random neuron misfires

Linux and FreeBSD aren’t inherently more secure — they’re just operated by people who are inherently more aware of security.

I am a customer of a tool called CompanionLink for Google which allows me to sync my Outlook/Palm calendar to Google Calendar, so my friends/family can see where I am at any given time.

The cost for their software was relatively cheap, and it appeared to work well. There are some inherent issues and bugs in the tool, which still aren’t resolved, but it does what it claims to do in a very simple and fairly painless way.

Recently I noticed that Google has released their own free tool called “Google Calendar Sync” to do essentially the same thing.

The Google tool doesn’t support as many platforms and PIMs as CompanionLink, but it is free, and it is written/maintained by the people who interface directy with Gmail, so I figured it should work “better”.

I was wrong.

For some reason, both of these tools seem to “ignore” random events on my calendar, while including other random events around the same days and weeks. There is no obvious pattern to why these events are skipped, or why I can’t get them into my Google Calendar.

I’ve exported all of my calendar items to a local file, removed the categories, deleted my local calendar entirely, re-imported all of the events clean and told both tools to do a “Purge and Reload”, pushing everything from my local calendar into Google Calendar.

Nada.

Both tools fail in almost exactly the same way. This leads me to believe something in the way Gmail is accepting the calendar data is causing it to “ignore” some of my events (a few hundred).

So now I’m back to not using either of them, because they can’t do what I need. I’ll probably talk to CompanionLink and see if they have a fix, or can issue me a refund for my purchase price.

Frustrating, since I don’t yet have one unified place for all of my calendaring to go. Grr!

UPDATE: I have a fix. The fix is to export my entire calendar into CSV format, then log into Google Calendar, delete all of the calendar items, then import the CSV fresh every time.

So much for 2-way syncronization. Sigh.

I thought it was a joke when someone spoke about this in irc, until I Googled around and found the actual story. Shocking!

Rhonda Payne went to an AT&T Wireless store in Calhoun, Ga., recently to pay her phone bill in cash. She’d been hit by ID theft and was forced to close her checking account, so she was worried she wouldn’t be able to mail a check on time. But when she arrived at the store, she was in for a surprise.

Paying in person, she was told, costs extra — $2 extra.

Payne objected to the “administrative charge” that was added to her bill but got no sympathy. Instead, she said, she was told she should consider herself lucky because the fee was about to go up to $5.

“I was told that it was a courtesy to take cash,” she said. “I said, ‘Are you kidding me?’”

It’s no joke. Beginning earlier this year, AT&T Wireless began to charge customers who pay their bills in their stores.

“It is a way of saving money … it helps us keep our costs lower,” said AT&T spokesman Mark Siegel. “We want our associates to spend their time helping customers as they are thinking about their wireless plans or looking at phones.”

Since when was it a penalty to use REAL cash to pay your bills? What about people who don’t have a bank account (and the number is growing, as the economy crumbles down). What about people who can’t pay electronically? What then?

I can’t help but think this is also related to the fairly recent advertisements from VISA Check Card where they make it seem like paying with real cash is embarrassing, annoying, slow, etc.

In fact, as the commercial below shows… all this industry wants to see is cash flowing in, as fast and efficient as possible, with as few interruptions as possible. If you pay in cash, people groan at you, look at you funny, and make you feel like you’re some sort of outcast.

If you haven’t seen The Zeitgeist Movie yet, please take the time to watch it. You can watch it online, download a copy or purchase the DVD version for yourself or your friends.

It goes through exactly why we’re seeing this shift away from physical money, and how it’s happening at very subtle, almost imperceptible levels in all facets of our society.

I STRONGLY recommend watching it, and passing the knowledge you glean from it on to others who might want to know more.

When all of our cash transactions are digital, when all money is digital and no longer physical, you can be monitored in ways you’ve never even thought of before. Not only that, but your ability to transact business in the world can now be shut off in one keystroke.

BAM!

No more groceries.

No more gas.

No more airline flights.

Nothing.

Accidentally have the same last name as someone else on a list you can’t get yourself removed from? Oops, now your life is literally turned off.

Perhaps Morpheus wasn’t so far off after all… maybe in the eyes of the current government we’re a lot closer to these than we think.

I have two Windows machines here that I use for those tasks that don’t quite lend themselves to Linux or Windows-in-VMware. I thought they were updated to current with all latest versions, service packs and updates… until I stumbled on a tool called Personal Security Inspector by Secunia.

PSI is a tool that will scan all of your programs and applications and tell you which ones are vulnerable, insecure, out of date, end-of-lifed, and many other things.

I ran it on my Windows laptop which is only about a month old, straight from IBM… and it scored 88%.

[More screenshots here]

The interface is very smart, and once it finds the applications which need updating/patching, it lets you download them directly from the PSI dashboard, where you can install them and re-run the scan.

As you can see in the above screenshot, 9 programs that were out of date were found on my system and needed updating. These included things like Firefox, the Adobe Flash plug-in, VLC, XnView and others.

After I updated as many as I could, I re-ran the scanner and it now found the following results:

[More screenshots here]

You can see that even the interface changed, because now I have the proper Flash version installed and configured within MSIE to render those graphs on the right-side.

There’s a lot more to it, and I haven’t done it enough justice here, but if you run Windows.. give this a try and see if it doesn’t find many things on your system that could be potential security holes on your machine.

The only one I couldn’t seem to update was the Adobe Acrobat application but I’ll look into that later.

Back in October of 2007, I started writing a little tool to build MFA 2.0 sites on the fly.

This tool (in Perl of course), allows me to create a new Wordpress blog targeted to a very specific niche, populate the Wordpress database with hundreds/thouands of articles that target that niche, and some other fancy things with lots of trickery under the hood. My Diabetes Information and Acne Skin Treatment websites are two examples of works I created in about 30 minutes with this tool back in October.

The article sites that I point to for content are attempting to drive traffic to their site and they implement all sorts of tricks on the server-side to try to thwart spidering and bots. They want “real humans” to read their content.

So I came up with the idea of using a random proxy server for each request. It slows down the speed with which I can spider articles, but it also doesn’t put me on an automatic block/ban list.

The problem with public proxy lists is that they become stale very quickly, so I needed a way to make sure every proxy I use is alive, valid and accepting connections to the remote site I’m querying for article content.

Enter my return_proxies() function in Perl, which does just this:

sub return_proxies {
        my $link        = 'http://proxy-site/list.txt';

        my $ua = LWP::UserAgent->new;
        my $rand_browser = random_browser();
        $ua->agent($rand_browser);

        my $req         = HTTP::Request->new(GET => $link) or die $!;
        my $res         = $ua->request($req);
        my $status_line = $res->status_line;
        my $html        = $res->content;

        my $t           = HTML::TreeBuilder->new_from_content($html);
        my @output      = map $_->as_HTML, $t->look_down(_tag => 'td', class => qr/dt-tb?/);
 
        my @proxies;
        foreach my $ip (@output) {
                (my $address) = $ip =~ /((?:\d+\.){3}\d+\:\d+)/;
                push @proxies, $address if $address;
        }

        # print Dumper(@proxies);
        return @proxies;
}

I call this in my fetch_page() function like this:

        my @proxies     = return_proxies();
        my $rand_proxy  = "http://$proxies[rand @proxies]“;
        $ua->proxy(['http', 'ftp'], $rand_proxy);

So far it works very well, no issues at all that I’ve seen.

Obviously there’s a lot more to it than just this… but I can’t give away all of the secrets to my code, can I?