June 27, 2015
I'd been in the market for a used car when a too good price on Craigslist caught my attention. I'd sold a street bike on Craigslist a few years ago and had a good experience so figured to go into this but with raised antennas.
An email later, the seller reveals a sob story about the car belonging to her dead husband and wanting to move on. The car's in a great shape with all paperwork in order. Sounds plausible, so can I see the car? Seller replies the car is in some eBay garage across the country in lot number so and so.
No worries, she just needs my info and eBay will contact me about payment. The money will remain with eBay until I receive the car and I have 10 days to inspect it. If any issues, I can return it at no cost to me.
So I ask for the eBay page where the car is listed. Seller says she took it down because of the fees. But really, eBay will make all arrangements.
Yeah, sure man. Of course at this point the full blown scam was obvious, but should have been obvious at Craigslist. A quick Google search revealed that this unholy Craigslist-eBay alliance bait and switch is in fact very popular and a few people have been victimized, buyers and sellers.
So why this post? Just adding one more page to Google's search results to raise the warning volume slightly more.
Read this and stay vigilant. There's plenty more info on this. Just Google it.
June 2, 2015
Seems unbelievable but I never knew some states actually issue tax refunds in the form of Amazon gift cards. Read article.
With a long list of companies benefiting from tax refunds including Amazon, debit card issuers, tax software companies and financial institutions that collect transaction fees, one wonders if there is a real concerted effort from all sides to stem ID and tax fraud.
With the states squeezed from the scammers on one side and the greedy corporations on the other, most likely the ID theft and tax fraud problems will continue unabated.
The real losers, as usual, are and continue to be the taxpayers.
May 21, 2015
There's always a first time for everything and for me it was trying out Citi Bike. During a recent stay in downtown Miami, I wanted a fast way to get to Miami Beach and take a dive into the ocean. My options were to run, take a taxi, take public transport, or rent a bike, and I decided to go with the last one.
After so many years, Citi Bike put me back on a bicycle and it turned out to be a great decision. At $6/hr it was pretty inexpensive, faster and less strenuous than running and quite a bit of fun.
These are not top of the line bikes, they have a more industrial feel to them. I can imagine with the all the abuse they take on a daily basis, they must have some level of ruggedness. But most come with the basket/bucket mounted upfront to take along items, such as a towel, for the trip, very useful.
I rented one to the beach and then rented one back and it was such a great experience that I did it again the next day.
May 8, 2015
On a recent trip to Peru with a friend we did 2 hikes, one near Lima and the other near Cusco.
Near Lima, Marcahuasi is one of those open secrets that you hope it'll never become too popular. It's a stone forest filled with rocks that resemble human, animal, and alien faces and shapes. Some believe that it was laid out and constructed by aliens or unknown races, maybe even the Incas. I think it's all the work of nature, but no matter what, it is a mystical place that one can't forget. It certainly deserves more than a one-night stay but that's all we had time for.
Near Cusco is of course the famed Machu Picchu city/fortress but getting to it via a multi-day trek was most of the fun. We chose the Salkantay trek because the Inca trail was at capacity with only 500 allowed per day. In return we were treated to more nature than history/culture and less crowds. Salkantay offers majestic mountains with glaciers, green rolling fields, innumerable waterfalls, and pristine scenery that is hard to beat.
The final trekking day ended in the town of Aguas Calientes with its hot springs and finally Machu Picchu which doesn't need a description of its beauty. The hike to the top of the Machu Picchu mountain and the views from its peak left us breathless.
Here I'd like to take the opportunity to thank our local guides by sharing their web sites. We actually picked them at random and they both turned out to be outstanding. I assume most licensed guides in Peru are of high caliber, reasonably priced, and they can facilitate things greatly, so having them is definitely advised.
Marcahuasi - www.huancayaperu.com
Machu Picchu - www.salkantaycuscotrek.com
* This is unsolicited and I receive nothing in return for mentioning them.
Salkantay Blue lagoon
Machu Picchu Mountain
March 1, 2015
In my native country of Iran during the pre-Islamic-revolution times, the television, rife with American films, was a window into the western culture, specially the American culture, for most people.
But Star Trek was something else. It wasn't so much a glimpse of the western culture than it was the promise of what humanity could be if we let go of our bigotry and superstitions, and instead embrace humanity, science and rationality.
As a young boy I had a few sleepless nights after watching some of the more action-packed episodes. One memorable episode was The Doomsday Machine, which had me terrified of the specter of Earth being gobbled up by a fiery funnel. But many episodes also had the power to make us look at our society and at ourselves and see things from a different angle, mainly a logical one.
In of my most favorite episodes, Mirror, Mirror, the audience is taken on a journey to a parallel universe where greed for power, tyranny, and savagery is the order of the day. To the crew of the parallel Enterprise it's all par for the course, but to the few normal-world Enterprise crew members who are transported there by accident and to us, the viewers, it's a dark and hopeless world. That is not so different from many parts of our world today. We can only root for the parallel-Enterprise Spock who, at the end of the episode, realizes how illogical his world actually is. Of course seeing Spock with a beard in this episode is a pretty good bonus in itself.
Leonard Nimoy has sadly passed away, but his character, Spock, will undoubtedly live long and prosper. LLAP
February 26, 2015
The past week the security universe has been pounded by a whirlwind of bad press and bad actors. It all started with the news of Lenovo pre-installing adware (better yet, crapware) on new machines that would allow ads from a company with the ironic and unfortunate name, Superfish, to display context ads even when users are viewing secure web pages. The details are technical, but suffice it to say that they employ SSL certificate trickery to fool browsers and silence any possible warnings to users.
Suddenly the previously esoteric or arcane man-in-the-middle (MITM) terminology has been thrust into the mainstream and now MITM is just as well known as Ebola, even if most people have no idea how it works.
MITM - Courtesy owasp.org
The bigger question however is, does ubiquitous SSL (nowadays, TLS) really make computing safer? There has been a concerted push as of late to encrypt the entire web. Google for example has suggested that it favors secure sites over regular ones.
But as evident, SSL is no panacea for security or data privacy. It does make the job of corporate security teams harder, sucks more power from infrastructures, complicates interoperability, but worst of all, gives a false sense of security to users and admins. For example, people may simply assume that with SSL they can't get infected or their private data can't be hacked.
I am obviously not against cyber security, but there are proper times and places for that. Just because something is good when appropriately applied, it doesn't mean it's good for everything all the time. Unfortunately, society always seems to over-simplify things and take everything to absurd levels using the logic, if a little is good, a lot is better.
February 17, 2015
A couple of weeks ago it was revealed that a known Linux bug, Ghost (short-ish for the gethostbyname() function in the older glibc library versions) is riskier than previously thought. So the internet became abuzz with warnings to those who might not have updated their Linux distros.
I have several versions of Fedora running on various machines and updating them was simply not an option. Unfortunately they are also too old and patches are no longer available. But here comes the beauty of Linux, the open source code model. Combine that with a virtual server like Hyper-V and you have all the tools you need to create the patch yourself.
This is what I did to create patches for one of my platforms:
- Created a guest virtual machine on the virtual server.
- Downloaded the needed version of Fedora from this archive.
- Installed the OS on the guest machine.
- Downloaded the appropriate source code version of glibc. rpmfind.net is a good place to find many source code packages.
- After installing all tools and libraries necessary to compile and build glibc, I used this StackExchange post as a guide to patch the C files based on the documented modifications and built the rpm package.
- After installing and testing the newly built glibc library on the guest machine, I copied the rpm files to the production machine and installed them.
- After a reboot, the bug was patched.
Now many would object to running an older and unsupported version of Linux for production but I am not so sure that jumping to every new version as soon it is released contributes to additional safety. Staying with older versions does make the job of patching these sorts of bugs more cumbersome, but there's something to be said about the educational value of patching these bugs at more basic levels than just running the yum or apt-get commands. I, for one, learned quite a bit from this exercise.
February 10, 2015
I have Windows 10 Pro Technical Review installed on a virtual machine at work and all was going swimmingly until the updates came along a while back and pushed it to Build 9926.
That was the end of the Start menu, it just vanished. I made a bunch settings and config changes as advised by various forum posts, including some from Microsoft employees, and rebooted countless times but no dice. Clicking on the Start menu was as useless as doing so on Windows 8.
Eventually I decided to run Windows Update manually (wuapp.exe) to see if any new updates would fix the issue, but every time I ran the command I was greeted with the dreaded error message: This app can't be activated by the built-in administrator. Yes, I log in as the Administrator on that machine, and why the almighty account can't run an application is beyond me.
Thankfully this article saved the day. After enabling the policy, User Account Control: Admin Approval Mode for the Built-in Administrator Account and a reboot, I was able to run Windows Update.
But as a side effect, the Start menu suddenly began working. Had this policy change fixed the problem or was it just a coincidence? Maybe if you have the same issue, you can try the same action and report back if it fixes the problem. Right now I'm too elated to have the Start menu back to undo the change and test the theory.
January 24, 2015
One of the mysteries of PHP's echo function is the supposed equal treatment of multiple strings separated by periods (.) vs. those separated by commas (,). Actually echo is a language construct, but I digress. In both cases echo appears to concatenate the string fragments and output the resulting string.
In actuality, the period is the real concatenation operator in PHP. The comma on the other hand signifies echo's ability to accept variable-length arguments. Judging by Google search, most people just accept the fact that they can use either periods or commas with the echo function to get the job done.
But there's a subtle difference that's mostly overlooked because it rarely mucks up the results. Take a look at the two code lines below. You might expect to see 12 for both cases, but that is not so.
The reason is that with periods, some or all expressions are evaluated first and the results are concatenated. Then echo outputs the result after all fragments are concatenated. With commas echo walks the argument list, evaluating expressions and spitting out the results as it goes along.