« December 2004 | Main | February 2005 »

January 28, 2005

Spam, Spim, Cram and Spit...

First there was Spam - ever pervading the lives of those who use email at any level.

Then, Spim was born - IM spam - which I've not really been affected by recently. In the old days when I used ICQ - an early internet chat platform - I used to get lots of unsolicited IM's - it was brutal, frequent, and annoying.

Bloggers have also found that their blog software has been targetted by spammers. Spammers misuse the "comment on this entry" feature to paste in spam messages. People tend to refer to this as "comment spam" - I'll call it "cram" for now. Cram has gotten bad enough that blog software companies have had to offer tips on how to reduce cram - as well as repair software flaws for vulnerabilities that allowed spammers to also email spam through the comment engine.

So not only am I an email user, an IM user, and a blogger - who is therefore dealing with Spam, Spim, and Cram every day, along comes Spit. Read Aunty Spam's account of Spit.

What is Spit? Simply put it is VOIP (Voice Over IP) Spam.

For broadband telephone service customers - of which I recently became one through Lingo - this is an exploit that occurs when you are speaking with someone.

The "Spitter" basically hacks into the call, in a way that the caller can't hear but the receiver can, and plays Audio spam to the person you called.

It may be the most annoying type of spam and I hope it does not become prolific. Services like Vonnage and Lingo should be doing all they can now to eliminate or mitigate this vulnerability.

As of yet, I haven't been "Spit" on - and I hope it doesn't happen. This will be an interesting one to keep an eye on.

More on Spit via Google if you are interested.

Posted by gcrgcr at 9:57 AM | Comments (0) | TrackBack

January 25, 2005

Simple stuff... like online search.

This post by Whit McNamara made me think of a few articles I read recently in QUEUE Magazine. It was from the April 2004 edition (ok, so I'm way behind in some of my reading - I've got three kids, gimme a break...), but it is a great article Why Writing Your Own Search Engine is Hard. There are a few other great articles in that issue as well, so check the listing.

I agree with Whit - for as hard as the "simple" problems can be to solve - in business, new competition can always try to copy a businss model fairly easily - it usually just takes money.

But, for the "simple" problems, money doesn't always win the day. Granted, Google has boatloads of money, but to me, their assests have always rested on their innovation and culture that supports it.

And while many folks ponder the future of online search, and new players take stakes in the online search game - Google leads or at least inspires yet again with todays announcement of "Google Video Search".

As I understand it, Google has indexed offline, not online, content - in this case the Closed Captioning logs or databases of PBS, Fox News, and other networks. A search results in up to 5 still frames of original broadcast for each match. Google continues to apply the concepts of search to offline areas (via online means) which I find exciting and profound.

I can't wait for the release of "Google Brain" search around 2050, when Google comes out with an implant that I can "install" and subsequently index my own memory. I'm not sure I can wait that long for something like that... :)

Posted by gcrgcr at 10:41 PM | Comments (1) | TrackBack

January 24, 2005

MovableType Comment Flaw Exploited

Spammers discovered an exploit in MovableType's (blogging software - which is used on this blog)
comment feature yesterday and started hitting all servers with MT
installed hard, causing large slowdowns in http requests and mysql
processing (if the MT install used MySql).

The exploit is similar to the old FormMail exploit in that it allows
the spammer to cc/bcc others thru the comment script to send out spam
thru the server hosting the blog. MovableType has issued an updated
release (v3.15) that closes the security hole along with a patch
that's tested for backwards compatibility back to v2.661 (and it may
also work with v2 versions before that but they haven't tested that).

Anyone currently running MT or hosting someone using MT should disable
the mt-comments.cgi file and/or upgrade to v3.15 or install the patch
and then the mt-comments.cgi file can be enabled again.

The updated version and the patch are available here:

I had been battling comment spam for some time, and took some measures against it. I renamed my version of the comments script - but that only reduced the amount of abuse. Then, I disallowed comments from unregistered users. Spammers hate having to register - and they lie about it anyway.

I'll probably download this patch later tonight and run it - will post as to the results - level of effort and difficulty etc...

Posted by gcrgcr at 10:22 PM | Comments (2) | TrackBack

January 17, 2005

How's it linGOing?

Allright, I'll probably stop trying the cutesy play on words in the blog entry title on these posts - I can't seem to do much as much with "lingo" as I'd like...

Alas, however - this is the update to the great voip broadband phone service test. In my last post on the topic, I had successfully signed up for Lingo's Unlimited Home Plan - $19.95 per month.

On Saturday, the required appliance arrived. Setup took a modest 10 minutes or so - and that includes unpacking the various components. Not that there are a lot.

Essentially, there is the voip appliance itself, which looks much like any cable or dsl modem. A power adapter for the device. One RJ45 ethernet cable. Three standard RJ11 phone cords. That's it.

There was no software to install. I just followed the "Advanced Installation Instructions" which applied to my network configuration - "Computers connected to a router or wireless router with a free port on the router":

  1. Turn off your computer, cable/DSL modem and router
  2. Plug ethernet cable into the "WAN" port on Lingo adaptor
  3. Connect other end of ethernet cable to free port on router
  4. Take any standard analog phone and plugh the phone cord into the Lingo appliance phone jack (there are three available)
  5. Reconnect and power up cable/DSL modem - wait 2 minutes
  6. Reconnect and power up router - wait 2 minutes
  7. Plug power cord into Lingo appliance - wait 5-10 minutes
  8. Turn on your computer.
  9. Pick up phone - if dial tone present - installation successful.

Easy sneezy - as AJ, my first-grader, would say. Setup went without a hitch. Two minutes later I was placing long distance calls - testing the service.

While researching alternaitves to Vonnage, I had come across reviews of that service by some folks who clearly had some trouble. Dropped calls - poor quality, etc... I'm sure this is not specific to Vonnage - I get the feeling that they offer a great service. Users with all providers are likely to have various experiences. Those comments didn't lead me away from Vonnage - I couldn't use Vonnage for other reasons - they just helped set my expectations for performance. I wasn't sure if I should expect some weird nearly-synchronous conversation, or some asynchronous walkie-talkie like performance, or just like what I get from my current telco.

That said, our initial testing - while minimal - has been solid.

Joie called her Grandma and after the conversation told her about the new service and asked her about the quality. Grandma thought the call was clearer than normal. That's one good test. Otherwise, I've had a lenghty conversation to St. Louis as well as one to New Hampshire. Both of which I didn't mention Lingo, and tacitly take the fact that they heard me clearly and I heard them clearly as evidence of good performance. No static. Very clear. No delay or echo.

I did also purchase a new phone for use with the service, a GE 2.4GHz model with two handsets. This was to make it easier for Joie to use the line for her long distance calling as well. Neither of us will be hunting around for a single handset this way. I mention this only because Joie's only "complaint" so far is some "echo". As far as I can tell, this is the phone and not the service - I think the phone mouthpiece catches a lot more ambient noise and the user gets that feedback. I've noticed it a tad, but not too much.

So far, I'm giving the service an "A" grade, only because we haven't used it enough to really put it to the test. I had high expectations (A grade or better) and nothing has occured to demerit our experience at this point.

Oh, and the payout? Well, the Lingo plan I'm on is a flat $19.95 per month, as mentioned, and includes unlimited long distance in the US and Canada. It also includes about every feature under the sun - voice mail, call-waiting, call-forwarding, etc... My last Qwest bill, just for the convenient "second-line" at my home office, including long distance charges: $52.40. This months bill, with no long distance charges: $32.95. So, even with no long distance, I'm saving ~40% off my bill! I can't wait to see the long distance charges drop on our primary phone line when Joie uses Lingo for a month!

So far so good! Broadband voip could just be the revolution we think it is, we shall see. We'll keep you posted here on our experience.

Posted by gcrgcr at 11:18 AM | Comments (0) | TrackBack

January 10, 2005

Sometimes, you just gotta laugh...

UPDATED - sorry I had the wrong link to the Squirrel Launcher post

I have no words - but I'm rolling on the floor laughing...

Found on Peter Hoskin's blog:

Squirrel Launcher

Good find - I needed some juvenile humor. That was juvenile, wasn't it?

Posted by gcrgcr at 8:25 PM | Comments (0) | TrackBack

January 8, 2005

And away we linGO...

In a previous post, Bon Voy-Vonnage, I wrote about my quick introduction and research into Vonnage - a big player in VOIP - broadband based phone service.

After Matt Blumberg ethused over it, I was ready to go. Unfortunately a few key things fell through for me with Vonnage - most specifically not being able to transfer my number (not necessarily Vonnage problem - probably Qwest) but having to change area codes from 303 to 720.

But, over the past several weeks, I've slowly picked around at alternatives. There are many - including the traditional telcos themselves - with hats in the broadband phone service ring.

I decided to go with Lingo . They seem to have put together a solid service which matches feature for feature the Vonnage offering. But, with Lingo I was able to get a temporary 303 number, and am told this is temporary and my current 303 number should "transfer".

So, I'm signed up and awaiting my Lingo appliance to arrive via post. Once it is here and I get up and running, I'll report on our setup experience and initial service use and experiences.

So Bon Voy-Vonnage and Away we linGO!

By the way, I notice that there were many comments to Matt's post regarding poor service and/or quality with Vonnage. If anyone has any experience with Lingo, please comment or let me know, good or bad.

Posted by gcrgcr at 12:21 PM | Comments (0) | TrackBack

January 5, 2005

Tsunami Relief

There has been remarkable response and outpouring worldwide in donations and monetary relief for those affected in the Tsunami disaster.

Being technical, and working in privacy and email, I took note early on (as did others) that it took only hours following the disaster for Tsunami spam to appear. Like other scam spam, and phishing types of emails, the spammers preyed on the generosity of those around the world, and attracted them to donation sites and methods that were most likely not legitimate.

Google has listed some legitimate relief links - and in general I'd be leary about responding to any email about the tsunami, and use the link above to better ensure legitimacy.

At worst, do something to ensure that the message you've recieved or the donation channel your considering is legitimate.

Amazon has made a channel available through their affiliates, of which I am one (it doesn't take much to be one) - but I thought it was a good effort on their part to offer a reliable channel for those who'd like to donate. At the time of this posting Amazon has collected an amazing total of US $14,338,316.00 from 177321 dontations. The default is a $10 donation. The current average is $80.86. Here is the form

Amazon Honor System Click Here to Pay Learn More

I imagine by now most people have donated something, but in case you hadn't, and specifically because of convenience, or fear of legitimate organizations to relay your donation, I thought I'd post this.

Posted by gcrgcr at 11:20 AM | Comments (0) | TrackBack