Craig pfesses up: pranks with dot.tk

Couldn’t figure out yesterday why I was getting referrals from www.imabigsexybeast.tk. Went to the page and it was my weblog plus a popup for dot.tk. Now Craig Pfeifer confesses he did it while playing around with dot.tk’s new free domain registration service. You don’t have to have a primary or secondary DNS server either, just a valid URL.

So now my site can be reached at www.imabigsexybeast.tk. Thanks, Craig. I’ll return the favor once their registration engine is working again.
more…

Amazon situation resolved…

…sort of. To recap, suddenly one day my massive Amazon history of purchases, product votes, wish list, etc. disappeared, leaving only my most recent transaction. Freaked, I dropped customer support an email. They reported that I had two accounts with the same email address! I was a little dumbfounded—after all, email address is basically the user ID for Amazon, as far as the end user is concerned. But I could verify what the support person said—I could search for my old wish list and see its contents. What happened? And how could I fix it?

I finally realized today that I just had to log into my new empty account and change the email address, log out, then log back in with the old email address. Worked like a charm—all my wish list and averything were still there.

I’m guessing two things about Amazon’s back-end system:

  1. Amazon’s system has an internal user ID that’s separate from the user’s email address. Very sensible—as long as it makes sure that more than one account isn’t created with the same email address.
  2. Amazon must have suffered some sort of catastrophic systems failure around the time I was trying to place my last order that temporarily rendered my account unavailable. Evidence? A new account was seamlessly created with the same email and password through the process of placing the order, although there was an error when I tried to submit the order. Also, my shopping cart in the original account still contained the items that I bought in my recent order on the “new” account when I finally logged back in today.

Weird, but strangely reassuring. Even through a major system crack-up, I was still able to place an order.

more…

Keep ’em separated

If you read manuals, you probably already know this. But apparently some cable modems—at least the model supplied to us by AT&T Broadband—react badly when placed near a wireless hub, such as my graphite AirPort Base Station. For me the problem manifested itself as dropped packets (meaning generally slow traffic) and ultimately a complete disconnect about twenty minutes after cycling the power on the cable modem. Ever since the broadband tech told me about the potential RF interference effect in the cable modem and I moved the base station further away, I’ve had no further problems—performance is back to really good.

more…

The currency of the web, in an increasingly real sense

Jill Walker: Links and Power: The Political Economy of Linking on the Web, a very cool paper presented in June 2002 at the ACM Hypertext conference in Baltimore. The paper argues for a “political economy” of value created by links.

Whereas most valuation models for the web start from the advertising assumptions that impressions (views of the ad) are the basis for value, links to sites have value independent of the impression or even the clickthrough value. This is because of Google and other search engines that value the source and target pages of links through the link itself. Links are currency that may give value to giver and recipient: by linking to this article, I share some of my PageRank with it (and vice versa). This makes the article more visible in search engines and therefore more discoverable. How much is that worth???

There are a lot of people talking about this, including Roland Tanglao, and Jim McGee; thanks to Jim for the pointer.
more…

Speaking of which….

…what are the Userland folks doing to ensure the security of root updates for Radio and Frontier? Seems to me it would be possible, as long as those updates aren’t signed, to masquerade as the update server and download some bogus stuff. I don’t know enough about the products or the scripting language to figure it out, though. Anyone?
more…

Be careful: trojaned OpenSSH package found

Slashdot: OpenSSH Package Trojaned. OpenSSH, for the Windows audience out there, is a secure connection package that allows encrypted connections over which users can use a shell on a remote machine or transfer files. (Grossly simplified, but that’s what I use it for.) It’s pretty essential, to the point that it’s become the default remote login daemon on Mac OS X.

Apparently someone hacked the package available for download from ftp.openbsd.org (and its mirrors) and inserted a line in the makefile to call a script that attempts to contact a server during the build process. So the trojan doesn’t appear to be much more than a proof of concept.

It’s pretty damn scary all the same. But there are is one simple thing that people can do to mitigate their risks: Check the checksums. According to the mailing list message that announced the problem, the two packages have different checksums:

This is the md5 checksum of the openssh-3.4p1.tar.gz in the FreeBSD
ports system:
MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8

This is the md5 checksum of the trojaned openssh-3.4p1.tar.gz:
MD5 (openssh-3.4p1.tar.gz) = 3ac9bc346d736b4a51d676faa2a08a57

This is why Apple started digitally signing its software update packages. Without an infrastructure to verify identity and validity of downloaded packages, people will continue to be at risk.

Now the OpenSSH project will have to look at its server and its processes to figure out how they got tainted.
more…

Feedback on Ziff Davis

A few people have followed up on my Ziff Davis article from yesterday since Doc linked to it. Brian Buck argues that many of us who are playing armchair pundit on the apparent impending bankruptcy are missing the point: Ziff Davis had weak fundamentals to begin with, including massive debt loads and questionable judgement toward gifts to insiders (including slashing strike prices for exec stock options by $10 in September 1999).

But I think Brian’s objection about ZD’s health bears out my point. The Business Week article that he points to confirms that even during the boom years, computer magazines were in an ad slump. Ziff Davis is the canary in the coal mine: weakened from heavy debt loads dating back to its LBO, it is now ready to keel over. Is Ziff Davis in bad shape only because of its ad-based revenue model? No. But it hasn’t been able to pull out from under its debt load precisely because its ad revenue stream has been drying up.
more…

God help me

So… Is my Blog HOT or NOT?

(he asked, knowing full well that if you have to ask, you already know the answer)

Update: So I feel so bad over having posted that, I’m going to have a stab at justifying HotOrNot. It’s…a distributed polling system. Oooh, oooh! Better! It’s a distributed reputation evaluation system that is destined to do what startups like OpenRatings once promised: give instant notification of the credentials of the ratee, thus restoring trust to the Internet experience!

Can I go shower now, please? I feel unclean. 🙂
more…

A new framework for tech strategy

Doc Searls pulls it all together in this presentation for the O’Reilly Open Source Conference. Some really sound points about the fundamentally open nature of infrastructure, and why Hollywood doesn’t understand it. The payoff slides start here, situating the proprietary-open vs. public-private matrix on the boundary between commerce and infrastructure. This is a valuable extension of some serious technology strategy thoughts. Doc ought to collaborate with Rebecca Henderson on a publication.

Update: Doc points out in an email that Craig Burton should share credit for these slides. Apparently there may be a book in the works…
more…