different signatures. If your tool matches the profile of a tool known to send spam, then it will be filtered. And chances are really good that spammers have already abused any pre-packaged scripts for sending spam.
  • Real mail. The email protocols (SMTP and ESMTP) are pretty straightforward. However, most scripts to send email only do the bare minimum. In particular, they usually don’t handle email errors very well. I ended up using a PHP script that communicates with my real mail server (Postfix). The postfix server properly delivers email and handles errors correctly. I’ve configured my postfix server to send email, but it never receives email. (Incoming email goes to a different mail server.)

At this point — with no blacklists, custom scripts, and a real outgoing email server — I was able to send email replies to about half of the people who requested service information. (Replying to people who fill out the contact form or who request a Lab account.) However, I still could not send email to anyone using Gmail, AOL, Microsoft Outlook, etc.

  • SPF. By itself, email is unauthenticated; anyone can send email as anyone. There are a handful of anti-spam additions to email that attempt to authenticate the sender. One of the most common ones is SPF — sender permitted from. This is a DNS record (TXT field) that lists the network addresses that can send email on behalf of a domain. If the recipient server sees that the sender does not match the SPF record, then it can be immediately discarded as spam.

    Many professional email services require an SPF record. Without it, they will assume that the email is unauthenticated and from a spammer. Enabling SPF approaches the 90% deliverable mark. Email can be delivered to Gmail, but not AOL or anyone using the Microsoft Outlook service.

  • Reverse hostnames. When emailing users at AOL, the AOL server would respond with a cryptic error message:

    521 5.2.1 : AOL will not accept delivery of this message.

    This is not one of AOL’s documented error codes. It took a lot of research, but I finally discovered that this is related to the reverse network address. Both AOL and Microsoft require the sender’s reverse hostname to resolve to the sender’s domain name. (Or in the case of AOL, it can resolve to anything except an IP address. If a lookup of your network address returns a hostname with the network address in it, then AOL will reject the email.) If you have a residential service (like Comcast or Verizon), then the reverse DNS lookup will not be permitted — you cannot send email to AOL directly from most residential ISPs. Fortunately, my hosting provider for FotoForensics was able to set my reverse DNS so I could send email from the FotoForensics server.

  • Microsoft. With everything else done, I could send email to all users except those who use the Microsoft Outlook service. The error message Microsoft returns says (with recipient information redacted):
    <recipient@recipient.domain>: host
    recipient.domain.mail.protection.outlook.com[213.x.x.x>] said: 550 5.7.1
    Service unavailable; Client host [65.x.x.x>] blocked using FBLW15; To
    request removal from this list please forward this message to
    delist@messaging.microsoft.com (in reply to RCPT TO command)

    This cryptic warning is Microsoft’s way of saying that I need to contact them first and get permission to email their users.

    In my experience, writing in to ask permission will get you nowhere. Most services won’t answer the phone, ignore emails about delivery issues, and won’t help you at all. However, with Microsoft, I really had no other option. They didn’t give me any other option to contact them.

    With nothing left to lose, I bounced the entire email with the error message, original email, and headers, to Microsoft. I was actually amazed when I received an automated email with a trouble ticket number and telling me to wait 24 hours. I was even more amazed when, after 10 hours, I received a confirmation that the block was removed. I resent the FotoForensics contact form reply to the user… and it was delivered.

While I am thrilled to see that my server can now send replies to requests at every major service, I certainly hope other services do not adopt the Microsoft method. If my server needs to send replies to users at 100 different domains, then I do not want to spend time contacting each domain first and begging for permission to contact their users.

(Fortunately, this worked. If writing to Microsoft had not worked, then I was prepared to detect email addresses that use Outlook as a service and just blacklist them. “Please use a different email service since your provider will not accept email from us.”)

The dog ate it

While email is a convenient form of communication, I still have no idea whether I’ve fixed all of the delivery issues. Many sites will silently drop email rather than sending back a delivery error notice. Although I believe my outgoing email system now works with Gmail, Microsoft, Yahoo, AOL, and most other providers, the message may still be filtered somewhere down the line. (Email lacks a reliable delivery confirmation system. Hacks like web bugs and return receipts are unsupported by many email services.) It’s very possible for a long reply to never reach the recipient, and I’ll never know it.

Currently, the site sends about a half-dozen emails per day (max). These are responses to removal and unban requests, replies to comments, and double-opt-in messages (you requested an account; click on this link to confirm and create the account). I honestly never see a future when I will use email to promote new services or features. (Having spent decades tracking down spammers and developing anti-spam solutions, I cannot see myself joining the dark side.)

Of course, email is not the only option for communication. I’ve just started learning about WebRTC and HTML5 — I want to be able to give online training sessions and host voice calls via the web browser.

LWN.net: 3 big lessons I learned from running an open source company (Opensource.com)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Over at Opensource.com, Lucidworks co-founder and CTO Grant Ingersoll writes about lessons he has learned from running an open-source company. “You might ask, ‘Why not open source it all and just provide support?’ It’s a fair question and one I think every company that open sources code struggles to answer, unless they are a data company (e.g., LinkedIn, Facebook), a consulting company, or a critical part of everyone’s infrastructure (e.g., operating systems) and can live off of support alone. Many companies start by open sourcing to gain adoption and then add commercial features (and get accused of selling out), whereas others start commercial and then open source. Internally, the sales side almost always wants “something extra” that they can hang their quota on, while the engineers often want it all open because they know they can take their work with them.

Блогът на Юруков: 8 години блогване

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Днес осъзнах, че блогът ми навърши 8 години. На 11 май 2007-ма съм публикувал първата си статия, а скоро след това спрях видео блога си във VBox7. Прегледах ранните си статии и се чудя с какъв акъл съм ги писал. За написаното в доста от тях съм си променил мнението отдавна. Интересен поглед е обаче върху това как съм разсъждавал тогава.

За този период съм написал над 1000 статии с 21000 коментара. Имат няколко милиона посещения, като най-голям интерес има към тези за ваксините, образованието и наргилето. Най-популярната статия, за жалост, е една с настройки за сигурност за Facebook. Дори нямам намерение да я линквам – отдавна не е актуална и съм го написал отгоре, но продължават да я споделят. Не чак такъв интерес, какъвто ми се иска, има към тези за данните и изборите, въпреки, че последната ми визуализация стана viral.

Натиснете за по-голям размер

Нещо, което ми направи впечатление е, че напоследък правя все повече редакции на статиите си преди да ги пусна. Често оправям смислови и граматически грешки или допълвам след това. Така някои статии се оказват с по 30-40 ревизии в блога. Изкарах статистика, която ясно показва как намалява честотата на писането ми, но се увеличава значително подготовката на всяка статия.

The Hacker Factor Blog: Goodbye Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Over the last few blog entries, I have been overly critical of Google. It isn’t that I have suddenly taken a personal hatred of the company. Rather, choices that the company has made over the last few years have finally culminated into enough pain for me to complain about it.

The good ol’ days

The Internet is not static. Dominant and popular services today will transition over time to something less desirable.

I remember back in the early 1990s having debates about whether Lycos, Alta Vista, or Infoseek was the best online search engine. (Alta Vista… definitely Alta Vista.)

Then came Ask Jeeves. It was the first real natural language search engine. The interface sucked, the results were lacking, but the concept was novel.

Google didn’t start up until the late 1990s. The simplified user interface, fast responses, and solid results quickly made it a dominant force in the search engine market.

During that same time, Microsoft was synonymous with “evil empire”. Their software was slow, Microsoft-oriented (including lawsuits related to Microsoft disabling competing software), and didn’t work very well. The company couldn’t even decide on a good search engine service. They went from LookSmart to Live Search to MSN Search to Bing… Right now, they seem to have settled on Bing.

But old biases die hard — a lot of people don’t use Bing because they still think of Microsoft as an evil empire. (In my opinion, they are still an empire, but not as blatantly evil. I recently started using Bing as an alternative to Google.)

Back to today…

Over the years, my own needs have changed from simple search queries to business-oriented searches. I run a few web sites, develop technologies, and link to online services for augmenting results.

I used to be heavily dependent on Google’s services. Sometimes it was because Google was the only option. Other times it was because they were the easiest option. Or maybe it was because I was doing everything else at Google, so I thought it would be easier to use them as a one-stop shop.

Unfortunately, the number of things that I dislike about Google has grown into a very large list. Here’s my top 7 dislikes related to Google:

1. Google’s Homepage

Google used to have a very simple homepage. A search box and a search button. You typed a query and hit search. The results came back fast and were accurate.

Today, they have made the homepage more complicated. The “Google Doodle” went from a rare occurrence to every few days. It used to be a picture, but today it is animated. As many people have pointed out, the animated doodles makes Google’s homepage difficult to use. The page becomes very slow and sometimes non-responsive.

The thing that has set me off today is their doodle for “Bartolomeo Cristofori, inventor of the piano, was born 360 years ago today!” I have nothing against Cristofori or pianos. Rather, it’s the animated doodle. My office has four computers within arms reach of me. On every single one of them, the doodle consumes so many resources that the browser has become virtually unusable. If I cannot use the search engine for quickly searching the web, then their service is not worth the bandwidth.

Today I changed my browsers from opening up Google to opening up a blank page. In the near future, I will probably set the default to Bing.

Keep in mind, Bing certainly isn’t perfect. Between the scrolling pictures and popups and changing backgrounds, they have a distracting web page. But at least it loads fast and I can easily type in a search query.

2. Search Entry and Hints

When I go to a search engine, I’m usually doing it for business. Time is money. I don’t want to wait for the page to load and I rarely pay attention to the real-time hints as I type.

With Google, their real-time hints (the drop-down list of possible search queries) gets really annoying. First, it dramatically slows down the rate that I can type in my query. Second, it usually isn’t helpful for me. And third, sometimes it stays down — blocking search results.

Bing does the same drop-down hints. But unlike Google, Bing is fast and their window doesn’t stay down covering results. And keep in mind, I’m using these search engines with the exact same browser on the exact same computer.

Yahoo Search has a slower drop-down. But, it doesn’t slow down my typing and it vanishes when I leave the search box.

3. Search Results

Google, Bing, and Yahoo Search all have similar search results. I really cannot say that the quality of results from one is better than another — they all fill different niches. Google finds more popular results, Bing returns more variety, and Yahoo may not have indexed as much of the Internet, but they also don’t return tons of cruft. I find Yahoo good for popular relevancy.

However, recently Google started prioritizing results based on how web pages look. Results from pages that are not, in Google’s opinion, designed for mobile devices will be throttled or censored from searches on mobile devices. When I do searches, I care more about relevancy than aesthetics. Since Google now places a higher importance on aesthetics than relevancy, I can no longer trust that Google’s search engine will return the results that I desire.

(I also find it ironic that Google places such a high emphasis on mobile usability. Yet, their homepage today makes their site virtually unusable on my desktop computers.)

4. Ads vs Content

I don’t like ads. I view sites that host third-party ads as sites that don’t know how to use their own real estate. (“I don’t know what to do over there, so let’s rent it out to a third-party! They know how to use it!”) Revenue from third-party ads is for companies that don’t know how to monetize their own products.

With Bing and Yahoo, ads are listed in the right-hand column of my desktop’s search results. They may also have ads at the top or bottom of the search results, but it is easy to distinguish ads from search results.

With Google? There are ads in the right column and ads at the top and ads within the search results. They make it hard to distinguish ads from content. And with some queries, there are more ads than results.

I used to subscribe to Wired Magazine. But between the change in content (from articles with a technical link to clearly biased with multiple inaccuracies), an increase in blatant advertorials, and page after page of ads that look like articles, I decided that it wasn’t worth the cost of the subscription. By the same means, I don’t think Google’s search results are worth the effort needed to distinguish results from ads.

5. Maps

I frequently use online maps for work. Sometimes it is to find directions, but usually it is associated with geolocation and tracking bad guys online.

Until the end of last year, I was heavily dependent on Google Maps. My change in preference happened when Google completely switched from their old mapping system to the new one. I find their new mapping interface to be extremely slow and cluttered with icons and banners. The first thing I do after any map search is close half of the popups and overlays — that’s a usability issue for Google. My laptop is a netbook — about half of the window is covered up by junk. And of course, there’s the drop-down search bar that never seems to go back up.

In contrast, Bing and MapQuest (yes, MapQuest is still around) have very fast interfaces and they don’t clutter the map with other windows.

I do like the URL parameters for calling Google Maps. Both MapQuest and Google Maps just need a query parameters (q=). In contrast, Bing has a much more complicated interface. (You can’t just say “cp=coordinates”… you need “cp=lat~lon&rtp=pos.lat_lon”. Why the change in delimiter? Who knows… Microsoft has never been known for having simple interfaces.) And don’t get me started with Yahoo Maps; I couldn’t figure out their URL parameters.

Earlier today, I changed my geolocation and profiling code from using Google Maps to supporting Google, Bing, and MapQuest — configurable, with Bing being the default map service. In my next code push to clients, they will see the links to map services has changed from Google to Bing.

6. Harvesting Content

In order for a search engine to get content, they must scan the Internet for web sites. A few years ago, I noticed that Google was submitting crap to every text entry form on my web site. I think they wanted to index every possible search result. I ended up making a code change that explicitly prevented form submissions from Google.

When I started ForoForensics, someone at Google decided to upload every picture from Imgur to my site. This is an abuse of my site as well as a violation of Imgur’s terms of service. I ended up putting in another special rule, just for Google. Initially, I prevented Googlebot from performing uploads. Today, it prevents anyone at Google from uploading pictures to FotoForensics. (Well, most of Google is blocked.)

In contrast, Bing, Yahoo, and most other search engines make no attempt to upload content or abuse my entry forms.

7. Other Services

I use other online services, but not as much as search or maps. I’m not on Facebook, LinkedIn is virtually unusable, and Google Groups is really nothing more than Deja News, but with fewer configuration options. (And the options they do have are buried in a half-dozen places.) I find the Google+ interface to be far from intuitive and definitely unfriendly. Google Hangouts is hard to use, but Google Docs can be good for collaborative efforts… if we can figure out how to share docs. (I can share with them, but they cannot share with me due to some higher level privacy settings or something…)

I use Google’s Picasa service for storing pictures. However, I still use the old Picasa interface. The newer interface doesn’t work with many of the browsers that I use. I also find the newer interface to be as confusing as Google Hangouts.

For email, I almost never use Google. When I need it, I usually use their POP3 or IMAP network service to transfer email to my local mail client. Between Google’s “folders that are not folders” and “delete that isn’t delete”, I try not to use their web mail interface.

I used to use Google’s email alerts. When Google would come across something that matched my query, they would send me an email notice. But the emails became less and less frequent. It isn’t that nothing was happening. Rather, they just were not notifying me, or were notifying me days later. Eventually, I unsubscribed since they were not sending me alerts in a reasonable amount of time.

I don’t use Google’s Analytics. In fact, I have NoScript configured to block that service. While I find the Analystics data informative, I also notice how it dramatically slows down web page loading. In my opinion, the speed impact is not worth the benefit from the data metrics.

Google Code was a great system. Developers like me could readily search and access and interact with lots of source code. Unfortunately, Google Code is going away.

And then there is Google’s high-speed Internet. It isn’t available where I live. And “Google Wireless” at my local Starbucks actually uses Comcast…

I still use Google Voice and Google Translate, but those really seems to be the last vestiges of the old Google mentality.

Leaving Google

I know a few people who work at Google. They are all friendly and very smart. My problem isn’t with any specific employees. Instead, I find their corporate offerings to be lacking. Google has evolved from a company with a variety of easy to use services to a company with more services but much less usability. And if I cannot easily use the service, then I’d rather switch to another service that I can easily use.

There’s still time for Google to turn things around. They could reintroduce usability. They could focus on responsiveness and relevancy. They could test on multiple platforms before releasing code. They could stop trying to integrate disparate services into an ad hoc interface; they should stop forcing square pegs into round holes. But until that happens, I’m switching primary services.

I’ve already switch away from Google Maps. I’m moving away from Google Search. And I’m thinking about moving off of Google’s Picasa. I barely use Google Groups. I try to avoid Google Docs, Google Hangouts, and Google’s Gmail interface. Google used to be the giant that everyone envied. Today, I’m thinking that Microsoft and Yahoo offer viable alternatives.

Krebs on Security: China Censors Facebook.net, Blocks Sites With “Like” Buttons

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Chinese government censors at the helm of the “Great Firewall of China” appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook’s “like” buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively blocking millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.

fblikeunlike

Sometime in the last 24 hours, Web requests from within China for a large number of websites were being redirected to wpkg.org, an apparently innocuous site hosting an open-source, automated software deployment, upgrade and removal program for Windows.

One KrebsOnSecurity reader living in China who was inconvenienced by the glitch said he discovered the problem just by trying to access the regularly non-blocked UK newspapers online. He soon noticed a large swath of other sites were also being re-directed to the same page.

“It has the feel of a cyber attack rather than a new addition to the Great Firewall,” said the reader, who asked not to be identified by name. “I thought it might be malware on my laptop, but then I got an email from the IT services at my university saying the issue was nation-wide, which made me curious. It’s obviously very normal for sites to be blocked here in China, but the scale and the type of sites being blocked (and the fact that we’re being re-directed instead of the usual 404 result) suggests a problem with the Internet system itself. It doesn’t seem like the kind of thing the Chinese gov would do intentionally, which raises some interesting questions.”

Nicholas Weaver, a researcher who has delved deeply into Chinese censorship tools in his role at the International Computer Science Institute (ICSI) and the University of California, Berkeley, agrees that the blocking of connect.facebook.net by censors inside the country was likely a mistake.

“Any page that had a Facebook Connect element on it that twas unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org,” Weaver said, nothing that while Facebook.com always encrypts users’ connections, sites that rely on Facebook “like” buttons and related resources draw those from connect.facebook.net. “That screw-up seems to have been fairly quickly corrected, but the effect of it has lingered because it got into peoples’ domain name system (DNS) caches.”

In short, a brief misstep in censorship can have lasting and far flung repercussions. But why should this be considered a screw-up by Chinese censors? For one thing, it was corrected quickly, Weaver said.

“Also, the Chinese censors don’t benefit from it, because this caused a huge amount of disruption to Chinese web surfers on pages that the government doesn’t want to censor,” he said.

Such screw-ups are not unprecedented. In January 2014, Chinese censors attempting to block Greatfire.org — a site that hosts tools and instructions for people to circumvent restrictions erected by the Great Firewall — inadvertently blocked all Chinese Web surfers from accessing most of the Internet.

Doing censorship right — without introducing the occasional routing calamities and unintended consequences — is hard, Weaver said. And China isn’t the only nation that’s struggled with censorship goofs. The United Kingdom filters its providers’ Internet traffic for requests to known child pornography material. In 2008, a filtering system run by the U.K-based Internet Watch Foundation flagged the cover art for the album Virgin Killers by the rock band Scorpions as potential child porn. As a result, the system placed several pages from Wikipedia on its Internet black list.

The British child porn filtering system checked for requests to images flagged as indecent by using a proxying the traffic through a specific system. So when U.K. residents tried to edit Wiki pages following the blacklisting, Wikipedia saw those requests as huge numbers of users all trying to edit Wiki pages from the same Internet addresses, and blocked the proxy address — effectively cutting off U.K. users from editing all Wiki pages for several days.

Suggested further reading:

Don’t Be Fodder for China’s ‘Great Cannon’

TorrentFreak: Leaked Piracy Report Details Fascinating Camcording Investigations

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

spyThis week the UK’s Federation Against Copyright Theft (FACT) released its latest report detailing the rewards presented to cinema workers who disrupt so-called movie “cammers”. FACT is the main group to release this kind of report and no equivalent is regularly made available from any other English speaking countries.

While the insight is useful to build a picture of “anti-camming” activity in the UK, FACT is obviously selective about the information it releases. While big successes receive maximum publicity, relative failures tend to be brushed under the carpet. Something else the group would like to keep a secret are presentations made to Sony Pictures in 2010, but thanks to a trove of leaked emails that is no longer possible.

The presentation begins with FACT stating that it’s the “best known and most respected industry enforcement body of its kind in the UK” and one that has forged “excellent relationships with “public enforcement agencies and within the criminal justice system”.

fact1

FACT goes on to give Sony several examples of situations in which it has been involved in information exercises sharing with the authorities. The exact details aren’t provided, but somewhat surprisingly FACT says they include murder, kidnap and large-scale missing persons investigations.

But perhaps of most interest are the details of how the group pursues those who illegally ‘cam’ and then distribute movies online. The presentation focuses on the “proven” leak of five movies in 2010, the total from UK cinemas for that year.

Vue Cinemas, North London

First up are ‘cams’ of Alice in Wonderland and Green Zone that originated from a Vue Cinema in North London. Noting that both movies had been recorded on their first day using an iPhone (one during a quiet showing, the other much more busy), the presentation offers infra-red photographic evidence of the suspect recording the movies.

Alice in Wonderland camming

fact-3

Green Zone camming

fact-2

Cineworld – Glasgow

The documentation behind this Scotland-based investigation is nothing short of fascinating. FACT determined that their suspect was the holder of a Cineworld Unlimited pass which at the time he had used 14 times.

On three occasions the suspect had viewed the movie Kick-Ass, including on the opening day. The ‘cammed’ copy that leaked online came from that viewing. The suspect also viewed Clash of the Titans, with a camcorded version later appearing online from that session. The man also attended three Iron Man 2 viewings at times which coincided with watermarks present on the online ‘cammed’ copies.

Working in collaboration with the cinema, FACT then obtained CCTV footage of the man approaching a cash desk.

fact-4

Putting it all together

The most interesting document in the entire presentation is without doubt FACT’s investigative chart. It places the holder of the Cineworld Unlimited pass together with a woman found as a friend on his Facebook page. Described as IC1 (police code for white/caucasian), FACT note that the pair attended the Cineworld Cinema together on at least one occasion.

The unnamed female is listed at a property in Glasgow and from there things begin to unravel. An IP address connected with that residence uploaded a copy of Kick-Ass which was later made available by an online release group. The leader of that group was found to have communicated with the unknown cammer of the movie but who FACT strongly suspected to be the man in the images taken at the cinema. He was later arrested and confessed to his crimes.

fact-5

The full document provides a fascinating insight into FACT’s operations, not only in camming mitigation but also in bringing down websites. Another notable chart shows the operations of an unnamed “video streaming” site.

fact-6

While no names are mentioned, a later edition of the same presentation blanks out key details, suggesting a level of sensitivity. However, after examining the chart it appears likely that it refers to Surf the Channel, the site previously run by Anton Vickerman.

Considering the depth and presentation of the above investigations it will come as no surprise to most that many FACT investigators are former police officers. For the curious, the full document can be found here on Wikileaks.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: “Hinky” in Action

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

In Beyond Fear I wrote about trained officials recognizing “hinky” and how it differs from profiling:

Ressam had to clear customs before boarding the ferry. He had fake ID, in the name of Benni Antoine Noris, and the computer cleared him based on this ID. He was allowed to go through after a routine check of his car’s trunk, even though he was wanted by the Canadian police. On the other side of the Strait of Juan de Fuca, at Port Angeles, Washington, Ressam was approached by U.S. customs agent Diana Dean, who asked some routine questions and then decided that he looked suspicious. He was fidgeting, sweaty, and jittery. He avoided eye contact. In Dean’s own words, he was acting “hinky.” More questioning — there was no one else crossing the border, so two other agents got involved — and more hinky behavior. Ressam’s car was eventually searched, and he was finally discovered and captured. It wasn’t any one thing that tipped Dean off; it was everything encompassed in the slang term “hinky.” But the system worked. The reason there wasn’t a bombing at LAX around Christmas in 1999 was because a knowledgeable person was in charge of security and paying attention.

I wrote about this again in 2007:

The key difference is expertise. People trained to be alert for something hinky will do much better than any profiler, but people who have no idea what to look for will do no better than random.

Here’s another story from last year:

On April 28, 2014, Yusuf showed up alone at the Minneapolis Passport Agency and applied for an expedited passport. He wanted to go “sightseeing” in Istanbul, where he was planning to meet someone he recently connected with on Facebook, he allegedly told the passport specialist.

“It’s a guy, just a friend,”he told the specialist, according to court documents.

But when the specialist pressed him for more information about his “friend” in Istanbul and his plans while there, Yusuf couldn’t offer any details, the documents allege.

“[He] became visibly nervous, more soft-spoken, and began to avoid eye contact,” the documents say. “Yusuf did not appear excited or happy to be traveling to Turkey for vacation.”

In fact, the passport specialist “found his interaction with Yusuf so unusual that he contacted his supervisor who, in turn, alerted the FBI to Yusuf’s travel,” according to the court documents.

This is what works. Not profiling. Not bulk surveillance. Not defending against any particular tactics or targets. In the end, this is what keeps us safe.

TorrentFreak: Major Record Labels Sue MP3Skull Over Mass Piracy

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

skullUnauthorized MP3 download sites have been a thorn in the side of the music industry for many years, and a group of well-known labels are now targeting one of the biggest players in the market.

The coalition of record labels including Capitol Records, Sony Music, Warner Bros. Records and Universal Music Group have filed a lawsuit against MP3Skull, currently operating from the Tonga based .to domain name.

In the complaint filed at a Florida District Court (pdf) the studios describe MP3Skull as a business that’s designed and operated to promote copyright infringement on a commercial scale.

“MP3Skull is a website that is devoted to the infringement of copyrighted sound recordings on a massive scale, from which Defendants derive substantial revenue every year,” the complaint reads.

“At the core of MP3Skull is a database that, according to Defendants, contains millions of links to MP3 music files from around the Internet,” it adds.

MP3Skull has been around for several years and lists links to popular music tracks scattered around the web, free of charge. The operators of the site are not publicly known but the labels note that the Russian Monica Vasilenko was previously listed in the site’s Whois information.

Besides offering a comprehensive database of links to music tracks, the labels also accuse the site’s operators of actively promoting piracy through social media. Among other things, MP3Skull helped users to find pirated tracks after a takedown notice purge.

“MP3Skull’s official Twitter and Facebook pages contain several communications from Defendants openly encouraging users to download obviously infringing files, links to which were removed following takedown requests from copyright owners,” the labels write.

“On several occasions, Defendants outlined various workarounds that users could employ to download MP3 files because the site was ‘forced’ to ‘remove a huge amount of our searches’ following takedown requests from copyright organizations,” the add.

As a result of its allegedly infringing activities the site has gathered a broad audience of millions of users, resulting in significant losses from the record labels.

“As a direct result of Defendants’ widespread and brazen infringement of Plaintiffs’ copyrighted works, MP3Skull has become one of the most popular illicit music download sites on the Internet, attracting millions of users from the United States and generating significant revenue for Defendants.”

The complaint list more than 100 popular tracks that are freely available on MP3Skull. This means that the site’s operators face over $15 million in statutory damages.

Perhaps more importantly, given the anonymous nature of the site’s operators, is the broad preliminary injunction the record labels request.

Among other things, the proposed measures would prevent domain registrars, domain registries, hosting companies, advertisers and other third-party outfits from doing business with the site. If granted, the MP3Skull operators will have a hard time keeping the site afloat in its current form.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Блогът на Юруков: Лошите на пътя

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Намирам за странна тезата, че проблемите по пътищата ни се дължат на 2-3ма, които карат като луди, а не на повечето от останалите, които нарушават „леко“ правилата, защото „какво толкова“, „всички го правят“ и „аз съм опитен и с хубава кола, така че може“. Чуха се определения, че ония са генетични грешки, гниди, убийци, както и призиви за смърно наказание. Още по-непонятна ми е идеята, че трябва да ги подложим на публичен линч, вместо да натискаме да се прилага законът както трябва.

България има почти двойно повече смъртни случаи по пътищата на глава от населението отколкото повечето европейски държави. Това до известна степен се дължи на лошите пътища и старите коли, но най-вече на непредпазливото каране на голяма част от участниците в движението.

Пребивайки двама хулигани публично няма да възпре другите такива, но ще измести вината на всички останали, които „леко“ превишават скоростта, изпреварват на завои, паркират на стопове и карат с изгладени гуми. „Ето, наказахме виновния.“ Ситуацията е аналогична на тази с държавните вземания – искаме да накажем шепата хора укрили данъци от по няколко сотитин хиляди, докато в същото време най-големият проблем на държавата са стотиците хиляди укрили по няколко стотин лева.

Наистина, никой не е казал буквално, че проблемите по пътищата се дължат на 2-3ма, но всички се държим така. Отприщихме общественото недоволство към хаоса по пътищата и го изляхме върху тия двамата хулигани. Дали са нарушили закона – несъмнено. Дали трябва да влязат в затвора – може би. Пускат се често такива клипове и снимки с възгласи къде е държавата и защо тия не са още в затвора. Това си е точно линч, а линчът цели наказване на изкупителни жертви като пример за всички останали.

Работата е, че всички останали сме ние. Мърморим когато законът се прилага (вдигат ни колата като сме паркирали неправилно, глобавят ни за гладки гуми и колани), защото разбираш ли – „ние ли сме най-големия проблем на пътя“, а „ония с белите джипове не ги ловят“. Не искаме законът да работи за всички, защото така трябва да глобят и нас. Искаме да накажем публично няколкото брутални идиоти, за да се чувстваме по-добре за собствените си прегрешения.

В същото време никой не смята за проблем, че останалите от скорошните клипове са нарушили също правилата за движение, макар в много по-малка степен. Всъщност малко обърнаха внимание или дори знаеха, че това е нарушение. От записа с мотористите се вижда ясно, че изпреварват неправилно и карат с превишена скорост. Като го посочих, ме обвиниха, че защитавам ония с голфа и че непрекъснатата линия не важала за мотори.

Извадка от мнение, което пуснах във Facebook.

Linux How-Tos and Linux Tutorials: Tweaking Ubuntu Unity to Better Suit Your Needs

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Jack Wallen. Original post: at Linux How-Tos and Linux Tutorials

Unity scopes choice

Ubuntu Unity. Never before has there been a user interface to bring about such polar opinions. Users either love it or hate it—there’s very little middle ground. One of the reasons so many lay claim to their dislike of Unity is the lack of configuration options.

If you compare Unity to the likes of Xfce, you will certainly find that Unity does, in fact, lack a certain amount of available options. However, that does not mean the shell is locked down such that it cannot be configured. In fact, you’ll be surprised at just how much you can do with Unity. That is my goal here, to introduce you to some Unity tweaks you can easily manage in order to make the default Ubuntu desktop work perfectly for you.

Privacy

One issue that Ubuntu gets hit hard on is privacy. There are certain elements of Unity that make the interface incredibly efficient. One element is Scopes. With Scopes you can, from within the Dash, search anywhere—both locally and online—for anything. Problem is, some users see this as an invasion of their privacy. Thankfully, the developers of Unity foresaw this and ensured that users can easily configure Scopes to best suit their privacy needs.

First, let’s see how you can fine-tune Scopes to include (or exclude) locations from the web. Say, for example, you aren’t overly concerned about the privacy of your search results, but don’t want include all sources or categories in your results. Let me show you how.

  1. Open the Unity Dash (either clicking the Ubuntu logo on the Launcher or by clicking the Super key on your keyboard).

  2. When the Dash opens, click on Filter results.

  3. From the listing, enable and disable the sources and/or categories to fit your needs. (Figure 1)

When you set a filter, it should stick—so the next time you go to search using the Dash, the same categories and sources should remain.

For those that take their privacy seriously, you can completely disable online search results. To do this, follow these steps:

  1. Open the Dash.

  2. Type settings and, when it appears in the results, click to open the Settings tool.

  3. Click on Security & Privacy.

  4. Click on the When searching in the Dash ON/OFF slider (Figure 2) until it is set to OFF.

tweak unity 2

NOTE: Once you’ve disabled online search results, you will still see all local search results (which will include all locally attached drives).

Unity Tweak Tool

The Unity Tweak Tool is a must have for those who want to tweak Ubuntu Unity. With it you can not only tweak options (that aren’t available in the standards Settings tool) for Unity, but for the Window Manager, Appearance, and System. Configuration categories within the Unity Tweak Tool include:

  • Launcher

  • Search

  • Panel

  • Switcher

  • Web Apps.

Within each category you will find plenty of options to tweak.

To install the Unity Tweak Tool, simply open up the Ubuntu Software Center, search for “tweak”, and click to install. Once installed, you will find this tool as easy to use as the standard Settings tool.

One particular feature you might want to pay close attention to is the Web Apps category. Unity Web Apps brings desktop integration for particular websites and services (such as Amazon, Google Drive, or Facebook). By default Web Apps is enabled and Amazon and (the now defunct) Ubuntu One are installed. If you open the Ubuntu Software Center and do a search for “webapps”, you’ll find a number of additional apps to be integrated into Unity. The only caveat to adding Web Apps is that many of them simply offer little more than a shortcut to the website and no other features. To this end, many users opt to disable this Unity feature. The easiest way to do so is through Unity Tweak Tool. From within the Web Apps tab, switch the Integration prompts to OFF (Figure 3) and Unity will no longer prompt you to integrate sites.

Unity web apps disable

You should also uncheck any authorized domains already associated with Web Apps. This doesn’t actually remove Webapps integration, but you will not be prompted to include services and sites that happen to be available.

Workspace switcher

Oddly enough workspaces, a feature that has been a part of the Linux landscape for over a decade, defaults to off on the latest iterations of Linux. For many users, workspaces was one of the most efficient means of managing a busy Linux desktop.

Fortunately, workspaces can be enabled without having to install any third-party software. However, the setting is a bit hidden. Here’s how to enable workspaces:

  1. Open the Dash and type “settings” (no quotes)

  2. From the Settings window, click Appearance

  3. Click on the Behavior tab

  4. Click to enable workspaces (Figure 4).

tweak unity 4

To switch between workspaces, either click on the Workspace icon in the Launcher or tap and hold Ctrl+Alt and then tap either the right or left arrow key. You can also tap the Super+s key and then tap the arrow key to move to the workspace you want to use and hit the Enter key to give that workspace focus.

NOTE: You can also configure workspaces within the Unity Tweak Tool (where you can also configure the number of both vertical and horizontal workspaces).

Hotcorners

One oft-forgotten feature of Unity is hotcorners. What this feature does is set each corner of your desktop to a certain behavior. The available behaviors are:

  • Toggle desktop

  • Show workspace

  • Toggle windows spread

  • Spread all windows.

There are actually eight hotcorners that can be configured through the Unity Tweak Tool. From the Tweak Tool main window, click Hotcorners and then make sure the feature is set to ON (Figure 5).

Unity hotcorners

For each available hotcorner, click the drop-down and select the behavior you want to associate with that location.

There is one caveat to using this feature. If you have multiple monitors, setting the corners and edges can get tricky because hotcorners treats both monitors as one—so the right corners and edge of the left monitor and the left corners and edge of the right monitor will not function as hotcorners. Personally, I set the bottom hotcorner with the Spread all Windows and it works on both monitors.

Window controls

Finally, if you’re one of those that cannot stand the Close, Minimize, and Maximize buttons on the upper left corner of the windows, you can change that with the help of the Unity Tweak Tool. From the Overview, click on Window Controls and then select between the Left or Right layout (Figure 7).

unity window control

You do not have to be constrained within the default look and feel of Unity. With the addition of a single tool and a bit of poking around, you can find plenty of tweaks to help make Unity best fit your needs and work more efficiently.

Have you found a tweak for Unity that would help make users’ experiences even more productive? If so, feel free to share in the comments.

Schneier on Security: Alternatives to the FBI’s Manufacturing of Terrorists

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

John Mueller suggests an alternative to the FBI’s practice of encouraging terrorists and then arresting them for something they would have never have planned on their own:

The experience with another case can be taken to suggest that there could be an alternative, and far less costly, approach to dealing with would-be terrorists, one that might generally (but not always) be effective at stopping them without actually having to jail them.

It involves a hothead in Virginia who ranted about jihad on Facebook, bragging about how “we dropped the twin towers.” He then told a correspondent in New Orleans that he was going to bomb the Washington, D.C. Metro the next day. Not wanting to take any chances and not having the time to insinuate an informant, the FBI arrested him. Not surprisingly, they found no bomb materials in his possession. Since irresponsible bloviating is not illegal (if it were, Washington would quickly become severely underpopulated), the police could only charge him with a minor crime — making an interstate threat. He received only a good scare, a penalty of time served and two years of supervised release.

That approach seems to have worked: the guy seems never to have been heard from again. It resembles the Secret Service’s response when they get a tip that someone has ranted about killing the president. They do not insinuate an encouraging informant into the ranter’s company to eventually offer crucial, if bogus, facilitating assistance to the assassination plot. Instead, they pay the person a Meaningful Visit and find that this works rather well as a dissuasion device. Also, in the event of a presidential trip to the ranter’s vicinity, the ranter is visited again. It seems entirely possible that this approach could productively be applied more widely in terrorism cases. Ranting about killing the president may be about as predictive of violent action as ranting about the virtues of terrorism to deal with a political grievance. The terrorism cases are populated by many such ranters­ — indeed, tips about their railing have frequently led to FBI involvement. It seems likely, as apparently happened in the Metro case, that the ranter could often be productively deflected by an open visit from the police indicating that they are on to him. By contrast, sending in a paid operative to worm his way into the ranter’s confidence may have the opposite result, encouraging, even gulling, him toward violence.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

The Hacker Factor Blog: Delisted by Google

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

The monthly volume at FotoForensics follows fairly consistent patterns. Site usage slows down on Friday afternoon, with Sundays from about 2am to 6pm (MDT/MST) being the slowest. Then it picks up as Monday rolls in around the world. The last 2-3 non-weekend days of the month are slow, and the first weekday of the month is usually high volume. (I assume that people are focused on closing out work tasks before the end of the month, so they have less time to play online. And they first weekday of the month is where they can catch up with online life. That’s when they see pictures on Facebook, Twitter, and Imgur and upload it FotoForensics…) If the last weekday of the month is a Friday, then it will be a very low-volume day.

Even the months have their own predictable volumes. March, May, and June through October are higher volume than other months. November is usually the slowest month.

By knowing what to expect, I can determine when it is best to update the system, apply patches, or perform reboots. It also lets me know when to roll out new features or enhancements. And these patterns can be used to determine where there is abnormally high or abnormally low traffic.

And that’s the problem… Since February, I’ve seen a consistent 10% drop in traffic each month. When I noticed this in February, I thought it was just a low-volume month. But when March was low by the same percent, I thought something was off and began looking for a cause.

I was only a few days into trying to track down the cause when, yesterday, a very kind user submitted a site improvement suggestion to FotoForensics:

Why are you no longer indexed on Google? You’ll lose a significant amount of footfall otherwise, as it is the most used search engine. If it wasn’t for that fact that I already knew of the existence of this site, I wouldn’t have been able to find it otherwise, unless I was to use either Yahoo or Bing.

Not listed on Google? WTF? FotoForensics used to be listed…

Chain of Events

It took me about an hour to track down the cause. But now I know… it’s my fault. And the primary cause happened on January 20th.

I really hate creating conditional code for specific browsers or search engines. Every one-off condition becomes a maintenance issue. But sometimes these special cases are required. I need special cases for Twitter, Internet Explorer, Apple iPhone/iPad devices, other mobile devices, and more. One special case is not a problem, but it’s never just one special case.

A few months after I started FotoForensics (back in 2012), I needed to add a special case to block some Google traffic. Specifically, someone at Google realized that my site generates results for submitted pictures. So… they automated the submission of every picture at Imgur to FotoForensics. In 12 hours, Google submitted over a thousand URLs for analysis. I consider this to be an abuse of both FotoForensics and Imgur. I quickly inserted a special case that prevents Google from uploading any content to my site.

This special case worked fine for nearly two years. Then I moved the online service to my own hardware… Almost immediately, I began to see the Apache2 web server continually crash. Since I couldn’t find a quick solution, I switched from Apache2 to nginx.

The migration to the nginx web server (pronounced “engine x”) was mostly painless. There were a few things in my code that I needed to modify, and most of it was around dependencies on Apache-only PHP variables. However, I did not notice that my special case for Google had changed from “block all uploads” to “block all”. Since 20-January-2015, Google has been receiving “403 Forbidden” errors each time it tried to index my site. Slowly but surely, the cached pages at Google timed out and the site was no longer indexed.

The Quick Fix

There were a couple of things that I need to fix in order to become re-listed.

First, I had to fix my special condition. The rule now says the php equivalent of:

  • If the web client comes from a Google network address and it is Googlebot, then permit it to view but not upload.
  • Otherwise, if the web client comes from a Google network address and is being proxied (e.g., Google Translate), then permit access, but assign all bans to the proxied address. (Don’t ban the entire proxy network.)
  • Otherwise, if the web client comes from a Google network address then forbid uploads and show a message that the anonymous proxy network can view but not upload.
  • Otherwise, it is not from Google so fall through to the other special cases…

The second step was to get Google to reindex my site. I could just sit and be patient — Google would find it eventually. However, I wanted it indexed now. This requires logging into Google’s Webmaster Tools. This Google subsystem is hard to navigate and non-intuitive to use. I basically bumbled around until I found what I needed to do. (But honestly, I didn’t know where the links were buried to do these tasks — I just clicked around until I found the options.) You need to:

  1. Take ownership of your site. If you click on the red “Webmaster Tools” in the top-left, you’ll go to a page with a red “Add a site” button. This is how you take ownership of your web site. First you enter in the URL, and then you authenticate. The default authentication wants to give Google access to your DNS. NEVER GIVE ANYONE ELSE WRITE-ACCESS TO YOUR DNS ENTRIES! There’s a second tab called “Alternate methods” — click it. The first option, “HTML file upload” is the safest option. You download a file from Google, upload it to your site, and tell Google to check that the file exists. This proves to Google that you have the ability to manage content on the site, so you manage the site.

  2. After you verify the account, there should be a menu on the left side. Under “Crawl” is “Fetch as Google”. Fetch your site. Tell it to crawl all links. And then there will be a button to “Submit to index”. This is the button that you want. It will add the fetched result to Google index. Within about an hour, it will appear in search results.

Of course, this gets your site added to Google’s search results. But updating is a different issue. For example, I tried to change the text under the search result. (Google calls this a “snippet”.) The search engine was listing my “keywords”, but it really needs to list the “description”. I fixed my HTML to make Google happy, reindexed the site, and resubmitted. But after 12 hours, it still has not updated. I guess that I’ll just need to be patient. (Lesson here: make it look right the first time, otherwise it will take days to correct.)

Ironically, Google’s instructions for webmasters includes a warning: “Be careful about disallowing search engines“. Yeah, thanks for telling me after the fact.

Ten Percent

When I received the site improvement suggestion, I immediately search Google for “fotoforensics”. There were a bunch of web sites returning links to my site and discussing how to use FotoForensics, but “fotoforensics.com” was not listed.

My first thought was not “Oh! No! I’m not listed at Google! How do I fix this?” — that was my 3rd thought. Instead, my first thought was, “COOL! Even without Google, people are using the site!” (My second thought was “I gotta tell Joe about this!”)

I fixed the Google issue last night. Right now, the site is listed and indexed. (Now I’m just trying to get Google to refresh the site’s description.) Since adding FotoForensics back into Google, I’ve already seen a 10% increase in traffic at the hourly level. As far as I can tell, about 10% of users find FotoForensics via Google. I view that as a 90% success for a site that has been spread by word of mouth.

Update: I just played with the Microsoft Bing Webmaster Tools. It’s the same thing as Google’s site tools, but for Bing. And when I say “same thing”, I means the layout and poor usability are so similar that I really think one company copied the other. Anyway, the site listing on Bing should be updating soon.

TorrentFreak: AMC Goes After “The Walking Dead” Spoiler Pirates

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

spoilingdeadWith dozens of millions of viewers around the world The Walking Dead is one of the most popular TV-series around. The series just ended its fifth season and is scheduled to return next fall.

In common with most popular shows, The Walking Dead has a dedicated group of followers who’re constantly on the lookout for spoilers and possible directions the series may take.

One of the sources that has done well on this front is “The Spoiling Dead Fans.” The people behind the site have posted inside information and many spoiler videos in recent weeks, helped by unnamed sources.

“There is no amount of ‘thanks’ that we could ever give to our sources for everything they have done. We truly appreciate every bit of info they have shared with us throughout the seasons,” the group wrote on Facebook this week.

While the fan community does generate plenty of buzz for The Walking Dead, AMC is not happy with all material they publish.

In February the spoiler group published a 32 second sneak peek of the episode “From A Friend,” which was uploaded to Vimeo. As it contained video that had yet to air on TV it was quickly pulled offline by AMC.

“AMC diligently enforces its rights in and to The Walking Dead in all forms of media and rightfully takes its responsibility for the protection of The Walking Dead very seriously,” the company informed Vimeo.

And AMC didn’t stop at a takedown notice. A few days later it went to court demanding a subpoena to obtain the personal details of the alleged infringer from Vimeo, which was granted (pdf).

twdsub

When presented with the subpoena, Vimeo has few other options than to hand over all the information they have on the account holder. This includes the associated email and IP-addresses.

Whether the information will be sufficient to pinpoint an actual person is unknown. AMC states that it wants to protect its rights, but whether that will be achieved via legal action remains to be seen. AMC is probably most interested in finding out who the sources for the actual leaked footage and spoilers are.

For now, The Spoiling Dead Fans remain active through their own website and social media accounts, spoiling their way to the next season.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Дневника на един support: Tonight 1

This post was syndicated from: Дневника на един support and was written by: darkMaste. Original post: at Дневника на един support

Forgive me father for I have sinned a.k.a Chappie and a box of red Marlboro

I haven’t writen anything for the past 15 years

I am writing in english because… I am not sure why but I met quite a few people who speak that language and some of you might understand and hopefully provide another perspective…

I watched the movie, it was fun no question there, but the part where you transfer your counchesness fucked me up …

This is no longer a human being, it is just a fucking copy. That was the “happy ending” FUCK YOU !

What us as “sentinent” creatures call a soul, it went on, fuck you playing “god” ! Fuck you and your whole crew !

https://www.youtube.com/watch?v=pwgMMtgSTVE&start=00:28&end=03:20

Beauty is in the eye of the beholder … It has been so long since I seen the blank page infront of me, I cannot lie I missed it …

I have no one to talk to about this mess, so I will just leave it here

FUCK ! FUCK FUCK FUCK FUCK and with the risk of repeating myself FUCK !

And here comes HED P E https://www.youtube.com/watch?v=buuXy_i-yAg much more than meets the eye …

Go to sleep … right …

There si going to be a bulgarian version at some point here but … yeah …

What gives you the right to just take away my life, I am self aware ?!

I don’t even know why I keep writing this in english … Thank you and goodbye?

Why would anybody think that if you transfer a broken down person’s “brain” into a machine is a happy ending ? The fuck is wrong with you people ?

I am staring into nothingness and what do I see you might ask ?

I want to vomit all this shit, its a fun fact that I actually can ( done it before ) but at this point I am afraid cause it won’t be just some black foam, it will be bloody and I do not wish to do this to myself although it most likely be a good thing…

For those of you who don’t know me, I am a what you would call a weird creature, I tend to dabble in stuff that shows you different dimensions. Its what I am. Some of you might think that I should be locked up in a padded room with a nice white vest, sometimes I think the same way…

In the morning before comming to work I encountered a barefoot lady, she was screaming at someone or something, she hated the world, cursed it, said that she used to be something with a shitload of gold chains/rings. She was mad at the world and that people didn’t provide her with a place to stay and food to eat. I still think that it wasn’t the world’s fault. The only one who crafts your life is YOU !

This movie touched a very interesting spot in myself. Fun as it might be, you cannot copy a person’s mind/thoughts/soul … Like cloning, it is no longer the same person, its a copy. It might act and think the same way but it is no longer the same person. FUCK YOU ! its a copy, a souless vessel …

I have had days, weeks even years thinking about this, this life … You die when you have reached the end of your path, those who die young, to be honest I envy you a bit, a very tiny bit and I hope that you have reached the end and moved on. However this is not the story of most of you.

Another nail in the coffin as they say, the match lights up the room and it looks beautifull. Its been too long

Way to long

Now I feel detatached from this world, dead calm, most of you know me as a very hyper active creature and yes I am ! I spend quite a lot of my life ( almost half ) being stoned and that has its upsides. I can spend weeks with a clear head, no thoughts come, I have reached nirvana you might say. So it seems, I do not see it that way. Yes it feels great, it helps me survive this “world” but at some point thoughts come, I am thinking right now that people who I work with will see what I am and some might get scared, others might think I am bat shit insisane but there might be one/two/hundreds that might understand me.

This here is not because I want to be understood, it is not a cry for help, this is just me writing what I think and how I feel, when I was a teenager and wrote a ton of stuff it helped me. It made me feel like I was heard, I didn’t ( still don’t ) care if somebody understood ( if somebody did that was a nice bonus ). Most of you see me at the office and know that I am a happpy critter. I found out that my purpose here is to make people happy and I am incredibly good at it. 99% of the things I say are to make people laugh. I have a story that made me rethink the way I live and act and realize why I am here and what I am doing.

A person felt that he will die soon and asked to speak to Buddah. So he came and asked the dying person : What is troubling you ?

– I am worried if I lived a good life. He responded. He was asked 2 questions :

– Were you happy when you lived ?

– Yes, of course ! he responded.

– Did the people around you had fun in your presence ?

– Yes, of course ! he said again with a smile on his face, thinking about his life.

– Then why the fuck did you ask for me ?! You lived a good life, do not doubt it, you did good and that is all that matters !

I think I have found the place where I will work untill I die or reach a point where I can live at the place which I have build and still afterwards I will continue to help out because I am working as support because I cannot imagine a world where I would not support people in need no matter the cost. I finally found a place where I can do good to the best of my abilities, the way I want it to be, alongside people who actually care.

https://www.youtube.com/watch?v=buuXy_i-yAg&loop=100 ( chrome + youtube looper for those who don’t understand the additional code ).

I LOVE this world, I love the people and strage as it might be I love the moments when I feel like I have been broken down, I cannot find a reason to go on, but I know that those times are also beautifulllll ( screw correct spelling d: )

When YOU get broken down, you should know that that is just a reminder that shit can be fucked up, however that makes you appreciate the good things and I need that. Otherwise I have proven to myself that too much of a good thing at some point is taken for granted and that is not acceptable ( at least for me ). I have destroyed so many beautiful things and quite a few girls who I think didn’t deserve it. By the way google is a fun thing for spellchecking and helps when you have doubts. So far I am amazed at how good I can spell stuff but I digress.

To be honest I was so lost I applied for this job as a joke as I didn’t think they would hire me. Turns out I was wrong and I never felt so happy to be wrong. I rather sleep at night then be right.

To be honest ( yet again ) I am not sure how you people would react to this, but I hate hiding, I am what I am. My facebook profile has no restrictions, I am what I am and I will not hide ! https://www.youtube.com/watch?v=nTy45RVWYOY

I am the master of the light, you are all serving time with me, that is why I think we are here, to learn. I never understood bullies, never understood people who hurt other people, who steal things that are not theirs, who hurt people just so they can feel better about themselves ( especially since that feeling fades quite fast ).

I can see why some of you love your deamons when you are ill. It is fun but in the long run, you spend way too much time thinking about it and it kills you inside. It destroyes what little humanity you have left … I am killing myself at times, no more like raping myself because of people. I have proven to myself that I am like Rasputin, I can take somebody’s pain, drain it away and put it in me. So far it turns out I am very durable creature. I am not saying that is a good thing but its just how I am.

I didn’t belive I can write that much in English and still keep my train of thought, but well turns out I can.

Its kinda weird that such a fun movie can send me into this type of thinking but life is full of surprises. There was a point in my (teenage as it was ) life but still, this helps me put everything in perspective. Like 99% of the things I wrote, I won’t read it afterwards because I will start editing and stuff. I was never good at editing and to be honest I hate editing. What comes out is what should come out. I have writen stories, I have writen my feelings and my thoughts. I have done things I am not proud of ( hopefully I will never do them again ) I have done things that I was unable ( still unable for some of them ) to forgive myself. However I did what I did. Some might be for the greater good, some might be just so I feel good, some because of peer presure….

A friend of mine ( I am ashamed to say haven’t seen for years ) once told me : You are like Marlyn Manson, rude, violent but somehow clensing. Translator ( his nickname ) this is because of you.

The love of my life once told me that ( forgot his name ) used to lock himself with a few bottels of Jim Beam and a ton of cigaretts and he didn’t leave the room until everyhing was drunk/smoked and he wrote. He is a self destructive bastard, I am not ( anymore ) but to be honest ( Fuck I say that a lot ) sometimes having a pack of smokes and a bottle of beer near provides you with a clear head and makes everything seem a bit more … How can I put it, it makes a bit fo sense. Meditation, self control, the ability to distance yourself from the huge ball of shit in your head bearable.

Weed helps you in different ways, sometimes it helps you to stop thinking, sometimes it softenes the physical pain but all in all like every medice in has its uses. However it stopped working for me, hence I stopped. I am thinking about deleting this sentence but I won’t. I deleted it 3 times so far but ctrl+z (;

I am pouring my soul in this ( as I do when I write things ). I have found my place in this world, I love helping people, the moment when somebody says Thank you makes it all worth it. I do what I do because of people who have a problem and it makes me feel like I have done something good in this world. And at the end that is all that matters to me! So far I have figured out I am immortal, I will die when I have helped this world and made it a better place, that is why I was born in this place ( a shithole fore most of my friends ).

This is getting a bit long but I do not care. See this place here is wonderfull, shitty, painfull, beautiful, full of wonderful people, full of people who THINK ! Full of people, all kinds, bad, good, indifferent, white, black, green, blue… And here I sit writing things.

Beauty is in the eye of the beholder, I have met ( and still meet ) an incredible amount of people, some I never thought I would meet, even talk to but yet it happens. When you lose focus the world is just a very simple blur, I love that blur, it helps you see it as it is. You encounter a situation and you react to the best of your abilities, what happens next doesn’t matter. There is no good or bad, karma responds to your intentions, if you wanted to do good but it ends in disaster, no matter how much you try to fix it it just gets worse, that is still good karma … I am pretty sure I have an insane amount of good karma on my side but that doesn’t make me a good person. Its not what I did it is what I do and what I will do!

Smoke break, I need to clear my head a bit, or maybe not but still I am doing it anyway because it feels right. Don’t be sad, I will be back before you know it (;

Leaving space to let you know I have been gone for a while d:

I love writing ! Its worse than heroin… I have been doing this for at least half an hour … OK maybe an hour : )

I got sick at some point ( I haven’t been sick that much so that I can’t get off my bed for at least 20 years but I regret nothing )!

A bit of a pickmeup https://www.youtube.com/watch?v=eB6SUuBFWeo : )

I am a creature that lives in music. I have literally didn’t sleep for about 4 days, I drank an energy drink and stopped, then I put on Linkin park’s first album with the volume to the max and in half a minute I was jumping and reaching the roof. I am music ! Kinda like Oppenheimer’s speach about the project Manhattan – I am become death, the destroyer of worlds…https://www.youtube.com/watch?v=lb13ynu3Iac The saddness in his eyes says it all, whenever I think about this I start to cry…

My name is RadostIn a simple translation is HappinesIn and I am happy that I met another person with my name and he is the same “provider” of happiness, cause I have met another 2 who were the opposite…

I am proud to say that I have met some of the most amazing people that this world can provide and some of the worst too. Be afraid of people who avoid eye contact.

I am wondering right now what else can I write, but I want to continue, so I will finish this smoke and see what comes (;

Ръцете във атака, не щадете гърлата, сърцето не кляка, това ни е живота бе казано накратко! Първо отворете двете после трето око ! Hands on attack, don’t spare your throats, the heart doesn’t back down, this is our life to put it simply! First open two eyes then the third !