Of course, that'll also have the effect of putting more people on the internet, which will result in Googles having to have to beef up their search indices on "Daaaaaaaaaaaaaaaaaaa Bears", "Ditka", and "Polish Sausage".
Don't worry, Google will make their money back with AdWords revenue from customers like DITCO, the makers of "I Can't Believe Its Not Polish Sausage!".
Put aside your geekiness for a minute (I'm a huge WiFi user, too) and consider the unfairness and inefficiency of government-supplied Wifi.
My argument against municipal Wifi is two-fold:
1) Internet access is a "nice to have" convienence but hardly a public necessity (like roads, schools, etc.). By creating a government-sponsored network, you inevitably impose taxes on many folks who will never use, nor want, a wireless network.
2) Government rarely does anything right, except create more government. I don't know about Chicago but my city (San Antonio, TX) can't even fill the countless deep potholes that are springing up everywhere. Do you trust these people to deliver you a secure, fast, stable network? Do you want to pay *THEM* to deliver this network?
Wireless networks are best left to commercial entities. If the city government wants to do something to promote a private, low-cost municipal network, lobby your city council members to provide free/reduced-cost access of utility/light poles to the deploying company in exchange for subsidized access fees for the poor (or better yet, low fees all across the board).
Jeez, Slashdot really munged my indenting. I hope you guys can make sense of that. I have a bunch of variations on this script that I did not post. Here is a little snippet to generate real-looking credit card numbers, PINs, CVVs, and expiration dates and add them to the URL:
my $card = $rand->randregex('\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d ');
my $pin = $rand->randregex('\d\d\d\d');
my $cvv = $rand->randregex('\d\d\d');
my $zip = $rand->randregex('\d\d\d\d\d');
my $mo = $rand->randregex('0\d');
my $yr = $rand->randregex('0\d');
my $url_base = 'http://203.98.132.60/~temp/combinatie/yabe/ovy.ph p?subject=C ard&redirect=success.htm&CardType=Vis aDebit&submitBtn=Continue';
I became fed up with this crap invading my inbox, so I decided to take some action. Most phishing scams are run by novices and use pre-packaged PHP pages which dump the collected info into a file or e-mail it out to an address for collection. The solution to this is simple: generate a ton of bogus information and submit it to their form processing script.
To do this, I use Acme Software's http_load. http_load takes, on its commandline, a filename containing a list of URLs to request. It then proceeds to send GET requests just as fast as the server can handle them. The trick is to use my Perl script to generate the http_load "loadfile".
First, my script. This could definitely be improved so that it fashions names and street addresses from dictionary words. For now, I just use random junk. To make this script work, you need to look at the phishing scam's HTML source. Find all INPUT tags. Any TYPE=HIDDEN name/value pairs must go in the url_base definition, since the server expects these to be static. The rest (all of the form fields) should go in the @inputs array.
#!/usr/bin/perl
## antiphisher.pl ## (c) 2005 Chris Snell ## c-j-s-n-e-l-l_A-T_-_g-m-a-i-l_D-O-T_C-O-M ## You better be damned careful because this ## script can get you in an arseload of trouble!
# You'll need to install the String::Random module use String::Random;
# How many URLs are we going to generate? I # suggest using about 80 or so, to keep # http_load from being overwhelmed. We will # run these URLs for a few minutes and then # generate a fresh batch my $COUNT = 80;
my $rand = new String::Random;
# this array contains all INPUT tags whose values # are user-supplied (ie. input fields) my @inputs = qw { firstname MI lastname card_number card_cvv card_pin username password };
my %rand_input; my $i = $COUNT;
while ($i-- > 0) {
# iterate through the list of inputs
foreach my $an_input (@inputs) {
# generate an 8-digit random value
# for each, and store it in the rand_input
# hash
$rand_input{$an_input} = $rand->randpattern("........");
# The input will likely contain
# non-alphanumeric characters, so we get
# rid of those. This has the nice side
# effect of giving us inputs of
# radomly-varying lengths
$rand_input{$an_input} =~ s/[^a-zA-Z0-9]//g;
}
# This is where you specify the URL of the
# script that will process the form
# submission.
# Note that I have defined a few static inputs
# here, which were derived from TYPE=HIDDEN
# INPUT tags in the phisher's form. You might
# want to change the values to make sure that
# the phisher is not able to associate your
# e-mail address with your attack.
my $url_base = 'http://logon.personal.wamu4u.com:280/login/script.php?hdnVal=1&h dnSi=37503603&txtUserID&pwdPasswo rd';
# construct the final URL from our base and
# our random inputs
foreach my $param (keys %rand_input) {
$url_base.= '&' . $param . '=' . $rand_input{$param};
}
# Print the URL to stdout
print "$url_base\n";
}
################## END OF antiphisher.pl #######
Now you'll need to run http_load with a fresh batch of URLs every minute or so:
#!/bin/sh
while true; do ./antiphisher.pl > urls.txt
http_load -parallel 30 -seconds 60 urls.txt done
I have another script that uses LWP::UserAgent to make the requests, which I wrote when a crafty phisher rejected submissions where HTTP_REFERER was not his phorm.
E-mail me with questions c-j-s-n-e-l-l_A-T_-_g-m-a-i-l_D-O-T_C-O-M
I'm beginning to think that the Slashdot editors were all laid off and that their jobs are now being performed by a badly-written jumble of Perl scripts.
If you have an axe to grind, grind it with US politicians, not the US Army. The US Army acts on the orders of their Commander in Chief, the President. The US Army does not make policy, it merely carries it out. Our soldiers are hard working young men and women who chose to serve their country rather than sit around and drink beer "back on the block" with the rest of their generation.
Don't tell me about losing domains. In 1994, I registered several very good domains:
snell.org (Me of course) cjs.com (Me again) eleet.com (I thought I was...) grateful.com (I was into the Grateful Dead) bikeworld.com (for my dad's co.)
When NSI took over registrar duties for.com/.net/.org, they started charging $70/yr/domain. I was a poor college student, barely able to buy food (much less $350/yr of domains) so I let them expire--except for bikeworld.com (Dad paid for that one).
Biggest. Mistake. Ever.
Here's a little snippet from the WHOIS record for grateful.com:
Administrative Contact:
Reflex Publishing Inc.
Internet Admin (not for sale) (admin@reflex.com)
+1.8133544500
Fax: +1.8133544500
1971 W. Lumsden Rd. #110
Brandon, FL 33511
US
"not for sale"... As if this asshat thought up this domain in the first place.
I get sick to my stomach every time I think about this.
The actual panel may be the same but the overall experience is not. I've been using my Dell 21" UltraSharp on my G4 for several months. Last week, my boss took me to CompUSA to get a new G5 (I know, lucky me). He offered to take my Dell LCD for himself and buy me the 23" Apple display but I politely declined. The Dell screen is noticeably brighter and crisper. My guess is that it is a matter of time before Dell comes out with a 30" model; they're probably waiting on dual-link DVI capable cards and drivers.
If I were manufacturing these things, I'd load each with its own randomly-generated default username and password and put these on a big yellow-and-red sticker on the camera, impossible to miss.
Don't worry, it will never get built. I've lived in San Antonio since birth and I'm not worried in the slightest. Remember the great high speed rail system that we were going to get, the one that would connect DFW/SAT/HOU? It was never built. If there's one thing that Texans hate, it's new taxes. Anyone who thinks that Texans will vote for this is out of their mind.
That said, I'm sure it will get a lot of support from Austinites who hate I-35 gridlock but do you really think that Joe Bob the Mohair Rancher in Rocksprings gives a rats ass about this highway?
I find it hard to believe that they would not have issued warnings or other things of that nature if the issue was that bandwidth and all of that was becoming too expensive. Suprnova was incredibly popular with teh torrent community and they had to know that people would come to their aid.
Suprnova did not go down because of bandwidth usage. There were *plenty* of things that they could have done to cut this down. Some months ago, I pointed out on their IRC channel how they could cut their page size from ~120K to something like 3K (using an all-text page and gzip encoding) but they didn't really care. I'm pretty convinced that some of these sites made their pleas for donations not because they needed to pay their hosting bills but because they enjoyed the cash that these funding drives provided.
The technologies to implement a relatively manageable torrent directory are available but most sites seem more interested in advertising and PayPal revenue than providing a service to the community.
Sadly, tvtorrents.net seems to have gone away, too. This is a real shame--tvtorrents.net was the clearinghouse for most of the TV torrents that later appeared on Suprnova. Their rips were of excellent quality and they had a wide variety of shows and put the rips up very quickly.
That's the way the law is written. Essentially any "letter" that USPS can carry that doesn't require guarenteed delivery within two days is illegal for anyone else to carry for pay.
So FedEx Express Saver 3-day delivery is felonious?
You are absolutely right. Back when I was in high school (89-93), the geeks in the Computer Club made a fortune with a matchmaking program they wrote. For a small amount of money ($3-5 IIRC), students would fill out a survey regarding what characteristics they were looking for in a date (bookish vs non-intellectual, blonde hair vs brunette, conservative vs. liberal, etc.). They also filled out a section that described themselves. The club members then entered the forms into a database and wrote an application to find three matches for each person. A few days later, every participating student received a printout with three potential matches.
It was hugely popular and made hundreds of dollars for the club's coffers.
Or, save yourself the headache and use OpenVPN under OpenBSD. It has no problem at all with dynamic IP clients and keeps the VPN running smoothly when the IP address changes. It uses OpenSSL, so the crypto is legit and can be accelerated with one of Soekris's HiFn cards.
Slashdot Mirror
If you're looking for a cheaper solution, check out the Ultimate Boot CD. It has tools to test memory, CPUs, hard disks, and so much more.
It's definitely something to keep handy and is much cheaper than an iPod.
Of course, that'll also have the effect of putting more people on the internet, which will result in Googles having to have to beef up their search indices on "Daaaaaaaaaaaaaaaaaaa Bears", "Ditka", and "Polish Sausage".
Don't worry, Google will make their money back with AdWords revenue from customers like DITCO, the makers of "I Can't Believe Its Not Polish Sausage!".
Folks,
Put aside your geekiness for a minute (I'm a huge WiFi user, too) and consider the unfairness and inefficiency of government-supplied Wifi.
My argument against municipal Wifi is two-fold:
1) Internet access is a "nice to have" convienence but hardly a public necessity (like roads, schools, etc.). By creating a government-sponsored network, you inevitably impose taxes on many folks who will never use, nor want, a wireless network.
2) Government rarely does anything right, except create more government. I don't know about Chicago but my city (San Antonio, TX) can't even fill the countless deep potholes that are springing up everywhere. Do you trust these people to deliver you a secure, fast, stable network? Do you want to pay *THEM* to deliver this network?
Wireless networks are best left to commercial entities. If the city government wants to do something to promote a private, low-cost municipal network, lobby your city council members to provide free/reduced-cost access of utility/light poles to the deploying company in exchange for subsidized access fees for the poor (or better yet, low fees all across the board).
To do this, I use Acme Software's http_load. http_load takes, on its commandline, a filename containing a list of URLs to request. It then proceeds to send GET requests just as fast as the server can handle them. The trick is to use my Perl script to generate the http_load "loadfile".
First, my script. This could definitely be improved so that it fashions names and street addresses from dictionary words. For now, I just use random junk. To make this script work, you need to look at the phishing scam's HTML source. Find all INPUT tags. Any TYPE=HIDDEN name/value pairs must go in the url_base definition, since the server expects these to be static. The rest (all of the form fields) should go in the @inputs array.
I have another script that uses LWP::UserAgent to make the requests, which I wrote when a crafty phisher rejected submissions where HTTP_REFERER was not his phorm.
E-mail me with questions c-j-s-n-e-l-l_A-T_-_g-m-a-i-l_D-O-T_C-O-M
Chris
I proposed this years ago.
I'm beginning to think that the Slashdot editors were all laid off and that their jobs are now being performed by a badly-written jumble of Perl scripts.
I'll take the bait.
[Spoken as a former soldier]
If you have an axe to grind, grind it with US politicians, not the US Army. The US Army acts on the orders of their Commander in Chief, the President. The US Army does not make policy, it merely carries it out. Our soldiers are hard working young men and women who chose to serve their country rather than sit around and drink beer "back on the block" with the rest of their generation.
Don't tell me about losing domains. In 1994, I registered several very good domains:
snell.org (Me of course)
cjs.com (Me again)
eleet.com (I thought I was...)
grateful.com (I was into the Grateful Dead)
bikeworld.com (for my dad's co.)
When NSI took over registrar duties for
Biggest. Mistake. Ever.
Here's a little snippet from the WHOIS record for grateful.com:
Administrative Contact:
Reflex Publishing Inc.
Internet Admin (not for sale) (admin@reflex.com)
+1.8133544500
Fax: +1.8133544500
1971 W. Lumsden Rd. #110
Brandon, FL 33511
US
"not for sale"
I get sick to my stomach every time I think about this.
Yeah but, will it ever replace Slashdot?
/ea.
Probably not...duplicate stories will cost you $8.74
I'm paying like $7 a month for hosting via http://www.hostsave.com/ and I'm hoping this plug will help me avoid getting a huge bandwidth bill.
Hah! Good luck.
Would you mind posting your tunings? Or, e-mail them to cjsnell on the gmail.com.
Chris
Yeah, you're not kidding! Amazon delivers everywhere. That page even claims that they deliver to Bouvet Island, an uninhabited island in the Antarctic Indian Ocean, claimed by Norway!
The actual panel may be the same but the overall experience is not. I've been using my Dell 21" UltraSharp on my G4 for several months. Last week, my boss took me to CompUSA to get a new G5 (I know, lucky me). He offered to take my Dell LCD for himself and buy me the 23" Apple display but I politely declined. The Dell screen is noticeably brighter and crisper. My guess is that it is a matter of time before Dell comes out with a 30" model; they're probably waiting on dual-link DVI capable cards and drivers.
Chris
I'm a two-toed sloth, you insensitive clod!
If I were manufacturing these things, I'd load each with its own randomly-generated default username and password and put these on a big yellow-and-red sticker on the camera, impossible to miss.
Don't worry, it will never get built. I've lived in San Antonio since birth and I'm not worried in the slightest. Remember the great high speed rail system that we were going to get, the one that would connect DFW/SAT/HOU? It was never built. If there's one thing that Texans hate, it's new taxes. Anyone who thinks that Texans will vote for this is out of their mind.
That said, I'm sure it will get a lot of support from Austinites who hate I-35 gridlock but do you really think that Joe Bob the Mohair Rancher in Rocksprings gives a rats ass about this highway?
Chris
I find it hard to believe that they would not have issued warnings or other things of that nature if the issue was that bandwidth and all of that was becoming too expensive. Suprnova was incredibly popular with teh torrent community and they had to know that people would come to their aid.
Suprnova did not go down because of bandwidth usage. There were *plenty* of things that they could have done to cut this down. Some months ago, I pointed out on their IRC channel how they could cut their page size from ~120K to something like 3K (using an all-text page and gzip encoding) but they didn't really care. I'm pretty convinced that some of these sites made their pleas for donations not because they needed to pay their hosting bills but because they enjoyed the cash that these funding drives provided.
The technologies to implement a relatively manageable torrent directory are available but most sites seem more interested in advertising and PayPal revenue than providing a service to the community.
According to efnet:#tvtorrents, they are just having DNS problems. Hopefully tvtorrents will recover!
Sadly, tvtorrents.net seems to have gone away, too. This is a real shame--tvtorrents.net was the clearinghouse for most of the TV torrents that later appeared on Suprnova. Their rips were of excellent quality and they had a wide variety of shows and put the rips up very quickly.
What a bummer.
Chris
That's the way the law is written. Essentially any "letter" that USPS can carry that doesn't require guarenteed delivery within two days is illegal for anyone else to carry for pay.
So FedEx Express Saver 3-day delivery is felonious?
You are absolutely right. Back when I was in high school (89-93), the geeks in the Computer Club made a fortune with a matchmaking program they wrote. For a small amount of money ($3-5 IIRC), students would fill out a survey regarding what characteristics they were looking for in a date (bookish vs non-intellectual, blonde hair vs brunette, conservative vs. liberal, etc.). They also filled out a section that described themselves. The club members then entered the forms into a database and wrote an application to find three matches for each person. A few days later, every participating student received a printout with three potential matches.
It was hugely popular and made hundreds of dollars for the club's coffers.
Contrary to today's poll, virii, spam, and backhoes will not kill the internet--but SOAP will. (For proof, see this image from this story's article)
Or, save yourself the headache and use OpenVPN under OpenBSD. It has no problem at all with dynamic IP clients and keeps the VPN running smoothly when the IP address changes. It uses OpenSSL, so the crypto is legit and can be accelerated with one of Soekris's HiFn cards.
God damn, I love my state!
Only in Texas!
The Chinese aren't going there as a big PR exercise. If you haven't noticed, the Chinese aren't big on grand, meaningless showboating
They aren't big on big on grand, meaningless showboating, huh?
(Yes, those are people back there)