Email Harvesters

Good Sign I missed the story about brothers convicted of harvesting emails the first time. Well, I noticed a followup.

Back around 2001, the CIO received complaints about performance for the web server. So, I went log trolling to see what the web server was doing. A single IP dominated the HTTP requests. This one IP passed various last names into the email directory. Some quick research revealed Apache could block requests from that IP. That calmed things down enough for me to identify the owner of the IP. The CIO then bullied the ISP to provide contact information for the company involved.

Previous little adventures like this landed me a permanent job, so I jumped at similar challenges.

Well, a few years later, it happened again. This time my boss had made me develop a script for the dissemination of the anti-virus software package to home users. Basically, it used email authentication for verification if someone could get the download link. So, I applied the same technique to the email directory. Well, this upset some people who legitimately needed email addresses. So the human workers would provide email addresses to people with a legitimate need.

I’m glad since I’ve left, VSU no longer looks up email addresses for people. (I thought some of the requests questionable.) Also, my little email authentication script was before LDAP was available to the university. I think the new solution much better.

One the more vocal complainers about my having stopped non-VSU access to the email directory was my current employer. We apparently list email addresses for employees freely. Which makes me wonder how much spam we get is due to the brothers described at the beginning of this story? Or other email harvesters? Just hitting the send button potentially exposes the email address.

No worries. I’m sure Glenn is protecting me. ūüôā

Facebook Usernames

If you cannot find me, then you are not looking. If you search on Facebook for Ezra Freelove, then I am the only result at the moment. Maybe all you knew was Ezra and the city where I lived? Facebook search is not so great you could find me through my first name plus something else you knew about me (other than email or city).¬†Probably this is for the best. We don’t want to make it too easy to stalk people, right?

Allowing users to make a username is a promotion. The blogosphere making a fuss¬†over all this is a Chicken Littleesque. Sure Myspace, Twitter, and a number of other sites have addresses with usernames in them. No one is forcing people opposed to having one to make one. Only in the past month could one choose a username for one’s Google profile. Prior to that it was a hefty large number of numbers.

I think the reason some people prefer usernames comes down to elaborative encoding. To retain something in memory, we associate that something with existing items in memory. Short-term memory has only about 7 slots and digits are each a single item. Assuming a single incrementation per account created and over 200 million users, using a numbers means there ought to be 9 digits worth of numbers to memorize. Words occupy a single slot in short term memory, by far simplifying remembering. Which would you rather try to remember 46202460 or ezrasf?

An argument against usernames comes down to using the memory of the Facebook database or other computer memory. Computer memory is better than human memory for stuff like this.

All of these work and go to the same place:

  1. http://www.facebook.com/profile.php?id=46202460
  2. http://www.facebook.com/ezrasf
  3. http://www.ezrasf.com/fb

Pick your poison. Enjoy.

Microsoft Outlook 2007 Wishlist

From 2001 to 2006, Microsoft Outlook was the email client I used for work (and on my home computer to access work stuff). Back then, Exchange was not available, so a number of the features were more hacks than reality. However, it worked pretty well.

When I changed jobs, Netscape and Thunderbird were the pre-installed clients. I opted for Thunderbird. It worked pretty well for me. Calendaring was in MeetingMaker. Everything worked pretty well.

Recently work shifted to Exchange, so going back to Outlook made sense. Maybe because I have so much experience, the transition was not as bad as it might have been. Still… These are gotchas which have annoyed me lately:

  1. Editable subject usability: The emails from our client issue tracking system put the description where its hidden. I was really pissed that I could not edit the subject until I figured out unlike most software which changes the shading to show it is now editable, Outlook just lets me edit at any time. Also, editing the subject after it is used by something else like a task results in the change in the email but not the task. (The main reason I want to change them is so it appears correctly in the task list. ) Copying to a second email results in the same problem. Apparently I have to either create a new task and copy-n-paste the subject I want or forward the email to myself.
  2. Spacebar moves to next message instead of next new message: I really like the Thunderbird method of skipping to the next unread message when I hit the spacebar at the end of the current message. It even will find the next unread message in another folder. Outlook just advances to the next message.
  3. Boolean is more than OR: I had this fantastic Thunderbird filter which looked for user@ AND domain.tld. Outlook only honors OR. We have 15 admin nodes and databases which send up reports. Alerts and tickets come from a different source and unaffected by this.
  4. Search ignores special characters:¬†I thought in the past I had sent email to abc-defghi@domain.tld. However, the message bounced, so I searched my email for part of the address “abc-defghi” as its not in the address book. I got results which match “abc” not “abc-defghi”. So it ignored the hyphen and everything after. FAIL!
  5. Send email as plain text or paste a plain text:¬†Yes, I know lots of people have HTML capable clients. I hate Outlook puts my replies in a sickly blue font. When I copy and paste from the elsewhere in the message, it changes the font. So then I have to go and do formatting to have a presentable email. I just want to type and send. I don’t care about fonts, colors, etc. If I did, then I would create a web page. …¬†(Added 2009-JUN-03)

That’s it for now.

Expression Costs

(This started out as a blog comment for Sania’s post Facebook Killed Your Blog. I’m posting it here first.)

We share blogs with the whole world. So our blogs get lost in the noise, bolstering the need for a whole industry optimizing getting found in search engines. Its a concerted effort just get noticed. That’s because blog readers have to seek out blogs to follow, subscribe to the feed, and follow. Finding the best blogs to read is sometimes difficult and more from word of mouth than anything search engines provide.

Blogs also tend to have a lot of information to digest. Social networks have just a line or two with maybe a link to more information. Blog readers typically are designed around the idea of collecting all the posts and letting the user pick which to read. Social networks typically are designed around the idea of just showing recent posts and letting the users choose how far back in time to read.

As technologies lower the costs to express ideas (aka get easier), blogs will get left behind as they have become upside down in value. The costs of writings, reading, subscribing, and commenting on blogs are more expensive compared to micro-blogging or status updates.

Why blog when hanging out on social networks are so much easier? Blogs can only survive as long as they have information worthy.

Why blog when readers are no longer reading? Posting blog entries on social networks does help keep traffic levels somewhat by getting exposure.

As bloggers providing valuable expression leave blogging, the value of blogs decrease. People will still blog. It just won’t be the popular thing to do.

Open Letter to Anyone Who Asks Me a Question

When I preface statements with something like “Used Google to look up <search term>”, it means:

The following is my interpretation of what you are asking. You should do your own research on the search term to better understand the issue. I’m telling you the search term I used to nudge you in what I think is the right direction.

Probably I spent < 10 minutes doing my research. So the quality isn’t of the highest standard. I’m not speaking with authority… Just trying to be helpful.

Update:¬†I don’t generally mean it to be condescending… As in, you should have checked Google before asking anyone about it.

Relative Truth

Found an interesting comment on an article the state of Georgia observing the Confederate Memorial Day….

The truth of history means very little to those who are dead set against learning anything from it. No matter what the history books used in our public school system say, most will never believe anything other than their own opinion about the Civil War. History revisionist are the celebs of the day. As long as people like Rev. Wright, and David Duke exist, history’s truth will be filtered through lies and distortions. Few observe Confederate Memorial Day: UGA to display original constitution; state offices closed

Truth may very well be completely relative. Back during the US Presidential election, I ran across an interesting article in the Washington Post discussing research John Bullock did about the effects of misinformation and idealogical bias ties. I used to think it had to do with a handful of people stuck in their green, second ammendment, pro-life, pro-choice, capitalist, regulation views. My favorite pasttime in college was assuming positions contrary to others even when I agree with the others.

I doubt the effect solely affects conservatives as was proposed in the article. More likely everyone has some blindspots in determing truth from myth or fiction kind of like optical illusions. (Yes, even myself.) We have to choose which information to believe any time we interact with information. Much of the rules in philosophy and science are built around combatting the biases we have.

Rather than force ideas on others, I think we should be teaching children from an early age to recognize when others and most especially themselves are operating under a bias. Its the only way to find detachment.

Athensdating.org

Writing a Blog Post About This Scam I noticed a little black and white sign: “Single? athensdating.org” a while ago. A couple weeks ago it came up in conversation. Today I saw it again. So I visited the site.

First impression: A local site should have images to represent something about the locality. Generic stock photography doesn’t cut it for me. The signup for wanted my home and cell phone numbers.

That sounded phishy to me.

Domaintools.com is a great site for looking up who runs a site. If the owner has selected privacy options with their registrar, then that would be a snag. Fortunately for us, the owner of athensdating.org isn’t hiding.

Owner: NuStar Solutions

The note “Email address is associated with about 4,690 domains” caught my eye. So I looked up NuStar and found this article about these popping up everywhere. (At least DomainTools gave me the info in one shot without having to do the same extensive research.) Lots of stuff online about these signs, who is placing them, and whether or not this is a scam.

I’m just going to assume it is a scam.

Picture info: Writing a Blog Post About This Scam on Flickr from sneezypb

Flickr Search

Flickr has millions of photos. (Maybe billions.) Many of these photos are tagged. One can look at all the photos with a tag. Every tag has a built in RSS feed. However, to view a combination of tags, one needs to search for the two tags.

Something I would like to see is an¬†RSS feed for Flickr searches. Having to choose between duplication making see the same picture more than once or missing photos because users are… inconsistent.

This is easier than me moving some place else.
ūüôā

LMS Security

This morning there was a flurry of effort to locate an article called “Hacking WebCT.” My coworker was able to locate it.¬†We were disappointed.¬†

The main points of the article were:

  1. Lazy administrators make compromising user accounts easy.
  2. Lazy instructors make getting questions for assessments easy.

These apply to any LMS. So, here is some advice to counter the issues raised in this article.

 

Accounts

Default passwords are the bane of any system. Make users change them. (Yes, this increases support tickets.) This usually comes about because the administrators did not integrate the LMS authentication with LDAP, Kerberos, or CAS  which allows for central management of accounts. Central management of accounts means fewer accounts are likely to sit around with easily guessed intially imposed credentials. 

Linking many services together also raises the exposure should one account account me compromised. Enforce decently strong passwords. Too strong and frequently changed password will encourage users to employ means of remembering passwords which defeat the point. Passwords probably should not ever be just birthdays.

Not sure what advice to provide about the potential of a student installing a keylogger on a computer in a classroom?

 

Assessment Cheating

A long availability period (like a week) provides opportunities for enterprising students to exploit the issues with passwords to see and research questions in advance. Instead, a quiz with a short availability period like an hour means less time to go look at the other account, record the questions, research them, then go back into the proper account and take the assessment.

Instructors should use custome questions. Students can obtain questionss provided by publishers in ePacks or with textbooks from previous students, the same textbooks the instructor received, or even web sites online which sell the information. 

High stakes testing ensures students are looking to cheat. When the value of questions is high, these easier methods than knowing the material ensures a war between students and instructors over cheating. Of course, lowering the value of the questions increases the workload of the instructor. 
ūüôĀ