Malware attacks after the Boston bombing

Posted on by
2

Yesterday, in the wake of the bombings in Boston, I received an email that looks like this in my inbox.

The links, needless to say, do not go to CNN. Instead, they lead to

http://playhard.by/bostoncnn.html

*** WARNING *** WARNING *** WARNING ***

This site IS LIVE as of the time of writing this. It WILL attempt to infect your computer with malware. DO NOT visit this site if you don’t know what you’re doing!

playhard.by is a hacked site hosted in Belarus. The URL in the email is a link to a file planted on the site that redirects visitors, using both JavaScript and a REFRESH meta tag, to

http://sub.piecedinnerware.com/complaints/messages_shows_mentions.php

This site is hosted by an outfit called Colo Crossing, a server colocation facility headquartered in the US. The domain was registered through (wait for it…) GoDaddy:

tacit$ whois PIECEDINNERWARE.COM

Domain Name: PIECEDINNERWARE.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS17.DOMAINCONTROL.COM
Name Server: NS18.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 19-nov-2012
Creation Date: 19-nov-2012
Expiration Date: 19-nov-2013

>>> Last update of whois database: Thu, 18 Apr 2013 21:42:55 UTC <<< Registrant: Jigar Kapadia B-32, Mani Ratna Raw House, Opp Sai Nagar New Gujarat Gas Road, Adajan Surat, Gujarat 395009 India Administrative Contact: Kapadia, Jigar contact@NewWaysys.com
B-32, Mani Ratna Raw House, Opp Sai Nagar
New Gujarat Gas Road, Adajan
Surat, Gujarat 395009
India
+91.9076026366

Technical Contact:
Kapadia, Jigar contact@NewWaysys.com
B-32, Mani Ratna Raw House, Opp Sai Nagar
New Gujarat Gas Road, Adajan
Surat, Gujarat 395009
India
+91.9076026366

The domain was registered last November, and put into service after the Boston Marathon bombing. (Interestingly, the HTML file that redirects to this site contains the following block of text:

Be sure you have a transfer reference ID. You will be asked to enter it after we check the link. Important: Please be advised that calls to and from your wire service team may be monitored or recorded.

Redirecting to Complain details… Please wait…

This suggests that an ordinary, garden-variety malware attempt, possibly something like a fake PayPal or bank transaction notification, was hastily modified to exploit the Boston attacks.

As per usual, if you receive any emails like this, do not be tempted to click on the links in them.

I expect to start seeing similar emails targeting the explosion at the fertilizer plant in Texas within the next 24 hours.

More on the W32/Kuluoz malware attack

Posted on by
12

A short time ago, I wrote about a malware attack in which hacked sites were being used to spread the W32/Kuluoz malware. Kuluoz is a password-stealing Trojan; when it’s installed, it scans your password files for Web browsers, password wallets, and so on looking for bank, PayPal, eBay, FTP, and other sites. People infected with Kuluoz may see their bank accounts emptied, their PayPal accounts drained, and if they use FTP to manage Web sites, their Web sites may be infected with the same malware.

Since I first wrote about it, the attack has changed and grown a lot more aggressive.

I saw the first sign of this attack on November 26 of last year. At the time, the attack was still quite crude: the victim would receive an email claiming to be from FedEx (though the body copy of the email said UPS) that had a message saying a package could not be delivered, and the victim would have to click a link to print out a receipt to pick the package up.

The link, of course, went to a hacked Web site being used to spread the malware. Clicking on the link would download a copy of W32/Kuluoz.B, regardless of what kind of computer the user was using. The first infected link I saw was

http://elbosquedelaherrezuela.com/wp-content/plugins/akismet/track.php?c003

hosted on Spanish Web host Arsys. The compromised site was running an outdated copy of WordPress; it has since been pulled down by the host.

In the time between last November and this March, the attack grew more sophisticated. The emails attempting to lure marks to hacked sites got more polished, and grew to resemble actual FedEx emails quite closely. The malware downloaders placed on hacked sites changed; they now examine the browser’s “user agent,” a header that tells a Web site what kind of computer you are using. If you’re on a Mac or Linux computer, you see a bogus “404 not found” error; only if you are on a vulnerable Windows browser does the hacked site download malware. And the malware itself changed rapidly as well; VirusTotal identified the first malware as W32/Kuluoz, but later downloads, with different file sizes and MD5 hashes, are identified as W32/Kuluoz.B or W32/Kuluoz.3.

Since I wrote the report last March, the attack has ramped up significantly and changed again.

At first, in November and December, I averaged 6 emails a month trying to get me to click on links. Now I’m seeing an average of more than 15 of these emails per day.

The emails themselves have changed, too. The fake FedEx emails, though I still get them occasionally, have become quite rare. Instead, the new wave of attacks involves emails that look like American Airlines ticket confirmation emails:

Needless to say, if you get an email that looks like this, DO NOT click on the link.

Right now, there is a hack attack of unprecedented scope and tenacity going on against WordPress and Joomla sites. The attack uses tens of thousands of compromised PCs to try to log in to WordPress and Joomla sites with the username “admin” and a vast number of common passwords. The attack is so severe that some Web hosting companies are reporting that WordPress and Joomla sites on their servers are slow to respond or not loading at all.

I believe that those hack attacks are related to the W32/Kuluoz malware distribution.

I don’t have any direct proof of that. The people attacking WordPress and Joomla sites are covering their tracks well, using botnets and IP spoofing to carry out the attacks.

But the circumstantial evidence seems strong. So far, every single compromised site I’ve seen that’s hosting the Kuluoz downloaders is running WordPress or Joomla. As time has gone on, the number of infected WordPress and Joomla sites has scaled rapidly. The recent wave of emails trying to lure people to infected sites coincides with the ramping up of attacks on WordPress and Joomla sites.

None of this is incontrovertible evidence. It could be coincidence–two different organized crime gangs attacking the same kinds of sites at the same time and ramping up their efforts coincidentally. But my gut says they’re related.

One of the most frustrating parts of this problem, for me, has been how slow Web hosting companies are to respond to reports that their systems have been penetrated and they are hosting computer malware.

I’ve compiled a list of statistics about infected Web hosting companies. Since November 26, I’ve started keeping track of which Web hosting companies are affected by the attack, and how long they’ve taken to remove a malware dropper once they’ve been notified it exists.

Not all Web hosts are created equal. Here, for example, is a graph showing the number of malware infected Web sites I’ve seen on various Web hosts since November, with the Web hosts identified by Spamcop:

The worst of the worst of the lot in terms of sheer number of virus droppers hosted, by a large margin, is GoDaddy.

Now, some ISPs host more Web sites than others, so if all ISPs were equally vigilant (or equally lax) about security you would expect to see larger hosting companies hosting more viruses than smaller companies. But this graph shows that isn’t really how it goes. Hostgator is larger than most the other hosting companies listed here, but has only a small number of malware-infected sites. Dreamhost and OVH are disproportionately represented for their size by a significant margin.

Another place where hosting companies are not created equal is in how speedily they remove malware droppers once they’re notified. The best Web hosting companies will do this within 24-48 hours, which to my mind is still quite a long time to leave a malware dropper active. When I’ve complained to Hostgator, arsys.es, and Lunarpages, for example, they’ve typically taken action quite quickly.

On the other side of the coin, some Web hosting companies take months to remove malware droppers…or don’t remove them at all.

I don’t know if it’s because they are easily fooled by the phony 404 errors or if they simply don’t care, but a number of Web hosting companies on this list appear unwilling or unable to deal with malware-infected sites at all.

The worst of these are Dreamhost (which has not removed one single malware site from its servers–every single one I’ve notified them of, without exception, is still active as of the time of writing this), GoDaddy (which used to be one of the top most responsive Web hosting companies, but no more; sites that they are notified of typically remain active on their servers for months, with one site I notified them of last December finally being taken down this April), OVH (which, like Dreamhost, appears not to deal with malware-infected sites at all), PrivateDNS.com (a site they were notified of in January is still active and spreading malware as of the time of writing this), and, sadly, Bluehost (which keeps emailing me to say the problem is resolved but the malware droppers remain active on their servers nonetheless).

Other ISPs on the Walk of Shame include 1 and 1 (which typically won’t remove a malware dropper until I’ve emailed them three or four times), Peer 1 (which has several malware droppers active for two months or more), and Calpop (which typically leaves malware droppers live for about six weeks after being notified).

Now it’s time for the practical bit.

If you have a WordPress or Joomla Web site, what can you do to keep it secure?

The two most important things you can do are to use very, very strong admin passwords and keep on top of security updates religiously. When a security update for a popular Web package is released, organized crime gangs will examine it and then roll the security holes it fixes into their automated exploit tools, because they know that most people don’t install them right away. If you don’t install a security patch within a day or two of its release, you run the risk of being pwn3d.

So, here’s a quick list of dos and don’ts to run a WordPress or Joomla site:

DO

  • Use strong passwords.
  • Install updates immediately.
  • Consider locking down your /wp-admin or Joomla admin directories with an .htaccess file that does not permit access without a password. If you don’t know how to use .htaccess files, there are some plugins that can do this for you. A WordPress plugin that can lock down your wp-admin directory is Bulletproof Security. A similar Joomla plugin is JHackGuard.
  • If you have more than one WordPress site, install InfiniteWP. This is a WordPress administration console that will notify you by email when any component of any of your WordPress sites needs to be updated, and allow you to update all your sites with one button click. It’s free.
  • If you create your own WordPress or Joomla themes, consider removing the WordPress or Joomla footers. Automated tools are used to scan for these so that the bad guys know what sites to attack.
  • Make sure you remove the /install directories when you install any CMS. (Joomla requires you to do this.)
  • Use a Web host that is proactive about security and responds quickly to abuse complaints.

DO NOT:

  • Assume you don’t have to worry about security because you have a tiny little site that nobody visits. The organized crime groups don’t care what your site is or how much traffic it gets. They use automatic tools that search through hundreds of thousands of Web sites a day searching for vulnerable sites. If you are vulnerable, you will eventually be cracked.
  • Leave your plugins or themes directories indexable. If you don’t know what that means, the easiest way to make sure you’re not indexable is to create an empty file called index.html in your plugins directory and your themes directory. This will keep people from getting a list of all the files in those directories, which they can use to search for vulnerabilities.
  • Set up a WordPress or Joomla Web site and then just walk away from it. If you are not actively maintaining it, take it down.

2013’s First Big List o’ Linky Links

Posted on by
16

Once again, I have so many browser windows open that my computer, newly upgraded to Mac OS 10.8, is slowing to a crawl. (And on the subject of that upgrade, I’d just like to say that the latest and greatest Safari seems to handle large numbers of open windows with considerably less grace than the old version did, illustrating once more the age-old principle that human progress and the fall from grace go hand in hand.)

So, in time-honored tradition, I’m dumping a list of links here for you. Enjoy!

Photography and Cats

From Buzzfeed comes this awesome page called Perfectly Timed Cat Photos. The Internet is not just for porn; it is for porn and funny pictures of cats. And this page has some of the best of the latter.

This next link is porn, of a sotrt. It’s a Web site called Abandonedography, and it has some of the most amazing photos of urban decay you’ll ever see. Me, I really, really like urban decay.

Science

From Science Daily comes an interesting article, Monogamy and the Immune System: Differences in Sexual Behavior Impact Bacteria Hosted and Genes That Control Immunity.

Through a series of analyses, MacManes and researchers from the Lacey Lab examined the differences between these two species on the microscopic and molecular levels. They discovered that the lifestyles of the two mice had a direct impact on the bacterial communities that reside within the female reproductive tract. Furthermore, these differences correlate with enhanced diversifying selection on genes related to immunity against bacterial diseases.

The Guardian has an article that speaks to my interest (and my annoyance with pop understanding of science), Our brains, and how they’re not as simple as we think.

As neuroscience has gained authority over previous ways of explaining human nature, it is not surprising that people will be compelled to use it if they want to try and make persuasive claims about how people are or should be – regardless of its accuracy. Folk neuroscience has become Freud for Freud-phobes, everyday psychology for the sceptical, although in reality, rarely more helpful than either.

Over on io9, there’s a somewhat breathless but still interesting article, Temporary tattoos could make electronic telepathy and telekinesis possible. The actual technology isn’t about “telepathy and telekinesis” so much as it’s about using tiny, microns-thick electrodes to interface human beings to the world, but headline hype aside, it’s cool stuff.

Society and culture

This is a fairly old article, about a year old at this point, but still worth noting. When people talk about the ‘gay agenda’ as if it’s some dark and sinister thing, I think it’s fair to be reminded occasionally that there are still rather a lot of folks who believe that gays and lesbians should be rounded up and executed. There is little about the supposed ‘gay agenda’ that even comes within a light-year of that.

Over on No Place for Sheep is this article, What is objectification, anyway? Objectification is a hot-button topic in any conversation about misogyny, and this essay lays it out rather well.

Similarly, there’s an article on lacigreen that talks about how oppression works. Many folks I’ve talked to about the ideas of privilege and oppression try to paint the ideas as creating a strict hierarchy, with (presumably) strait white men at the top; this essay talks about why that model isn’t realistic.

Speaking of misogyny: A while ago, there was a short-lived Tumblr blog called “Nice Guys of OK Cupid,” which hilighted online dating profiles of men who called themselves ‘nice guys’ and lamented the fact that they were always getting ‘friend zoned,’ while also expressing horrifyingly misogynistic (and in some cases potentially violent) ideas. The Tumblr blog is no more, but there’s an essay over on Jezebel called No One is Entitled to Sex: Why We Should Mock the Nice Guys of OkCupid that’s definitely worth a read.

The plea to replace mockery with understanding is a familiar one; it’s what lies behind the calls to stop using the word “creep,” because men find it shaming. But in the case of Nice Guys of OkCupid, disdain isn’t rooted in meanness as much as it is in self-preservation. While only a small percentage of these guys may be prone to imminent violence, virtually all of them insist, in one way or another, that women owe them. Mockery, in this instance, isn’t so much about being cruel as it is about publicly rejecting the Nice Guys’ sense of entitlement to both sex and sympathy.

John Scalzi can always be counted on to lay things out plainly, and his essay An Incomplete Guide to Not Creeping is no exception.

Hacking

In a feat of improvisational engineering that’s equal parts awesome and horrifying, a guy has built himself a drone, armed it with a paintball gun, and programmed it to shoot at human-shaped targets.

I’m a big fan of Arduino hacking, having used an Arduino to make everything from a thought-controlled sex toy to a brainwave-controlled Rubens’ tube to a vibrator guaranteed not to get you off. Adafruit, a company that makes all kinds of neat DIY Arduino-like gear, has introduced a new Lilypad-like microcontroller designed for wearable computers and paired it with programmable smart LEDs to create some really cool stuff. Check out the how-to video on making a tie with a glowing VU meter built in!

Polyamory: So What Is Couple Privilege, Anyway?

Posted on by
214

I’ve been chewing on this post for more than two years now.

Part of the problem is that it’s a daunting subject; one could easily write a book on the subject of couple privilege and how it plays out in relationships. Another is that a lot of otherwise well-meaning folks tend to get freaky-deaky about the P word; it’s perceived as an accusation or an attempt at guilt-tripping, because we all like to think of ourselves as basically fair and decent people, and the notion that we benefit from advantages that we haven’t earned is an uncomfortable one.

Part 0: Privilege: What is it?

Put simply, when you talk about people or societies, a ‘privilege’ is any advantage that one person or group has over another that hasn’t been specifically earned.

It’s a simple idea that’s complicated and fraught with land mines in practice. Part of the reason for that is that privilege is invisible to those who have it. If you are in a privileged position, it doesn’t seem like you have advantages over other people; it just seems like the Way Things Are. People don’t consciously assert privilege. People don’t get up in the morning and think “Wow, as a heterosexual white guy, I think I’ll go out and oppress some women and minorities today!” Privilege is insidious because it is structural; privileged people get advantages without having to consciously think about them.

Click for an introduction to privilege; if you’re familiar with the concept, you can probably skip this.

Spam of the day: With heat showers!

Posted on by
22

Most of the spam I get these days is in Spanish. Sometimes, it’s in English. Occasionally, it’s in Russian. Very occasionally, it’s in Arabic. And every so often, it looks like it’s in Russian that was translated into English via Google Translate.

Take, for example, this spam, which I reproduce below for your viewing pleasure unedited save for the reply email:

Subject: You I really liked

Hello Solitary heart!!!

I am a girl with beautiful name Julia, me 27 years. Dream to find the person for serious and long relations! I have interested your profile, since I seem that you search for such relations! Now I shall tell little about itself. I very cheerful and communicative, attractive girl. My growing forms 170 cm, my weight forms 57 kilograms. Much love to read the books, listen the classical music, walk on autumn wood and communicate with interesting people. If I have interested you, that anxiously waits your letter and photographies on my e-mail : m———c@yandex.ru With heat showers! Julia.

Best wishes,
Juliya

I am grateful for Juliya’s concern for the well-being of my romantic life, since truly do I search for such relations, it must be said.

I’m not quite sure, though, what “with heat showers” means. Google Translate renders this back into Russian as “С тепло души,” though of course I haven’t the foggiest notion what that might mean either.

I imagine it to be part of a lengthy blessing of travel in ancient Russian folklore, a ritual to prepare the hero for a journey of particularly perilous peril: “With this ox blood and this stone ax I bless thee, my son. Now go, and bring honor upon our clan, with heat showers.”

You have a package! Surprise, it’s the W32/Kuluoz malware!

Posted on by
14

About three months ago, I got an email telling me that my FedEx package couldn’t be delivered. The body of the email told me that the UPS courier tried to deliver it, and that it would be sent back if I didn’t click on the attached link.

Naturally, as I wasn’t expecting a FedEx pacakge, and given that FedEx presumably knows it isn’t UPS, I knew immediately that clicking the link was a Very Bad Idea…at least on an unsecured Windows box. Sure enough, clicking it downloaded a Windows executable, which VirusTotal identified as W32/Kuluoz, a backdoor command-and-control software that also attempts to download other malware.

I reported the site hosting the malware and forgot about it.

Then, things started to change.

I’ve been getting more and more copies of this email lately; I’m now averaging several a week. The silly error and grammar mistakes have been fixed, and the emails now look quite polished. Here’s an example I received a couple of days ago:

The “Print Receipt” link leads to http://www.123goplus.com/components/.wye6fb.php?receipt=831_1493393532

CAUTION *** CAUTION *** CAUTION

The links in this blog post ARE LIVE as of the time of writing this. If you attempt to visit them with a vulnerable Windows computer, they WILL try to download malware to your computer. DO NOT visit these links if you don’t know what you’re doing!

The site 123goplus.com belongs to a company that produces business cards and similar printed pieces in Montreal, Canada.

$ whois 123goplus.com

Whois Server Version 2.0

Domain Name: 123GOPLUS.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.MTLEXPRESS.CA
Name Server: NS2.MTLEXPRESS.CA
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 06-jan-2013
Creation Date: 06-may-2006
Expiration Date: 06-may-2014

>>> Last update of whois database: Thu, 14 Mar 2013 22:32:30 UTC <<< Registrant: Pierino Pezzi 8630 Perra #3 Montreal, Quebec H1E5M8 Canada Administrative Contact: Pezzi, Pierino creationexpress@yahoo.com
8630 Perra #3
Montreal, Quebec H1E5M8
Canada
+1.5142741616

Technical Contact:
Pezzi, Pierino creationexpress@yahoo.com
8630 Perra #3
Montreal, Quebec H1E5M8
Canada
+1.5142741616

Domain servers in listed order:
NS1.MTLEXPRESS.CA
NS2.MTLEXPRESS.CA

The site 123goplus.com is running an outdated, insecure copy of the popular Joomla content management software, which has been hacked to have the malware downloader on it. (Joomla is a common target for this kind of attack. If you run Joomla on your Web site, and you don’t keep on top of security patches religiously, it’s a certainty that you will be hacked–it’s not “if,” it’s “when.”)

Here’s where things get cool.

Visiting this URL from a Mac browser or a Linux browser returns a 404 Not Found page, presumably to fool folks like me into thinking that the problem has been fixed.

Visiting the URL http://www.123goplus.com/components/.wye6fb.php without the “?receipt=831_1493393532” at the end also returns a 404 error; presumably, that code identifies a target that the email has been sent to. The 404 error looks like this:

But hang on! Let’s go to http://www.123goplus.com/fghfghghf and see what a REAL 404 error looks like on this server:

See the difference? The 404 error that you get when you go to the malware dropper is phony. The malware dropper is there, and it does live at that address.

If you visit the malware dropper with your browser user-agent set to, say, Internet Explorer 6 (God help you), you won’t see an error message. Instead, it will download a .zip file called “PostalReceipt.zip”.

I have downloaded several copies of this file from several different compromised hosts over the past couple of months, all of them from nearly identical FedEx emails.

The payload sites vary. Many different sites have been hacked and used to download this malware: 123goplus.com, yourinternationalteam.com, youknowlee.com, theqcontinuum.com, canyonlakeboatstorage.com.

In every case, the site is running an outdated, insecure copy of WordPress or Joomla. The hackers hack the site (which is trivial to do), place a PHP script that downloads the malware, then send out a bunch of these phony emails about a non-existent FedEx package, hoping to trick people into clicking the link.

Most of these sites remain infected, weeks or months after being reported to the ISPs, because either the ISPs don’t care or the ISPs aren’t paying attention to the fact that the malware scripts return phony 404 pages. (GoDaddy and OVH, I’m especially looking at you here.)

The people behind this attack are adapting the malware rapidly. I downloaded three samples of the PostalReceipt.zip file, one on January 25 aqnd two on January 30, and they differ from one another. VirusTotal identifies the earliest one as W32/Kuluoz, the second as W32/Kuluoz.B, and the third as W32/Kuluoz.3.

There are some interesting things about this attack.

The group–and I bet it is a group–of criminals responsible for this attack are taking care to cover their tracks and to keep abuse teams from removing the malware from infected sites. Each spam email contains a code at the end of the malicious URL, and the URL returns a phony error message if it doesn’t see a valid code.

The virus downloader script is smart enough to examine the browser user-agent to see what kind of computer and what Web browser the victim is using. If it sees a browser or a computer that it can’t exploit, it returns a fake error message.

Only if it sees a vulnerable browser does it attempt to download the malwarewhich then surrenders the computer to the control of the hackers.

The malware droppers are installed, probably automatically, on sites running insecure WordPress or Joomla software. The phony 404 error messages slow down the Web hosting companies’ response, so the malware droppers stay active for long periods of time.

I’ve said it before, and I’ll say it again: If you run a Web site that uses a content managemet or blogging or ecommerce package, you *** ABSOLUTELY *** MUST *** check periodically for software updaes and install them immediately. (When a software update comes out, the organized crime gangs that do this kind of attack will analyze it and figure out what security holes it patches. Within days, they will start taking over any Web site that hasn’t installed the update.)

The fact that malicious scripts will cloak themselves behind fake error messages means that you can never trust that a problem has been fixed just because you see a 404 error if you try to look at a suspicious URL.

Onyx, the Game of Sexual Exploration, version 3.5 now available!

Posted on by
16

  • New Optional Rules
  • New Resizeable Gameboard
  • New Special Squares
  • New Actions
  • Newly Redesigned Graphics
  • New Roles
  • Improved Card Editor
  • Free Update for Registered Users!

Finally, after many months of coding, the new version of my sex game Onyx is ready! This new version is a significant overhaul, and contains tons and tons of new features and new game-play mechanics. It also contains lots of new actions (coming up with lists of hundreds of sexy things that people can do to each other is harder than it sound!).

To celebrate, I’m offering a special discount on registration if you want to play the full version. Of course, the free version is still free, and Onyx 3.5 is a free upgrade for registered users.

Check it out!

Fuck Comcast right in their stupid EAR. And also, polyamory!

Posted on by
34

I am on TV right now. Or, at least, I think I am. I don’t know, because Comcast is the most miserable tech company I’ve ever had to deal with.

Err, actually the second most miserable, but only by a nose.

Some time ago, i got contacted by producers from the Oprah Winfrey network. They were shooting a segment of “Our America” about polyamory. I pointed them to some friends of mine, who they liked so much they set up a camera crew in their house for weeks. They also filmed a smigeon of zaiah and I, and… Anyway, I was curious to see how it all turned out.

The show was set to air today, something I didn’t realize ’til this afternoon. So zaiah went down to the Comcast Worker’s Dormitory, Public Relations Orifice, and Meat Processing Plant to pick up a cable box. We plugged it in. Went through a lengthy process on Comcast’s miserable Net-site to “activate” the box, whatever that means. Web site said “OK, now activating your cable box, please wait 45 minutes.”

Which is a little weird; in 45 minutes, Russian organized crime can infect 250,000 American PCs with malware, so taking 45 minutes to program a cable box seems inefficient. But whatever.

Then the Web site said “Success! Your cable box has been activated.”

It lied.

Connect the box to the TV, nothing. Okay, bad cable maybe? Go outside the house, in the rain, diddle with the cable connection. Nothing. Replace the cable. Nothing. Run a known-good cable through the window into the house. Still nada.

Take the cable connector out of the wall. Looks good. Replace the cable that came with the cable box, the one that goes from the wall to the box. Still nada.

Call tech support. “No problem, we’ll reset your cable box. Should take ten minutes.”

10 minutes later, I’m 10 minutes older but no closer to working cable.

Move the cable box around the house in a bizarre game of whack-a-cable-outlet. Nothing works anywhere. (Seriously, who uses cable any more, anyway?)

OWN is not available streaming over the Internet; presumably, Oprah, who is, like, the richest woman in he world or something, isn’t getting enough fees to allow Net streaming.

Okay, back on the phone with tech support. “We can’t see your cable box.”

Uh…

Okay, fine. Move it to a different cable outlet. “We still can’t see it. You’re on a TV show, you say? About polyamory? What’s that?”

The inevitable “what is polyamory?” conversation over, we start playing this whack-a-cable-outlet game again. No matter where we go, the tech says “I sill can’t ping your cable box.”

Go back online to Comcast’s miserable activation page on Comcast’s miserable Web site. “You have 1 cable device (1 not activated).”

Apparently, it will tell you “activation successful” even if the device in question is disconnected, turned off, shot repeatedly with a 12-gauge, and buried in a lead-lined box outside of Roswell, New Mexico beneath a crumpled up ball of aluminum foil and two empty cans of baked beans. When the Web site says “activation successful,” that doesn’t mean that the activation was successful, you see…it simply means that enough time has passed that the Comcast Central Babbage Engine should have been able to align the gears and pulleys to the right configuration to activate the box.

zaiah is still on the phone with the tech this whole time, while our dinner slowly turns to charcoal and then catches fire on the stove. The tech is being really patient (and curious), but nothing works.

Finally, I yank the cable out of the cable modem, which we know works on account of I was able to communicate through the web-net on the Internet-tubes to the Babbage engine that runs Comcast’s Net-site, and plug it straight into the cable box.

“Oh,” chirps the tech, “your cable box is defective. Please bring it to your nearest Comcast cable Box Redemption Center and place it on the redemption line.”

Which might have explained why when zaiah picked it up from the Comcast Worker’s Dormitory, Public Relations Orifice, and Meat Processing Plant the person-unit behind the counter mentioned casually as if in passing that she’d plug the box in and make sure the blinkenlights came on because “we’ve had a bunch of bad boxes lately.”

So after four plus hours of work, we were unable to see the show. We had several friends over who were also on the program, because, like, who the fuck has cable nowadays anyway?

If you could even begin to feel one one-hundredth of the depth of my frustration and rage at Comcast right now, your monitor would catch fire.

The Cucumbers of Wrath: “Fairness” in Poly Relationships

Posted on by
26

This video, which was presented in a TED talk about moral reasoning in animals, shows two monkeys who have each been trained to perform a simple task (handing a researcher a rock) in exchange for a reward (a bit of food).

In the experiment, the researcher could give the monkey a bit of cucumber or a grape as a reward. Monkeys given cucumber rewards were quite happy…unless they saw another monkey being given a grape for the same task. When that happens…well, see below.

The things these monkeys are feeling translate directly into the things that can trip us up as human beings when we’re involved in non-monogamous relationships of all sorts.

OF GRAPES AND CUCUMBERS

The notion that relationships have “cucumbers” (things that help feed the relationship, but aren’t necessarily fun or thrilling) and “grapes” (exciting things that are fun to do) seems straightforward.

The problem, naturally, is that what constitutes a “cucumber” and what constitutes a “grape” can be highly subjective, and can change depending on where you happen to be in the relationship configuration.

For instance, to me some of the most delicious grapes of life are also some of life’s most mundane things: the day-in, day-out living with a partner, doing all the tasks and chores that add up to shared intimacy and a shared life together. I’ve had relationships where I live with my partner and we spend our time doing dishes, watching Netflix, and snuggling on lazy Saturday mornings, and relationships where I see a partner perhaps once a year for a wild frenzy of hot kinky group sex in a French castle.

Don’t get me wrong, the hot kinky sex in a French castle is a grape, no doubt about it. But for me, relationships where I spend time just quietly sharing a life with a partner are incredibly rewarding, and it’s far easier to build intimacy with that kind of shared life than with one week a year spent together. No matter how much fun that week happens to be. With a partner I see seldom, the time spent with that partner can look like an intense whirlwind of nonstop fun, because we have to pack all our relationship time into a very small space. It doesn’t account for the long periods of time spent apart, when the relationship is barely fed at all, with grapes or cucumbers. (I am a person whose love language is touch; it is harder to meet that need long distance.)

To a person who has that day-in, day-out living together, the weekend trips to a faraway land can look like grapes, and the doing of dishes and moving of furniture looks like a dull and unappetizing cucumber. On the other hand, to the partner who only gets my time in small dribs and drabs, the shared experiences of a life spent together looks like a plump, sweet, delicious grape. And so each person sees nothing but cucumbers in front of them, while the other person has an entire plateful of grapes.

GRAPES AND HIERARCHY

When you look at your own plate and see nothing but cucumbers, while it seems like someone else gets entirely 100% grape,it’s reasonable to feel like the monkey in the video up there. And when we feel like that, often our first impulse is to want all the grapes for ourselves.

It gets worse if we feel that we’re entitled to all the grapes, or that someone else might steal our stash of grapes.

Since I’ve been thinking about polyamory in terms of grapes and cucumbers, it has occurred to me that often, the rules and hierarchies imposed in prescriptive relationships, particularly prescriptive primary/secondary relationships, seem calculated to make sure that all the grapes belong to one partner and other partners are metered out nothing but cucumbers.

This can sometimes even go so far as “grape hoarding”–fencing off particularly tasty grapes to make sure nobody else comes near them. (Examples of grape hoarding might be forbidding a partner to go to a certain restaurant with another partner, say, or forbidding a partner to spend any holiday or vacation time with another partner.) Even sharing a grape with someone else can make us feel like that poor monkey on the left, if we feel that grape belongs to us by right. When our monkey emotions get monkey going, someone’s likely to get things flung at them.

The impulse to want to keep our grapes and make sure nobody else takes them isn’t just a human thing, or even a primate thing. Dogs do the same thing; a dog trained to do a trick to get a reward who sees the other dog get that reward for nothing may stop doing the trick.

SEPARATING THE GRAPES FROM THE CHAFF

What are the grapes in a relationship? I’ve been thinking about that ever since my sweetie showed me this video.

Kinky group sex in a Medieval castle is definitely a grape, don’t get me wrong. Intense experiences that form lifelong memories are very tasty indeed.

But focusing on those kinds of grapes, I think, makes me lose sight of the grapes I get every day–the grapes that it’s easy to disregard because I have so many of them. I’ve resolved to be more conscientious about valuing the grapes that I have, the ones I might otherwise take for granted.

If I were to make a list of the grapes I’m blessed with, it would include kinky sex in castles and trips to exotic places, no doubt. But it would also include:

  • Being able to wake up nearly every morning with my partner.
  • Having my partner close enough to touch, almost all the time.
  • Curling up on a rainy afternoon with my partner, snuggling beneath warm covers.
  • Building a private language from a shared history of experience.
  • Having someone next to me while I deal with all the various ways I have to hold back entropy.
  • Being able to plan with someone
  • Working on projects with a partner.
  • Creating with a partner.
  • Having a partner who sees me, who really get me and understands me.

So I do very much like the trips to see my distant sweeties, but I wish they were closer. I enjoy vacation time spent with far-flung lovers, but I would not trade those experiences for living with a partner. At the end of the day, if I had to choose, I would give up the vacations for having the people I love close to me all the time.

And that might be the real test of what’s a grape and what’s a cucumber: Would you choose to trade places with the person you see getting all the grapes? If the vacation experiences seem like such tasty grapes,would you trade a life spent together for a distant, vacation relationship?

How about you, O readers? What are your grapes and what are your cucumbers?