Archive for the ‘Rants & Rambles’ Category

Buying Parts

Comcast, she’s at it again…

Just got the latest Comcast TOS patch with my bill (an adhesion contract officially titled, “Notice From Comcast Regarding Changes To Your Comcast Agreement For Residential Service” (try saying that three times fast)), stuffed inside of a cheerful note about their commitment to happy cheerful customers. What it actually entails is left intentionally vague, but it appears Comcast is trying to set itself up the legal ability to torpedo competitors’ VoIP equipment, and add/REMOVE functionality, via unauthorized firmware “upgrades” to customer-owned equipment. Sure, I would like to believe that they have my and other customers’ best intentions at heart, and just want to log in in the middle of the night and update our Linksys router firmware for us so that russian h4x0rz can’t store up to 256KB of kiddie porn in the flash ROM, but my experience is that contract-change stuffers are seldom in the customer’s interest.

Dan Kusnetzky at ZDNet got the new stuffer and also had concerns about the “downloads” and other rights asserted to open up and tinker with customer-owned equipment, including computers, voiding warranties as they go. While I agree with his guess that they probably just want to maintain their own equipment (e.g. Cable Cards) inside customer-owned cable boxes and TVs, there’s no reason to write such terms so overbroadly as to cover a wide spectrum of unauthorized, and potentially hazardous, modifications to customer-owned computers, access points, VoIP boxes and other equipment.

The actual stuffer is reproduced below. It’s lengthy! The important bits are in red, and my comments are in italics.

Customer Equipment.
Customer Equipment consists of software
or services that you elect to use in connection with the Services
or Comcast Equipment (the “Customer Equipment”). You agree
to allow us and our agents the rights to insert cable cards and
other hardware in the Customer Equipment, send software and/or
“downloads” to the Customer Equipment and install, configure,
maintain, inspect and upgrade the Customer Equipment
and
Comcast Equipment. You warrant that you are either the owner
of the Customer Equipment or that you have the authority to give
us access to the Customer Equipment. If you are not the owner
of the Customer Equipment, you are responsible for obtaining any
necessary approval from the owner to allow us and our agents
access to the Customer Equipment to perform the activities
specified above.

Comcast has no responsibility for the operation or support,
maintenance, or repair of any Customer Equipment including, but
not limited to, Customer Equipment to which Comcast or a third
party has sent software or “downloads.”
So, if Comcast bricks your expensive HDTV trying to perform a remote ‘upgrade’, boo hoo, better luck next TV. You acknowledge and
understand Comcast Digital Voice Service (“CDV”) may not
support or be compatible with non-recommended configurations
including but not limited to multimedia terminal adapters (“MTA”)
not currently certified by Comcast as compatible with CDV
;

Ah yes, now I remember Comcast’s stance on ‘Net Neutrality and the use of competing VoIP services on its network. A “Multimedia Terminal Adapter (MTA)” is the technical name for a VoIP box. I wonder why and how they are sending “downloads” to arbitrary third-party equipment? This might work as Apple’s ‘update’ for jailbroken iPhones.

Customer Equipment, including, but not limited to, non-voice
communications equipment, including certain makes or models
of alarm and security systems or devices, certain medical
monitoring devices, certain fax machines, and certain “dial-up”
modems; rotary-dial phone handsets, pulse-dial phone handsets,
and models of other voice-related communications equipment
such as private branch exchange (PBX) equipment, answering
machines, and traditional Caller ID units.

For Video and Comcast High-Speed Internet (“HSI”)
Customers. You agree that by using the Services, you are
enabling and authorizing Comcast, its authorized agents and
equipment manufacturers to send code updates to the
Comcast Equipment and Customer Equipment, including, but
not limited to
customer-owned cable modems and customer-owned digital interactive televisions
with CableCARDs, at any time
it is determined necessary to
do so as part of the Services. Such code updates may
change, add or remove features or functionality of any such
customer-owned equipment or the Services.

For HSI and CDV Customers. You can find Comcast’s current
minimum technical and other requirements for HSI
customers at http://www.comcast.com/Support/Corp1
/FAQ/Fag Detail2205.html and for CDV customers at
www.comcast.com/cdv/faqs. These requirements may be
located at an alternative site if we so notify you. To use CDV,
you will need a MTA that meets our specifications. In some
areas, we may permit you to use CDV with an MTA that you
have purchased. Depending on availability in your area, you
may have the option to install the MTA yourself or have
Comcast install it for you. You agree to keep the MTA plugged
into a working electrical power outlet at all times.

…and what if I don’t? Not that I expect them to do so (anymore than I expect to use “Comcast Digital Voice”), but this clause technically gives Comcast the power to terminate a customer’s account and levy damages against them for breach of contract if they inadvertently kick the plug out of the wall. (Or, for suitably perverse readings, have their power go out…)

Whether a
cable modem, gateway/router, MTA or other device is owned
by you or us, we have the right, but not the obligation, to
upgrade or change the firmware in these devices remotely or
on the Premises at any time
that we determine it necessary
or desirable in order to provide Services to you in accordance
with our specifications and requirements.

For CDV Customers. In order to use CDV, you are required
to provide certain equipment such as a phone handset or
equivalent, inside phone wiring and outlets, and an electrical
power outlet. If you live in an apartment or a similar multi-
tenant dwelling, you may have to provide a cordless phone
as well. If we do not have access to the inside phone wiring
in your home or if you are installing CDV yourself without the
assistance of a Comcast technician (“self-installation”) where
we make that option available, you will need to plug a
cordless phone into the MTA in order to use CDV throughout
your home. CERTAIN MAKES AND MODELS OF CORDLESS
PHONES USE THE ELECTRICAL POWER IN YOUR HOME. IF
THERE IS AN ELECTRICAL POWER OUTAGE, THE
CORDLESS PHONE WILL CEASE TO OPERATE DURING THE
OUTAGE, PREVENTING USE OF CDV VIA THE CORDLESS
PHONE. DO NOT ATTEMPT TO CONNECT CDV TO INSIDE
PHONE WIRING YOURSELF. In order to use online features
of CDV, where we”make those features available, you are
required to provide certain hardware, such as a personal
computer, software, an Internet browser, and access to
the Internet.

CUSTOMER EQUIPMENT – LIMITATION OF COMCAST’S
LIABILITY

CUSTOMER EQUIPMENT MAY BE DAMAGED
OR SUFFER SERVICE OUTAGES AS A RESULT OF THE
INSTALLATION, SELF-INSTALLATION, USE, INSPECTION,
MAINTENANCE, UPDATING, REPAIR, AND REMOVAL OF
COMCAST EQUIPMENT, CUSTOMER EQUIPMENT AND/OR
THE SERVICES
. Most probably, the “downloads”. Equipment failure due to botched or interrupted firmware updates is among the most common consumer electronics failure modes, and is in fact the very origin of the verb ‘to brick’. EXCEPT FOR GROSS NEGLIGENCE OR WILLFUL
MISCONDUCT, NEITHER COMCAST NOR ANY OF ITS
AFFILIATES, SUPPLIERS, EMPLOYEES, AGENTS, OR
CONTRACTORS SHALL HAVE ANY LIABILITY WHATSOEVER FOR
ANY DAMAGE, LOSS, OR DESTRUCTION TO THE CUSTOMER
EQUIPMENT
. IN THE EVENT OF GROSS NEGLIGENCE OR
WILLFUL MISCONDUCT BY COMCAST, ITS SUPPLIERS,
EMPLOYEES, AGENTS, OR CONTRACTORS, WE SHALL PAY FOR
THE REPAIR OR REPLACEMENT OF THE DAMAGED CUSTOMER
EQUIPMENT (AT OUR SOLE DISCRETION) UP TO A MAXIMUM
OF $500. THIS SHALL BE YOUR SOLE AND EXCLUSIVE REMEDY
RELATING TO SUCH ACTIVITY.
• For HSI and Video Customers. YOU UNDERSTAND THAT
YOUR COMPUTER OR OTHER DEVICES MAY NEED TO BE
OPENED, UPDATED, ACCESSED OR USED EITHER BY YOU
OR BY US OR OUR AGENTS, IN CONNECTION WITH THE
INSTALLATION, UPDATING OR REPAIR OF HSI OR VIDEO
SERVICES. THE OPENING, ACCESSING OR USE OF YOUR
COMPUTER, OTHER DEVICES USED IN CONNECTION WITH
YOUR COMPUTER, OR YOUR VIDEO DEVICES MAY VOID
WARRANTIES
PROVIDED BY THE COMPUTER OR OTHER
DEVICE MANUFACTURER OR OTHER PARTIES RELATING
TO THE COMPUTER’S OR DEVICE’S HARDWARE OR
SOFTWARE. NEITHER COMCAST NOR ANY OF ITS
AFFILIATES, SUPPLIERS, OR AGENTS, SHALL HAVE ANY
LIABILITY WHATSOEVER AS A RESULT OF THE VOIDING OF
ANY SUCH WARRANTIES.

Comcast Equipment. You agree that except for the wiring
installed inside the Premises (“Inside Wiring”), all Comcast
Equipment belongs to us or other third parties and will not be
deemed fixtures or in any way part of the Premises. Comcast
Equipment includes all software or “downloads” to Customer
Equipment
This makes determining legal ownership of the hardware, where Comcast-owned firmware is burned onto the customer-owned device, a legally sticky issue or Comcast Equipment and all new or reconditioned
equipment installed, provided or leased to you by us or our
agents, Including but not limited to, cabling or wiring and related
electronic devices, cable modems, MTA, wireless
gateway/routers, CableCARDs, and any other hardware. You agree
to use Comcast Equipment only for the Services pursuant to this
Agreement. We may remove or change the Comcast Equipment
at our discretion at any time the Services are active or following
the termination of your Servlce(s). You acknowledge that our
addition or removal of or change to the Comcast Equipment may
interrupt your Service. You agree to allow us access to the
Premises for these purposes. You may not sell, lease, abandon,
or give away the Comcast Equipment, or permit any other
provider of video, high speed data or telephone services to use
the Comcast Equipment. The Comcast Equipment may only be
used in the Premises. At your request, we may relocate the
Comcast Equipment In the Premises for an additional charge, at
a time agreeable to you and us. YOU UNDERSTAND AND
ACKNOWLEDGE THAT IF YOU ATTEMPT TO INSTALL OR USE
THE COMCAST EQUIPMENT OR SERVICES AT A LOCATION
OTHER THAN THE PREMISES, THE SERVICES MAY FAIL TO
FUNCTION OR MAY FUNCTION IMPROPERLY. You agree that you
will not allow anyone other than Comcast employees or agents
to service the Comcast Equipment. We suggest that the Comcast
Equipment In your possession be covered by your homeowners,
renters, or other insurance. You will be directly responsible for
loss, repair, replacement and other costs, damages, fees and
charges if you do not return the Comcast Equipment to us in an
undamaged condition.

Cloud Computing…cirrusly? (same trash, different bag)

So, apparently I’m not the only one to notice the mid-level marketing types in IT having a big collective nut lately about “Cloud Computing”. This week even the Wall Street Journal ragged about this nonsense on the front page. For those who don’t spend their time around mid-level IT marketing types, cloud computing is… well, nobody who uses this term have actually agreed on a definition, but it can loosely be defined as “the processor and the data it processes are in different places”. I.e. Web apps, like Google Spreadsheet or some Myspace widget where you upload your AIM contact list and it returns some kind of graph of mutual acquaintences you’re all connected to. Search engines. X-Drive / Internet backups of your files. Stuff like that.

“Real Computer Is Elsewhere” has been around since computers; Cloud Computing is only the latest name for it. A little history: In the 1950s, any talk of electronic computers whatsoever assumed a ginormous shared, multi-user machine, since computers were far too new and expensive for everyone to have their** own. In fact, the entire concept of having the user, his data, and the computer in the same room at the same time came much later, when they became small and cheap enough to sit on a standard-sized desk and the term “personal computer” was born. Kind of like one of those little single-serving packets of Sweet ‘n Low, except it was a computer. Back in those days, sonny, you came down to the big mainframe room with a box of punched cards and submitted them to the white-jacketed mainframe acolyte, who (hope against hope) would run your job overnight and return your results in the morning. By the 60s and 70s, technology had advanced to teletypes and terminals (the infamous “glass titty”) – the computer itself was still in the basement of some university, but you could text into it from elsewhere and bask in the warm glow of an amber screen. Then computers started getting cheap enough that people who needed one could put the whole machine right in the same room with them, and from then on the idea of going back to dumb terminals and the big Elsewhere Machine seemed pretty silly.

But companies tried to bring Elsewhere Computing back, and still they do. In the 80s it was the diskless workstation (or as users called them, dickless workstations). People hated them. In the 90s they tried again under a new name, thin clients. Those who remembered the era of time-sharing on mainframes and the Diskless Workstation hated them because they knew it was a Diskless Workstation under a new name; everyone else hated them because they just didn’t work all that well. Now it’s the “todays”* and these guys are hoping this is the decade consumers will get back on board with using their computers as an expensive tool for borrowing time on someone else’s**. My guess is that once the Cloud Computing folks agree on what they’re selling, folks will soon enough figure out what this really means and we won’t have to hear all this hype anymore (it will go the way of “Multimedia”).

* what radio stations who played the greatest hits of the ’70s, ’80s and ’90s a decade ago play the greatest hits of, today. Only one more year until they will be forced to decide what to call this decade! The Zeros? The Aughts? The Double-Ohs? The suspense is killing me.

** the same decade where the concept of subject-verb agreement will go out the window as people try to terminate fractally-growing chains of awkwardness in sentences resulting from attempts to keep them gender-neutral.

Cypherpunk’s Wet Dream meta-entry

I once said that this blog would eventually reach a point where any possible entry could be expressed as a sum of references to previous entries. In this case, it’s this one, this one and this one.

I have maintained that a point will be reached where plain old ordinary Web sites will be forced to turn on SSL encryption by default, or otherwise resort to client-side validation to ensure the page content hasn’t been tampered with during transit. Not because they are running online shops or otherwise dealing with sensitive information – to ensure their users view the original site as it was meant to be seen, protect their users against malware injected by man-in-the-middle attacks, protect/ensure their ad sales, and protect themselves from liability (lost sales from angry customers, frivolous ADA/etc. lawsuits, computer repair bills) arising from unauthorized third-party “enhancements” to their site. And I figured the detonator for all of this (besides Comcast’s broken BitTorrent filter) would be local-yokel small-town ISPs, where bored and too-clever midnight admins sit, Perl Cookbook in hand, trying to make a few bucks on the side by replacing random Web sites’ ads with their own, or injecting other forms of malware into customer HTTP streams to gather saleable profiling data.

Nope. It’s the big boys. Among them: Charter Communications, one of the world’s largest ISPs, and British Telecom have secretly tested, or intend to test (respectively) technologies against their paying customers which do exactly that. According to an internal British Telecom memo (fulltext PDF via Wikileaks), the company partnered with online marketing company Phorm, which specializes in consumer profiling and delivery of targeted advertising. According to Wired,

“From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT’s customers. Phorm installed boxes on BT’s network that redirected web requests through their proxy server.

Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user.”

The report goes on to detail the ability of the Phorm proxy box to intercept requested pages and replace the site’s advertising with its own, based on the collected profile for that customer. The report also indicates several deleterious side-effects of this injection, such as flickering problems on some Web pages (which led users to believe their PCs were infected with spyware), frequent browser crashes, and insertion of the rogue code when users tried to post to Web forums. However, they concluded that the test was “successful” since no user was able to successfully pin the blame on BT/Phorm:

“The operation of the system does have noticeable side effects, which included web-page tag insertion and navigation bar flutter.

From the postings, no user correctly determined the source of these effects and users did not post that the system was causing poor performance.

However all postings suspected that their machines had a virus, a malware or a spyware infection.”

*sigh* Remember kids, you (probably) heard it here first. Let’s hope that in the brave new world of encrypt-everything-to-avoid-getting-fucked-by-ISPs, Firefox 4 doesn’t continue to perform that tired 5-warning song and dance every time you visit a non-corporate Web site.

Some stuff on Paypal

I’ve been using Paypal as the payment-handling service for my trance vibe project, and overall it’s not too bad. I can even print my own postage for domestic shipments, sticky on a label and not have to drive to the post office to send out an order anymore. But there are a few things about it that are really broken.

(more…)

Fixing Dell Precision T3400 USB not working

This is an update to a previous rant about the mysterious Windows XP “Dee-Dunk” error (and the novel concept of presenting an “error message” when an error condition exists), possibly in conjunction with broken or intermittent USB functionality. This post is mainly for Googlers – my friends are more than welcome to skip it.

I haz solved the mystery! It turns out that some Dell Precision T3400 machines (my work machine was one of them) ship with buggy/broken BIOSes and/or chipset support. Anyway, to fix:

Worm your way onto Dell’s support site for updates, enter your model number; download and run the following three patches:

  • BIOS Update (T3400A08.EXE, or whatever is newest)
  • Chipset Software update (R174616.exe)
  • Desktop System Software update (R160758.exe)

The above are intentionally not linked; the filenames and/or URLS may shift around as newer versions of this crap come out. Also, exact support packages may be different for other Dell products exhibiting the same malfunctions.

Symptoms include:

  • USB devices do not work, or only work intermittently (every Nth reboot); behavior may change slightly by enabling/disabling different combinations of USB ports in the BIOS (or this may be a placebo effect on my part, who knows)
  • Dreaded “Dee-Dunk” noise shortly after Windows desktop appears
  • USB devices such as keyboards, mouse, etc. work for a while, then mysteriously stop working until machine is rebooted
  • “USB Device Not Recognized”…
  • “There was a problem installing this hardware: <blah> The device cannot start. (Code 10)”
  • After installing a certain USB driver, machine crashes/hangs with a black screen for several minutes before the Windows desktop appears (may depend whether the corresponding device is plugged in)
  • Machine hangs when trying to install USB device driver
  • Software hangs trying to scan the bus or access a USB device

Daily Windows Rant

Error messages, people. Error messages. When an “error” occurs, it should be accompanied by an “error message”, which informs the user a) that an error did occur; b) what that error was. It does not even necessarily have to be understandable to mere mortals (although this would be really nice), because understanding it is the job of your IT Guy and/or someone before you who got that error, posted it on a help forum somewhere and got an answer. Thus, mere mortals will Google the error message, and if results == 0, post it to a help forum somewhere.

Now, a “Dee-Dunk” error (available only at your local PC speakers, assuming you have any and they are turned on at the moment, and the volume is turned up, and the error being reported isn’t a soundcard error*) is really hard to Google. Besides that, consider the conversation between the user and the IT guy:

IT Guy: What was the error message?
User: Well, it was kind of like um… a low rumbling, kind of like somebody dragging a department-store mannequin across a warehouse floor strewn with marbles, followed by an orchestra hit.
IT Guy: Was it a high orchestra hit or a low orchestra hit?**
User: Umm…

So for anyone who is dying to know: Under Windows XP, a “doodoodoo” error*** (sounds like the first half of a doo-dink notification repeated three times really fast) when attaching a hardware device means that the device is successfully identified, but its drivers are kinda-sorta-semi-quasi-blacklisted because somebody at one time clicked “STOP Installation” at one of those “This driver has not undergone Windows Logo Extortion Certification and will probably do really terrible things [Continue anyway] [STOP Installation]” screens. From that point forward, the user will never again be prompted to install the driver or change his mind, regardless of how many times the device is subsequently unplugged and plugged back in. To fix: Find the brokenly-installed device in Device Manager, dig down to driver details and ‘Reinstall Driver’; this will allow you to manually force a driver despite any previous accidental blacklistings.

*As with many work PCs, we did not bother hunting down a set of speakers to attach to, for example, our EE lab workstation. This is not unreasonable considering that it is a workstation, not a watch-youtube-station.

**The next version of Windows will communicate with the user entirely by winks, nudges and significant glances. (IT guy: “Are you sure it wasn’t a drum solo? ‘Cuz a drum solo error is really bad.”)

*** or doo-doo-doo or DoDoDo or doodoodoot or boobooboop, or however you would enter it in Google if you thought that might actually work

Comcastic!

So, Friday morning I’m doing some prep for our Cape Cod camping trip online, and I notice a Comcast truck parked in front of the neighbor’s house, and the Comcast guy putting a ladder up against the telephone pole. I go to take a leak, and when I get back, the truck is gone, and hmm, the Intarweb (and TV, for that matter) don’t work no more. This kind of screws my plans for researching stuff to do and directions, but I have to leave in an hour and do so. My housemate comes back later that day and discovers the same thing, and spends 45 min. on the phone with Comcast convincing them that the problem is not that our “modem needs to be reset”, and that they actually need to send a guy out to fix something. Monday, we wait around the house for the cable guy, who must come inside to look at the snow on the TV and the blinking “Connect” light on the modem to decide that there is indeed something wrong with the cable, and climb up the telephone pole to check it out. He comes back 30 seconds later.

“Should be good now.” – Cable guy
“Great. What was it?” – me
“Discon Error.” – cable guy

So… they went out to disconnect some neighbor’s cable Friday, and pulled the wrong one. Given a workorder of “Pull wire #3″… “hey, this says pull #3, but I think I’ll pull #6 instead.” Apparently, this is a common enough occurrence that they have an abbreviation for it…

I’m going to helpfully prorate my bill and payment to reflect the 4-day service interruption, and see what they have to say about it. (Come on, FIOS…)

smallfish@tech

So yeah, that particular work project just keeps getting better. Today I got this in my email from the manufacturer of a critical component, reaffirming my personal “If it’s not in-stock on Digikey, I do not specify it in my design” policy.

[…] The <display> is on
hold. There are no technical reasons but it has been decided that it will be turned
on again if we receive a commitment from a customer. Makes it a bit harder to sell
without a product but that is the path that <vendor> has chosen to take. At 10K the
display would be $### each. Once turned back on, samples would take 10 to 12 weeks.

So, this display turns out to be a rather special type of display, which we’ve gone to considerable expense in researching, testing, and designing a product around. We’d been working with this vendor for the better part of a year and they’re already aware of and (until around today, apparently) cool with our expected volumes (5kU-10kU, contingent on, among other things, their product actually existing), so this is kind of a giant kick in the nuts. Basically, we’re too small-fish and they’ll maybe consider manufacturing the (already-designed) display product if a larger customer wants some. The specific reason we were working with <vendor> to begin with was that they were the only vendor of this type of display that didn’t give us the old “fuck off, come back and speak to us when you have that PO for 50kU in hand *click*” that seems to be the industry standard. Soooo… project is back to square one, $$$ of development money thrown into the trashcan. Not even from e.g. a big government contract, where it’s pretty much unnoticed and understood if some of the development time we’ve spent vaporizes for reasons beyond our control, but the hard-earned cash of a couple entrepeneurs, who are not going to be the least bit happy that their almost-product just went up in vaporware.

Blarg.

Bank of America(R) Doesn’t Like your Lifestyle

Via LJ::pervygeekfancy

Geek dating site opens, accepts most comers, including all gay/bi/lez/mixed/poly preferences which are somewhat heavily represented in geekdom. Bank of America(R) signs on as merchant account support. Bank of America(R) isn’t cool with poly. Poly users get their profiles kicked off the dating site with a polite, but unambiguous letter essentially saying, “our sponsor doesn’t accept your type, so out the door you go.

I guess the real crux of it is that they’re anti-swinger and can’t (or won’t) distinguish between polys and swingers, but there ya go. Three jeers to BofA for pushing the policy, and to soulgeek.com for bowing to it rather than sign a merchant account elsewhere.

Bloody hack!

So, for those (if any) who found several pages of visible Viagra links at the end of the last few posts, my apologies. A vulnerability in the version of WordPress I was running allowed a machine at keymachine.de [87.118.124.3] to directly inject spam links into posts using the attach/edit features. (This site is apparently a regular offender.) I knew there were a some exploits out for that version, but all the ones I knew of concerned already-registered users escalating their privileges (mine does not have other users or accept registrations), and I was holding off updating because one of the important plugins I use [which keeps the cexxy blog and LJ account synced] was known not to work with the newer versions.

The spam link injections had the form

<u style=display:none><a href="http://www.example.com/files/phe/Lowest-drugname-prices.html">
Lowest drugname prices</a>
[... pages more spam links ...]
</u>

The ‘display:none’ served to render them invisible*. I only noticed because I happened to try editing a recent post, and the spam links appeared in the edit box. Invisible links aren’t view/clickable by readers of course, but Google et al use them to determine search result rankings (everybody links to you, viagrawarehouse.com guy! You must be a respected authority! *bump*), so these sites have great incentive to spam their links everywhere, whether viewable to humans or not.

As for the logs, the alleged offender’s entries are here:


87.118.124.3 - - [11/Jun/2008:07:24:15 -0700] "GET /wp-admin/edit.php HTTP/1.0" 200 534 "http://tim.cexx.org/wp-admin/edit.php" "Opera"
[...]
87.118.124.3 - - [10/Jun/2008:03:02:03 -0700] "GET /wp-admin/edit.php HTTP/1.0" 200 19629 "http://tim.cexx.org/wp-admin/edit.php" "Opera"
87.118.124.3 - - [10/Jun/2008:03:02:05 -0700] "GET /wp-admin/post.php?action=edit&post=453 HTTP/1.0" 200 69211 "http://tim.cexx.org/wp-admin/edit.php" "Opera"
87.118.124.3 - - [10/Jun/2008:03:02:10 -0700] "POST /wp-admin/post.php HTTP/1.0" 302 0 "http://tim.cexx.org/upload.php?style=inline&tab=upload&post_id=-1" "Opera"
87.118.124.3 - - [10/Jun/2008:03:02:11 -0700] "GET /wp-admin/edit.php HTTP/1.0" 200 19629 "http://tim.cexx.org/wp-admin/edit.php" "Opera"
87.118.124.3 - - [10/Jun/2008:03:02:12 -0700] "GET /wp-admin/post.php?action=edit&post=453 HTTP/1.0" 200 60074 "http://tim.cexx.org/wp-admin/edit.php" "Opera"
87.118.124.3 - - [10/Jun/2008:03:02:14 -0700] "POST /wp-admin/post.php HTTP/1.0" 302 0 "http://tim.cexx.org/upload.php?style=inline&tab=upload&post_id=-1" "Opera"

[additional lines skipped]

Anyway, all spam has been removed and blog is patched up to the latest version. As a bonus, both my must-have plugins (SK2 and ljxp) now appear to work with the current versions.

* no pun int…technically, this is…whatever you would call an anti-pun, because the code serves to prevent them rendering at all.

Encryption: Not just against the bad guys anymore! (or, how Comcast contributes to global warming)

In Part 1, we explored evidence supporting the conclusion that Comcast’s well-known policy of blocking / interfering with p2p file transfers (notably BitTorrent protocol) extends to several other legitimate moderate- to high-bandwidth activities, including collaboration via Lotus Notes, remote desktop applications, FTP, and even sending emails with large attachments. A working temporary solution (again, while counting down the days until FIOS comes to your area) is to just encrypt the hell out of everything, every HTTP request, every email sent, every file uploaded, your freaking grocery list, to force Comcast’s braindead filter to leave it alone.

Now, this misbehavior is bad enough while I’m trying to pirate Linux distros, but when I have to disguise my goddamn EMAIL to get it through? Something is very wrong with this picture.

Now, what does that have to do with global warming, the global war on BitTerrorism (net neutrality), and the price of broadband in China? Simple: Until Net Neutrality is enforced by law, the Comcasts of the world (any similarly shitheaded companies) will increasingly turn to methods such as this (nuking “bad customers”) as a profitable band-aid fix for the problem of rampantly overselling their capacity. As is already happening, users and software will respond by increasingly turning to unnecessary encryption in an effort to keep malicious third parties (in this case the user’s own, paid ISP) from tampering with the stream. If it continues, web sites will switch to using SSL (https:// links) by default to ensure their “eyeballs” can reliably reach the site, and soon, encryption of every last little unimportant snippet of data will be de rigeur to limit packet discrimination.

SSL encryption is a mathematically cumbersome, CPU-hungry process. While an average home PC slurping down Internet packets at a rate limited by the connection speed will not be overly taxed by this, the server that has to perform this encryption for thousands of visitors at a time is working up a sweat. A CPU that’s doing heavy math is consuming more power and generating more heat than one that isn’t. Multiply this by the number of Internet users and encrypted-by-default sites, and you see that you are needlessly wasting a huge amount of power to triple-DES Grandma’s grocery lists, and throwing wads and wads of unnecessary heat into the air.

Encryption also counts on generating a stream that looks like random noise. If you can suss out a pattern in an encrypted stream, chances are you can crack it. Consequently, cryptographic engines take great pains to ensure that the streams they generate do not contain repeating patterns. Compression, meanwhile, depends on identifying repeating, redundant data and optimizing it out. Consequently, encrypted streams are ideally uncompressible, which means all the current “mid-pipe”, bandwidth-saving tricks such as transparently compressing traffic between routers, also go out the window. Bandwidth consumption skyrockets and pipes saturate like never before. (Nevermind that under the current scheme, Comcast is already doing this to itself to some degree – see previous post for how my 1-hour FTP upload becomes an all-day FTP upload, continuously restarting the interrupted transfers from the beginning and saturating my upstream for the whole damn day.)

On nomenclature (Soylent Green is… is..)

Ok, so, apparently in certain circles of defense parlance, you do not blow up people. Well, you do, but the correct euphemism is “soft targets” (as opposed to “hard targets”, such as tanks, buildings, etc.). Referring to soft targets as people is rather frowned upon. I managed to inadvertently silence a getting-out-of-hand meeting yesterday as follows:

(various talking, sniggering and head-shaking about ‘targets’ nomenclature)
me: So this thing has about 4 seconds to decide if it’s being shot at buildings or people…
AL: Soft targets!
me: OK, so seriously, in the event of Soft Targets (arf! arf!), 4 seconds to reconfigure?
DE: How about bad people?
me: How about, brown people?

(*crickets*)

Apparently, certain coworkers have far not enough respect for Carlin. (That and, certain coworkers probably now think certain other coworkers have far not enough respect for other cultures and/or not being a racist fuck, even after attempting to explain the Carlin sketch…)

Ok, I’ma just continue sitting on my hands and rocking. (“I am not designing a weapons system… I am not a racist fuck… I am not designing a weapons system…”)

* * *

On a lighter note, from the People who Have Entirely Too Much Fun at their Jobs department…

Toilet colors. The person at toilet companies whose job it is to name the different colors their product comes in* has the Funnest. Job. Evar. One particular model comes in your choice of Thunder Gray, Innocent Blush, or Biscuit.

Hehe…Innocent Blush… “who, me?” Yeah, I’ve had performances like that. Usually a few hours after eating Anna’s.

* * *

Some days ago my girlfriend was staying over, and I was in earshot when she called up her lab to ask someone to turn off an experiment in her hood that was inadvertently left running. My eyes widened and I said, “Whoa, you can do that? You just MeatVNC’d into your lab.” She had no idea what I was talking about and I had to explain. (Meanwhile however, one or more nearby computer geeks were cracking up.)

* not to mention file trademark applications if they Google it and get 2 or less digits of hits. Imagine how that must look on a re`sume`. “I’m also the mark holder for Baby Green(R), Cornfetti(R) and Pilsner Swirl(R)!”

LiveJournal Strike? (Don’t back-down, back-up!)

Today, I logged into LJ (that drug I joined because All my Friends were Doing It), and found out that:

a) As of yesterday (or some other near-term time), free accounts have been discontinued (new users join as Sponsored or Paid accounts)

b) As of about-same-time, some unspecified changes to “Acceptable Content” policies, with the upshot of creating a bunch of new forbidden opinions/topics and unacceptable usernames. I’d really like to know the details of these changes myself*, but they don’t seem to be officially documented and I can’t be ars inconvenienced to dig through five thousand comments on the relevant pressrelease pages to get at the details.

c) Everyone’s going to strike by not reading/writing anything to LJ from 8:00 PM Thursday until 8:00 PM Friday, Eastern Standard Time. A more detailed manifesto is given by the bolded text of this post.

I can well understand the rationale behind discontinuing free accounts**, however, I find the lack of any advance notice or discussion on the matter disturbing (not to mention my content’s wholesale purchase by this “international media company” I’ve never heard of). My main concern, though, is this retroactive “acceptable content” change. This means I and every other LJ user potentially have to go back and sanitize 4+ years’ worth of old posts or have my entire 4+ years’ worth of blog and comments deleted? …Every time they (or parent media conglomerate / ad brokering firm / whomever) decide to tweak the rules? Not to mention anyone whose username or community is now against the TOS; good luck recovering from that. Regardless, the only way a “free” service can turn up the crap and still keep you is if you’re stuck there: you know, like having built several years of content and reputation there that would be immediately forfeited by cancelling your account. Once any “free” service jumps these particular sharks, it’s time to start hedging for the future.

My personal thought is a 1-day boycott would have no more impact than those worthless “buy no gas on (date)…” chain letters – nobody produces or consumes any less, just bumps the usage profile around by a couple days***. And as astutely noted here (and again borne out by the Free Web Hosting era), organizing and participating in boycotts of a service via that service is a good way to get your account whacked.

So fuc inconvenience boycotting. Here’s what I’m doing, and I urge you to do the same. Download a utility such as LJ Backup, rescuing a safe, yours-to-keep copy of your content from the server. You know, just in case. Repeat the process frequently. This way, at some near future time when random popups start coming up on your journal, or your account gets deleted for some uncareful words about some company that’s now a sponsor, or you get a ransom letter saying your own free account is now $5.99 a month, you’re not held hostage by your own content. Spend that few-bux-a-month instead on your own Web hosting, dump the backup to the blog software of your choice and be beholden to no one! RSS feeds are the new Friends Page.

*as someone who blogs stuff an entire category about selling vibrators, plenty of Hate Speech against salesmen, various openly misogynist, racist and homophobic statements under just the right moderator’s eye and/or regexp filter.

**any arguments about whether the company actually needs more money notwithstanding, this is among the most fair of many possible tried-and-true approaches, based on years of experience as a vocal opponent during the heady days when Free Web Hosting companies (and to a lesser extent Free ISPs) were the web 1.0 dot-com bubble rage. Unlike the typical approach, existing members’ pages are not suddenly serving up objectionable and vaguely pornographic popup ads…

***buying your gas a day early isn’t exactly Stickin’ It to da Man. But, if you take this day to put away the keys and air up your bike…

Spinlock This: Less productive than reading slashdot all day! Film at 11.

1) Dude. Seriously. The display we’ll be designing into our gadget won’t be ready for 6 more months? You said it was ready a week ago, and that was two months ago. Our customer is crawling up my ass for the prototype we promised them in December. So you gave me this other one and said “prototype with this, it’s exactly the same.” After three days’ strangling a datasheet out of your chip vendor, I got a partial datasheet with NO protocol info. Now three more days and re-pinging your guy I weasel the protocol info from your end, and the protocol on this one bears no freaking resemblance to the one we’ll actually be using. So why am I to be spending the time to integrate this one when 90% of that code will have to be scrapped and rewritten anyway?

2) Dude. Seriously. Tell me mortgage guy, what the hell is mortgagemail.com, and why are you sending me documents through some meaningless middleman instead of just emailing, faxing or dead treeing them to me directly? … Ok, I signed up on this dealy, but it just says “There are no messages to display for the selected month and year.” Also, it didn’t ask for any verification info, address, SSN or anything when I signed up to receive my Super Secure Documents that are apparently too sensitive to email. Did I miss a memo here? …Ohhhh, you didn’t say anything about having to sign up with this specific email address, which you shouldn’t have anyway; I created a new email address for this signup, as I do with every other place I sign up on the green earth. … Dude, seriously. I gave you the correct address to send the stuff to that middleman site with THREE TIMES already. Dude. Seriously. I just gave you the insurance company’s full details and phone number in the email you replied to to ask what the insurance company’s name and phone number is. Open your g*dd*mmuth******in eyes. …Dude. Seriously. I do not sign up for random commercial Web sites using my (only-remaining-spam-free) personal email address. I don’t care if you think this mail-a-dealy thing is the bees’ knees, and I don’t care if you want to save a buck in postage by giving me Yet Another Password to Remember and Yet Another Site to Login and Poll Frequently for New Messages, no frickety way. And if that does not work, I still have a “mail box”, which is still perfectly functional and in fact attached to the very house we are trying to refinance here. In fact, I pass by it on a regular basis, which is more than I can say for “mortgagemail.com”.

3) Ma’am. Seriously. What do you mean you can’t fax proof of homeowners’ insurance to the mortgage guy? I am the policy holder, and I am explicitly authorizing you to do so. They have to call directly..What do you mean I can’t authorize it? I AM THE FRICKING POLICY HOLDER.

4) Dude. Seriously. No less than three admin people and a Director of Mechanical Engineering are in a meeting with a battery and <specialized electronic gadget> company, the goal of said meeting being to discuss combining our technologies into a seamless product, gazing glasseyedly at schematic diagrams on the projector, and you did not think to invite a single electronics engineer to this meeting? (Oh yes, this IS one of the companies that found out about us by meeting me at ESC. I found this out when the DME came running into my office after the meeting with a stack of electronics samples and evaluation kits, asking when I will have a chance to look at them.)

5) Dude. Seriously. Can I get a quote to get these circuit boards made? This is the third time I’ve asked. Yes, I understand I can’t get electrical testing on a multi-project panel, and yes, I know you received the file, but how much will it cost to make them? Dude. Seriously. I know Chinese New Year was last week, but you can’t *still* be hungover, seriously?

6) Dude. Seriously. What do you mean our Molex crimper doesn’t crimp Molex crimp terminals? No, hand-soldering bare wires to 0.5mm crimp terminals in volume quantities is non-trivial. Wait, you already shipped out the gadget that needed the crimp terminals last Friday, without any? Why are you asking me about crimp terminals today?

And I wonder why I spend an entire day and get *butt* done.

Take my money, please!

I mean it, guys, want money from me in exchange for services I’ve agreed to? All you have to do is ask.

So apparently, if you ever dare to log into GMAC Mortgage’s web site and pay a bill “on-line” (using teh interwebs), even just once, they stop billing you. Neat, huh? Subprime house in the hamptons, here I come! Hmm. Well actually, they keep billing as usual, they just stop sending the bills to you. See, since you’ve demonstrated that you by some means have access to the “on-line”, you are fully capable of logging into their web site everyday to check if they’ve posted a new bill today. Or if you’re really lucky, a link to the bill may have even floated its way to your spamtrap e-mail account*, where it distances itself from the numerous p3n1s p1llz and Honeyjen18 wants to be your Myspace friend! spams** by sporting an eye-grabbing subject line such as “Account Update“***. Because as you know, e-mail is a reliable communication medium.

Luckily, late Friday night I thought to myself, as so many do on a friday night, “hmm, it feels like I haven’t gotten any mortgage bills in a while”, and logged in there (with help from the smiling gods of “15-day grace period” and our internet working again today) just in time to avoid some unknown and no doubt unspeakable late fee nastiness. (Or a becigared, bemonacled Foreclosure Guy showing up randomly at my door with a briefcase and chloroform.)

On a related note, State Farm Insurance stops talking to you if you move about 2.5 blocks. So, they send to your new address (which they have) a note that says, “you moved, so we can’t talk to you anymore, call your agentFULL STOP NO CARRIER”, and to your old address (which, judging from the you-moved note, they understand that you have moved from), your bill, policy and renewal forms (which are apparently immune to mail forwarding service, although stampless paper postcards from the Awards Verification Center still are not). I found all this out after Googling for their phone number today, as it was not on the letter that told me to call it (nor, for that matter, any information concerning the identity of my mysterious Agent). I actually got this letter sometime the week before, but wanted to schedule this hold-music hell for a time when I would be chained to my desk like a good code monkey anyway, with only the occasional frequent pee break (Decaf? My world knows no such thing :P) to influence my odds of having to restart the whole phone tree from the beginning, and be able to set the phone on handsfree and get something half productive done while sitting on hold.

I have to ring them up again tomorrow and doublecheck whether this thing still automatically renews, like a gym membership, or if I’ve been driving around uninsured for the last couple weeks baiting every cop in town.

* I have exactly one remaining spam-free email account. For this reason, it is strictly reserved for friends and personal acquaintances. Ist nicht fuer gewerken bei das banks, mortgage servicers, webforums, order confirmations, shareware trials, shopping sites, travel agencies, etc. End discussion.

** where “Myspace friend” == “Webcam whore” and “Webcam whore” == “$18.99 a month Webcam whore”

*** actually, I don’t know what they use for a subject, because I’ve never received one. At least, not containing the text string “gmac” anywhere in the body, subject or sending address, according to a grep of my spamcexxyinbox.

Salesdouche game for a bored day

Today was one of those little icky days where, after the fun and mildly arty process of designing a set of boards, the next step was to spend all day in Excel sourcing parts and getting all their prices filled in (and ripping up parts of the design where the part had gone non-stock, etc.). As a fitting punctuation to this experience, I had a meeting with a Toshiba(?) sales rep today hyping a line of 16-bit microcontrollers. (How did I get involved in such a meeting? Note to self, stop agreeing to offers for free devkits :P)

Anyway, one of those better-known salesdouche academy tricks is to match the mark’s body language–it’s supposed to instill comfort and trust or some such, or more to the point, increase the odds someone will buy your stuff: if the mark leans in, the salesdouche leans in; if the mark crosses his legs a certain direction, the salesdouche should follow suit within a minute or two. What I like to do is exhibit increasingly bizarre body language and see how far I can get the salesdouche to track it.

For example, I like to start small, with an “interested” forward lean to get him hooked. Once he’s tracking, I may segue into the Thinker pose or an ever-pensive elbow rub. Once the spiel is well underway and the SD is douching it up at full lather, when he mentions something I don’t like, I recoil a bit and hit him up with the jazz hands to see if he jazzes back.

me: “Ooh. So you mainly work with __JAZZ HANDS__ high-volume customers?”
SD: “Oh _JAZZ HANDS_ nono! We’re totally receptive to smaller orders…” (score!)

I like to follow up with some twitchy elbow and a little feet-on-table action. By the end of the meeting, I might well be in full stripper-table-lay, knees on chair, belly and elbows on table, under the auspices of interestedly poring over a brochure they carelessly left of Their Side of the table. I’m small, so I can get away with this. So far, I haven’t succeeded in getting a salesdouche into full sprawl on our conference table, but that day will come.

Woo Vista

I just had my first taste of Windows Vista, uninstalling the mountains of craplets pre-installed on a co-worker’s new HP laptop. Renaming a shortcut on the desktop required clicking “ok” to two authorization dialogs.

‘Nuff said.

Spirit of X-Mas in America

True story. The following overheard on my way into the Shaw’s on Locust St., where a cop (or rent-a-cop, they all look alike) was hassling what I could only guess was a suspected shoplifter (or generally suspicious mixed-ethnicity youth, etc.): “You walk into the store, you walk out of the store, you don’t buy anything… what is wrong with you?”

Takin’ Care of Bullshit, everyday

This week was the week of dealing with billing-related BS – namely, clearing up why the city is still sending tax bills to GJM (in Texas), a discrepancy between the written and printed oil bills we got, and suspicious charges on my last mortgage statement. The first two were quickly and easily resolved. As for the last…

I rang up GMAC Mortgage this Friday, after finding they’d double triple quadruple-billed me for a Payoff Statement, a routine piece of refinancing paperwork. (A refinance is basically taking out a new loan and using it to pay off your old one, usually on finding that you can get one at a lower rate than your current one. The payoff statement tells you–or your closing guy–given a near future date, the exact amount to pay on that loan on that date to pay it off. In other words, an interest calculation that’s done by the computer at the click of a button. How mortgage companies can justify charging $20-$100 for one of these is anyone’s guess**, but that’s a whole different rant entirely.)

I’ll spare re-recounting the details, you can read all about it in my demand letter to GMAC (after repeated calling to customer service reps got me nothing but elevated blood pressure and a contact Indian accent).

If ever you’re planning to contact GMAC about an error they’ve made, do yourself a favor and don’t bother. Type out your complaint on its own sheet of paper with your full name and account number, jam it into an envelope with any evidence, and send it certified mail in accordance with RESPA Section 6 (12 U.S.C. Section 2605). (It may help to include text such as “Qualified Written Request under RESPA Section 6” at the beginning of the letter, but this isn’t necessary for your letter to be a qualified written request they are required by law to respond to.) My experience thus far is that the reps are generally pleasant and inoffensive (though maybe worthless*) until you suggest the possibility that GMAC has made a mistake; then they start stonewalling. After the first rep refused to hear it I wrote him off as the occasional bad apple (curry), but after the same from a completely different rep I pretty much have to conclude that it’s policy.

* I had to contact them once before to make sure a tax payment they were supposed to send actually got sent. They were polite and quick to verify it, although I never did receive the proof of payment they promised to fax “within 24 hours”.

** one could also wonder why I’m making a stink about a whole $60 in spurious charges when compared to the loan amount, but I’m not one for swallowing bullshit, whether it comes by the bucketload or the spoonful.