Archive for the ‘Documentation’ Category

Radar gun inaccuracies

Thursday, October 23rd, 2008

The innacuracies are in the new guns and their “pop” mode. Basically it is an ultrafast start and shutdown mode for the gun. The reason is, of course, RADAR detectors. They’ve gotten quite good. They don’t necessarily need the gun to be on and transmitting to pick it up. When the gun is in standby (with it’s electronics operating but not transmitting a beam) they can still be picked up. Same sort of way RADAR counterdetectors work. Even though the detector itself isn’t trying to emit anything, it does anyhow (as does any superheterodyne device).

Ok, great, however you might pause to wonder about the ability to electronics operating in the 30GHz range to quickly come on and stabilise and, well, you’d be right. Guns in “pop” mode aren’t accurate. In part due to the fast start, in part due to less data points, they can produce unreliable readings. The gun manufacturers say that pop mode isn’t to be used as a final speed measurement, but that doesn’t stop police forces from doing so anyhow.

Or it could be even more simple: The gun wasn’t calibrated. Like any precision device, they need periodic recalibration. Had this been allowed to happen, it is entirely possible the gun was producing inaccurate readings.

It is a good idea for all drivers to take a little time to educate themselves about various speed measurement technologies and such. While I’d say the majority of police departments use their equipment right and the tickets are legit, they aren’t always. If you get nailed with a bogus ticket, you don’t necessarily need GPS to fight it. Tell the department you want the calibration records for the gun in question, find out if it was in pop mode, etc, etc. If they screwed up, let the judge know and they’ll most likely drop the ticket.

Flaws with the Federal Do Not Call list

Monday, October 20th, 2008

Why is this limited to just telemarketers? Debt collectors, campaigners, and non-profits need included.

I kept getting hammered by an automated call only leaving a number to call back.. A Google search turned up the number belonged to a collection agency in Chicago. They were hammering stale cases and my new number from a move just happend to be one of the numbers they had. I even had it happen after I moved since my number was associated with the address of the house I USED to live in two years ago. The call was for the owner who lived there before me!

I called them and told them to put me on their DNC list. They informed me that they were exempt as they were not telemarketers. I have had the same thing happen to me many times and to friends and family as well. Here is the 411 for you:

1) They ARE exempt from all telemarketing laws. Everyone likes to bring that up on the phone, but they are actually right.

2) So what now? They are still not exempt from basic laws governing harassment. You could deal with your phone company or talk to a supervisor of the debt collection agency and threaten a lawsuit if they keep calling you, or you could just go to….

3) Deal with them under the Fair Debt Collection Practices Act. They MUST inform of you their mailing address and the appropriate department. Send them a typed letter explaining that you are not the person they keep asking for, you have no knowledge of this person any debts this person has. Demand that all communications to that number cease immediately or you will seek remedies under the FDCPA.

Believe it or not, this works every time under the FDCPA. The reason why is that 99.9% of the people complain on the phone where the debt collection agency is not liable. Hardly anyone ever writes a letter. Write the letter, it will stop. If it does not.. you have a $5,000 dollar insta-claim in a small claims court of your choice.

People are absolutely wrong about somebody deserving to be harassed by debt collectors. Nobody EVER deserves to be harassed under any circumstances. That is why there are large awards in civil court cases for collection agencies with too much “zeal”.

I had clearly indicated I was not the party they were looking for (does my name even sound like “Susan”?). Any calls that occur after this are, by definition, harassment. Now this harassment is not necessarily fully written out under the aforementioned FDCPA, but it does not have to be. This is no different than any other person or company repeatedly calling a random person after being asked to stop.

As you can see from the FDCPA, even IF the debt collection agency is calling the right person there are still rules governing their ability to call them after being asked to stop. You might want to look at:

Causing a telephone to ring or engaging any person in telephone conversation repeatedly or continuously with intent to annoy, abuse, or harass any person at the called number.

Except as provided in section 804, the placement of telephone calls without meaningful disclosure of the caller's identity

Furthermore, at any time a person may send a letter to the collection agency asking that all telephone communications cease. Afterwards, the collection agency may only send letters to the person updating them on any actions being taken towards the debt.

CEASING COMMUNICATION. If a consumer notifies a debt collector in writing that the consumer refuses to pay a debt or that the consumer wishes the debt collector to cease further communication with the consumer, the debt collector shall not communicate further with the consumer with respect to such debt, except-- (1) to advise the consumer that the debt collector's further efforts are being terminated; (2) to notify the consumer that the debt collector or creditor may invoke specified remedies which are ordinarily invoked by such debt collector or creditor; or (3) where applicable, to notify the consumer that the debt collector or creditor intends to invoke a specified remedy.

If all else fails, fix it yourself with Asterisk. Numbers not on the white list are dumped into recorded phone tree maze with endless loops of meaningless choices and no way out except to hang up. It would be even better with a plugin that could try and string them on for a while without actually divulging any meaningful information by responding at pauses with phrases like “that sounds interesting”, “uh-huh”, and “I’m not sure” the goal being to waste as much of the telemarketer’s time as possible on a dead end call (i.e. no sale) before they hang up in frustration.

The Social Security Number problem solved (sort of)

Wednesday, May 14th, 2008

The Social Security Administration doesn’t accept paranoia as a criterion for granting a new card, but it recognizes cultural objections and religious pleas. One stratagem: Contend that your credit has been irrevocably damaged by a number-related snafu, or that you live in fear of a stalker who knows your digits.

Once you switch your SSN, never use it. Then use the fake one of 078-05-1120. It’s a specimen number from the Eisenhower era. No need to give your correct number to the cable or phone company. They don’t need it. Period. Of course it’s possible that someone else has used this number already, but so what.

The only people who need your SSN is your employer because they have to make the contributions. Your bank doesn’t need it – they, as well as your mortgage company , broker, etc., can use a Taxpayer ID # to create 1099s and such for the IRS. And health insurance companies have no shittin’ business with your SS#, not to mention the galactic stupidity of putting it right on your ID card.

When someone asks me for the last 4 digits of my SSN, I ask them to use another secrity key. if they can’t, I don’t do business with them.

Anyway, using a SSN+address for authentication is as ridiculous as using a username+IPAddress alone for online banking.

I wonder why more companies/organizations don’t realize this, and any step to educate them is a step in the right direction.

The answer is easy: They do realize it.

They just don’t care because the current system minimizes their financial losses by transfering those losses to the individual who has his/her identity “stolen”.

Making any changes would cost money which reduces profits.

Any changes that improved the situation could be used to find them responsible when/if their new system is defrauded.

So, fixing the system is, from the individual company’s point of view, all loss and no gain.

Help is here! Answering your questions about Ubuntu Linux

Saturday, December 29th, 2007

Ok, I’m going to try to help.

First things, first – if you’re looking for programs to perform a certain task (play mp3s, webcam, etc), try using the “search” feature in Synaptic. You can search by program name, program name and description, and a few other criteria. These two are the ones I use most.

Anyway, with that out of the way, let’s go down the list:

Of course, I also told him I would install the MP3 support

I’ve installed all sorts of Linux variants on dozens of machines and Ubuntu was a fair share of those. I never had to “install mp3 support”, I just installed xmms. I can’t remember if it was installed by default or if I had to apt-get it…either way, that takes care of that. As far as OGG goes, I just don’t use it. I know…what kind of geek doesn’t use OGG, right? 😉

Another thing was Webcam support, yep, I connected a Genius webcam NB and it detected it automagically, unfortunately there is NO program to capture video or at least see it.

I’m assuming you’re talking about no program in Windows to capture or see video. I typically use camstream in Linux. I know there are several more options out there (again, search in Synaptic), but this is the one I’m used to.

But, what I wanted to show here is that there ARE those small annoyances that just keep getting across the way, until those are not solved it would be difficult for the “normal” people to migrate.

Yeah, there are small annoyances here or there in Linux, just like there are in Windows. For example, I have a HP PSC-1209 printer/scanner. Windows automagically “found” a new printer attached to the USB port. The drivers that Windows automatically installed didn’t work. I then grabbed the HP install CD so I could install the correct drivers after uninstalling the drivers that Windows was nice enough to install…without asking (you know, so the printer would “just work”). In Ubuntu, I just clicked on “Printers” -> “Add Printer” -> selected my printer model from the list -> waited a few seconds for drivers to kick in -> done (no reboots either!). Overall, it took me 25 seconds to install the printer on Ubuntu Linux, and about 5 minutes in Windows.

Overall, one tool that helps Ubuntu users out quite a bit is EasyUbuntu. That’ll take care of quite a few of your issues.

Ubuntu really isn’t that difficult, even for new users. Heck, my 11 year old daughter uses it on an AMD 450Mhz machine with 256MB of RAM and she used XP for two years prior to Ubuntu 5.04. I don’t get calls for “Daaaaaad! Where do I find X” or “Daaaaad! Do I send this error report to Microsoft?” any more either, which is quite nice. The Gnome menus just seem to make more sense than a Windows menu to find the programs you want to use. Anyway, good luck to you and your friend – I hope this post helps out.

Linux – changing the default vncserver port

Sunday, February 11th, 2007

To change the default port for vncserver on Linux from 5900 (+display number), you must first open the file /usr/bin/vncserver as root (or sudo) with your favorite text editor. If you scroll down to around 25% mark in the file, you’ll see the line:

$vncPort = 5900 + $displayNumber;

Change 5900 to whatever port you would like, save the file, stop and restart the vnc service.

Java (port 5800 + display number) doesn’t seem to change, so how do we change it? This is a little easier. When starting up your vnc server, just add the option “-httpport “. For example:

vncserver -display 800x600 -depth 16 -httpport 5000

Messagelabs spam filtering service SUCKS!

Thursday, December 21st, 2006

Upon attempting to send an email to someone at my place of employment, it got bounced. Here is the message I received:

xxx.xxx.xxx.xxx failed after I sent the message.
Remote host said: 553-Message filtered. Please see the FAQs section on spam
553-at http://www.messagelabs.com/support/ for more
553 information. (#5.7.1)

This is the third time I’ve seen messagelabs used as a 3rd-party spam filtering service by businesses and have blocked legit messages from both my domain and my former employer’s domain. So I decided to investigate a bit further and figure out why I’m being blocked this time.

First, let’s follow Messagelab’s guidelines found here.

Let’s go down the checklist:

Ensure your mail server is not open relay – http://www.abuse.net/relay.html.

I entered my domain name here and my server passed this test just fine.

Check if your sending IP is on any black lists. A good place to check this is http://www.dnsstuff.com. This will be able to show any 3rd party lists that may have received spam from your mail server.

Next, I checked DNSstuff per their guidelines and there was two entries, both from SORBS.net, which stated:

Netblock: 75.21.160.0/19 (75.21.160.0-75.21.191.255)
Record Created: Wed Sep 13 05:17:29 2006 GMT
Record Updated: Wed Sep 13 05:17:29 2006 GMT
Additional Information: [SBC Supplied Dynamics List - 18/8/06] Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to indicate static assignment.

So SORBS blocked a huge list of SBC customers from sending email if they decided to use their own server for sending email. Fine, this doesn’t affect me because I already use my ISPs mail server for sending email. However, SBC doesn’t allow sending of mail anyways unless you configure your mail server just right and I don’t really feel like jumping through the hoops. This is to prevent virus infected Windows machines from clogging the internet up with even more spam. So yes, I use my ISPs SMTP server for sending mail from my domain, so this doesn’t affect me.

If your internet line is provided by DSL or Cable that shares IP’s with residential users, please ensure your mail server sends to your ISP’s smarthost instead of direct to the internet. This reduces the potential of your email as being mis-detected as coming from a Trojan infected home user machine.

Confirms what I have just stated – doesn’t affect me.

Ensure the email you are sending does not contain any spam content (ie. forwarded spam or ‘spamvertised’ URL’s).

I’ve sent emails to the same user with the same content and rarely with any URLs whatsoever. In fact, the email that got filtered only had one URL in it, but it’s been in my signature for years. My mail signature:

--
"How much time do we have?"
Linux user #309094
Machine IDs 195080, 243403, 243404
counter.li.org

Ensure your mail server is configured correctly.

I have run several tests on it including the tests from messagelabs and I’ve passed all tests with flying colors.

Ensure you have no virus infected machines on your network that are being used to send spam through your mail server.

I use Linux and have checked for rootkits for shits and giggles.

Ensure you have no exploitable web scripts on your web servers that could be abused to send spam. The most commonly used one is php contact scripts which spammers can easily abuse the php mail() function to send what they want.

I’ve tested all PHP scripts on my web site and I do not have any php mail() functions other than for registration of this blog. However, all outgoing mail for new registrations on this blog are approved by me first before being sent, so this is not an issue.

Make sure any ‘opt-in’ newsletters contain an ‘opt-out’ link to be certain users can easily unsubscribe.

I do not send out any newsletters, nor do I ever plan to.

Last, but not least:

What does “553-Message filtered” mean?
This means that your email has met certain characteristics which make it appear to be spam. Please refer to the above suggestions and try sending the email again. If the email continues to be rejected with the “553-Message filtered” message, please contact your recipient and request that they add you to their approved senders list.

For the record, I sent no attachments either. My message, verbatim:

Subject: Hi!

Just thought I'd drop you a line and say "hi". Hope you're having a good
day!

:)
--
"How much time do we have?"
Linux user #309094
Machine IDs 195080, 243403, 243404
counter.li.org

Now I seem to remember a few worms sending out email with the subject of “Hi!”, but have spam filters really become this strict or stupid? I sent the same message with the subject “Howdy” and it appears to have gone through just fine.

What really yanks my chain on stuff like this is the fact that companies even feel the need to use a 3rd party spam filtration service to begin with. If they’re using and maintaining their own mail server, then why not configure their own spam filtration system? It takes just a few minutes and doesn’t cost the company a dime. They’ll spend all sorts of time and money on securing their mail server and then the time and money on the initial system itself (*cough* Microsoft Exchange *cough*), and then not take a few minutes to set up the mail server or a second machine to do their own spam filtration. What gives? Look, I don’t know how much you’re spending on 3rd party spam filtration services, but here’s some free advice – stop doing it. It’s not secure by nature.

Here’s a free, easy solution that takes only a minimal amount of time to set up. Before the messages hit your email server, route them through a Linux mail server for filtration. Something like SpamAssassin with Postfix would do, or even just setting up Postfix to work as a spam filter on its own with the following configuration lines would work wonders (copy and paste if you’d like):

header_checks = regexp:/etc/postfix/header_checks

smtpd_helo_required = yes
disable_vrfy_command = yes

address_verify_map = btree:/var/run/postfix_address_verify

non_fqdn_reject_code = 450
invalid_hostname_reject_code = 450
maps_rbl_reject_code = 450

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_access
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_unknown_hostname
reject_unknown_client
reject_unverified_recipient
reject_unverified_sender
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_non_fqdn_hostname
reject_invalid_hostname
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client combined.njabl.org
reject_rbl_client bl.spamcop.net
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender bogusmx.rfc-ignorant.org
reject_rhsbl_client dsn.rfc-ignorant.org
reject_rhsbl_client bogusmx.rfc-ignorant.org

Think to yourself how messagelabs likely filters spam. It appears that they’re using SORBS, a freely available spam database, for filtration and probably a few on the list above, so why not cut out the middleman and just do it yourself? They’re all free to use for anyone. Some are better than others, but shouldn’t you be the judge of which ones to use? I have found that SORBS is not the best choice for spam filtration both personally and through professional colleagues, but to each their own I suppose. At least then you have the ability of tweaking things, if necessary, to suit your business needs rather than leaving your business in the hands of others…who also may or may not be responsive to your business needs.

No monthly fees, no tweaking of rules, no fuss. Just config and forget. Wasn’t that easy?

Linux vs. Windows facts

Sunday, December 3rd, 2006

Trying to get large companies to at least give Linux a shot is hard to do. Some have never heard of it, some are afraid of change (rightfully so in some cases), and some just don’t care to know anything other than Windows. All you can really do is give them the facts – and I don’t mean the Microsoft-funded “facts“.

According to top500.org, in 2005, 390 of the top 500 super-computers were using Linux. That means that 78% of super-computers run Linux. For instance, the world’s most powerful computer is IBM Blue Gene, and it uses Linux for its I/O nodes (more info here). Also, Google’s gigantic, powerful, and distributed search engine runs using over 60,000 Linux machines (more info here, here, and on Google’s Research page here). The fact that big, complicated, and highly successful operations use Linux shows what it can do. In the case of Google, it shows that they trust it to deliver the security they need.

You can urge them to get a second opinion. For instance, tell them to look over Secunia’s report on Windows XP compared to Ubuntu 5.10.

Ultimately, however, all you can do is provide them with an honest assessment of Linux’ strengths and weaknesses, and point out in what ways the media reports are wrong. If they respect your opinion, then they’ll make the right choice. If they refuse to listen to reason, then there is nothing you can do. People who are more interested in media sound-bites than expert discussion are essentially impossible to convince of anything they don’t already believe.

In other words, a conservative viewpoint with regards to technology is good, but it can lead to situations where the well-trodden path isn’t nearly as efficient as clearing a new one. As a wise man once said, ‘A foolish consistency is the hobgoblin of little minds.’

Introduction to Linux – a 244 page PDF

Saturday, November 11th, 2006

A very detailed introduction to Linux – good for newbies and experts alike. If you like reading or if you’re constantly told to RTFM, then this is for you.

Get it here.

Variations in exploit methods between Linux and Windows

Wednesday, October 4th, 2006

This document compares the same Oracle 9i vulnerability on a Windows system and a Linux system. It points out similarities and differences in using the exploit on each system. A very insightful read.

Here it is.

What to do if you suspect Identity Theft

Sunday, September 10th, 2006

As I posted once before, if you ever suspect (or know) you’ve been the victim of Identity Theft, here’s what to do:

Contact the credit agency of your choice to put a fraud watch on your file. The agency you contact will notify the other two for you.

Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013

TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

Its also a good idea to call 1-888-5OPTOUT to prevent banks, insurance companies, and those pesky fakers (remember the ChoicePoint fiasco) from getting ahold of your credit report. All 3 agencies use that same number for the opt out process. That should significantly cut down on those pre-approved credit card offers you get in the mail that can be stolen and used in your name as well.

And for the Active Duty members in the crowd that happen to be TDY, you should consider getting an Active Duty military alert placed in your name in addition to a fraud alert. You can never be too safe when it comes to preventing ID theft. However, no matter what you do there’s still no guarantee you won’t fall victim to the random oddity that can occur (such as a bartender swiping your card # and going nuts on Amazon).

For more info on how to minimize the risks of ID theft, or how to recover from it, check out the FTC’s website at www.ftc.gov/idtheft