Thursday, June 30, 2011

How Many Things can Credo Do Wrong in One Billing Cycle Without Actually Phishing?

My latest cell phone bill is here. Yippee. But these folks did so many things wrong that I think I just have to say something. If I call them, they won't listen (actually, Credo might), so I'll write it up here where they almost certainly won't listen.

First, this is from the e-mail informing me that my bill is ready:

Nothing strange here, except when I click on the "sign in" link (something to be done only with care), it didn't take me to Credo Mobile:


Note the URL. Who the heck is credobilling.com? I know who it sounds like, and I strongly suspect it's really Credo, but they think it's a good idea for me to click on a link that takes me to a web site I have never before seen, and then provide my login credentials? Credo is training users to fall for phishing attacks.

Not comfortable with that, I type the correct address into my browser, credomobile.com. This is the page I get:

Note the Member Sign-In box at the lower right, and also note that there is no indication in the address bar of HTTPS in use. This amateur behavior is not new to Credo. At least one other outfit that I do online transactions with does this same thing; I'll post on that later. Sites that try to get users to submit passwords seemingly in the clear often have a more secure failure-mode. For example, if I provide my cell number but omit the password, I get here:


That's not really my phone number. Every month I get to see the same error message, but it's worth it to see the green https:// in the address bar before proceeding.

Wednesday, June 29, 2011

Printing to PDF, Firefox, Ubuntu

Off and on I've been irritated that Firefox print-to-file functionality defaults to postscript with the filename before the .ps extension blank. What's up with that? This is more of an issue now that I have a Kindle, and thus print to PDF much more often than to paper, so tonight I poked through about:config, shrugged, and turned to Google. I found one useful page, http://ubuntuforums.org/showpost.php?p=7890849&postcount=7, but prefer "my" way to his, simply because my filter places exactly the right configuration lines on the screen, leaving nothing to manual hunting.

1) Enter about:config.
2) Type print_to_filename in the filter bar.
3) Place exactly the same path, file name, and extension in each setting.

This is what mine now looks like:


Needless (I hope) to say, different folks will have different printers, and so my entry for an HL-2040 will be atypical and most other people will have printers not shown here.

There is no generally-useful file name, so indicating the application that generated the PDF seems a reasonable choice. IMHO, /tmp is the only reasonable directory to use so that the user's home directory isn't littered. Littering $HOME is an unfortunate tendency of Linux developers.

Friday, June 24, 2011

Mobile Phone Use May Not Cause Cancer!

Yet another good article by numerically-sensible BBC reporter Michael Blastland: http://www.bbc.co.uk/news/magazine-13886254

Monday, June 20, 2011

Sound Juicer on Ubuntu Broken

Sound Juicer now has trouble interacting with MusicBrainz to download CD names, track listings, etc. Googling led to J.P. Stacey's blog: http://www.jpstacey.info/blog/2011/06/13/sound-juicer-no-longer-retrieves-track-names-when-you-extract-audio-cds
Apparently CD Juicer has been using a deprecated feature at MusicBrainz and, as could be expected, MusicBrainz dropped support for the feature. Fortunately they still offer such a service, but CD Juicer has to be fixed to do it right.

My experience fixing this (Ubuntu 10.04) was to issue the add-apt-repository that Stacey suggests, but that gave me a 404 not found. I thought about editing config files, but decided to instead follow a link at Stacey's page to launchpad.net, or, specifically, to Philipp Wolfer: https://launchpad.net/~phw/+archive/musicbrainz
Wolfer has it right.

Wednesday, June 15, 2011

They'll be Sorry

CCBC is switching from WebCT to Blackboard 9.1. I know nothing about WebCT, but it is nearly inconceivable that it's worse than Blackboard 9.

Analogy: I've chosen an integer, 1. Then we generate a uniform discrete random integer in the range 0 to 32767.  What is the probability the random integer is less than one? Approximately the same probability that an unknown course management tool is worse than Blackboard?

Friday, June 3, 2011

Impressive Fireball at UMBC

Yesterday I was close enough to an explosion to feel the heat on
my face, 40m or so away. It was at the electrical substation just north
of the campus police station.  Not very loud, but an impressive
fireball. I have to start carrying a camera.

As a result, UMBC is closed today for lack of electricity. New media reports:
  • Transformer Explosion Knocks Out UMBC Power, http://columbia.patch.com/articles/transformer-explosion-knocks-umbc-power
  • Baltimore Sun apparently has no idea of or maybe no interest in what actually happened:   http://www.baltimoresun.com/news/education/bal-umbc-power-outage-0603,0,573995.story

Google Search for MyLife.com

A sampling:

  • Complaintsboard.com has many people complaining that MyLife is a scam, uses false advertising, etc. I concur.
  • Just say 'no' to mylife.com, http://techpaul.wordpress.com/2009/03/06/just-say-no-to-mylifecom/ . It appears that the author gave MyLife access to his e-mail accounts, and regretted it.
  • Wikipedia has an article. Highlights: lawsuits against the company for e-mail spoofing. Parent reunion.com rated F by the LA BBB.
  • "Mylife.com: A new tool for bargain-seeking stalkers" at http://www.socialmeteor.com/2009/02/28/mylifecom-a-new-tool-for-bargain-seeking-stalkers/ . This article goes into some detail about how MyLife is gathering and abusing PII. Recommended.
  • "MyLife.com Accused of Running 'Spam-and-Scam' Scheme" http://www.walletpop.com/2011/03/02/mylife-com-accused-of-running-spam-and-scam-scheme/ discusses a lawsuit against these slimeballs (and I'm being completely objective here) in US District Court in Oakland, CA. Links are provided.
  • TechCrunch talks about the birth of MyLife as a merger of reunion.com and wink.com. This corroborates much of what's in the Wikipedia article.

People Search, Phishing, MyLife, and All That

I recently wrote about getting information from the naive, though I phrased more harshly. This was at  http://martesmartes.blogspot.com/2011/04/how-to-get-personal-information-from.html. Then last week I saw a TV ad for mylife.com, offering to show a person who is searching for him or her.

First, I don't know how they can do this without the cooperation of Google or some of the alternative search engines. MyLife seems to be the same as the previously-discussed phishing sites. It asks for personal information, shows a picture of the user's neighborhood from Google Streetview, and then offers to to take a credit card number for outrageous ($13 per month and up) fees to provide results.

There is, however, an inconspicuous little link in the upper right to continue with free, limited access. I clicked. First, it took me to my profile--my fault, I entered personal info. How do I delete it? However, the page was surprising, with links to a couple family members and my ex-wife. I seriously dislike this site.

There was a link to my profile, but no option to delete. However, I was able to edit my profile, but the only meaningful field worth changing was my birthdate, which I changed to a wildly inaccurate value.

This site goes into my hosts file mapped to 127.0.0.1.

My best guess is that it the for-pay tell me who is searching for me feature, is simply internal: a record of people who have searched for me from within mylife.com. So, ultimately, it's a phishing site that thinks it's yet another redundant social media site.