TrackBack (0) | Comments (0)

Comments on this Entry:

TrackBack (0) | Comments (1)

Comments on this Entry:

(Arthur on May 30, 2004 9:26 PM) (some of them not safe for work)

Microsoft, ladies and gentlemen, is a cheap whore. She lives on the fringes of the law, but there’s no getting rid of her because she fulfils a certain need in our society. People want what she is selling.

There’s a certain painted-on mystique to her, of course. We’ve all been indoctrinated with the propaganda, the hooker with the heart of gold, the disturbingly wide-mouthed Pretty Woman. When you find her, though, beneath the paint she’s really quite plain. You take what you need from her, but reluctantly and because you have no alternative. You get what you want, but she is almost peripheral to the act.

Apple is a lover.

From the moment you meet her, you know that she wants you to be happy. She wants to be a part of your life, and you can’t help but be drawn into wanting to be a part of hers. She is beautiful and elegant in ways that the layers of paint on the Microsoft street-walker can only desperately try to imitate.

TrackBack (0) | Comments (3)

Comments on this Entry:

(Colin on May 29, 2004 11:00 PM) So true. Exprimenting with color?

(Dianna on May 30, 2004 1:40 PM) OMG so true.. I love it! (I moved my blog btw to unsecuregirl.com) xoxox

(Colin on May 30, 2004 2:35 PM) Dianna the site you say you moved your blog to, doesn't work...

Here's a question to be posed....Is it fair to sue a 41 year old single Mom who ostensibly had a computer in her house to encourage her daughter's education, but who herself could not use that computer?

TrackBack (0) | Comments (4)

Comments on this Entry:

(Derek on May 28, 2004 9:44 AM) Frivolous lawsuits are bad in general...but the RIAA has taken it to an entirely new level of uselessness. They are apologists for an industry that puts out subpar products and they reply to their customers' (I hate the term consumers) frustrations with high prices, low quality and limitations on fair use. The fact that they are suing those least able to pay is just sick. It's akin to picking on the smallest kid in the playground multiplied by 1000 (estimated figure). It's a damn shame. -D

(Colin on May 28, 2004 11:44 AM) I really think everything they are doing is worthless. First off making a women like that pay tons of money is just crazy and heartless. Second, all of these lawsuits, don't scare me one bit, I still download as much music as I always have, by doing this they aren't making any "friends", I can see them soon going down the path as SCO.

(Harald on May 28, 2004 1:27 PM) Sadly, you're preaching to the choir. There are a whole bunch of people who _have_ been taken in by RIAA propoganda, but I don't think they're reading our weblogs... :)

(ilan on May 29, 2004 3:37 AM) your post has inspired some comments over on blogcritics...

But give The Washington Post two vain, young, trash-mouthed skanks who couldn't care less about what their parents think of their sex-drenched infamy, and the newspaper can't wait to help make them full-fledged members of the media elite.

As a wise person once told me, "Anyone can talk dirty, real women have class."

Related Link:WaPo article

TrackBack (1) | Comments (0)

Comments on this Entry:

First, take a look at the HTTP error codes.
HTTP 403 - are IP's I've banned. It appears that some of the IPs that hit me on Tuesday were ones that were used in previous comment spamming attacks. This means that the comment spammers probably only have a set amount of cracked machines that they can use. This also means that IP banning after being attacked will help alleviate the problem.
HTTP 405 - method not allowed. I've throttled MT to only accept comments after a certain amount of time. And the idiot who created this script apparently was unaware of this limitation, thusly his comments are being rejected.

Host: 64.124.222.172 [Attack script on webserver - IP WHOIS resolves to above.net]
Url: /blog/archives/001202.html
Http Code : 403
Date: May 25 16:18:53
Http Version: HTTP/1.1"
Size in Bytes: 1010

Host: 24.97.4.148
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 16:01:19
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 200.202.216.162
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 16:01:18
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 66.186.173.42
Url: /blog/archives/001202.html
Http Code : 403
Date: May 25 16:01:16
Http Version: HTTP/1.0"
Size in Bytes: 998
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 69.10.70.130
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 16:01:16
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 64.124.222.172 [Attack script]
Url: /blog/archives/001202.html
Http Code : 403
Date: May 25 16:01:15
Http Version: HTTP/1.1"
Size in Bytes: 1010

Host: 219.117.212.87
Url: /blog/archives/001202.html
Http Code : 200
Date: May 25 16:01:15
Http Version: HTTP/1.0"
Size in Bytes: 8602
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 213.171.57.162 [Surprise, this IP is from .ru]
Url: /blog/styles-site.css
Http Code : 200
Date: May 25 16:00:45
Http Version: HTTP/1.1"
Size in Bytes: 6026
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [Looks like a legit browser.]

Host: 200.180.247.230
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:57:19
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 198.26.130.36
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:57:17
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 61.120.94.198
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:57:16
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 80.82.139.21
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:57:14
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 203.22.206.51
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:57:02
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 212.25.77.189
Url: /blog/archives/001202.html
Http Code : 403
Date: May 25 15:57:00
Http Version: HTTP/1.0"
Size in Bytes: 998
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 203.122.54.129
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:56:58
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 80.49.24.15
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:56:55
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 63.171.110.188
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:56:48
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

Host: 200.163.234.2
Url: /blog/archives/001202.html
Http Code : 405
Date: May 25 15:56:36
Http Version: HTTP/1.0"
Size in Bytes: 318
Referer: http://www.cleverhack.com/blog/archives/001202.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

TrackBack (0) | Comments (0)

Comments on this Entry:

TrackBack (1) | Comments (7)

Comments on this Entry:

(ilan on May 21, 2004 3:07 PM) cool shirt. have you seen mightygirl's? it's a trip. check out mightygirl.net.

(Janine on May 21, 2004 6:08 PM) That is tres cool. Judging from the diminished number of enormously stressed-out people in the B&N Starbucks this week, is it safe to wager that you survived exam-time and congrats are in order?

(Colin on May 21, 2004 11:30 PM) Good to hear, I like the new green color.

(Nobody on May 22, 2004 9:10 PM) Is that photo, specifically the slogan, supposed to be some kind of pithy Margitte-esque commentary on the whole non-blogging mess i.e. his infamous painting titled "This is not a pipe" or am I just drinking too much beer tonight?

(Charlie On the Pennsylvania Turnpike on May 25, 2004 8:07 AM) Great photo. Cute shirt. Cute subject, too.

(Harald on May 25, 2004 12:42 PM) I was going to say something like that, but I thought I'd get in trouble...

(Shawn on May 25, 2004 10:59 PM) The color change is not quite that easy on the eyes.

I am going to trackback to OTB since James has a latest news roundup there.

TrackBack (0) | Comments (3)

Comments on this Entry:

(James Joyner on May 13, 2004 9:38 PM) Thanks for the tip. otbblog/jamesotb will work on the registration.

(James Joyner on May 13, 2004 9:47 PM) Actually, they want e-mail so it's james@mydomain.com - jamesotb

(Carol on May 18, 2004 4:47 PM) Forgive Jesus said, Father forgive them for they know not what they do. As we forgive even the most horrendous crimes, God forgives us of our great crime of rejecting him. Romans 5:8: But commendeth his love toward us, in that while we were yet sinners Christ died for us.

As with any shared network, there are a host of issues to consider when providing access to others. What if the person sharing your network downloads something illegal? Are you keeping logs tracking who is who? If you are unable to secure a WAP, who is to say that you've properly secured your own computers? What about if your provider shuts you down for excess bandwith usage?

In other words, if you are thinking of setting up an open WAP, think long and hard about the implications, both technical and legal. While it's great to talk about ubiquitious wifi connectivity, we're still in a tangled web of undefined legal risks. If nothing else, you're putting yourself at the mercy of others who may be able to take advantage of you.

TrackBack (0) | Comments (2)

Comments on this Entry:

(Phil Libin on May 14, 2004 1:23 AM) Joy, You make a good argument, but I’m going to stick by mine. I never said that people shouldn’t secure their WAPs. I think that people *don’t* secure their WAPs because the technology is poorly implemented and frustrating. If WiFi security was more robust and easier to use, it would naturally be in everyone’s advantage to use it. However, if I’m going to ask average consumers to spend a few hours on computer “security”, I’d much rather they first install the latest OS patches, turn off file sharing, install a firewall at the network and on every computer, learn a bit about “phishing” and other scams (and maybe download SpoofStick), install an anti-virus program and get the latest signatures, check for spyware and rethink their passwords. When they’ve done with all that, they can monkey around with their WiFi network. All the other stuff is more important, more effective and easier to do. Even if you manage to keep your WiFi access point encrypted, you’re not really adding a whole lot of security. Everything just reverts right back to plaintext as soon as it goes from the WAP to the ISP, all your HTTP and FTP and email is bouncing around the guts of the web for anyone to see. If you’ve got data worth protecting, use SSH or SSL or a VPN – then it doesn’t matter if you’ve secured your WAP. If a non-SSL site asks you for a password, assume that everyone can see it. If you send out unencrypted, unsigned email, assume that there’s going to be a searchable trail of everything you’ve ever written somewhere or another. As for the legal aspects, I don’t buy it. Internet access is not a firearm, and I don’t have any responsibility to make sure others can’t use the bits my access point decides to shoot out into the air. If my ISP has a problem with this, they should figure out how to restrict access on their side. I shouldn’t have to waste my time setting up “security” to solve their billing problem. If a crime is committed in my neighborhood, it’s not up to me to prove that I didn’t do it. It’s up to the authorities to find whoever did – and to prove it. Of course, you’re right that this area is “undefined” and it may take an unpleasant case or two to iron things out. If you’re concerned about being blamed for the actions of others on “your” wireless network, by all means take the appropriate precautions. For what it’s worth, I’ve found that MAC filtering works better than WAP encryption. So, bottom line: we need better security technology that takes the burden of securing all data away from the user. In the mean time, locking down residential wireless access points is not my top security priority, and may not be a good way to spend finite security resources.

(Misanthropyst on May 14, 2004 6:40 PM) Resistance is Futile. You Will Be Assimilated. Joy, you sound like a lawyer! ;^)

From this hobbyist page about Giant African Land Snails.

TrackBack (1) | Comments (4)

Comments on this Entry:

(bert on May 13, 2004 2:25 PM) I'd be more worried, except for the fact that our Agriculture Commissioner is Charles Bronson... These snails don't stand a chance.

(Colin on May 13, 2004 7:19 PM) Those snails are insane. I can't believe they can ge so big, and that someone would wnt them as pets.

(Phil Libin on May 13, 2004 8:04 PM) Holy crap! I came to this blog to respond to your post about my WiFi security position (your next entry – it’s not “Larbin”), but I got distracted by the giant snails. I don’t even remember all the great counter arguments I was going to use. Must… Not... Stare... At... Giant... Snail.

(Arthur on May 13, 2004 8:27 PM) Hmmm. I wonder what they taste like.

What made my morning, however, was buried in the Slashdot thread. Apparently, the Daily Show had interviewed Scott "High Volume Email Deployer" Richter at some point and the resulting video is hilarious. And his email address was included in the end.

TrackBack (0) | Comments (0)

Comments on this Entry:

Date: May 11 15:05:49
Http Version: HTTP/1.0"
Size in Bytes: 624

Referer: -
Agent: -

This is an attempt at trying to download a ccbill.log file, which is apparently part of a streaming video management package (i.e. for those subscription only Adult sites) called ccbill. What's scary is that I merely typed in ccbill.log on google and the first result was a page which describes how to use the .log file to grab password information.

TrackBack (0) | Comments (0)

Comments on this Entry:

TrackBack (0) | Comments (0)

Comments on this Entry:

Not that I would know, even though I own a spiffy PowerBook running OS X Panther, my wireless provider does not offer Bluetooth ready phones.

TrackBack (0) | Comments (1)

Comments on this Entry:

(fluffy on May 10, 2004 10:08 PM) Bluejacking is not a security threat, it's just a clever way of pushing out a message to other phones, making it an annoyance at best. IIRC, Bluesnarfing only affects a few Bluetooth chipsets on the market, such as Nokia's, and even then I believe it requires the device to be set discoverable, which most people don't do. The 'network security' issues of Bluetooth are way overblown, since the vulnerable devices (i.e. phones) don't act as network devices, and its range is so short that anyone who's able to grab stuff from a device over Bluetooth would theoretically be able to physically access it anyway. I mean, sure, don't put a Bluetooth dongle on a computer which is tucked away inside a locked cabinet, but I don't think it's really the big security fuss which various "experts" are making it out to be.

Date: May 10 19:42:06
Http Version: HTTP/1.0"
Size in Bytes: 10375

Referer: http://www.cleverhack.com/blog/archives/001245.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

------------------------------------------------------------------------------

Host: 64.124.222.172
Url: /blog/archives/001245.html
Http Code : 200

Date: May 10 19:41:49
Http Version: HTTP/1.1"
Size in Bytes: 8505

-----------------------------------------------------------------------------

Host: 217.117.14.167
Url: /blog/archives/001258.html
Http Code : 200

Date: May 10 19:41:45
Http Version: HTTP/1.0"
Size in Bytes: 9985

Referer: http://www.cleverhack.com/blog/archives/001258.html
Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

What you see above are three entries from my logs. Two are comment spams and the middle entry, sans user agent info, is what I think is a probe. (My "recent visitors listing" only shows the last page someone requested.) You see, yesterday, I renamed my mt-comments.cgi file to something more prosaic in hopes of killing off the automated comment spam. As you can see, that move lasted all of 24 hours, with the spammers apparently probing (the WHOIS for the probe machine) to find out the new filename.

Anyway, renaming mt-comments.cgi doesn't work. And aside from IP banning the client machines posting the comment, I can't think of anything more creative to do at the moment.

TrackBack (1) | Comments (2)

Comments on this Entry:

(fluffy on May 11, 2004 12:25 PM) You can always do this, if you don't want to move to a different comment engine entirely: http://trikuare.cx/mt/archives/000410.php It doesn't even require moving to PHP, though it's helpful to (since then you're not stuck with a static, easily-discovered key per page).

(Paul Kuliniewicz on May 12, 2004 4:43 PM) Even just using the single-static-key version of fluffy's method cuts down on comment spam dramatically. I've only had a couple of spams get through, and both of those were one-shot affairs and may have been by-hand.