Windows is Dangerous

One of my coworkers got a new laptop last week. ย Friday I set it up with software, configured email, removed a ton of the pre-installed crapware that wasn’t needed, and passed it on to her. Should be all fine, all that was really needed was to install a few bits of extra software, Skype, Slack, etc.

Today she came to me asking if she should install “this”. This turned out to be what happens if you search for “skype download” on google and click the first link. Turns out you don’t get the skype download site, but instead you get an “installer” which prompts you (with varying types of trickiness, for example ‘decline / accept’ buttons to move to the next step, and on the next step the ‘accept’ button is to install some crapware, and the ‘decline’ button is actually ‘skip’.

After successfully navigating the “installer” software, Skype was installed, so I looked to see what else was installed. There were somehow about 5 more bits of crapware installed now. I don’t know if it was done in the 2 work days since she got the laptop, or all today from this. Lets see:

  • Norton
  • “PC cleanup” software
  • A browser search engine / home page hijacker called “bikiniland”, installed as two separate programs, in both IE and Chrome, plus extensions
  • Another couple of random bits of software

I don’t know if it’s the lack of knowledge in recognizing the difference between a legitimate download site and an obvious ad (and knowing that the only reason you’d put an ad up like that is to add on extra crap), or the fact that (in general) the “windows install wizard” culture gives software of ill-repute a lot of ways to scam the user, compared the the (in general) “drag the icon to your Applications folder” philosophy of Mac OS.

Either way it was 30-60 minutes of my life I won’t get back from probably a couple of bad clicks. Now I know why Windows Total Cost of Ownership is so much higher due to having to lock down computers, disable users from installing things, etc.

I wonder if there’s a test I can give new users about how to recognize what they should and shouldn’t do online.

Windows 8 is Terrible

I take it back. I used to say that Windows 8 wasn’t that bad, you just have to get used to it. Sure it’s a bit different, but once you start using it, you’ll start to figure out what the thinking was.

I was wrong. At that time I had never “really” used Windows 8. I’d used it for very simple things, helping out people in the office, setting up Office, installing apps, getting the printer working, setting up a second monitor, that sort of thing.

Then my friend Shaun got himself a new computer, and I got “invited” over to help him with a few things. I got to sit and use Windows 8 as a user for the first time and thought I’d give a few thoughts.

First of all, I know this stuff. I’ve been using computers since 1992, and have used Windows from version 3.0 onward. I’ve used Mac, Linux, Windows, BeOS, and other systems that don’t exist anymore. I live and breath technology, and while in the last couple of years I’ve migrated myself into a Apple environment (laptop, desktop, phone, tablet), I still play with new technology and feel I’m still pretty much “with it”.

I also don’t blame Windows for the horrible crap inflicted on the computer itself. It was a $399 Future Shop special, loaded up with all sorts of crapware, and with not the greatest hardware. Not Windows fault at all.

I’ll do my best to avoid a plain old “just get a Mac” argument. Macs aren’t for everyone, both budget wise and aesthetically, and I tend to disbelieve anyone who speaks in absolutes (like “macs are best”).

My Thoughts

  • The desktop colour scheme is terrible. It’s essentially white on white, meaning you can’t easily see which is one window or another when they overlap. I know that the desktop is the realm of the super-user these days, but seriously, put back a bit of drop shadow or at least make the non-foreground window have a different colour.
  • The complete and total bifurcation of the OS is approaching the insane. There are two separate control panels, one in the “Metro” environment, one in the desktop environment. Both do different things, but there’s not a hugely clear reasoning. For example if you want to change your desktop font and size, you need to do that in two separate places.
  • Updating is completely insane and understandably confusion to the non-native user. Here goes my best attempt to explain what I learned:

    The Windows Store app had updates for apps, but only the ones that you bought through the windows store. For system updates, you have to do those in the desktop version of windows update, which you get to through the easily remembered sequence of Win-x -> system -> updates (I think). This will get you all the system updates needed. Except Windows 8.1, which needs to be gotten from the Windows Store, but only after the system updates have been done in the Windows Update app.

    Makes Sense right?

  • I at first thought that I could just find the Windows 8.1 update in the store, so I wanted to search for it. You’d think that’s how it would work, go into the Windows Store app, click on a search field (just like it is in the Mac App Store app) and search. Oh wait, there’s not a search field, or button. To search the Windows Store, you have to go to the main system search, put in your search term, scroll down a stupid long list of other places to search (by default it searches your system) until you see “store”, click on that to select it, and then it’ll search through the windows store. W. T. F.
  • I found the same searching problems when I tried to install Microsoft Security Essentials (to replace the aforementioned terrible crapware of Mcafe or whatever was installed by default). You’d think that when you click on the link from the site to install it (before I realized it was built in already), or in fact any Windows Store app link, it’d jump you right to the app. On the mac you click on a link that looks something like “itunes.com/app/someapp/12345” it will jump you into the app store with that app selected, or a “not found” if it’s a bad link. The Windows Store links I clicked on just seemed to go to the main page of the store. I had no idea if the link was bad, the app was gone, or if the Store didn’t respect the links.

In its defence, Windows 8 now does have the ability to mount an ISO (CD or DVD disk image) built right into the OS, instead of having to deal with 3rd party Virtual CD drivers like I had to previously. So… yay.

So those are my impressions of using Windows 8 for the first time to do something, for what it’s worth. Maybe after using it for a while it’d all make way more sense. Maybe.

Debugging And Removing A Spam Attack Through Postfix

Some days it’s a bad idea to ignore (or rather, just not check) email. And ignore weird stuff when you see it. Turns out for two days straight my server has been spewing out spam, after a user on the server had their password compromised. The server is a Ubuntu server with Postfix as the underlying mail transport.

The spam was in the form of a from address of xxx@domain.com, where xxx was a random string. The server doesn’t allow relaying, so to send mail from domain.com (hosted on my server) to random other domains (yahoo, gmail, etc) they’d have to be sending it as a user on my system.

To temporarily fix things, all the email that was in the queue got put on hold.

# postsuper -h ALL

This puts the mail on the back burner until you figure out what to do. The server won’t try to deliver it at all until you “un-hold” it. This had to be done a couple of times before I figured out where the spam was coming from. Thing is, what to do with 600,000+ emails sitting in the hold queue?

First thing was to figure out where the mail was coming from. I looked through the logs and it seemed like all the spam mail seemed to be sent through the same user.

Oct 27 10:01:14 amarok postfix/smtpd[25071]: C3E4FB1CEA3: client=unknown[46.253.82.98], sasl_method=LOGIN, sasl_username=bob

Ok, so looks like ‘bob’ got his email login compromised. Ok, now at least there’s a starting point. A bit of digging through the logs I found about where the spam started, and confirmed that by checking where the user was logging in from. Unless he could jump from Vancouver to Bulgaria in a minute, and then decided to send mail every second, it was pretty easy to figure it out.

Ok, so what now?

Next step, get a list of the IPs that the user was logging in from sorted and uniqued so I had each of the IPs used to spam.

# grep sasl_username=bob /var/log/mail.log | sort -u > iplist.txt

Now I tried a few different things to figure out if the IPs were real or not. I figure if they came from the Vancouver area they were probably legit, but if they were from Asia, Russia, or a host of other countries they were probably not valid. I used a few different methods to try to do an automated lookup of where the IPs were from, but the reverse lookup tools seem to be inconsistent at best for automated lookups.

In the end I basically used a network tool to do a lookup like this: http://networktools.nl/whois/5.57.75.82 where the IP I looked up sometimes was just the first number, i.e.: http://networktools.nl/whois/175.0.0.0. Honestly after a while I just deleted the IPs I knew were commonly used by Rogers and Shaw, and then deleted everything else:

 root@server:/var/log# grep -wFf /root/iplist.txt m.log | cut -f 6 -d ' ' | cut -f 1 -d ':' | postsuper -d -

This greps for sources in iplist.txt, in m.log (which was a combination of mail.log mail.log.1 and mail.log.2 (the three days of log files I knew had relevant data). Any resulting log file messages are cut up until just the mail queue ID was left, and then that is piped into postsuper which deletes it.

After a few of those I was down to 5,000 messages in the queue, down from 600,000. Not bad. Still a few to deal with though.

# mailq | grep domain.com | awk '{ print $7 }' | sort -u

Now that’s a list of all the email addresses in the queue that are “bad” and need to be deleted. So using a great little tool for deleting postfix messages by to or from address I called pfdel, I did this to now run each of those bad emails through it and delete those messages from the queue:

# for i in `mailq | grep domain.com | awk '{ print $7 }' | sort -u` ; do pfdel.pl $i ; done

This took me down to 38 messages in the hold queue, which were easily looked at to see if they were legit (hint: if it was coming from a .ru or .br address, or a spammy looking domain, it got nuked).

So that’s it, short, sweet, and not the way I wanted to spend my Sunday night. Now dealing with removing my server from all the blacklists, that’s another issue… Ugh ๐Ÿ™

My Pebble Smart Watch Review

There are many Pebble Smart Watch reviews, all similar, all unique.

This is mine.

I heard about the Pebble Watch on Kickstarter the day that it made it’s goal, and even though I didn’t write about it, I did back it immediately. I got back into wearing a watch a couple of years ago with a gift from my grandmother, but the watch strap has been slowly deteriorating, so it felt like a good excuse to replace it.

The Pebble team originally planned an October 2012 release, but as time moved on, it became more obvious that they weren’t going to make it. Instead of promising another release date, and potentially breaking it, they did the smart thing and said nothing until they knew a schedule that would work. They announced that shipping would start January 23. Long story short, mine finally arrived today, after an extended stay in Vancouver customs and one false start.

Pebble Shipping

The “out of box” experience is good, the shipping box is unique, fits the watch well, and there was no shifting of the watch. There was no documentation inside, no quick start guide, but I suppose if you’re the sort of person who guys a Smartwatch off of the internet via Kickstarter, you can figure stuff out yourself. The watch is smaller than I thought it would be, but still not “tiny”. Definitely not a downside.

Pebble in Package

The screen is just the right size I think, or pretty close to it. The wrist strap is less “plastic-y” than I thought. Seeing the reviews didn’t prepare me for the soft plastic that it is made out of. Not low quality as far as I can tell (not being a plastics expert), and pleasant against the wrist.

Watch build quality is good, but not perfect. The seams aren’t perfect, and there is a bit of odd distortion on the e-ink display that others have noted. Not a big deal though.

The software is simple and easy to understand. There are some bugs (being able to re-order downloaded watch faces, some backlight oddness, etc), but they are all (potentially) easily fixable with software updates. Some software updates to the watch has already been made to fix things like notification display and backlight control. The ‘flick your wrist to turn on the back light’ is a nifty feature as well.

I’m not a BlueTooth borg person, so I’m not used to having my phone tethered to BlueTooth. I was a bit worried that the battery would die sooner than normal, but my iPhone 5’s battery has only seemed to wind down a bit faster than normal (maybe 5-10% faster?) but it’s hard to tell as usage is pretty much dependant on the user. It’ll take a few more days of use to see.

IMG_2662.jpg

Right now the watch is a bit plain. On the iPhone it can:

  • show the time, with different watch faces that can be used.
  • control the music on your smartphone
  • display some notifications for SMSs, calendar events, incoming phone calls, and emails (android is less restricted by Apple’s draconian rules about what you can and can’t get notifications for, and lets you have much finer grained control of what notifications (and you get more of them))

… and that’s about it. No, not buyers remorse, but you have to remember that this is, in essence, just a watch with a couple of extra bits, not a magic do-everything smart watch (yet). That said, the ability to see what my phone is trying to tell me without pulling it out of my pocket is pretty awesome. Is the text ignorable? What thing is it that I’m about to be late for? Etc.

So conclusions…

Is it cool? Yes. Is it worth the (now) $150 cost? Probably, but it’s definitely something for people with a bit of disposable income. Do I love it? Hell yea ๐Ÿ™‚

Linux Counter Entry, 1999

Hows this for a blast from the past:


All comments: help@counter.li.org
Your record was created: 1999-04-23 05:07:09
Person info last modified: 2006-03-12 08:33:53
//PERSON
name: Alan
usage: Home, work
started: 1998
homepage: http://arcterex.net/blog/
//MACHINE 52939
cpu: Pentium 75
# Interpreted as Pentium/75
disk: 2000
memory: 48
network: Ethernet
source: debian.org
distribution: Debian
country: CA
accounts: 3
users: 1
purpose: WWW server, File server
# Interpreted as File server, WWW server
sysclass: workstation
mailer: smail, Smail 3.2.0.102

[Some entries highlighted for interest]

Wow, P75 with 48mb of RAM and a 2G hard drive, that’s some smoking machine. Course, that 1999 entry was created a good 5 years after I started using Linux.

No Freebies This Time :(

Oh well, guess it’s not always a perfect world in Apple support-land.  The battery in my laptop has been less than steller lately, so I headed to the Apple store armed with this article hoping to get a new battery from them gratis. 

Sadly, it was not to be.  After explaining to the guy there about it, quoting the “80% after 300 charges” spec that they have, the guy hoooked me up to their battery diagnostic and pronounced it was “consumed”, and not a bad battery at all. Unfortunately I had to go through the pretence of being interested before this and found out all sorts of good housekeeping tips for laptop batteries before he got to what I really wanted to know, that is, were they going to give me a free one.

Ah well, guess it can’t turn up roses all the time, and I’ll just keep on using the battery I have until it can’t make it from home to work on a charge and have to look at getting a new one.  Not a huge deal now, as most of the time it’s plugged in at home and I sit in a seat with power on the Vancouver to home leg of my commute.

Upgraded My Laptop

After spending a while hitting the limit of my laptop hard drive, and being annoyed with being forced to actually cull my data and videos and music to make it all fit, I finally realized that for under $100 I could almost triple the storage space I had in it with little or no worries (other than possibly voiding the warranty, not an issue in a 2.5 year old machine).   It was actually pretty easy to do, other than one or two minor blips.  There’s lots of information online about how to do it, and other than the minor detail of needing a computer to read the instructions on while you have the computer open with it’s guts exposed, it was up and done with no muss and no fuss.

Hard Drive Cloning

First things first, reading resources. 

  • This Extreme Tech article is great, and being the first hit on google was nice.
  • When I did run into one thing I needed confirmation on, this video showed that there were minor differences in the versions of the hardware (or at least from the first article).

So for $79 I picked up a 500G, 7200rpm laptop drive, and a few dollars more I got the SATA to USB connector kit that would let me connect the drive to the computer as a USB drive.  This was needed to make the upgrade smooth. Oh, and a T-6 Torx screwdriver as well, as per the article.  Seems apple can’t leave it at just one type of screw in their bodies….

CCC Done

When I got home I made sure my homebrew time capsule backup was current, and nuked a few un-needed big files from the desktop.  I assembled the SATA drive and adapter and plugged in the drive, formatted it, and then I broke out Carbon Copy Cloner.  CCC is an awesome utility that basically will clone one drive to another and make it bootable if needed, so for me the theory was clone old drive to new drive, swap out drives, boot up on new drive, with all my data in place and no issues.  In theory.

Unlike most stories about me and hardware, this time the theory was the reality.  I assembled a bit of paper to keep track of which screws went where, consulted the webpages a lot for each step, got a little scared with the sticky cable attached to the top of the drive, and in the end, reversed the whole process to put it all back together.

DisassemblyEnd result, computer working properly, more than twice the disk space, and only about $100 spent on tools, adapters, and the actual drive.  Well worth saving the random “dangnabbit what else to I have to delete now!?” yells.

Considering Shaw Home Phone

Shaw called me up yesterday and asked if I was wanting a digital cable box for the low-low price of $0 (for the next 6 months) to “make my picture and sound better” because they were “trying to get their customers onto digital picture and sound” or something like that.  I talked to the guy for a bit, and it seemed like not that bad a deal, free for 6 months, then $2.50 or so after that (should we decide to keep it of course and not accidentally forget).  Not bad I told him, but how about a PVR.  No no, this is just the digital tuner.  OK, but it is HD right?  No no, not HD. 

Eh?

Ok, not much use to me.  Basically outside of a few more channels (and lets be honest, I have 60 channels of crap now) it gave me nothing but another box and remote to deal with and a new interface to change channels with.  So not that great a deal, even for free.  But I told him, if you can get me the same deal with an HD tuner box, let me know and I’m all over that (hey, free is free, and I’d rather watch 60 channels of crap in HD than not in HD you know).  Also I doubt they could do anything for me but it doesn’t hurt to ask, especially if there’s nothing to lose.  Anyway, they said they’d call me back today.

So in typical big company fashion, communication was off and when I did get the call today I was cheerfully asked “so, you called asking about HD PVRs?”  After I explained what was going on, and what I was offered and what I wanting, they offered me the following deal:

  • HD Tuner with PVR rent free for 2 years
  • Extra HD movie channels for 1 year
  • Shaw home phone service with voicemail etc and 1 year free Canada / US calling
  • Home phone number stays the same with no costs for porting it from Telus to Shaw

All for $20 a month less than what I pay now.  That’s not counting the fact I’d be able to stop my Telus service of $30-40 a month.

Now of course the devil is in the details. If I forget to cancel the various extras added on after 1 year they I get dinged at least a month of them before I cancel, and there are three different programs and two different anniversaries to remember if I want to back down to a lower rate after.  But even if I left things as is after the 1 year promotional “loyal customer” promotion ends, I’m still going to not have a Telus bill that means my costs are at minimum $10 a month cheaper.  And in theory if I nuke all the services back to minimum and either buy out the PVR ($400 ouch) or send it back I’m back to where I was or lower, even after all the promos are ended. 

I asked a bunch of people on twitter and facebook about Shaw home phone and other than one guy who said that he got crappy and spotty service with it, the response was overwhelmingly “it’s fine, no problems”.  Might even fix the crackly line we get on the home phone too.  Only minor downside is that in a power outage the phone doesn’t work (one person mentioned they have a 24 hour battery on theirs), but quite frankly I have that right now as our phone base station is powered.

Even if after a year I switch everything back and go back to exactly how it is now, a year of saving $50 a month means $600 in my pocket, which at the end of the day, makes sense.  Unless someone out there in Blog Land has some really good reasons to not go with a deal like this, I’ll probably take it.  Apparently I get a recruiting fee if I pass it on to someone else too, so anyone who might be in the process of moving for example and are planning to get some brand new Internet or Cable TV service at their new home, make sure you make sure to tell them that I sent you ๐Ÿ™‚

My Tale of Trying To Get an iPhone 4

Short version: got up early, didn’t get one, bummed.

Here’s the long version though. I’ve wanted an iPhone 4 for a while, accuse me of being a fanboy or silly or whatever, but I have. My current iPhone is two generations old now, and is starting to feel like it, and with the official Canadian release of the iPhone 4 coming July 30th (that’d be today), I was amped, ready and prepared.

Last night I was up late (I blame the tea) and couldn’t sleep, wondering if I should be one of those crazy people who camps out the night before, telling myself I’m not that crazy, then envisioning myself as person #11 in a lineup outside a store with only 10 phones and wondering if I should just go and drive to Abbotsford to check. My compromise was to set my alarm a bit earlier and go to sleep.

After tossing and turning till about 1am, I finally got to sleep, or at least I must have. Then at 4am I started hearing a strange noise, strange enough and loud enough to wake up up. Got up and found it was my laptop making the odd noise, not the hard-drive it seemed (thank the computer gods) but it must have been the fan. In my groggy state I had enough presence of mind to shut my laptop down and go back to bed.

Of course, now at 4am my cats saw me awake and figured now was the time to talk to me, so the next 40 minutes was more tossing and turning while being head-butted, pawed, cuddled, and purred against by various furry critters. At 4:40am I gave up (as my brain was now asking me if there weren’t crazy people who may not line up outside a Rogers store in Abbotsford the night before, but first thing in the morning?) and just got up, got dressed, and headed out. I hit the store where I was at for the first iPhone line I was in at and there was thankfully no one there.

I filled up with gas, got a coffee at Tim Hortons, and drove back, still no one there.

I took my rightful place in line as person (fool?) number 1.

About 30 minutes later two other guys showed up and we chatted for a while, then another, and another, and we got to know each other and were happy to be with “our people”… those who were perfectly self-aware of their shiny-tech-gadget lust. We talked about rumours we’d heard, guessed as to the various numbers of phones that would be at the store, and everything else. All through this I kept on realizing that no matter what happened, even if the low number of 5 of the version of the phone I was wanting was true, I’d still get what I wanted as I was #1 in line.

A couple of hours pass now and there are about 7 people in the lineup, and we start to notice that there were people actually inside the mall, sitting right outside the Rogers store.

To clarify, we (the “real” lineup) were standing outside one of the mall entrances that was closest to the Rogers store, but there were 5 other entrances, and there were a group of old folks who walked the mall in the mornings who go in through a service entrance.

So it looked like the two people inside the mall got in there through either the service entrance or another set of doors. The inside group grew by a couple more and people started to get a bit nervous and annoyed. Finally a mall-cop came by and was nice enough to let us in.

Now the douche-bags came out. First of all there were about 7 people ahead of us (the “real” line) inside already, and they some how multiplied to about 13 as others glommed on. In particular there was Douche-bag In The Hat, who was around 8th in our outside lineup, went to the front of the line to chat, and then just sort of stayed there when the Rogers people came out. Then there’s Douche-bag With The Popped Collar who came late and just stood ahead of me, saying “don’t freak out, I’m just here for my brother” when someone complained, even though he didn’t seem to be with anyone and there was no younger brother nearby. Turns out he was standing behind his brothers girlfriend or wife, and his brother came later as well (isn’t it nice you can come to the line up at 9am and end up ahead of the people there at 5am?). I have no problem if you’re there cause you need to co-sign a cell phone contract, but if suddenly there are now 2 extra people in front of me that’s also 2 extra phones disappearing.

So when the Rogers people arrived I had somehow gone from first in line to 13th. I could say I’d be ok with being 3rd, as there was a guy there with his wife who got there at 11am the night before. Still, 13th? sigh.

In the end though, the store only got two of the 32GB models (which after all this I wasn’t going to compromise and not get exactly what I had come for) so they were gone by 9:45 when the 3rd or so person went in. Of course, the Rogers network was also down from the demand on it (my buddy Bryan has yet to have his phone which he got in Vancouver activated as of mid-afternoon), so people weren’t actually getting phones to take away, just a phone reserved in the store for them until the activation tools were working again.

A couple of people came out of the store ahead muttering about “no more 32G versions”, and I decided not to just go home and try next week, but stayed just in case there was a list to put my name on. Turns out that was a good move, because there was a list, and I am (trumpet call) number 3 on the list of people who will get called when more 32G versions are in (monday or tuesday maybe).

So that’s a long way to spend a morning to get nothing.

Now don’t get me wrong, I’m ok with not getting a phone. It’s just a phone, and I have a perfectly fine working phone now (shiny as it is). Really, I am. What I’m pissed off at is not getting a phone EVEN THOUGH I WAS FIRST IN LINE. I feel a bit cheated, and have to say will not be going to this store for the next “event” and will instead go to a Rogers store that has a single entrance.

The rest of the morning (now approaching afternoon) wasn’t much better:


  • Cost me $150 to have the fan on my laptop fixed, or at least the part ordered and pre-pay the costs.
  • Have my doctor tell me my bad cholesterol is down (yay), good cholesterol is up (yay), and blood pressure is perfect (yay).
  • Coming home and poking at my laptop the noisy fan seems to have fixed itself, but of course they won’t cancel the ordered part and refund me the money. sigh

Now I’m tired, a bit cranky, but still hopeful that new stock will get me a shiny toy to play with before the new work week appears. There’s still time for it all to turn horrible though…

After 7 Years, My GNOME Panel Bug Gets Confirmed

So in 2003, I reported Bug #123796 in the GNOME bug tracking system. Three years later it was marked as duplicate of Bug #340180. Finally over 3 years after that (today), it was marked as confirmed.

It’s a relatively simple bug, easy to reproduce, and while not a huge important bug, it’s annoying and I’d say at least one out of ten people with dual monitors has probably come across it at some point. Yet it’s sat mostly ignored in the GNOME bug database, as have most of my other reported bugs.

Ah well, I guess there’s a chance that it will be fixed now, should someone step up and actually fix the code that is.