Hashemian Blog
Web, Finance, Technology, Running

Amazon's Windfall of ID Theft and Tax Fraud

by @ 12:08 pm
Filed under: financial — Tags: ,

Amazon.comSeems unbelievable but I never knew some states actually issue tax refunds in the form of Amazon gift cards. Read article.

With a long list of companies benefiting from tax refunds including Amazon, debit card issuers, tax software companies and financial institutions that collect transaction fees, one wonders if there is a real concerted effort from all sides to stem ID and tax fraud.

With the states squeezed from the scammers on one side and the greedy corporations on the other, most likely the ID theft and tax fraud problems will continue unabated.

The real losers, as usual, are and continue to be the taxpayers.

Citi Bike Miami

by @ 6:07 pm
Filed under: health — Tags:

There's always a first time for everything and for me it was trying out Citi Bike. During a recent stay in downtown Miami, I wanted a fast way to get to Miami Beach and take a dive into the ocean. My options were to run, take a taxi, take public transport, or rent a bike, and I decided to go with the last one.

After so many years, Citi Bike put me back on a bicycle and it turned out to be a great decision. At $6/hr it was pretty inexpensive, faster and less strenuous than running and quite a bit of fun.

These are not top of the line bikes, they have a more industrial feel to them. I can imagine with the all the abuse they take on a daily basis, they must have some level of ruggedness. But most come with the basket/bucket mounted upfront to take along items, such as a towel, for the trip, very useful.

I rented one to the beach and then rented one back and it was such a great experience that I did it again the next day.

Citi Bike Miami

Peru Hikes - Marcahuasi, Machu Picchu

by @ 4:12 pm
Filed under: running-hiking — Tags: , ,

On a recent trip to Peru with a friend we did 2 hikes, one near Lima and the other near Cusco.

Near Lima, Marcahuasi is one of those open secrets that you hope it'll never become too popular. It's a stone forest filled with rocks that resemble human, animal, and alien faces and shapes. Some believe that it was laid out and constructed by aliens or unknown races, maybe even the Incas. I think it's all the work of nature, but no matter what, it is a mystical place that one can't forget. It certainly deserves more than a one-night stay but that's all we had time for.

Near Cusco is of course the famed Machu Picchu city/fortress but getting to it via a multi-day trek was most of the fun. We chose the Salkantay trek because the Inca trail was at capacity with only 500 allowed per day. In return we were treated to more nature than history/culture and less crowds. Salkantay offers majestic mountains with glaciers, green rolling fields, innumerable waterfalls, and pristine scenery that is hard to beat.

The final trekking day ended in the town of Aguas Calientes with its hot springs and finally Machu Picchu which doesn't need a description of its beauty. The hike to the top of the Machu Picchu mountain and the views from its peak left us breathless.

Here I'd like to take the opportunity to thank our local guides by sharing their web sites. We actually picked them at random and they both turned out to be outstanding. I assume most licensed guides in Peru are of high caliber, reasonably priced, and they can facilitate things greatly, so having them is definitely advised.

Marcahuasi - www.huancayaperu.com

Machu Picchu - www.salkantaycuscotrek.com

* This is unsolicited and I receive nothing in return for mentioning them.

Do Not Iron Your Shower Liner

by @ 12:48 pm
Filed under: social — Tags:

... and don't bleach or dryclean it either. While changing my IKEA vinyl shower liner today, for some reason I noticed the back side of the package.

ikea shower liner

It's weird already that IKEA needs to warn the consumer against machine washing/drying, bleaching, ironing, and drycleaning the $5 liner, but it's telling that only the US consumers are given these warnings.

Apparently for other countries a simple 100% PEVA does the job, they just know what not to do. Admittedly I had no idea what PEVA was, but thank goodness for the warnings. I was about to spend hours washing, drying, bleaching, and ironing my old shower liner 🙂

Live Long And Prosper Spock

by @ 7:59 pm
Filed under: star trek — Tags:

In my native country of Iran during the pre-Islamic-revolution times, the television, rife with American films, was a window into the western culture, specially the American culture, for most people.

But Star Trek was something else. It wasn't so much a glimpse of the western culture than it was the promise of what humanity could be if we let go of our bigotry and superstitions, and instead embrace humanity, science and rationality.

As a young boy I had a few sleepless nights after watching some of the more action-packed episodes. One memorable episode was The Doomsday Machine, which had me terrified of the specter of Earth being gobbled up by a fiery funnel. But many episodes also had the power to make us look at our society and at ourselves and see things from a different angle, mainly a logical one.


In of my most favorite episodes, Mirror, Mirror, the audience is taken on a journey to a parallel universe where greed for power, tyranny, and savagery is the order of the day. To the crew of the parallel Enterprise it's all par for the course, but to the few normal-world Enterprise crew members who are transported there by accident and to us, the viewers, it's a dark and hopeless world. That is not so different from many parts of our world today. We can only root for the parallel-Enterprise Spock who, at the end of the episode, realizes how illogical his world actually is. Of course seeing Spock with a beard in this episode is a pretty good bonus in itself.


Leonard Nimoy has sadly passed away, but his character, Spock, will undoubtedly live long and prosper. LLAP

The SSL Safety Myth

by @ 6:21 pm
Filed under: hacking — Tags: ,

The past week the security universe has been pounded by a whirlwind of bad press and bad actors. It all started with the news of Lenovo pre-installing adware (better yet, crapware) on new machines that would allow ads from a company with the ironic and unfortunate name, Superfish, to display context ads even when users are viewing secure web pages. The details are technical, but suffice it to say that they employ SSL certificate trickery to fool browsers and silence any possible warnings to users.

Suddenly the previously esoteric or arcane man-in-the-middle (MITM) terminology has been thrust into the mainstream and now MITM is just as well known as Ebola, even if most people have no idea how it works.

MITM - Courtesy owasp.org

MITM - Courtesy owasp.org

The bigger question however is, does ubiquitous SSL (nowadays, TLS) really make computing safer? There has been a concerted push as of late to encrypt the entire web. Google for example has suggested that it favors secure sites over regular ones.

But as evident, SSL is no panacea for security or data privacy. It does make the job of corporate security teams harder, sucks more power from infrastructures, complicates interoperability, but worst of all, gives a false sense of security to users and admins. For example, people may simply assume that with SSL they can't get infected or their private data can't be hacked.

I am obviously not against cyber security, but there are proper times and places for that. Just because something is good when appropriately applied, it doesn't mean it's good for everything all the time. Unfortunately, society always seems to over-simplify things and take everything to absurd levels using the logic, if a little is good, a lot is better.

What The Linux Ghost Bug Teaches

by @ 6:07 pm
Filed under: computers,hacking — Tags:

A couple of weeks ago it was revealed that a known Linux bug, Ghost (short-ish for the gethostbyname() function in the older glibc library versions) is riskier than previously thought. So the internet became abuzz with warnings to those who might not have updated their Linux distros.

I have several versions of Fedora running on various machines and updating them was simply not an option. Unfortunately they are also too old and patches are no longer available. But here comes the beauty of Linux, the open source code model. Combine that with a virtual server like Hyper-V and you have all the tools you need to create the patch yourself.

This is what I did to create patches for one of my platforms:

  • Created a guest virtual machine on the virtual server.
  • Downloaded the needed version of Fedora from this archive.
  • Installed the OS on the guest machine.
  • Downloaded the appropriate source code version of glibc. rpmfind.net is a good place to find many source code packages.
  • After installing all tools and libraries necessary to compile and build glibc, I used this StackExchange post as a guide to patch the C files based on the documented modifications and built the rpm package.
  • After installing and testing the newly built glibc library on the guest machine, I copied the rpm files to the production machine and installed them.
  • After a reboot, the bug was patched.

C code

Now many would object to running an older and unsupported version of Linux for production but I am not so sure that jumping to every new version as soon it is released contributes to additional safety. Staying with older versions does make the job of patching these sorts of bugs more cumbersome, but there's something to be said about the educational value of patching these bugs at more basic levels than just running the yum or apt-get commands. I, for one, learned quite a bit from this exercise.


Windows 10 Disappearing Start Menu Mystery

by @ 12:34 pm
Filed under: microsoft — Tags:

I have Windows 10 Pro Technical Review installed on a virtual machine at work and all was going swimmingly until the updates came along a while back and pushed it to Build 9926.

windows 10

That was the end of the Start menu, it just vanished. I made a bunch settings and config changes as advised by various forum posts, including some from Microsoft employees, and rebooted countless times but no dice. Clicking on the Start menu was as useless as doing so on Windows 8.

Eventually I decided to run Windows Update manually (wuapp.exe) to see if any new updates would fix the issue, but every time I ran the command I was greeted with the dreaded error message: This app can't be activated by the built-in administrator. Yes, I log in as the Administrator on that machine, and why the almighty account can't run an application is beyond me.

Thankfully this article saved the day. After enabling the policy, User Account Control: Admin Approval Mode for the Built-in Administrator Account and a reboot, I was able to run Windows Update.

But as a side effect, the Start menu suddenly began working. Had this policy change fixed the problem or was it just a coincidence? Maybe if you have the same issue, you can try the same action and report back if it fixes the problem. Right now I'm too elated to have the Start menu back to undo the change and test the theory.

PHP - echo'ing String Fragments Using Periods Vs. Commas

by @ 10:18 pm
Filed under: computers — Tags:

One of the mysteries of PHP's echo function is the supposed equal treatment of multiple strings separated by periods (.) vs. those separated by commas (,). Actually echo is a language construct, but I digress. In both cases echo appears to concatenate the string fragments and output the resulting string.

In actuality, the period is the real concatenation operator in PHP. The comma on the other hand signifies echo's ability to accept variable-length arguments. Judging by Google search, most people just accept the fact that they can use either periods or commas with the echo function to get the job done.

But there's a subtle difference that's mostly overlooked because it rarely mucks up the results. Take a look at the two code lines below. You might expect to see 12 for both cases, but that is not so.

php echo

The reason is that with periods, some or all expressions are evaluated first and the results are concatenated. Then echo outputs the result after all fragments are concatenated. With commas echo walks the argument list, evaluating expressions and spitting out the results as it goes along.

DNS Verification Error

by @ 12:55 pm
Filed under: internet — Tags:

Recently it was brought to my attention that the domain name hashemian.com has a DNS error associated with it. The domain's DNS is hosted with its registrar as many registrars provide basic DNS service for free. This service generally consists of two name servers with varying degrees of restrictions to configure zones and records.

Concerned, I headed to dnscheck.pingdom.com to verify this for myself and indeed the tool does show an SOA records inconsistency error for the domain along with a couple of warnings.

dns soa error

The warnings are attributed to the fact that the name servers do not have reverse addresses (PTR records) associated with them. Having reverse addresses is not a requirement but it is recommended.

Having consistent SOA (Start Of Authority) records on all name servers is however required. Except that in this case the inconsistency reported was only due to upper and lower case differences between the records on the two name servers and that gets into a bit of an unknown territory.

According to this RFC document: Domain Name System (DNS) names are "case insensitive". That is stated right at the top of the document in the Abstract section.

Going by the RFC, Pingdom's DNS tool is incorrect in flagging the SOA records with differing letter cases as error. One can label the DNS management work at the registrar as sloppy or clumsy, but this discrepancy should at best only rise to a warning level.

« Newer PostsOlder Posts »

Powered by

Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1K9TzBvQ2oaEb4tX9t2vKDtZouMcpfV6QF
© 2001-2019 Robert Hashemian   Powered by Hashemian.com