Phishing Sophistication

I’m start­ing to be impressed by the (almost) soph­ist­ic­a­tion of phish­ing attempts. The latest one in my inbox today con­tained a mes­sage from someone pur­port­ing to have bought an item via eBay that they had­n’t received and unless they heard back they were going to com­plain to eBay and then the police — I can quite see some nervous seller who thinks there might be a mis­take in the sys­tem click­ing on the “log in to eBay mes­sage cen­ter” link (which of course does­n’t go to eBay at all) to try to rec­ti­fy it. 

Mind you, the spam fil­ters are also start­ing to become soph­ist­ic­ated — my ISP adds head­ers to the email mark­ing poten­tial spam and this one tripped a num­ber of meters, adding up to quite a lot of red flags. Some of them are, on their own, quite legit­im­ate of course, but not all:

    1.0 FROM_ENDS_IN_NUMS      
        From: ends in numbers
    1.3 RCVD_NUMERIC_HELO      
        Received: contains a numeric HELO
    1.0 MSGID_SPAM_CAPS        
        Message-ID =~ /^\s*< ?[A-Z]+\@(?!(?:mailcity|whowhere)\.com)/
    0.1 HTML_TAG_EXISTS_TBODY  
        BODY: HTML has "tbody" tag
    0.4 HTML_70_80             
        BODY: Message is 70% to 80% HTML
    0.1 HTML_FONTCOLOR_BLUE    
        BODY: HTML font color is blue
    0.7 MIME_HTML_ONLY         
        BODY: Message only has text/html MIME parts
    0.2 HTML_MESSAGE           
        BODY: HTML included in message
     0.3 HTML_FONT_BIG          
        BODY: HTML has a big font
    1.1 MIME_HTML_NO_CHARSET   
        RAW: Message text in HTML without charset
    0.2 MIME_QP_LONG_LINE      
        RAW: Quoted-printable line longer than 76 chars
    0.4 NORMAL_HTTP_TO_IP      
        URI: Uses a dotted-decimal IP address in URL
    0.1 FORGED_HOTMAIL_RCVD2   
        hotmail.com 'From' address, but no 'Received:'
    3.0 FORGED_MUA_OUTLOOK     
        Forged mail pretending to be from MS Outlook
    0.6 MISSING_MIMEOLE        
        Message has X-MSMail-Priority, but no X-MimeOLE
    1.1 FORGED_OUTLOOK_HTML    
        Outlook can't send HTML message only
    1.1 MIME_HTML_ONLY_MULTI   
        Multipart message only has text/html MIME parts
    1.1 FORGED_OUTLOOK_TAGS    
        Outlook can't send HTML in this format
    3.0 SARE_MSGID_YAHOO       
        Message-ID is forged, (yahoo.com)
    1.1 HTML_MIME_NO_HTML_TAG  
        HTML-only message, but there is no HTML tag

After I saw this I promptly went and got the latest ver­sion of Pegas­us Mail, which I use for my per­son­al email. Pegas­us has always had good anti-vir­us pro­tec­tion, has had decent spam fil­ter­ing for some time, and shows the real URL that is being linked to on HTML emails, but it now advert­ises anti-phish­ing checks as well. It will be inter­est­ing to see how well they work in practise. 

Woody to Sarge

Ive been intend­ing on upgrad­ing my Debi­an firewall/blog box to the latest ver­sion, called ‘sarge’ (a.k.a 3.1) for some months now. Today was the day I decided to finally bite the bul­let. Since I’ve been using back­ports of unstable ver­sions of soft­ware, such as MySQL (see Upgrad­ing MySQL on Debi­an for that pro­cess, and Enabling Thumb­nails for the pro­cess to upgrade libgd) I figured this could be a little trick­i­er than I really like, and I should be pre­pared. Here’s the his­tor­ic­al record of actu­ally get­ting it run­ning. YMMV, of course!

First, the doc­u­ment­a­tion on the Debi­an web site is good. The upgrad­ing instruc­tions are writ­ten per hard­ware plat­form and seem com­plete. I star­ted, as recom­men­ded in Upgrad­ing your Woody sys­tem by repla­cing the word “stable” in the /etc/apt/sources.list file with the word “woody” and then check­ing I had woody’s ver­sion of aptitude installed.

After copy­ing the recom­men­ded files to a safe loc­a­tion (that’s a lot of files!), I deleted the /etc/preferences file after sav­ing a copy — this is the file that says which ver­sions of any soft­ware to use. Since to begin with I want to use a clean, stand­ard Debi­an sarge dis­tri­bu­tion, I don’t need this file. Then it was on to sec­tion 4.2.2, “Check­ing pack­ages status”. I found that apt-get showed no holds, but aptitude showed that php4 was on hold (I can­’t ima­gine why). So I got rid of the hold.

After that, I just fol­lowed the steps, tak­ing the defaults mostly (since I did­n’t under­stand some of the ques­tions, that was an easy choice! One day I might under­stand what pango and defoma are all about, but in the mean­time I’ve decided not to both­er). There were a couple of mes­sages that mostly seemed ignor­able (note to self: upgrade exim3 to exim4 at some stage in the future) and all in all the pro­cess ran smoothly, if not par­tic­u­larly fast on my old, slow Pen­ti­um box. 

Time to check the res­ults — try my web site and find it’s been replaced by a gen­er­ic “wel­come to an Apache web site” mes­sage. The web serv­er has been magic­ally upgraded to Apache 2.0, which I had­n’t quite expec­ted or planned for. Oh well, time to hit the Apache documentation.

There’s a big dif­fer­ence between Debi­an upgrade doc­u­ment­a­tion and Apache upgrade doc­u­ment­a­tion. Where the Debi­an upgrade instruc­tions are exactly that (“Do this, then this. Run this com­mand and if you get this out­put, do this, oth­er­wise do that”), the Apache doc­u­ment­a­tion on Upgrad­ing to 2.0 from 1.3 is basic­ally a list of fea­ture changes, rather than instruc­tions on how to upgrade or what modi­fic­a­tions need to be made to the con­fig­ur­a­tion files. Look­ing at the con­fig­ur­a­tion files them­selves in the Debi­an Sarge Apache 2 dis­tri­bu­tion you can see, for example, that httpd.conf has changed markedly from being the main con­fig­ur­a­tion file to con­tain­ing simply a com­ment say­ing it exists for back­wards com­pat­ib­il­ity only. The README file does have some clues to the new files, with short descrip­tions of what they’re used for. The most inter­est­ing new dir­ect­ory to me was sites-enabled, which seemed to have some­thing to do with set­ting up vir­tu­al hosts. So I typed sites-enabled into the Apache doc­u­ment­a­tion search engine and found no hits what­so­ever. The Vir­tu­al­Host part of the doc­u­ment­a­tion for Apache 2.0 says “Below is a list of doc­u­ment­a­tion pages which explain all details of vir­tu­al host sup­port in Apache ver­sion 1.3 and later.” Hmmm, things do seem to have changed some­what between Apache 1.3 and Apache 2.0. On the oth­er hand, it’s always pos­sible that this par­tic­u­lar con­fig­ur­a­tion and choice of dir­ect­ory names etc is due to Debi­an rather than Apache; the Debi­an dis­tri­bu­tions do have a repu­ta­tion for put­ting files in places that are unex­pec­ted and maybe this has exten­ded to the names used in the Debi­an fla­vour of the Apache install­a­tions. If this is the case it’s not sur­pris­ing it isn’t doc­u­mented on the Apache web site.

For­tu­nately oth­ers have writ­ten this up; I found Upgrad­ing to Apache 2 which described the pur­pose of the sites-enabled and sites-avail­able dir­ect­or­ies in ways that make sense and worked when I tried them out. The same prin­ciples apply to mak­ing the mod_rewrite mod­ule avail­able, which Word­Press uses for rewrit­ing the URLs for archives and categories.

So far, so good. My web site is avail­able again, just not my blog. The error mes­sage is “Your PHP install­a­tion appears to be miss­ing the MySQL which is required for Word­Press”. When I check, all the neces­sary pack­ages are installed. A quick search through the Word­Press sup­port site turns up that I’ve for­got­ten to uncom­ment the MySQL mod­ule in the php.ini file. I’m so used to Debi­an just doing the right thing that it seems odd to have to make that change, some­how. Now my blog is back as well, everything else seems to be work­ing, no files seem to have been lost, and over­all the upgrade was a lot less pain­ful than I had anticipated.

Crochet Danger

I had to laugh at Eve’s link to the story of the weenie who was scared of knit­ting needles (while admit­ting I first saw the link at whump dot com from fol­low­ing XML 2005 Aggreg­at­or links). I have a bet­ter story than mere knit­ting needles or even nee­dle­work needles, since all of those have really blunt ends.

When the TSA dir­ect­ives first came out after Septem­ber 11, ban­ning knit­ting needles, I, along with a lot of oth­er people, was struck by the arbit­rar­i­ness of the bans. No knives, but forks were still allowed, and so were glasses made of glass. Per­son­ally I’d rather have someone come at me with a blunt knife that’s not cap­able of cut­ting any­thing than a broken glass. So I read the list of banned items and noticed that crochet hooks wer­en’t on the list. Giv­en that in terms of crafts I bounce between knit­ting, nee­dle­work, crochet, and lots of oth­ers, I have a good sup­ply of crochet hooks. I picked one out to take on my next set of flights. Not just any crochet hook though, one of my fine 1.25 mm crochet hooks that at the time I was using for filet crochet. So this is a hook, with what can only be described as a barb on one end, with a total dia­met­er of 1.25 mm (I have smal­ler, but had two of the 1.25 mm hooks so could eas­ily risk los­ing one).

The first secur­ity per­son checked the hook, looked wor­ried, asked her super­visor, the super­visor said “crochet hooks are allowed”. And that was it. On board I went, with my filet crochet and my crochet hook. These days knit­ting needles are expressly allowed, as are crochet hooks (although the TSA calls them “crochet needles”) so I will still be able to carry around my filet crochet hooks and scare unsus­pect­ing knit­ting needle phobics (yes, there is such a thing as a needle pho­bia; most people who suf­fer from it have pho­bi­as about vac­cin­a­tion and blood test-type needles, not knit­ting needles, although the pho­bia is appar­ently bad enough in some people to be set off by any needle-type object). 

So if you see someone with what looks like a viciously thin, barbed object and thin yarn, just remem­ber the TSA per­mits it. Mind you, read­ing that list does raise oth­er ques­tions, such as “if you can­’t smoke on board, why do you need a cigar cut­ter?” and “why are toy trans­former robots expressly per­mit­ted but not oth­er toys?” but that’s just me being picky.

Singapore Impressions

I was recently in Singa­pore for a Liberty Alli­ance meet­ing. I had­n’t been in Singa­pore for 10 years, so it was inter­est­ing to see what was the same and what was different. 

Orch­ard Road was the same, but more so — more West­ern shops, more malls, more hotels. The air con­di­tion­ing in hotels and res­taur­ants, which I had remembered as being some­what over the top, was even more so, to the extent that we moved meet­ing rooms with­in the meet­ing hotel to find a room that was some­what warm­er and went out­side as much as pos­sible to thaw out! Out­side was the warm trop­ic­al air and thun­der­storms I remembered, the mix of people on the streets, and the trop­ic­al plant exuber­ance on the streets that helps make Singa­pore so memorable. 

Street in Singapore

Things have changed since 1995. People seem more relaxed, the streets aren’t by any means dirty but they’re not quite as “is this really a city”-spotless as they used to be. The tax­is no longer have the annoy­ing bell that says when they’re going too fast (just the stand­ard annoy­ing bell when someone isn’t using their seat­belt). The Long Bar in the Raffles Hotel is new, built to look much like the old one, but some­how without the same feel. It feels like a movie set, com­plete with over-eager air­con­di­tion­ing. The old Long Bar, the authen­t­ic one, had much more of that trop­ic­al sun­down­er feel. It’s prob­ably still worth see­ing as a tour­ist, but I would­n’t both­er going back, where­as the old Long Bar was some­where you could spend hours in, lazily watch­ing the fans and listen­ing to the crunch of pea­nut shells on the floor.

The old and the new — one block from Orch­ard Road construction in Singapore

On the way back to the air­port, I asked the taxi driver about the high­way with the large plants in pots, planned as an emer­gency run­way. It was quite a sight and I could­n’t fig­ure out how I had missed them. It turned out that Singa­pore had added a new dir­ect high­way into the city; the pots are still there on the older high­way. The taxi-driver was sure that emer­gency run­way would nev­er have to be used and I found his explan­a­tion touch­ing. Singa­pore is in the Com­mon­wealth and the Queen is very proud of what Singa­pore has accom­plished, and there­fore all the nations of the Com­mon­wealth would help if Singa­pore were ever to be attacked, he said. I hope he’s right, and I hope his belief is nev­er tested.

Five Years On

The time has come, the wal­rus said” — not to talk of cab­bages and kings, nor even of seal­ing wax, but to move on and let someone else with fresh ideas take over chair­ing the XML Con­fer­ence Series. XML 2001 was the first con­fer­ence I chaired, XML 2005 the last. It’s been an inter­est­ing jour­ney, full of inter­est­ing people and inter­est­ing top­ics. I’ll miss many aspects of chair­ing — the pos­it­ive side of inter­act­ing with attendees, review­ers, ses­sion chairs, and speak­ers, but I am relieved I no longer have to plan my entire year around one week in Novem­ber, clean dozens of XML papers (well, once this year’s final pro­ceed­ings are done), or worry about how many last-minute can­cel­la­tions or no-shows we’ll have (e.g., this year, for some reas­on we had a large num­ber of can­cel­la­tions so I was glad I had a form­al waitl­ist of speak­ers and talks).

When I took the job, I set out to make a con­fer­ence that I would want to attend and con­trib­ute to. To me, the key was com­munity involve­ment. A con­fer­ence is only as good as the speak­ers allow it to be; you need know­ledgable speak­ers talk­ing on inter­est­ing top­ics if you’re to give attendees a reas­on to both­er attend­ing. How do you get good speak­ers to attend? You make sure there are lots of oth­er good speak­ers attend­ing, so they can all talk and learn and net­work. The ideal con­fer­ence to my mind is quiet dur­ing ses­sions, noisy dur­ing cof­fee breaks, and every­one goes away exhausted but exhil­ar­ated from everything they’ve seen, heard, and thought about. Includ­ing the com­munity in this pro­cess was key, and I was for­tu­nate in that so many people in the XML com­munity were happy to help out, wheth­er as plan­ning com­mit­tee mem­bers, review­ers, speak­ers, or ses­sion chairs.

I set up a plan­ning com­mit­tee to help with final decisions, and designed a peer review sys­tem that was easy for the review­ers (give a grade from 1 to 4 and add com­ments) so people would­n’t mind review­ing. One review­er said it was just like read­ing a sched­ule and decid­ing which talks he’d both­er attend­ing, which I liked. The review­ers made the plan­ning com­mit­tee’s work in pick­ing the final set of talks for the sched­ule pos­sible. Many of the review­ers were happy to be ses­sion chairs for the con­fer­ence itself, help­ing out speak­ers (par­tic­u­larly new speak­ers), mod­er­at­ing ques­tions, and, to my mind, under­scor­ing the fact that this is a com­munity con­fer­ence. I don’t really like con­fer­ences that don’t have ses­sion mod­er­at­ors or chairs as it seems imper­son­al somehow.

And then there were the smal­ler touches I could bring in as chair. For example, many con­fer­ences hand out speak­er gifts, which are usu­ally small, semi-use­less tech toys that die after 3 uses. I decided that per­son­ally I’d rather have a speaker/reviewer recep­tion to attend, so that’s what we did. And I star­ted the XML Cup to recog­nise people whose con­tri­bu­tions seemed to cry out for more recog­ni­tion; again, this was inten­ded as some­thing for the community. 

My reward has been con­fer­ences where people are involved, where the hall­ways are quiet dur­ing ses­sions and the cof­fee breaks busy, where attendees come up and say “my man­age­ment told me to attend and it’s been really great!”, where ideas and tech­niques cross-pol­lin­ate from one field to anoth­er. This year it became par­tic­u­larly obvi­ous that we could­n’t pigeon-hole talks any more, they were all applic­able to mul­tiple tracks and had applic­a­tions far out­side the uses of XML even 3 years ago. XML is truly a basic part of today’s IT infra­struc­ture in ways that few would have been brave enough to pre­dict when I star­ted chair­ing these con­fer­ences. And I like to think that at least some of that is due to this con­fer­ence: ker­nels of ideas that are passed around, net­work­ing, and the incub­a­tion effect of hav­ing lots of experts in close prox­im­ity who can bounce ideas and crazy thoughts off each other.

Dav­id Meg­gin­son will be chair­ing XML 2006 (Nov 13–17, 2006, in Seattle). He’ll do a good job and will bring fresh ideas and energy to the con­fer­ence. It will be inter­est­ing for me to sit back and watch how it develops!

Conference Starting

I’m in Atlanta, Geor­gia, for XML 2005. It’s the tutori­al day before the con­fer­ence starts, time to do last-minute items, check the booth, try to recov­er from jet­lag before the big show starts tomor­row. Some­thing akin to the quiet before the storm.

Which reminds me, the clos­ing date for North­ern­Voice speak­er sub­mis­sions is com­ing up soon, it’s Novem­ber 16 (Wed­nes­day). So put in those sub­mis­sions if you’re inter­ested in speak­ing at a low-key, small, inter­est­ing con­fer­ence that revolves around per­son­al blog­ging. The qual­ity of the sub­mis­sions we’ve already had is high, but more nev­er hurt — you might come up with an idea that nobody else had!

One way or anoth­er, con­fer­ences aren’t going away, even if they’re chan­ging in emphas­is and tone.