centre{source}
INTERACTIVE AGENCY
Web Development
Security
Where Will the Web Be in 10 Years?
In our weekly Wednesday company meeting, we typically talk with each other about what we’ve learned in the last week and the projects we’re working on. This week, however, Nick threw us a bit of a curveball.
We split into two groups to answer a big question: where will the web be in 10 years? Each group was required to deliver 5 concepts. We talked for 15 minutes, and neither group was short on ideas. The hardest part was whittling it down.
Bad PayPal! - When security becomes ridiculous
Want to know the perfect formula on how to create a frustrating system, provide terrible customer service, and manage to drive a loyal customer to hate? Just take lessons from PayPal - they are doing a great Job at really screwing up.
Here’s the magic combo:
First, PayPal created some security restrictions that ‘automatically’ triggered on my account. While they won’t say, I’m guessing its because I accepted 20-30 payments before I attempted to make a full-withdrawal. Regardless, this sparked their security system and it asked that I certify my account (this is different than verify). To do this, I have to ADD MY PERSONAL CREDIT CARD to the account ?@?#$@#$# I also have to verify my SS#. The first step takes 1 week for the transaction to show on my personal CC#… The second step fails because they say that I’ve used my SS# at some point in the past.
Great USB Backup App / Utility
I just found a great backup app (utility) for my USB drive. The app that comes with PortableApps isn’t very flexible and it drove me to finding something better. Luckily, I found Freebyte Backup through PortableFreeware.com. They even told me how to ‘make it more portable’ by avoiding the installation and simply running the .EXE & creating my own profiles. Hope this helps others looking for a stable, feature-rich USB backup utility.
Blacklists: What they are and how to avoid them
If you thought that anti-spam protection for your incoming mail would alleviate your e-mail problems forever, think again – another issue that can cause more than a few headaches are DNS BlackLists (DNSBLs), sometimes also called RBLs (Realtime Black List). DNSBLs are not a new idea, but their usage is increasing rapidly. In short, a DNSBL is an innovative use of DNS to provide access to lists of IP addresses (or other info). These lists are created on varying criteria — for example, the IP address was caught sending spam, or it’s owned by a company known for supporting/sending spam. Or perhaps the IP address hosts a mailserver not following the rules, or a web/proxy server that has been compromised in such a way that it could be used to send spam. In this way, common sources of spam can be compiled into these lists and checked by a mailserver before accepting mail. If you show up in the blacklist, your mail is rejected.
As the spam-war has escalated, DNSBLs have become a double-edged sword. They have probably saved SMTP from being utterly inundated with spam to the point that it’s useless. However, blacklists have also been forced to get increasingly aggressive. It’s not uncommon for an organization to find itself blacklisted, even if it didn’t overtly send spam (that it knows of). If your organization becomes the unlucky member of a DNSBL, you’ll find that most (if not all) of your email is rejected by the outside world because you’re now considered a spammer. The worst part is that you may have no idea why you were blacklisted and no idea how to get de-listed!
Watch Your Files Today
Starting tomorrow the BlackMal virus will start deleting files from infected computers. Usually when I am in need of security related information I check Security Focus first. Here is what they have to say about BlackMal:
The virus is programmed to start deleting eleven different types of files on the third of each month, starting with Friday, February 3. The files will be deleted from a computer’s local hard drive as well as network-attached storage, a strategy that worried security experts enough to warn about the virus.
[snip]
SSH VPN
This is pretty cool. Check out this new feature in OpenSSH 4.3:
* Add support for tunneling arbitrary network packets over a
connection between an OpenSSH client and server via tun(4) virtual
network interfaces. This allows the use of OpenSSH (4.3+) to create
a true VPN between the client and server providing real network
connectivity at layer 2 or 3. This feature is experimental and is
currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
FreeBSD.
Eliminating (Most) Trackback Spam
Well, wordverify has taken care of almost all comment spam, except for human spammers, of course.
However, trackback spam, since it is by definition automated when working properly, cannot be eliminated with that method. I had the simple idea to write a plugin that, upon receiving a trackback ping, would snag the referring URL and make sure it actually links. If not, the trackback would be rejected. This is slightly in opposition to the spirit of trackbacks, according to some, since some people believe you should be able to send a trackback without actually linking. I am not necessarily in agreement, but I think the elimination of this possibility is a small price to pay to eliminate spam.
Your Privacy Online
There has been a growing grumbling on the internet about big sites like Google storing information about individuals’ usage. Jr Colin posted a well reasoned ballast to those concerns today.
It is worth a read if you are concerned about your privacy online but don’t feel a need to wear a tin foil hat just yet.
Advantage Consulting Services: Spammers
Earlier today, I posted about spam received in a blog comment that was clearly posted by an actual person. In that post, I mentioned tracking down (not hard in this case) and calling the company that appeared to be behind the spam, Advantage Consulting Services. Surprisingly, “V. Patel” called me back.
I told him I was interested in their company’s product and started off just asking him questions about SEO in general, followed by some leading questions about how linking might affect pagerank (hint hint). CentreSource deals quite a bit with SEO, though with legitimate “white-hat” vendors (naturally), so I had a fair idea of what I could ask to probe for nefarious practices, but he pretty much kept it legit. Eventually I cut to the chase and explained why I was really calling, I asked him if he spammed the blog. To my further surprise, he said yes, and that he was “sorry”. Yeah, well, I’m sorry too, pal.
The company name is Advantage Consulting Services (www.acsseo.com redirects to this URL). The website is actually a nice-looking website, and it comes across as being a legitimate SEO company (of which there are many). What’s even funnier is that they have an entire section devoted to ethics, where they note:
We recognize that your website represents both your integrity and ours - and we strive to give you the best results while maintaining the highest of industry principles. We use industry best practices and ethical standards to ensure that your search engine optimization and marketing processes are achieved through honest means.
It doesn’t get much more ironic than that, folks. “Your Integrity Is Your Integrity”, they say at the top. I wonder how “Abrams California Health Insurance” might feel about the “ethics” involved in Advantage Consulting Services spamming on their behalf. Unsurprisingly, nowhere in their Processes page do they mention comment spamming.
It’d be funny if it wasn’t so infuriating.
The transcript of our conversation is below. It’s not terribly exciting — I was admirable in keeping my composure while finding ways at the end to say “spam is bad” without swearing. Ladies and gentlemen, meet the new friendly face of the comment-spam inundating your blog, “V. Patel”:
