Hashemian Blog
Web, Finance, Technology, Running

DNS Verification Error

by @ 12:55 pm
Filed under: internet — Tags:

Recently it was brought to my attention that the domain name hashemian.com has a DNS error associated with it. The domain's DNS is hosted with its registrar as many registrars provide basic DNS service for free. This service generally consists of two name servers with varying degrees of restrictions to configure zones and records.

Concerned, I headed to dnscheck.pingdom.com to verify this for myself and indeed the tool does show an SOA records inconsistency error for the domain along with a couple of warnings.

dns soa error

The warnings are attributed to the fact that the name servers do not have reverse addresses (PTR records) associated with them. Having reverse addresses is not a requirement but it is recommended.

Having consistent SOA (Start Of Authority) records on all name servers is however required. Except that in this case the inconsistency reported was only due to upper and lower case differences between the records on the two name servers and that gets into a bit of an unknown territory.

According to this RFC document: Domain Name System (DNS) names are "case insensitive". That is stated right at the top of the document in the Abstract section.

Going by the RFC, Pingdom's DNS tool is incorrect in flagging the SOA records with differing letter cases as error. One can label the DNS management work at the registrar as sloppy or clumsy, but this discrepancy should at best only rise to a warning level.

YouTube Sleep Aid

by @ 7:12 pm
Filed under: google — Tags:

youtube sleep aid

I was reading about interesting winter apps in a magazine and one mentioned was a fireplace app, so I wondered if there was a fireplace video on YouTube.

That was the proverbial Pandora's box. The search led to dozens of fireplace videos of varying lengths but then it further expanded to thousands of videos of other sounds, many of which claimed to be soothing enough to sleep to. Surprisingly many had millions of views, suggesting that many people actually use these videos as sleep aids.

The genres are countless, there are videos of fireplaces, of course, but also sounds of ocean waves, wind, trains, crickets, cicadas, rain, wheat fields, rivers, streams, fans, frogs, cars, soothing music, Tibetan chimes, people whispering, birds chirping, owls hooting, sheep bleating, cows mooing, and the ever-present YouTube staple, cats meowing for hours. They're endless with hundreds of millions in combined views.

Of course it's not like I'm new to being lulled by YouTube. Many times I have fallen asleep watching a video on my smartphone. In my case it's mostly a preacher spewing nonsense or a suspect droning on during an interrogation.

 

Amazon Diapers To The Rescue

by @ 7:55 pm
Filed under: business,internet — Tags: ,

amazon diaperWhen I opened my inbox last friday, an email from Amazon greeted me with the title: "Announcing Price Reductions for AWS Data Transfer and Amazon CloudFront"

I wondered how Amazon was going to make up the difference in the face of stiff competition from other cloud vendors. Then I saw Amazon diapers in the news and all my concerns were laid to rest, genius.

Could this have been the starter line for the executive meeting at the Amazon's headquarters? "We have a revolutionary idea to counter the AWS shrinking margins and the Fire phone losses. Please bring your attention to the baby on the PowerPoint slide ..."

Revolutionary indeed 🙂

 

Elections Junk Mail

by @ 3:53 pm
Filed under: politics — Tags:

With the electronic age and all, I don't check my mailbox that often, possibly once a week, if that. I have unsubscribed from all junk mail and I get all my bills via email. Today I was a more than annoyed when I opened my mailbox after a long hiatus and found it overflowing with political junk mail.

I decided right then and there that I would vote for the candidate that sent me the least amount of junk mail. And the one the didn't send me any will receive my ardent endorsement.

Do these political charlatans think that people are so dumb to believe in their junk mail? I don't know, maybe people are dumb. In my case, I filed their junk mail in the most fitting place I could find, the dumpster.

It's high time to vote for the right candidate, the one that sends no junk mail at all.

Red Rock and Lake Mead

by @ 8:10 pm
Filed under: environment,running-hiking — Tags: , ,

When I travel for business I try to mix in some pleasure. In most cases that means taking the weekend at the end of the trip to explore new places around the area.

This was the case with my recent trip to Las Vegas. I ended up exploring the Red Rock Canyon and Lake Mead. Beautiful places with plenty of hiking and swimming.

Calico Tanks

Calico Tanks in Red Rock Canyon. Moderate hike.

Turtlehead Peak

View from Turtlehead Peak at Red Rock Canyon. Las Vegas strip visible in the distance. Strenuous hike.

Red Rock Canyon from my hotel room, bathing in the morning sunlight.

Red Rock Canyon from my hotel room, bathing in the morning sunlight.

Lake mead from an overlook. Clearly low water levels, indicated from the light/dark contrast on the island. Swimming is still allowed from the Boulder beach.

Lake mead from an overlook. Clearly low water levels, indicated from the light/dark contrast on the islands. Swimming is still allowed from the Boulder beach.

Shot from the top of Hoover dam. Clearly visible bathtub ring  indicates historic low water levels.

Shot from the top of Hoover dam. Clearly visible bathtub ring indicates historic low water levels.

Klaatu-Barada-Nikto, The Original Ctrl-Alt-Del

by @ 2:58 pm
Filed under: computers,microsoft,space

The Day the Earth Stood StillI was watching the classic 1951 movie, The Day the Earth Stood Still, and found it amusing that the command Klaatu-Barada-Nikto given to the robot Gort by actress Patricia Neal, almost had the same effect as Ctrl-Alt-Del has on many computers today.

In that scene, the robot was on the verge of rampaging and destroying Earth when the actress was able to reset it by giving it the voice command, Klaatu-Barada-Nikto.

Wonder if Microsoft guys had seen that movie when they came up with the Ctrl-Alt-Del keyboard combination to reboot a computer.

Strangely, I had never heard of this movie nor the voice command which seems to have a high degree of cult fame, nor the actress Patricia Neal whom I found to be particularly beautiful.

 

Google Voice Gets More MMS

by @ 3:21 pm
Filed under: google — Tags: ,

google-voiceI have been a Google Voice (GV) user for years. It's been an indispensible product for me. I have the app on my Android phone, the plugin on my Chrome browser, and text/voicemail forwarding on Gmail. I don't even know my own cell phone number by heart because GV is my main number.

The only problem over the years has been the inability to send or receive MMS messages. MMS is like SMS, only much richer. It's used to send photos or carry on group texting. In case of GV most MMS messages to/from a variety of carriers would just go into a black hole without even a warning. That's been an annoying fact over the years and I have never known who is at fault there. My assumption is that carriers have refused to work with GV because of some competitive paranoia.

There have always been some rumors that GV is relegated to some corner office, perhaps much like Google Reader before its eventual demise or Feedburner. Although the latter product is still very much alive, albeit unloved.

Now comes the news that GV has been given MMS capability with pretty much all carriers, save unfortunately the biggest one, Verizon. Still, it's a shot of confidence for people like me who appreciate GV and have been long-time users.

I tested GV MMS via AT&T and indeed it works well. And yes, the Verizon test failed. Think it's time for Verizon to shake the irrational fear and get on with this.

Linux Shellshock Bash Bug Workaround

by @ 12:55 pm
Filed under: computers,hacking,internet — Tags: , ,

The warnings about the shellshock bash bug are ominous and not unfounded. This is perhaps a greater risk than Heartbleed. Here are the gory details of this bug.

To test your system for this bug run the following command from the shell:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

if you see the word 'vulnerable' anywhere in the output, like below, you have the bug.

shellshock bash bug

Because bash is such a fundamental part of Linux/Unix and used in so many ways and so prevalent, it wouldn't be that difficult for malicious hackers to use this bug to penetrate a machine and do all kinds of bad things including completely take over the machine. Web sites would the most obvious target of such attacks.

Now how to fix this. New bash versions with the bug patched have become available so users can update bash and be done. But this is not as easy to do for everyone. Some people may have older, obsolete versions of Linux, so they may not find the new patched bash version. They would need to get the source code and the patches, and then build and install it themselves. Yes, I know everyone should be on the latest version of everything, and I am guilty as charged, but let's dispense with the tarring and feathering for now.

Redhat however, in its haste and panic, had released a workaround on this page with a small block of C code that once installed, would disable function definitions and therefore mitigate this risk. They called it dangerous because one must assume this workaround would disable a legitimate feature of bash and possibly cause system failure if it were being used. Unfortunately a while later this workaround vanished (Update: actually here is the Redhat page for LD_PRELOAD mitigation. I don't know,  maybe the page never vanished at all. Just use the steps on that page then), but not before I had availed myself to it. For me, the ease and speed of its deployment made it worthy of a try. And here are the steps.

1- Put the following C code in a new file, bash_ld_preload.c.

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>

static void __attribute__ ((constructor)) strip_env(void);
extern char **environ;

static void strip_env() {
  char *p,*c;
  int i = 0;

  for (p = environ[i]; p!=NULL;i++ ) {
    c = strstr(p,"=() {");
    if (c != NULL) {
      *(c+2) = '\0';
    }
    p = environ[i];
  }
}

2- Compile bash_ld_preload.c to get bash_ld_preload.so using the following command.

$ gcc bash_ld_preload.c -fPIC -shared -Wl,-soname,bash_ld_preload.so.1 -o bash_ld_preload.so

3- copy bash_ld_preload.so to the /lib/ directory like so:

$ cp bash_ld_preload.so /lib/

4- Add the following to the file /etc/ld.so.preload on a line by itself:

/lib/bash_ld_preload.so

5- Restart all relevant services or just reboot the system to be sure.

 

There you have it. I deployed this on several machines that run various applications. It killed the bug and there were no adverse effects. That means that those machines were not using the function definition feature of bash. Of course at some point we may write code or install applications that need to use this feature and if we have forgotten about this workaround, there will be a lot of head-scratching.

So, use the above workaround at your own risk. It will probably work for you, but the best approach as always is to update your platform and of course your version of bash.

Bait and Switch Google Adwords

by @ 12:37 pm
Filed under: google,hacking,web — Tags: ,

We're all familiar with targeted banners these days. Visit a shoe site and suddenly all banners in various web sites are shoe-related.

It seems the banner scammers/hijackers have figured this out too. Recently I noticed suspicious Adwords banners originating from a site called adnxs.com.

My guess is that the malware authors use Adwords or similar networks or sub-networks to target users with certain keywords, for example shoes. They may upload legitimate ads in the beginning and may even run them for a while to gain the network's trust. But then the switch happens and malware ads such as below are displayed.

malware banner

To a lay user, a banner such as above may look legitimate enough to click which will inevitably lead to a malware download and it's game-over for that user. The banner obviously has the tell tale look of being a scam, with the "importent" update it purports to install.

Hard to say if adnxs.com or similar sub-networks are in on the scam or just look the other way as long as the money keeps coming. Whatever the case, browsers and anti-virus programs seem unable to stop these annoying and harmful banners.

Facebook Like, The Big Fake

by @ 6:25 pm
Filed under: google,web — Tags: ,

facebook fake likeEarlier this year this insightful article delved into the business of click farming where people and businesses (and apparently even the US government) pay shady companies a modest fee for thousands of Facebook likes, or Twitter followers, or YouTube views. Only that these likes and clicks are generated by click farms, either malware robots and zombies, or zombie-like people clicking mindlessly, essentially producing inflated popularity through fraud.

I am not much a social media expert or even user, yet I knew about click farming. I just didn't know how extensive the practice was until recently.

At this point we must assume that the vast majority of likes, views and followers are fake. Certainly not everyone is involved, but faced with such overwhelming and obvious scam, one must conclude that digital popularity is now but fiction and holds no credibility. And it doesn't matter who they are, even governments, legitimate companies and celebrities can not be ruled out.

Online scamming is not new. When link farming became a popular method to attain high ranking in Google results pages, Google fought back by changing the rules because SEO scamming was becoming an existential threat to its business. Once users' trust is lost, it is difficult, if not impossible, to gain it back.

Popular social sites such as Facebook, Twitter, LinkedIn, and YouTube are now faced with the same credibility issue and they are fully aware of the problem and have the means to correct it. But it's business as usual because most users haven't woken up to the reality of click farming, yet.

Just like now when everybody immediately dismisses an email purportedly sent by a Nigerian prince, an increasing number of users are glossing over the stats on social sites. When the majority of these stats are fake, the whole system becomes useless and irrelevant.

Older Posts »

Powered by


Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1K9TzBvQ2oaEb4tX9t2vKDtZouMcpfV6QF
© 2001-2017 Robert Hashemian   Powered by Hashemian.com