X-Geek

Extreme geekiness

There are 699 posts filed in X-Geek (this is page 29 of 70).

How to tell when that Facebook friend isn’t real

I got a notification earlier this week when a Facebook user asked to join the now-dormant Bring Google Fiber to Raleigh Facebook group that I administer. I’ve been very suspicious of the recent requests to join this page since nothing is going on with the group at the moment. Thus, I decided to check out the profile of this supposed Facebook user.

The picture on the account was an unremarkable one of a white female in her 20s. The account had only a handful of likes and friends, which made me suspicious.

Then I saw the ASCII art in a post of a big heart or somesuch. By now my alarm bells are going off. I’ve seen that posted on more than one fake account.

The real kicker was seeing this at the bottom of the user’s timeline:

This woman just joined Facebook 13 hours ago? Riiiiiiiiiiight.

I quickly marked the account as a fake and it was promptly removed from Facebook.

Phone numbers and 911 hangups

Someone in my office misdialed 911 this morning, causing the Morrisville PD to needlessly dispatch an officer. As far as I know it’s the first time this has happened at my work. The officer who responded almost certainly had better things to be doing than chasing down someone who fat-fingered a telephone number. That was one officer who wasn’t available for other, more serious calls. That’s one incoming call to 911 that tied up an emergency line and a dispatcher needlessly.

Dialing mistakes have always happened, of course, but the Triangle area has gotten hit particularly hard since the new “overlay” area code (984? I had to look it up) was introduced. The emergency call centers in Raleigh, Cary, Durham, and Orange County have taken tens of thousands of misdialed 911 calls since this change took place this year.
Continue reading

Mark Zuckerberg’s Letter To Shareholders

I started today feeling very down on Facebook. This feeling changed when I found this letter from Mark Zuckerberg to shareholders, basically saying that Facebook doesn’t exist simply to chase money. Crazy as it sounds, I believe him. I think Zuckerberg’s still very much still a hacker, in spite of Facebook’s popularity.

It’s given me hope that Zuck’s not a bad guy and there might be hope for Facebook yet. That said, if Zuck thinks he controls Facebook he’d better pay attention to the Hacked by Mitt Romney stuff.

It’s Becoming Clear That No One Actually Read Facebook’s IPO Prospectus Or Mark Zuckerberg’s Letter To Shareholders

As Facebook’s stock continues to collapse, the volume of whining is increasing.

Four months ago, you will recall, Facebook was viewed as “the next Google.” Now, with no major change in the fundamentals, it’s viewed as an over-hyped disaster. Meanwhile, there is ever-louder grumbling that 26-year-old Facebook CEO Mark Zuckerberg is in over his head and should be relieved of command.

As I listen to all this whining, I have a simple question:

Didn’t anyone even read Facebook’s IPO prospectus?

The answer, I can only assume, is “no.”

via It's Becoming Clear That No One Actually Read Facebook's IPO Prospectus Or Mark Zuckerberg's Letter To Shareholders – Business Insider.

Clickjacking the cause of Romney Facebook likes?


I decided to delve a bit into the hacking underworld yesterday, wanting to learn more about how Facebook users could be signed up for pages they didn’t like. It turns out that a Google search for “facebook clickjacking” returns a lot of results.

I downloaded one clickjacking kit from a site called zarabyte.com and took a look. It includes this line in a file called like.js:

var thehairs = “< iframe id='theiframe' scrolling='no' frameBorder='0' allowTransparency='true' src='http://www.facebook.com/widgets/like.php?href=" + encodeURIComponent(fan_page_url) + "&layout=standard&show_faces=true&width=53&action=like&colorscheme=light&height=80' style='position:absolute;width:53px;height:23px;overflow:hidden;border:0;opacity:" + opacity +";filter:alpha(opacity=" + opacity * 100+ ");' >< /iframe >“;

Basically, it sneaks in an iframe on the page and kicks off the like.php script to “like” the desired page. There doesn’t appear to be anything magic about what this does. If the user is logged into Facebook (in another browser window, for instance), this script should register a like. Futhermore, that like should be logged in the Activity Log as any other like would be.

Based on this behavior, I’m pretty confident that these mysterious Romney Facebook likes aren’t being generated through clickjacking.

Diaspora and Tent: open alternatives to Facebook

After several weeks of shocking revelations about Facebook accounts being hacked to say things their users never intended, needless to say I’m quite depressed about the state of social networks. I am actually considering shutting down my Facebook page since I can no longer be sure what I’m reading there is what my friends actually put there or instead the work of some outside (or inside) hacker.

There’s Google Plus, of course, but who’s to say that it couldn’t fall under the same spell (or under the same misfortune) that Facebook did?

What if there was another alternative, completely free and open? Sort of like an “RSS on steroids” that would share the content I created from a server I managed? What if it took the best of blogging, Twitter, and Facebook and tied it together with a flexible content-protection system that emulated “friends” or “circles” only it worked across separately-owned servers?
Continue reading

Thirty years of computing

I was at a dinner this evening and shared a table with two retired IBMers. We began trading technology stories and I bragged about being one of the first to use the IBM PC. My dad bought it for the family back in 1982.

Only after getting home did I realize that this year marks the 30th anniversary of my use of computers. Our first PC lasted a year or two before my brothers and I upgraded it with a new motherboard, doubling its speed to a blazing 8 MHz. A subscription to Computer Shopper magazine and few years of part-time-job salary saved up and we had added our first hard drive, an incredibly fragile 10 MB model. Then it was two truly ahead-of-their-time 19.2 Kbps Fastcomm modems, two phone lines, and we had our own bulletin board system in 1987 (another anniversary at 25 years ago this year) with over 300 users.

Thanks again, Dad, for bootstrapping my career!

Costco marketing email has fake unsubscribe link

I signed up for Costco’s emailed specials a while back and decided today that I didn’t need them anymore. Mousing over the “unsubscribe” link at the bottom of the email didn’t seem to do anything so I decided to look at the message’s HTML to find out why.

It turns out Costco’s unsubscribe link isn’t a link at all, but is just made to look like one. Here is the code:

< p > In the past you provided Costco with your email address=C2=A0 [EMAIL REDACTED]. Occasionally, you will receive brief advertising ann=
ouncements regarding special items and services. If you no longer want to r=
eceive these advertisements, please click < a > < span style=3D"text-decoratio= n:underline;color:#069" >unsubscribe< /span >< /a >.=20

It’s a span, not a link. Here’s how it renders in Thunderbird:

There’s an “update email preferences” choice also in the email but, like the unsubscribe “link,” it isn’t real and doesn’t go anywhere, either.

I think Costco is a great company and I trust them. Still, I’m curious about why Costco felt the need to include fake links in their marketing email.

Why Romney Facebook hacks aren’t from Facebook mobile


With Facebook’s speculation to Mother Jones that hundreds of its users have liked Mitt Romney’s Facebook page mistakenly through their mobile application, I decided to see just what happens when one likes a Facebook ad from the Facebook mobile app. This turned out to be much more difficult than it first seemed because Android apparently has no built-in screenshot capability. I spent over an hour installing and figuring out the Android SDK on my PC before I finally got to the point of taking screenshots.

Yes, it’s a lot of work but, dammit, I need to know.

I fired up the Facebook mobile app on my LG Optimus V phone running Android 2.2.2. Near the top of my news feed was an ad for Samsung (names blurred to protect the guilty!):

Holding my breath, I clicked on the Like button:
Continue reading

Following up on Romney hacking with an expert


I saw that the Mother Jones reporter consulted security expert Bill Pennington on the Romney Facebook hacking. Like any good digital sleuth, I hunted down Pennington’s email address to see what he thought about the situation. Pennington works at White Hat Security as the Chief Strategy Officer.

This afternoon I sent him the following email:

Hi Bill,

I’m Mark Turner, a guy who was contacted by Mother Jones about the Mitt Romney Facebook hacking thing.

I wanted to be clear about my experience: I’ve worked in IT and network security for 20 years. I’m a sysadmin who maintains security on my corporate network. I’m the guy who keeps the others in the office from clicking on things they shouldn’t.

I use Privoxy ad-blocking software on my Linux desktops. I do not click on ads, ever. And I rarely if ever use Facebook’s mobile app because it sucks ass. Yet, somehow I became a fan of Mitt Romney without my knowledge.

Facebook’s Activity Log shows every one of the 400+ likes I’ve clicked on during the life of my Facebook account. It does NOT show me ever liking Mitt Romney. That’s the only Like that doesn’t show up. Even if I screwed up and clicked on something by mistake, I would expect there to be a record of it.

But there isn’t. That’s why I think something hacked my account from the inside.
Continue reading

Groups Call for Scientists to Engage the Body Politic – NYTimes.com

Great article in the NY Times about an effort to get more geeks in Congress.

Ahem.

In American public life, researchers are largely absent. Trained to stick to the purity of the laboratory, they tend to avoid the sometimes irrational hurly-burly of politics.

For example, according to the Congressional Research Service, the technically trained among the 435 members of the House include one physicist, 22 people with medical training (including 2 psychologists and a veterinarian), a chemist, a microbiologist and 6 engineers.

via Groups Call for Scientists to Engage the Body Politic – NYTimes.com.