Monthly Archives: October 2009

File under “should be obvious”…

Posted on by
52

From an email I just made on a polyamory-related list:

I’ve found that a lot of my relationship fears vanish and my relationships become a lot stronger and more healthy when I start with certain assumptions: namely, that my partners want to be with me, that they see value in me, that when given the opportunity they will seek to make choices that honor our commitments and cherish the relationship we’re in, that they are honest and can be counted on to behave with integrity, and that when they say they love me, it’s because they do.

Often it seems to me that people base relationship rules on the assumption that their partners can not be trusted, that if given free action their partners will not choose to honor and nurture their relationships, and that their partners are harboring secret agendas involving dumping them when someone ‘better’ (whatever that means) comes along. I can’t quite fathom building a relationship on those assumptions, nor why someone would want to remain in a relationship where they were true.

Ahh, the mysteries of life.

Engrish Spam of the Week

Posted on by
4

From my email inbox this morning, a bit of spam directed at my Symtoys address from a sex toy manufacturer:

Dear Owners

We are the Leading manufacturers-cum-exporter of complete Adult Body Jewelry like Nipple Rings, Nipple Weight Stretchers, Cock Rings.

We TRIUNE SKINMOD SUPPLIES exporting this Adult Body Jewelry successfully throughout the world. Your good-self kindly requested to please visit our web-site indicate items of your choice enable us.

The company in question is in Pakistan…and no, it isn’t the same company that has offered to sell me sex toys from Pakistan in the past.

Quote of the Day: 1984

Posted on by
28

You were so busy worrying about 1984 you didn’t notice you were living Brave New World.

What Orwell feared were those who would ban books. What Huxley feared was that there would be no reason to ban a book, for there would be no one who wanted to read one. Orwell feared those who would deprive us of information. Huxley feared those who would give us so much that we would be reduced to passivity and egoism. Orwell feared that the truth would be concealed from us. Huxley feared the truth would be drowned in a sea of irrelevance. Orwell feared we would become a captive culture. Huxley feared we would become a trivial culture, preoccupied with some equivalent of the feelies, the orgy porgy, and the centrifugal bumblepuppy. As Huxley remarked in Brave New World Revisited, the civil libertarians and rationalists who are ever on the alert to oppose tyranny “failed to take into account man’s almost infinite appetite for distractions.”

In 1984, Orwell added, people are controlled by inflicting pain. In Brave New World, they are controlled by inflicting pleasure. In short, Orwell feared that what we fear will ruin us. Huxley feared that what we desire will ruin us.

–Neil Postman, Amusing Ourselves to Death

Though I must say it isn’t necessarily either/or. We have created a culture that has spawned both an unprecedented attack on civil liberties from on high, particularly under the last administration, along with a reactionary anti-intellectualism that openly scorns the quest for knowledge, giving us the worst of both.

New computer virus scam targets Web site owners

Posted on by
40

There appears to be a new social engineering attack making the rounds of registered owners of Web sites that have SSL encryption certificates. I have a large number of Web sites, and so far I’ve only received emails to the technical address of sites which have SSL (security) certificates on them.

*** WARNING *** WARNING *** WARNING ***
This attack is currently live. DO NOT attempt to visit the URLS in this email if you do not know what you are doing!

The emails come from a phony From: address that is system@[thewebsitename.com]. Each email takes the form:

Attention!

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.[thenameofthewebsite.com].secure.ssl-datacontrol.com/ssl/id=712571016-[email address of registered contact]-patch257675.aspx

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

So for example if you have a Web site called “theweaselstore.com” and your email address is “headweasel@theweaselstore.com” you may receive an email claiming to be from: system@theweaselstore.com, which tells you to click a link that looks like

http://updates.theweaselstore.com.secure.ssl-datacontrol.com/ssl/id=712571016-headweasel@theweaselstore.com-patch257675.aspx

Needless to say, the “patch” you download from this address is a computer virus.

This is one of the most sophisticated social engineering attempts I’ve seen to date. It seems to be going after a very specific group of people: people who own secure Web sites. The email itself is custom-tailored to look as much as possible like it comes from the system operators of the Web site in question, and the payload is delivered from a hostile server with a URL that has the address of the target site owner’s Web site embedded within it.

My suspicion, though I have not taken the time to analyze the payload, is that it is a key logger, and that the virus writers are attempting to get FTP credentials for the target Web site.

Being able to hack secure Web sites would offer the hacker a treasure trove of advantages. First, secure Web sites may contain customer information, transaction records, payment histories, and credit card numbers for the site’s customers.

Second, a phony bank or eBay site placed on a secure server is more convincing, because the phony site can be accessed using “https://” and will have the browser padlock indicating that the site is secure, which may help it to fool more people.

I’ve mentioned in this post how a Web address can be designed to fool people. It does not matter what’s in the address except for the part in front of the very first / character; so for example if you see a Web address that looks like

http://www.ebay.com.ws.eBayISAPI.dll.signin.ru/?SignIn&ru=12345

you are not on eBay. You can see where you are by looking at the part just before the first / which in this case is

http://www.ebay.com.ws.eBayISAPI.dll.signin.ru/?SignIn&ru=12345

a site called signin.ru in Russia.

Similarly, in the URLs in these hacker emails, the key part of the URL is

http://updates.theweaselstore.com.secure.ssl-datacontrol.com/ssl/id=712571016-headweasel@theweaselstore.com-patch257675.aspx

The computer virus is being distributed from a site called “ssl-datacontrol.com”.

ssl-datacontrol.com lives on servers belonging to an ISP called trouble-free.net, which is now a subsidiary of another ISP called interserver.net.

Trouble-free.net is an ISP I’m very familiar with. As near as I can tell, the “trouble” they are free of is meddling trouble such as legal issues, or those pesky problems you might have with having your spam or phish site shut down; they have, in my experience, a long and ignoble history of hosting viruses, spammers, pirate software sites (notorious credit card fraudster and pirate Art Schwartz has been hosted on trouble-free.net for over five years), and other criminal content.

The whois for ssl-datacontrol.com is, unsurprisingly, Russian:

whois ssl-datacontrol.com

Whois Server Version 2.0

Domain Name: SSL-DATACONTROL.COM
Registrar: ANO REGIONAL NETWORK INFORMATION CENTER DBA RU
Whois Server: whois.nic.ru
Referral URL: http://www.nic.ru
Name Server: NS1.CEDNS.RU
Name Server: NS2.CEDNS.RU
Status: clientTransferProhibited
Updated Date: 05-oct-2009
Creation Date: 05-oct-2009
Expiration Date: 05-oct-2010

>>> Last update of whois database: Mon, 12 Oct 2009 21:44:52 UTC <<< Registrant ID: HEIGAAS-RU Registrant Name: Elena V Zhuravlyova Registrant Organization: Elena V Zhuravlyova Registrant Street1: Orekhovyi boulevard Registrant Street1: d.31 kv.72 Registrant City: Moscow Registrant State: Moscow Registrant Postal Code: 115573 Registrant Country: RU Administrative, Technical Contact Contact ID: HEIGAAS-RU Contact Name: Elena V Zhuravlyova Contact Organization: Elena V Zhuravlyova Contact Street1: Orekhovyi boulevard Contact Street1: d.31 kv.72 Contact City: Moscow Contact State: Moscow Contact Postal Code: 115573 Contact Country: RU Contact Phone: +7 499 2678638 Contact E-mail: awoke@co5.ru Registrar: ANO Regional Network Information Center dba RU-CENTER

So in short what we have is a very sophisticated, highly directed attack targeted at Web site owners who are using SSL security certificates on their Web sites, being conducted through emails which create a custom From address and custom attack URL for each specific victim.

The same rules apply to this as to all emails:

– DO NOT believe the From: address of an email. Ever.

– DO NOT respond to ANY security alert, question, or prompt you receive in ANY email. Ever. No matter who it appears to be from.

– Learn to read Web site URLs. DO NOT trust any part of a URL except the part immediately in front of the first slash.

Linky-Links: Miscellany of the Day

Posted on by
26

Once again, I find my browser with about 40 open windows, so once again, it’s time for another dump of Cool Stuff On The Web into the unsuspecting lap of you, my reader.

Today’s roundup is all kinds of interesting and fun stuff with no discernible theme. I’l try to categorize them as much as possible, but fair warning…this batch is all over the place.

Onward to the links!

Art

Liu Bolin: The Invisible Man

This might be called “I Can’t Believe It’s Not Photoshop!” Liu Bolin does the hard way what would be easy in Photoshop; he painstakingly paints himself, then photographs himself from a carefully calculated vantage point so as to vanish into the background. There are other Web galleries of his work as well, and he recently appeared in a real-life art gallery called the Vanguard Gallery, whose Web site seems broken at the moment.

The Underground City on Governors Island

Governor’s Island is a small island off the coast of New York City which formerly housed a military base and a small town. In the 1950s, the government transplanted all the town’s inhabitants and buried the entire town. Now it’s being excavated, and the pictures are amazing. (Edit: Apparently, this place is a hoax.)

Building a Terminator

Or, “what some people with far too much time on their hands do with their action figures.”

How-to images for designing a Big Daddy costume from the video game “Bioshock”

Flipping amazing. When I grow up, I want to be half as talented as this guy. I’d never heard of the game Bioshock, and this costume was enough to make me want to play it. Neat feature: the gigantic drill arm actually spins!

Science

New Scientist: How to Cure Diseases Before they Even Start

The advent of antibiotics wrote a new chapter on human health, but effective antiviral drugs are thin on the ground and tend to be extremely specific, often working only against one variant of one virus. A group of researchers is now working on a new class of broad-spectrum antivirals which, if they work, will do for viral disease like what antibiotics have done for bacterial infections.

HPV linked to lung cancer?

A study has found that a significant number of lung cancer tumors express genetic material from the human papilloma virus, the virus responsible for genital warts and cervical cancer.

This does not necessarily prove that HPV causes lung cancer–it’s possible that cancerous cells are more susceptible to HPV infection–but it’s certainly an interesting correlation. If HPV does in fact lead to lung cancer, this will make immunization against HPV even more valuable, especially in men, who are not often immunized now.

Canadian Startup Proposes Nuclear Fusion at Bargain Basement Price

Nuclear fusion is the holy grail of energy–cheap, clean, safe, and virtually unlimited. Conventional approaches to nuclear fusion as a power source rely on fantastically complex inertial or magnetic confinement of hot hydrogen plasma. This approach, which is simpler and cheap, proposes using a sphere of molten metal as a kind of “anvil” to both contain and compress hydrogen to generate fusion power.

Single molecule pictured for the first time

Scientists from IBM used an atomic force microscope (AFM) to reveal the chemical bonds within a molecule. What else is there to say? This is cool fucking shit, yo.

Can dogs see colors?

Turns out the answer is “yes;” dogs aren’t colorblind the way we’ve often thought they were. However, they do not see the range of colors human beings do; their color vision seems to be limited to shades of blue, yellow, and gray.

Augmented Reality in a Contact Lens

I’ve written about this briefly before, I think. The technology is getting closer, and when it’s here, it’s gonna be a game-changer.

Humor

Why the Cops Won’t Patrol Brice Street

A motorcycle, two patrol officers, and an insane attack squirrel from the darkest depths of Hell. I laughed so hard I almost peed myself.

Instructions for Baby

Timeless warnings for new parents everywhere.

High Weirdness

Wearable Robotic Eyeball

I…don’t know what to think. Apparently, it’s linked to the wearer’s iPhone and is part of a video game, I guess. Japanese culture is weird.

Cat rides the daily bus for four years

And apparently doesn’t have to pay a fare. Neat trick, that. Click the link and go “Aww….”

A French Revelation, or The Burning Bush

So according to Jacques Chirac, in early 2003 President Bush told him that Iraq must be invaded to thwart Gog and Magog, the Bible’s satanic agents of the Apocalypse.

Sex Degrees of Separation Calculator

I didn’t file this one under “science” because a number of the assumptions that the calculator uses strike me as somewhat implausible, or at least poorly supported, but it’s a fun toy anyway. Put in your number of sexual partners and your age, and it tries to figure out how many people are in your extended sexual network. These things scale pretty quick, even if the assumptions the calculator uses are a bit liberal.

A History of Orgies

Kind of a fun article, even if it does end on the socially mandated “the orgy just does not seem such a good idea any more” note.

>Disabled Kids Walk With Jesus, Lefty Journos With Satan

An…interesting bit of artwork, supposedly inspired by a vision from God, in which we learn that the US Constitution was written by Jesus himself, the Founding Fathers were all devout Christians, and TV journalists are the tools of Satan. I wonder if I can buy it on black velvet?

Movie Mashups

Movie posters for one movie, done in the style of a different movie, funnier than you might think.

The Cost of Sexual Weirdness

My Human Sex Map project inspired someone to write about the social cost of expressing the variability and range of the human sexual experience.

And finally… Warning: If the Help Desk Thinks Your Question is Stupid, We Will Set You on Fire

World news: NASA Sensors Detect Barking Moonbats

Posted on by
10

Yesterday, NASA’s LCROSS mission impacted the moon at high speed.

The purpose of the mission was to create a large plume of dust from impacting the bottom of a deep cater near the moon’s south pole so that the plume could be analyzed for signs of water ice. In that particular respect, it went swimmingly, no pun intended.

However, the mission also revealed something totally unexpected–a treasure trove of barking moonbats here on planet earth. The moonbats have set up a Web site in which they claim the LCROSS mission is a part of a conspiracy by a “powerful syndicate of military-industrial criminals” that was “inspired by fanatical terrorist airline hijackers” to bomb the moon. From the Web site:

Of course, there is much more behind this attack than casual scientific curiosity on whether or not there is water on the Moon. First of all, since the long-range accuracy of intercontinental ballistic missiles has never been proven to work, the LCROSS suicide mission serves as a live-fire test exercise for US war strategists with an interest in the precision of orbiting satellite weapons—in other words, the southern hemisphere of the Moon will be turned into a firing range, making this mission one giant leap for the global reach of space warfare. Secondly, LCROSS has been promoted as “the vanguard” for the US military-industrial-entertainment complex’s return to the Moon—according to NASA, finding water is a necessary first step for “building a long-term and sustainable human presence” there. Historically, the purpose of exploration has always been the exploitation of resources and the colonization of territory without regard for ecosystems or indigenous peoples, and clearly the Moon is the next territory coveted by imperialists.

This so-called “NASA experiment” is a hostile act of aggression and a violent intrusion upon our closest and dearest celestial neighbor. Does any love song or poem or fairy tale worth its salt not mention the Moon? Who can take a walk in the Moonlight with a lover and not feel the romance to your very soul? At night, when the Moon rules, we sleep, and we can visit the Moon in our sleep with ease. The Moon is our night light, our blanket, our grandmother, our mother—it is woman, child, domestic life, tides, bodies of water, liquids, circulation, comfort, nurturing, paintings by Remedios Varo, stories by Jules Verne, and so much more.

It’s not entirely clear to me that the authors of this Web site understand what the word “ecosystem” means or why the moon doesn’t have one, but I’m particularly curious about who, exactly, the indigenous peoples in question are.

On the bright side, at least they’re not trying to deny that we ever landed on the moon at all…

I love, love, love this guy.

Posted on by
98

And for the record, it absolutely blows my mind to see so many people–including women! Women!–lining up to support a rich white guy who drugged and forcibly raped a 13-year-old child, then skipped away scot-free1.

1 Edited to add: Okay, so he didn’t really get away scot-free. While on the lam, he was forced to endure certain privations, such as spending his time with his movie actress wife shuttling between a luxury penthouse in Paris and an enormous chalet located in an exclusive ski resort in the Swiss mountains, but if he wanted an ironing board or a new set of sheets, could he pop down to a Wal-Mart and get them? Could he?

The many Faces of Liam

Posted on by
16

Since zaiah and I have moved into our house here in Portland, I’ve set up my office in the basement. One of the things I’ve done since moving in is put a set of shelves on top of my computer desk, the very same desk where I spend a great deal of my time working for clients who tend to pay me late.

But I digress.

Anyway, the cat Liam has taken over the bottom shelf on top of the desk, and likes to sit there while I work. In fact, he likes it so much that zaiah put a small blanket on the shelf just for him.

I spend my afternoons working at the computer desk, and Liam spends his afternoons on the shelf watching me. These pictures were taken over a span of about a week and a half or so.

Yes, I know my desk is a mess. Hush.

Dear God, what can of worms am I opening?

Posted on by
42

Okay, so my ‘main’ Web site has been on the Interweb for more than twelve years now, which is, like, 614 years in Internet time. It’s hundreds (literally, hundreds) of static HTML pages, each with a hand-coded navigation system. That means it’s clunky, inconsistent, and a big honkin’ pain in the fucking ass to update. It is time to reign in the madness.

I’m considering, God help me, moving the whole mess to a content management system. I’d kind of prefer one that doesn’t suck, but figmentj says there’s no such thing as a CMS that doesn’t suck–the only thing you get any say over is how bad it sucks and in what way it sucks.

Here’s what I’d like:

– Security. I don’t want to have to install security patches every three days and I don’t want to get pwned if I don’t.

– Flexibility. I don’t want to port every page over to the CMS, but I do want to port big sections over. I want hard-coded, static HTML pages to be able to live happily side by side with CMS-managed pages, and the navigation to work consistently across all of them.

– Template flexibility. I do not want the entire site to have the same template; I do not want the whole thing to get poured into the same HTML containers. I want, for example, all the BDSM pages to have a consistent look, all the polyamory pages to have a consistent look, but I want to make the BDSM pages look different from the poly pages.

– Ease of updating. WordPress sets the bar here. When I log on to WordPress, if there’s an update, there’s one button that installs the update automatically–downloads the files, unpacks them, installs them, updates the back-end database, all with a single click and all without disturbing any settings or customizations. If WordPress can do it, I figure other people should be able to do it too.

– The ability to incorporate JavaScript (even if it’s built against a library like Jquery or Mootools) into pages as I please.

– Compatibility with analytics tools.

– The ability to specify an exact URL on managed pages. This is very important. Right now, for example, my BDSM page at http://www.xeromag.com/fvbdsm.html has awesome Google rank and literally thousands of inbound links. I do not want this URL changing to something like http://www.xeromag.com/cms/scripts/showpage.php?sectionid=4&pageid=23 and I do not want to create redirectors from existing URLs to point to the new, managed page URLs. The ability to do this is non-negotiable and is an absolute dealbreaker for any CMS that can’t manage it.

– An optional comment system that can be turned on or off on a per-page basis.

– Free and open source.

So, lazyweb, whaddya think? Am I living in a Utopian fantasy dreamland where naked mermaids cavort with dolphins under a cotton candy sky, or is this actually going to be doable? Is there a CMS out there somewhere that will do what I want?