Ashley Madison stupidly lets itself get pwned

The Thinker by Rodin

So I have been streaming Mad Men on Netflix. It’s a strangely compelling series about the world of Madison Avenue in the 1960s. It’s a world of constant drinking, endless cigarettes and infidelity. The principle character is Don Draper (played by Jon Hamm), the creative director for the advertising firm Sterling & Cooper. As we quickly learn, Don was previously Dick, he is a deeply messed up man, and he also happens to be one hunk of a guy. Don’s a liberal drinker, a liberal smoker and a liberal bed hopper as well. He does this while somehow staying married to his ultra pretty and slinky wife Betty (January Jones).

It takes a few seasons but Betty eventually figures out Don’s infidelities. They divorce but Don keeps bedding the women, often inappropriately, including his secretary. Yet Don is hardly the only character in the series with his pants down. Most of the characters are involved in an illicit relationship or two. I have no idea how close any of this is to real life on Madison Avenue, but from what I’ve read it was not too far off the mark. Most of the men are caught between who they really are and the roles they are supposed to play. How they manage all this screwing around in these pre-Ashley Madison days is kind of mysterious, but likely all that booze helped reduce inhibitions.

Yesterday of course the infidelity website ashleymadison.com quickly went dark after hackers posted a dump of its database on a number of websites. While bad for cheaters out there, what it said about Ashley Madison was even worse. First, its security system was laughably bad. Second, even after the hack they could have taken down their site and saved their forty million members embarrassment, but they didn’t. They kept collecting fees right up until they went dark. In short, they gave the online infidelity business not only a moral stink but in an unexpected way: they were so busy chasing short term profits that they were willing to throw its forty million customers on mercy of their spouses. Doubtless the hackers provided samples to prove they had hacked the good stuff, including apparently seven years of credit card transactions. AM was hoping they would blink.

Doubtless too that marital counselors and divorce lawyers are going to get a sharp increase in business. It would not surprise me if their phones were ringing off the hooks. As for AM, I wouldn’t blame its customers if they arrived en masse to torch its offices. Cheaters of the world, unite! Anyhow, fifty years after Mad Men, there are still plenty of Don Drapers out there that are mostly hooking up online. Until a couple of days ago apparently Ashley Madison had the lion’s share and then some of this market.

What interests me is not that AM brokered infidelity. As disgusting as most people at least claim to view infidelity and those that aid them, there are far worse things on the Internet, with ISIS beheading videos coming immediately to mind. Some entities like AM are to be expected in our electronic age. What’s interesting and more than a little appalling is how bad a job they did in keeping their clients’ information confidential. As a software engineer, but also as a guy that is currently getting paid to ghostwrite articles about data security, AM gets an F.

Yes, AM kept a record of all its credit card transactions for the last seven years! It’s such a mind boggling, stupid and reckless thing to do, particularly given the profitability of the site. It would have made much more sense to give in to the hackers’ demands and quietly establish a new site under a new name, oh and fix those security problems too. Doubtless they had the money to do it. Forty million customers, figure 30 million of them men, figure each putting out at least $50 each, that’s at least $150 million in revenue. Since they’ve been in business fifteen years, it’s likely a lot more than that. Likely their overall revenue likely exceeded a billion dollars, not that we’ll know for sure. They aren’t publicly traded, although maybe their successor or whoever buys the brand (Vivid Entertainment?) will be publicly traded, and doubtless do a better job at security.

If I had fewer scruples and more money I might create the next AM site, one that its dubious clients could actually trust. Of course there are always risks in anything done over the Internet. AM’s clients now understand that. The next AM is bound to arise from its ashes, and probably sooner rather than later. Here are some actions items for whatever entrepreneur wants to sail in these turbulent waters in the future:

  • Do not keep records of credit card transactions. Just don’t. Purge these daily, if not more often, from any internal databases. Don’t journal them on backup somewhere.
  • Do not collect any privacy information from your customers, you know like their real names, address and phone numbers. Instead, let some third party act as your broker. Your client gives the broker some money and the broker provides some electronic token identifying the payee that doesn’t actually identify them to your company. The future AM should never collect anything that could identify their clients.
  • Accept more discreet ways of payment. There are lower tech and anonymous ways to pay fees confidentially: wire deposits and money orders, for example. I’d say accept BitCoins but BitCoins are hardly anonymous.
  • Don’t use cloud hosting. Use your own data centers that only you can access and control.
  • One person can’t do this in his basement. So find employees who have a history of being trustworthy, very talented, and discreet and pay them very well. Give them incentives to be discreet. Make their bonuses contingent upon their contributions to improving the business’s security.
  • Retain security experts. To get AM’s entire database required a whole lot of bandwidth. This can be monitored. The tools exist to cut off suspicious behavior already.
  • Do regular vulnerability testing of your website and applications. The tools are out there. Of course fix any vulnerabilities found quickly.
  • Hire a CISO, a Chief Information Security Officer with of course the right credentials.
  • Don’t store obviously sensitive information, like a client’s IP address. Passwords should be encrypted in a MD5 hash in the database.
  • Tell your customers what your security plan is. Get an annual (or more often) security audit from a trusted security auditor and publicize the results for your customers.
  • Provide your customers security tips, like clearing your browser history. I can think of another one. Figure out a way for clients to share pictures anonymously. I’m pretty sure it could be done with Instagram.

As for AM’s clients, those who are not on their way to marital counseling or divorce court, you might consider picking up strangers at bars again or just plastering them with lots of alcohol in the privacy of your office. It sounds cheaper and faster. It worked for Don Draper.

You Porn: A Traveler’s New Best Friend?

The Thinker by Rodin

A couple weeks back I read somewhere, probably on Craiglist, about a web site called youporn.com. Hmm, YouTube, YouPorn. I think I had a good idea what sort of content would be found on this site. Being of prurient mind, well over 18 as well as a blogger who is always looking for something novel to write about, I checked out the site.

As I expected, it was a site modeled somewhat after YouTube.com. Here you can upload your personal pornographic videos to share with others not offended by sexually explicit content. Moreover, just like on YouTube, you can rate the various videos. This may give you an idea of what’s hot and what’s not. Naturally, before you can get into this digital red light zone you first have to assert that you are at least 18 years old. This takes only a single mouse click.

The folks at YouTube go out of their way to ensure there is no sexually explicit content on its web site. However, on YouPorn, you expect the graphic and the lurid. Instead of YouTube’s white backgrounds, you get a dark black background. You feel like donning a raincoat when you enter the site. On its main screen, you can see what was recently uploaded, with the highest rated videos of the day appearing first. By placing your mouse over one of the preview images, you can see a number of snapshots from the video. You have to click on the image to bring up a page with the video on it. Once there you then click on the larger embedded image to start the movie. As best I can tell, there are no gay movies to be found on youporn.com. However, lesbian flicks, at least those where buffed up women pretend to be turned on by other women, are plentiful.

The video quality is often not that great. Like YouTube, it appears that uploaded videos are in a Flash video format. If you go to YouTube regularly, you know what that means: the videos load relatively quickly, but lack a little something in resolution. Some of the videos are so fuzzy and grainy that you will need to substitute imagination for explicitness. However, at least they load quickly and stream. (Stream means you do not have to wait for the whole thing to download before you can start watching it.)

Nor as best I can tell, are most of these videos actually amateur videos. Most of them appear to be blatant rip-offs of vignettes from “professional” or semiprofessional pornographic web sites. The videos appear primarily oriented toward horny men, although I imagine there are many women who also like their video sex raw. In short, expect more of what you would see elsewhere on the web or on Usenet in the alt.binaries.erotica newsgroups, just with less resolution.

There is another and perhaps crucial difference between YouPorn and most other adult oriented web sites. On YouPorn, you do not have to buy a pass in order to view its content. You do not even get annoying pop up ads. You do get advertising, of course, but the ads appear to the right of the embedded videos. The ads are what you would expect: generally adult sex personals and girls with web cams, all of whom presumably will want to start their meter running when you pay them a visit.

In short, YouPorn is free porn for the masses. The video quality may lack something. Given the hordes of horny Internet users out there, its servers may sometimes slow down. But it appears that YouPorn will always be there for you. It is your new trusty if somewhat dirty digital friend, always ready to transport you into a much hotter and more perverse world than you likely encounter in real life. But then, when has pornography ever modeled real life?

I am currently in a hotel in Tallahassee, Florida. It, like most hotels these days, comes complete with high-speed Internet service. I take this for granted now but until I learned about YouPorn, I had no idea exactly what this meant for the frequent traveler. It is now possible to have safe sex on the road, as long as you lug your laptop and do not mind having sex with yourself or your trusty battery powered device. I hope that though you will try to muffle your orgasmic screams rather than rouse the curiosity of your hotel neighbors.

It used to be that Leisure Suit Larrys would congregate in front of the hotel bar hoping to score there, but usually without much success. Those with deeper pockets could call an on-call massage service and hope they provided more than a massage. Given how hard it is for travelers to find sex on the road, and how dangerous it would be if it were found, YouPorn is providing a valuable service to the traveling public. You get much better, or at least much more explicit porn on YouPorn than you can get from the soft-core stuff on your hotel’s private TV channel. Nor will you acquire a social disease. Except for any friction generated by your fingers, hand or vibrator, your sex will be virtual rather than real. Perhaps you will have a new sin to whisper to your priest at your next confession, but otherwise there seems to be no downside.

Therefore, I predict a decline in hotel bars. Massage parlors and escort services may also be taking a financial hit. For better or worse, YouPorn will be changing the dynamics of both online pornography and local sex businesses. It is far from pornographic perfection. Yet it is the 80% pornographic solution that travelers can turn to in need. It is also a possible solution for the many millions of sexually frustrated people out there who would like to have sex but for whatever reason cannot acquire it.

I once wrote a very popular entry wherein I compared ex porn star Sharon Mitchell with sainthood, because of her tireless work within the adult industry to ensure that porn stars do not transmit STDs. YouPorn is also providing a public health service, by giving those who need it a safe outlet for their sexual urges. Sometimes truth is stranger than fiction.

Continue reading “You Porn: A Traveler’s New Best Friend?”

The hidden power of Google Docs

The Thinker by Rodin

The application designers at Google rarely fail to disappoint. Some of their products have failed to capture much market attention, but all of them have been interesting. If their designers are disappointed that useful applications like Froogle have not captured the public’s fancy, other ideas like Google Earth and Google Maps swept us away.

I have spent quite a bit of time lately looking at and pondering Google’s recent offerings. This weekend I belatedly signed up for a Google GMail account. I do not know why I procrastinated so long. Admittedly, it is not a perfect application. The ads served based on the content of my email still spook me a bit. I am also a bit leery leaving all my email on their servers, no matter how convenient it is to search my email using their search engine. While their privacy policy looks reassuring enough, there is no law that requires Google to keep my email messages private. Since the NSA arm-twisted telephone companies like Verizon into opening up their calling records, in spite of the illegality of doing so at the time, I have to wonder whether Big Brother is also searching my GMail.

Still, GMail is slick. Spending some time using it makes you shrug off your paranoia. In fact, once you have it, it is hard to revert. Like all Google products, GMail is hardly flashy. Google likes white backgrounds, ordinary fonts and lots of white space in its pages. However, Google is not after flashiness; it excels at usefulness. While I can bemoan their capability to search my private email messages, having it hosted inside their 3 gigabytes of free server space also means that all my mail is available wherever I can access the web. The first time GMail threaded my email I was jolted, then I wondered why email programs generally do not thread email.

GMail has many other useful features. If your cell phone is Internet capable, you can receive and reply to email on your cell phone. Its spam detection is excellent. You can segregate important emails by “starring” them. You can teach GMail to assign labels to various kinds of emails. In fact, “email” is a word that Google makes obsolete. Since all your emails are threaded, it correctly refers to your email box as a collection of “conversations”. Importing my address book, a fundamental step for being useful, was not much of a chore. I simply exported my address book from my email client into tab-delimited files, and then read them into GMail. I can use it as a vacation responder. I can POP (download) email from other accounts, or download my GMail into my email client through a secure POP connection. I can add filters to segregate common kinds of emails. Many third party applications have been written for GMail. For example, you can install a notifier program. It tells you when you have new mail by placing an icon in your system tray. However, you may not want to install the notifier. Simply leave GMail in a browser tab and the tab title will let you know if you have new email. What is the cost for all this wonderfulness? Aside from the minimal advertising, unless you want to use more than 3 gigabytes of server space, it is free.

GMail lead me to try out Google’s news feed reader called Google Reader. Previously I had been using the now antiquated Bloglines as my web-based newsreader. Google Reader is magnitudes better than Bloglines. Adding a new feed is easy, and if you are having trouble thinking of a feed to add you can select from a list of canned feeds organized by category. Your Google Reader home page consolidates a list of recent feeds for your easy viewing. As you scroll down through a feed, Google Reader assumes you have read the item. You can “star” items in the feed like you can emails. By “starring” them, they become the equivalent of temporary bookmarks. Of course, all your feeds are instantly searchable. In addition, you can choose to share with your feeds with friends. Of all the newsreaders I have used, both web based and installed, Google Reader is by far the most usable. As with GMail, if I have a browser, I have instant access to all my news feeds.

Google has many other interesting applications, many of which have yet to take off. The Google Talk application is a Johnny come lately. With AOL and Yahoo holding dominance in these markets, it is unclear how it can overtake them. (There is an open application programming interface (API) for Google Talk, which could help.) However, if you can convince your friends to use Google Talk, you have one interesting feature: the ability to transparently save and search your own chat sessions. Google’s language translation tool, built into its search engine, is eerily accurate. Google has purchased some of its competition. As you may have heard, Google now owns Blogger and YouTube. Its attempt to compete with Windows on the desktop has thus far proven futile. However, its Google Desktop Search tool allows you to search your own computer with transparent ease.

What is Google’s next big thing? I think it is already here. It is Google Docs and Spreadsheets, soon to be renamed Google Docs. It aims to be a web-ified version of Microsoft Office. Should Microsoft be worried? No, they should be panicked. They should be panicked not because Google Docs will likely be able to build a better word processor or spreadsheet (although that may emerge over time) but because for most of us 90% of the functionality is more than adequate and free is an excellent price. Microsoft should also be worried because these documents inherently reside inside the Google hive. Consequently, they are easily and transparently shareable. Microsoft may be worth hundreds of billions of dollars, and its MSN network may be impressive, but it is a 98-pound weakling in the infrastructure hosting business. Google is the 800-pound gorilla. Moreover, Google Docs has something in common with Google Talk and, in fact, many of its applications. It has an API that can manipulate it. This means we are likely to see all sorts of small but clever applications used to serve particular vertical markets that will be at its core Google Docs documents.

Most computer users understand spreadsheets. Keeping track of tabular data (data formatted in rows and columns) is now second nature. Yet a database, even a simple one like Microsoft Access, is still relatively complex and generally too much trouble to use for the sharing data. Extensible Markup Language (XML), while certainly portable and easy to read, is still not simple to consume or process for a particular use. It depends on relatively sophisticated programs on both the sending and receiving end to make use of the data. A Google Docs spreadsheet on the other hand, needs no installation. If you can use Word or Excel, you can quickly learn to use a Google docs word processor or spreadsheet. If your use is personal, it does not cost any money. Since it is hosted in the Google infrastructure, you can easily share your Google Docs, unlike Microsoft Office documents. Generally, if you want to share these documents, you email them. And when you email them, you lose your ability to update them. This is not true when they exist inside Google.

Consequently, Google Docs is something of its own platform, but since it is an open platform anyone can write an application that works with it. You can sort of do this with Microsoft Office, but you have to write to a Microsoft API (generally Visual Basic for Applications). Google Docs is easier to interact with than XML documents (in fact, Google Docs stores its documents as XML) and can be programmatically extended using open source AJAX technology and the Google Docs API. Once this fact sinks in, Google Docs should become the de-facto means of sharing relatively simple structured data. It will create a brand new market that will make it easy to collaborate online using readily understood metaphors (spreadsheets, documents, presentations).

This is something Microsoft cannot presently do except through some of its costly and proprietary solutions. To even compete in this new market would take Microsoft many years, and would probably not succeed, given Google’s gigantic head start. It is likely that in time Google Docs (perhaps assisted by the OpenOffice suite) will crack the Microsoft Office monopoly. If you are a business, the fact that Google Docs is already hosted may very well be compelling. Why pay people to go around, install and troubleshoot Microsoft Office when they could do the same work online with just a browser? Whatever Google charges for a commercial service will likely be a small fraction of Microsoft’s costs. Moreover, you will not have to pay a help desk to support these applications.

Often it is the prosaic things endure the longest. Documents and spreadsheets are prosaic, but essential to information sharing. We were wowed a couple years back by Google Earth. I think that Google Docs, by extending the Google infrastructure to the applications level, will be seen as Google’s most significant innovation since its search engine. While it may not kill Microsoft, Microsoft may well emerge a shadow of its former self.

Google Adsense Integration

The Thinker by Rodin

After pondering this recent Washington Post article, I am going to try a little experiment in capitalism on my blog. Google Adsense is a way for web sites to earn some money just for being there. In most cases, it is not a whole lot of money. In general, using Adsense, the more page views a site gets, the more revenue can potentially be generated for the site.

While I am not trying to get rich off of Occam’s Razor, at a minimum it would be nice if my content could pay for my hosting costs. It would be even better if I could earn some small change for the time I invest in creating content for this site. As you may remember, a typical entry is an investment of several hours of my spare time. It would be even better if this site could earn enough money so I could afford dedicated hosting. Because I use shared hosting, occasionally site access is a bit sluggish.

Therefore, I have disabled my site search and enabled Google Adsense for Search. It will replace the site’s search engine. This has the benefit of offering better search capabilities than is possible with the MovableType software I am running, so it should add value for web surfers. Google Adsense for Search will also serve what it believes will be relevant targeted advertising. If you click on some of these targeted ads, the site may earn a few cents. If they add up, they may pay for my hosting costs.

Google also has an Adsense for Content service, which displays relevant ads on web pages based on the page’s content. Again, if you click on some of these ads, I may receive a few cents. I will not put these ads on my main index but only on the individual entry or archives pages. This way those of you who regularly read from the Main Index will not see advertising.

About 80% of my page requests are a result of search engines queries that take the user to a specific archive or entry. The vast majority of these visitors arrive here from a Google search. Consequently, it seems appropriate to me to see if some revenue can be generated from these pages. Heck, my entry Sharon Mitchell: Porn Saint alone tends to average about ten requests per day. I imagine any “Sharon Mitchell Porn” links generated by Google Adsense could alone pay for my hosting costs. I will find out.

I hope these changes do not seem too commercial or obtrusive. If you are less likely to return here because of this ad policy, please leave me a comment. If push came to shove, I would rather serve ad-free content than push readers away.

The Two Sides of Google

The Thinker by Rodin

Google is one of these amazing companies that demonstrates how uninspiring and mediocre most businesses in the Information Technology (IT) field actually are. Unlike Microsoft, which claims to be innovative but largely is not, Google can truly claim the mantle. Google is a company with the power to inspire awe. Its search engine continues to be the cream of the crop. Yahoo and MSN will keep trying to best Google, but they will likely continue to play follow the leader. Yahoo Maps, for example, just recently released its Beta mapping application, which roughly compares with Google Maps. Google Maps, of course, has been using the magic of AJAX (Asynchronous Javascript and XML) for over a year to take map usability to a completely new level.

For software engineers like me, the speed with which Google churns out amazing new technologies takes my breath away. Its billions of dollars in ready capital certainly explains part of its success. With its passion for excellence and fearlessness taking big chances, Google simply soars high above the rest of the IT crowd. Mostly it hits the bullseye. Google Earth is just the most recent example of a technology that blew my socks off. It is a killer application, as every bit as revolutionary as the first web browser. We were still being wowed with Google Maps ease of use when Google threw us the Google Earth bombshell.

One of the more recent services introduced by Google is Google Video. It provides a new way to find and share video files. Google acts as the Internet’s ubiquitous high speed and fault tolerant video server. Given its enormous infrastructure, hosting and serving these large bandwidth intensive videos must not be much of a problem. The service even lets you know its most popular videos. Yet this is just one of a number of flashy services that Google provides, most at no cost. Let Google host your blog on Blogger. Centralize your email on the network with GMail. Find the lowest price online with Froogle. Search your computer as you would the Internet with Google Desktop Search. (It just happens to be a feature of the Google Desktop, a clever new application, which looks like a first attempt to break up Microsoft’s desktop monopoly.) Google even has pretensions in the Instant Messaging arena with its Talk client. Clearly, their ambition knows few bounds. While it occasionally bites off more than it is ready to chew (GMail being an obvious example) Google’s numbers of home runs outside the ballpark would make even Babe Ruth jealous.

Scott McNealy of Sun Microsystems was I believe the first to promote the idea in the 1990s that “the network is the computer”. While he was ridiculed at the time, Google has shown us that the network can be the computer. With an infrastructure like Google’s, what seemed impossible can unexpectedly become reality. While Microsoft spins its wheels trying to make its Windows product ever niftier, Google shows us that it is what you can do with a computer that makes it meaningful. Indeed, Google makes a compelling case that its services and infrastructure is the ubiquitous application layer of the future, if not the here and now. I am creating this entry using Microsoft Word, but I have already checked a half dozen facts online using Google’s search engine. I can use any word processor to create this entry. I cannot go just anywhere online to find out the information I need this rapidly. Google demonstrates it is not how pretty your screwdriver is that matters, but how well it helps you turn the screw. Therefore, we get its low-tech web pages, always with the pure white background, the simple text and its generous use of white space. It appears low tech but it is simple enough for a student in grade school to use effectively.

So I have plenty of cheers for Google today. I am especially glad it gave the U.S. Justice Department a Bronx cheer when the department recently requested a week’s worth of its web searches. The Justice Department wants the information to discover how the web is being used by pedophiles and those interested in child pornography. Unlike Yahoo and MSN, Google wisely said no. It valued the trust it has earned with its customers too much to let the Justice Department mine its information. Let us hope it continues to do so. Apparently, Google records the Internet Protocol (IP) address of every search query. Let us hope that if push comes to shove Google simply stops recording the IP addresses of all our search queries. For an administration already deeply in Big Brother land with its warrantless electronic eavesdropping, this is simply an opening salvo by the government to get its hands on our private business. If Yahoo and MSN care that little about my privacy, I will not be giving them my business.

In making a stand in America though, Google apparently is quite willing to compromise its principles to win business overseas. For also in the news this week were stories that Google will allow the Chinese government to censor its search engine content. Maybe I was naïve, but I really thought Google got it. However, apparently they will compromise their principles if it improves their shareholders’ bottom line. Perhaps as a result, Google shares went up 3.4 percent with the announcement.

Google must not understand its own unique power at this point in history. Many of us talk about the importance of human freedom, but few are in a position to do much to expand it. Google can. It is the 900-pound gorilla in the information search business. Rather than kowtow to China’s paranoid rulers it should have said no thanks. Yes, perhaps that might have kept Google out of the important Chinese market. Yet a powerful and uncensored internet search engine is a great beacon for those who believe in the power of ideas. The Google business plan surely was premised on its importance. Google is a trusted broker for finding uncensored information. It expands personal freedom and spreads enlightenment. Its reputation is at stake. Which is why Google should rethink doing business with China. Right now, its search engine is the largest force for the liberation of the human mind in the 21st century. Google can be both profitable and spread human enlightenment at the same time. It should tell China it does not need its business unless it guarantees that its citizens have the unfettered access to its search engine.

Spammers must die

The Thinker by Rodin

We all hate spammers. There is truly nothing good that you can say about them. They allegedly constitute a form of human life, but if this is true then it is only on the sub species level.

Most people, no matter how evil, have some form of conscience underneath it all. At the very least when they do something wrong they feel guilty about it. Not so spammers. They are shameless. Give them an inch and they don’t just take a mile. They take a light year. They are human cockroaches. They will do anything and everything they can think of to connect you with unwanted advertising. There is no tactic off limit. In fact they have no limits whatsoever. The end justifies the means.

Fortunately my ISP now provides a server based spam filter. It seems to work reasonably well and captures perhaps 95% of the spam. But even so there is a lot of spam that still manages to get through. Since I use ChoiceMail any unsolicited email that gets through the server spam filter gets an automatic challenge email from ChoiceMail. It requires that the emailer to go to their website and fill out a special form for me to receive their email. New emailers have to enter a number or phrase embedded into a graphic on the web site, and provide a written justification on why I should read their unsolicited content. Those who don’t respond end up on my blacklist. Even if they respond I still have the option to reject them manually.

I find it educational to go through my spam occasionally and see what new tactics spammers are using. Lately I’ve been getting emails with excerpts from famous novels. Of course there is at least one embedded linked image that will take me to their site. I guess this is one way to get me to read Stephen King. The hope is that the content will seem legitimate and thus pass through most spam filters. But this is yet one more example, if it were needed, that spammers are soulless scum. Of course they have no qualms about using copyrighted works of others simply to send spam.

As email program spam filters get better with strategies like Bayesian algorithms of course spammers will keep trying cleverer solutions to let the spam through. No doubt you’ve seen some of these. One tactic: create an authentic looking, almost snooty looking email address. In my spam box is an email purportedly from AtlantaBallet.com. For some reason the Atlanta Ballet wants to sell me Bextra. Umm, no, I don’t think so. Spammers may be ingenious at getting the spam through, but they must have oatmeal for brains in the common sense department. If I were in the market for Bextra I certainly wouldn’t buy it from some shady dealer pretending to be the Atlanta Ballet.

Words are also getting subtly mistyped to pass through spam filters. Viagra becomes V1agra. Copy becomes C0py. Affordable becomes Aff0rdable. Do they really think I am going to buy anything from someone who cannot even spell? I don’t think so! And what’s with these ridiculous email addresses? Do they really think I will open up emails from gjfmdillwmywmkj@aol.com and Rxelx@manonthemoon.com?

And can someone please terminate these ridiculous Nigerian email scams? Goodness, they were old ten years ago! Every conceivable variation has been tried. There is no one left in the world with an email account that has not received a hundred copies of these. Maybe they snared some naïve people during the first six months, but today even imbeciles know to trash this stuff. And yet it keeps coming and coming.

What really incenses me though are those spammers who use my good name and email address to pass off their spam. Of course my friends are likely to assume the email is from me because it has my name and email address on it. So it sails right through their spam filter because I am in their address book. But now my friends have to treat my email address with suspicion. Perhaps they get 100 emails a day from me that are spam. Perhaps out of frustration they have added me to their blacklist.

If spam were limited just to email then perhaps it would be endurable. But email is yesterday’s spam frontier. Spammers’ tactics are getting increasingly ruthless and non-discriminating. For example, in this blog I routinely average 1-5 fake “comments” a day. Needless to say like all spam this spam is programmed. A computer has sniffed my site, determined that I have a Movable Type weblog, found the CGI program that processes comments (even though I renamed it) and sends a canned HTTP request masquerading as legitimate comments. Fortunately I review all comments before they are published, but I still need to remove them manually. And that means to some extent I still must read them.

But now even blog comment spam is insufficient. The latest twist is to create bogus blog trackback entries. Movable Type is not yet programmed hold trackbacks in a queue for approval. So anyone who looks at a trackback entry before I have a chance to remove it is directed to a spammer’s website.

(Yes, I know about Movable Type plug-ins like MT-Blacklist. It’s of some help, but no silver bullet.)

The response from our legislatures has been anemic. The Can-Spam Act has done nothing of the sort. The government gives lip service to tracking down and prosecuting spammers. In reality there is not much they can do. Spammers can and do move so quickly that law enforcement cannot keep up with them.

I cannot see any short-term solution to this problem. Signing all email with digital certificates could potentially help solve the problem. However a valid digital certificate is easy to acquire. With the right software you can create your own. And just because the email is legitimate doesn’t necessarily mean it is something I want to read. Eventually we will need some newer approach that does away with the drawbacks inherent in our twenty year old SMTP email protocol. Blogs have been suggested as one way to circumvent the problem. Instead of sending email people could leave public or private comments on your blog. But as I have discovered that is a simple magnet for spam too.

Sadly I see no solution on the horizon other than a brand new SMTP-less email architecture. Otherwise it may be that the convenience of email will no longer be worth its hassle. Using snail mail may be time consuming and costly but at least advertisers have to pay for the privilege of putting their fliers in my mailbox. Perhaps some sort of new system where those who send you unsolicited email must pay a fee when you read the email it is the way it will eventually have to be.

One thing is for sure: if the exponential growth of spam on the internet keeps increasing at its current rate eventually there will be no bandwidth left for more prosaic usages like surfing the web. Our whole Internet-based infrastructure could be rendered obsolete by soulless spammers. The good news is that spam would die. The bad news is that electronic commerce as we know it would be gone. So let’s hope a new email system that fixes these defects is embraced before it is too late.

(I’m betting this entry will get its share of comment spam.)

My Inner Entrepreneur

The Thinker by Rodin

Oh dear, I hope I’m not turning into a Republican.

Yesterday I made my first dollar off the internet. Perhaps I should wait for the check to arrive and the money to actually make it into my bank account before I spend the money. And it’s not a whole lot of money: $60. Still, if I get it then it will be tangible evidence that there is money to be made off the internet by ordinary Joes like me. I won’t quit my day job but for the first time in years I am motivated to feel a bit entrepreneurial.

In 2001 I purchased my first domain, oakhillva.com. I bought it because I live in a place called Oak Hill. Of course it’s not incorporated. It’s the name on the post office in my zip code: 20171. Many of us who live in Oak Hill don’t even know we live here. We say “We live near Herndon” or “We live near Chantilly” or “You know Franklin Farm? I live near there.” Basically it’s a bedroom community with a couple shopping centers.

Anyhow in 2001 a new post office opened with our name on it which made it sort of official. So I went shopping for related domain names. I figured maybe there was some money in having a community web site. I had planned to learn this internet stuff anyhow and this seemed the way to go. But I was so naïve back then. I bought the domain off of Yahoo Domains for an inflated price. I shopped for a web host online and picked a place called Javapie.com that was dirt cheap but was actually a reseller for successfulhosting.com.

And that was about all I did with the domain. I guess I was hoping someone with more time and energy than me would offer me some big bucks for the domain name. It never happened. Instead I used the domain to practice. Since I had started teaching web page design and I wanted my students to have an experience similar to real electronic commerce. So I created a few server side scripts on the site. Students submitted a web form to an address on the oakhillva.com web site and they got back a response. Pretty simple stuff.

After a year or so I decided to get fancier. I erased the FrontPage version of the site and put up portal software, phpNuke. This too was a learning experience. The real learning experience came when some hacker broke into the site and defaced my main pages. It became such a hassle trying to fix it that I just erased the whole thing. I then tried PostNuke but it didn’t have the interactive features I wanted. Eventually though I decided to stick with a product I knew: phpBB, open source bulletin board software used everywhere. I had plenty of experience customizing that with my other domain, potomactavern.org. So I put up some forums, dressed up some content, placed ads around it and went back to my slumbers. About once a year, usually when I was off between Christmas and the New Year I would go to the site and tweak it a bit. I added a neat interactive business directory and local link directory. But mostly I ignored it.

Over the years I moved the site around. Now it is hosted by Site5.com and DiscountDomainRegistry.com generally manages my domain names. Over the last couple months I have started to get inquiries about the site. One guy had a number of similar domains and was investigating potential partnership. That didn’t seem to go anywhere. I also got a couple requests about advertising on the site. Only one went anywhere. It culminated yesterday when I got my first paid for advertisement on the site.

My hope is to bind the citizens of Oak Hill together on the web. Basically we are a bunch of subdivisions and if we have any allegiance at all it is too our subdivision, not to Oak Hill. We are also very well moneyed. Our average income is more than $100,000 per household. But marketing the site seemed daunting. I’m just not a salesman. I tried that in my days working for Montgomery Ward and flunked spectacularly. I can’t imagine going door to door to do marketing. I’m too much of an introvert.

With my wife unemployed she has been picking up a few wetbacks fixing and building computers for friends and through referrals. It hardly pays our grocery bill but it keeps her from hanging out in pool halls. So I slapped an ad for her nascent business on the site. I’m not aware of any referrals she got directly from the site. Nonetheless for a site with no marketing oakhillva.com gets a fair number of hits. It comes up #1 on a Google Search for “Oak Hill Virginia”. In February there were nearly 28,000 hits and close to 700 visits.

With someone willing to give me $60 for six months of advertising on the site though I am thinking that I need to think larger. It’s time perhaps to risk a little working capital. My wife needs more customers. And my site could use more traffic. So we’re looking into doing some advertising ourselves in more traditional mediums. The hard part is reaching every home in the area. We are looking at bulk advertisers like Money Mailer and ValPak. We are also considering a couple ads in the local newspapers.

Selling one advertisement for $60 basically pays my hosting costs. Oakhillva.com is just one domain parked in my potomactavern.org domain, and at Site5.com I was able to buy quality shared hosting for less than $100 a year. Add the modest cost of maintaining the domain name (about $15 a year) and it only takes a few paying customers to make a profit over my operating costs. Of course my time is worth a lot of money and right now my day jobs pay the bills. But there is the potential that with some marketing and focus I could make some small amount of money on the side from this venture. Just a couple hundred bucks a year would demonstrate the potential of internet commerce on a personal level.

Of course if the site caught on that would bring other issues. Hackers would find it more inviting. Since I have forum software I’d have to watch and worry about content posted there. So small steps. I am still skeptical that after all these years there is any money to be made in a small community web site, but perhaps I will prove myself wrong.

Spam: Absolutely Not!

The Thinker by Rodin

Every time I think I have exorcised spam from my life, spammers become yet a little cleverer. The latest twist: I am getting 2-3 “spam” comments a day to this weblog. Sometimes the comments include links to porn sites or just your run of the mill scams, sometimes there is an innocuous message with a link to a “homepage” which, of course, is a spam site. Today’s little outrage took me to a preteen sex site. Oh sure, I can’t wait to learn more about that. And my penis size suits me just fine, thank you very much.

I have a zero tolerance policy for spam. I simply won’t put up with it. I did for years because I had no choice. I looked at server-based solutions that would require a one-time authentication from someone unknown (not on my “white list” to use the terminology) who wanted to send me unsolicited email: such solutions typically require the user to type in an encrypted number or word embedded in an image in order to get the mail through. It’s a great idea except, of course, my ISP doesn’t offer it: I’ve got cox.net. Finally I stumbled on a PC based “white list” solution called ChoiceMail One that does the same thing. Essentially it creates a mailbox on my PC between my real mailbox, and only people on my white list get through. The rest have to go through the challenge and response system.

Yes, it was a pain for about six weeks. I had to go through my email and manually add lots of addresses, cutting and pasting from a text editor. (I use Eudora. It would not have been a problem had I used Outlook.) Then I constantly checked the spam trap to let those people in I forgot to add. There are lots of them you don’t think about: banks, very old friends, web sites you use a lot. But after six weeks I seem to get over the hump. I check the spam trap about once a week now, which is about how often ChoiceMail One shreds the stuff.

But spamming web logs … this hits a new low even for the spam industry, which has values lower than a ten-dollar whore. First of all I cannot figure out why they bother. Do they think this is DailyKOS? No, I don’t get a whole lot of comments, which his fine. I’d like my web log to be more popular but my self-esteem doesn’t depend on it. Most of you reading this will never bother to read my comments. I usually will since I have the software set up to send me an email when a comment is posted.

The Moveable Type software that runs this blog clearly wasn’t designed for this sort of attack. All I can do is ban IP addresses and that gets to be very time consuming.

But I won’t put up with my web log being spammed too. I figured there had to be a way around it and it seems like someone created a solution very recently. I went to Hotscripts.com and searched on “spam” and sure enough there was a free solution by a very nice fellow who put together a site called JunkEater.com just to protect web logs and guest books. I tried the solution and it works like a charm!

Is it perfect? No. But spammers are lazy. They have computers run canned scripts to post this spam on their behalf. They won’t actually be any humans sitting down and reading my web log and going through the steps manually. So it’s unlikely a computer will be able to read the image with the embedded number in it, and add it to the comment form for my weblog.

I now wait anxiously for the next form of attack from the spam community. I know they are planning their next moves. But I, or someone else, will find a technology that will foil the bastards.

Thank you very much, JunkEater.com for an elegant solution. All I had to do was register at their site, fill out a few forms and change the comment form on this site and I was done. I’ll be glad to give them some money occasionally to support this free site; we need to encourage people like this to give their best.

Enjoy what I hope will be my spam free web log.