jducoeur: (Default)

(I've been dealing with a lot of Life recently, which is why I've been fairly quiet here -- I haven't had the time or emotional spoons to write much. But I'm posting a version of this to the SCA Gaming Facebook group, so might as well share it here as well.)

I ran an online gaming session yesterday, as part of this year's virtual Falling Leaves in Exile. Let's talk about the technology for that.

The actual gaming took place on playingcards.io, one of the nicer platforms for online gaming. Aside from a little basic automation, it doesn't deal with complexities like rule enforcement -- it just provides you with a shared "table" (everyone who goes to the same URL sees the same synchronized table), and lets you choose equipment like decks of cards, boards and pieces, stuff like that. (I've customized it for a bunch of period card games and Tables games.) Aside from the fact that you can have a private "hand" that only you can see, pretty much anyone can move anything: the attitude of the site is that the real world doesn't prevent you from messing up or cheating, so neither does this -- it's just presenting you with a simple "table", much like the real world. It's simple, elegant, works surprisingly well for a variety of games, and is steadily improving.

(If you know Table Top Simulator, this is the same basic idea, but is free, Web-based, and vastly simpler to use, because it's not trying to be a physics engine. It's not as powerful, but I like it a lot more than TTS for most purposes.)

More significantly, I ran the social side of things -- the audio and video -- using SpatialChat. (Which we also used for the social meet-and-greet for the Carolingian Orders.)

That worked quite well, as I thought it might. SpatialChat is very different from something like Zoom or Google Meet: it presents you with a biggish "room", with each person's camera showing up as a little video bubble in it, and you can move yourself around. The neat bit is that you see and hear the people who are "near" you, so it does a nice job of simulating a big room with a bunch of smaller conversations happening fluidly in it -- to go to a different conversation, you just wander over to those people. As you wander away from people, their camera bubbles get smaller, and they get quieter. So instead of everyone being in a rigid grid of boxes, you can actually "walk around", as in a real party, with conversations evolving much more flexibly.

This works great for a typical gaming gathering. I used the "megaphone" feature while teaching (basically the equivalent of talking really loud), so everyone could hear me, with everyone following along on playingcards.io. (SpatialChat has a text chat channel, of course, which works well for sharing URLs. I tried screen-sharing for teaching, but quickly found that it works better for everyone to just go to the same playingcards.io URL and watch that way.) Then we all chose separate "tables" to gather around and play, with folks partnering up and choosing games. Overall, it was the best simulation of a real game day I've found yet.

It's not the only such system -- topia.io and gather.town have the same basic idea, and all three have fairly similar prices. (Basically, they all charge somewhere in the ballpark of one cent per participant-minute, with a substantial number of minutes available for free before you start paying anything.) I like SpatialChat the best (the UX affordances make the most sense to me), but they're all interesting variations on this theme.

Anyway: if you're running online gaming sessions that are more than one table's worth of people, I recommend checking it out. You can do a lot with the Free plan (you get 10,000 participant-minutes per month, I believe), and it's a generally pretty good experience.

Questions and thoughts welcomed...

jducoeur: (Default)

Hey -- Zoom, Google Meet, Microsoft Teams, BlueJeans and all the rest? Here's a suggestion for an enhancement. Pay some attention.

Over the past couple of days, Kate and I have watched our three favorite comedy-news shows -- Last Week Tonight, Full Frontal, and The Late Show (by the various heirs of Jon Stewart) -- as they tried running with the new "no audiences" restriction. Suffice it to say, it wasn't a raging success for any of them. They were missing a spark, and it isn't something that a canned laugh track could provide -- serious comics work in synergy with their audiences, and lacking an audience is a rehearsal, not a show.

And the thing is, it's the same thing that we found when running NE Scala. The conference was solidly successful, but the lack of audience interactivity was kind of unfortunate; in particular, doing a conference without applause is just plain weird. We substituted using emoji in Slack, and that wasn't terrible: I found an "inclusive clap" emoji that the community collectively decided they liked, so we got a wall of emoji at the end of each talk. But it's not the same.

This seems like an entirely solvable problem.

The problem is, most (all?) meeting software is kind of all-or-nothing. Either it's in "conference room" mode, where everyone is speaking as equals, or it's in "webinar" mode, where one person is presenting and most people are muted. (Zoom turns out to have a more nuanced version of webinar mode, where you can have multiple presenters, but it's still very broadcast-y.) This makes sense for office environments.

It's a poor representation of real life presentations, though, and sucks for many use cases that have very suddenly gone remote. What we need is an "auditorium" mode.

The idea is to soften the borders a bit. Here's one possibility. The presenter(s) are still first among equals, the only ones with a full mike. But the audience are not entirely silenced. Instead, the audience mikes are, by default, enabled, but at maybe 1/10th normal volume. So noises from an individual audience member are pretty quiet, but they are additive: if everyone laughs or applauds at the same time, the collective response comes out loud. That simulates a real auditorium, where the un-miked audience are audible only when they're working together.

It would take some research and experimentation to get it right, and I'm sure some nuances would be needed. It could be improved with some AI that allows desireable sounds (applause, laughter) but auto-silences crying babies and garbage trucks in the background. But the basic idea seems sound, and it would result in a much friendlier environment for doing a "show" remotely like this. It can't be all that hard, and right at the moment, it feels like a killer app.

(Yes, you could simulate something like it by having canned laugh/applause tracks, and have audience members pressing buttons to enable those. But I suspect the timing would be wrong: pressing that button would be an intellectual response, not an instinctive one, and the split-second difference would probably matter.)

Stretch goal: provide visual feedback as well. Most meeting software now provides what I still think of as "Brady Bunch mode" (we called it that when we first designed it at Convoq, back around 2005 (yes, I worked on one of the earliest meeting-software platforms)), where you see the faces of several people. In "auditorium mode", you would show live thumbnails of everybody who had their cameras on (presumably up to some limit, but it could be a lot more than today), each rather tiny. To make this make sense from a bandwidth POV, the audience's clients would send a fairly low-res feed. But the presenter and, if they wanted, the audience members, could see each other, providing that underlying sense of how people are reacting.

Even after the current crisis, I'd love to have this. I'm pondering how to run next year's NE Scala in a "hybrid mode", with the usual in-person audience of a couple hundred people but also enabling a lot of folks to participate remotely. Giving that remote audience this sort of live, warm feedback mechanism -- knowing that their laughter and applause is heard in the physical auditorium along with that of the people who are physically present -- would go a long ways towards making that more real.

So -- y'all are in competition to produce the best meeting software, and this is your moment. Here's a new competitive feature. Ready, set, go...

jducoeur: (Default)

... does anybody know of a way to say, "This direction you keep giving me is insanely, suicidally stupid; please stop doing that"?

The specific example is that GMaps keeps telling me to take Davenport Street in Cambridge, to turn left onto Mass Ave. Which is technically legal, but absolutely daft any time but the middle of the night -- it's turning left onto the busiest four-lane street in the city, without a traffic light. Given that I don't exactly drive a sports car, I feel like I'm taking my life into my hands every time I have to do it.

(Not to mention that Davenport Street is two-way, but only about a lane-and-a-half wide, so even getting down it can sometimes be challenging.)

And yes, I could just ignore GMaps and do something else. Problem is, the decision point for the right way to go in that direction is several blocks earlier. By the time I realize that I've been screwed yet again, I'm basically left going, "Ah, crap".

I just want the ability to retrospect on a previous set of directions and say, "That step -- that fourth line in the directions? -- never, ever, ever give that to me again. Just pretend it doesn't exist, and route me some other way." Conceptually that seems straightforward (I'm sure it is within Google's capabilities), but so far I haven't found any reason to believe it exists, and it's my single biggest pain point with GMaps...

jducoeur: (Default)

I just got an email of "Your March in Review" from Google. This lists things like:

  • All the cities I visited this month
  • How much I walked this month
  • How much time I was in a car this month
  • What restaurants I've been to this month

Mind you, almost none of this information was shared explicitly with them -- it's mainly stuff they've scraped off my phone's GPS.

The chirpy tone of the email strongly suggests that they think this is wonderful, a service that I should be grateful for. But my reaction is that it's a tad skin-crawling -- a reminder of the panopticon that Google is trying to build. (The fact that I'm in the middle of reading a novel that explores just how dystopian such a panopticon could be isn't helping.)

Big Brother isn't necessarily the government. Sometimes, it's a marketing department.

jducoeur: (Default)

The TL;DR for today's shaggy dog story is that, despite how close I am to modern technology, I still underestimate it. Non-techies will probably want to skip this one. For once, this isn't even a programming story, it's all about IT.

I woke up this morning to the news I never like to hear: Querki was down. We're still an eensy-weensy company, so Aaron and I are the entirety of the IT department, so we're not at the point of having proper 24/7 coverage yet. (One of the many reasons I want to get to the point of being profitable is to be able to have somebody properly on-call.) It's a pretty major failure: a piece of third-party infrastructure has failed, so I need to redeploy Querki across the cluster and reboot it.

To make this worse: I'm not home. My day job nowadays is working for Artima, a small consultancy focused on Scala and its ecosystem, and I'm currently in Pleasanton, CA, teaching a seminar on Concurrent Programming. (Sorry to friends and family around here: it's a flying business trip, and I have almost no free time -- that's why I didn't contact you to get together.)

So of course, I have my Brand New Work Laptop with me -- a native-Ubuntu machine from Dell. It's quite a nice device, good for doing Scala development work. But of course, I hadn't yet installed the VPN to get to Querki's servers.

The icing on the cake is that I hastily install OpenVPN, to log into Querki's servers -- and it doesn't work. A bunch of hair-pulling and Googling reveals that OpenVPN is Just Plain Broken for Ubuntu 16.04, has been for something like 18 months, nobody's gotten around to fixing it, and none of the workarounds are working for me. So, deeply chagrined, I go off to teach today's class, with Querki still down. (This was our longest downtime in several years.)

Mid-afternoon, I'm done talking for a while, and the students are off doing project work. (A slightly sadistic little exercise in building a properly multi-threaded web crawler that counts popular words.) I can finally get back to trying to stand Querki up, but I'm stymied. OpenVPN won't run on my computer. I don't really want to install my credentials on somebody else's computer, and I've only got the one. What do I do?

Finally, it penetrates my thick skull. I do have another computer. It's even another Linux computer. And it's in my pocket.

A bit of looking around quickly reveals that yes, there is an OpenVPN implementation for Android, and yes, there's a well-regarded SSH client named JuiceSSH. A couple of quick installs, and I'm finally in business.

I will say that trying to deal with the Linux command line on a little tiny phone keyboard is Special. But it's a wonder that the bear dances at all, and the tiny keys aside, the SSH client worked flawlessly. Ten minutes of poking around, restarting services and rebooting, and everything was up and running again.

The moral of the story: yow, modern smartphones are remarkable tools. And I now know that, so long as I've got a phone signal, I can (if slowly and painfully) manage IT emergencies as necessary...

jducoeur: (Default)

... that I just got a popup in Google Calendar saying, "Your Google Calendar will get an upgrade soon", and my gut reaction is, "Noooooo! What are you going to foul up this time?"

Which isn't necessarily fair -- it's entirely possible that they are actually making sensible improvements and not breaking anything. But I've become remarkably conditioned to expect them to do things that make technical sense, but totally screw up how I use the tool...

jducoeur: (Default)

Just came across an article on Ars Technica (yes, I'm behind): The intelligent intersection could banish traffic lights forever. It's neat stuff: basically, a researcher has designed a traffic-control system for autonomous vehicles, and demonstrated that by using such technology we could enormously reduce how often you have to stop at intersections -- not only speeding up travel times, but improving fuel efficiency quite a bit.

All of which is great, but my Security Architect senses are pinging here. This is postulating an external server that talks to the cars on the road and tells them what to do. That is absolutely terrifying if you understand the typical state of Internet-of-Things security.

But let's put a positive spin on this. This system is at least 1-2 decades from deployment as described (since it assumes only autonomous vehicles on the road). We might be able to head off disaster by figuring out the obvious hacks in advance, so they can be designed around.

So here's the challenge: name ways that a hacker could abuse this system, and/or ways to ameliorate those weaknesses.

I'll start with a few obvious ones:

  • Base story: I (the hacker) send out signals spoofing the controller for traffic intersection T, allowing me to cause nightmarish havoc. Possible solution: traffic controllers are listed in some well-known registry, signed with public keys, so that their signals can be authenticated to prevent spoofing.
  • Assuming the above hacking isn't prevented: I time the signals sent to the cars, telling them all to hit the intersection at the same moment. Crash! Solution: as a belt-and-suspenders thing, cars must not completely trust the signal controllers. Their autonomous checks have to override those signals, to prevent crashes.
  • Reverse of the previous: I send out signals telling all the cars, in all directions, that the intersection is currently blocked by opposing traffic. The entire city quickly devolves into gridlock. Solution: good question. I got nothing.

What else? I'm sure we can come up with more nightmarish scenarios, and possible solutions.

Yes, this may seem like overkill to think about now, but history says that, if you don't design the system around abuses, you will hurt forevermore. Security isn't something you add later: it should be baked into the designs from the get-go. (Which is why it accounts for a large fraction of Querki's architecture, despite the fact that we only have a couple hundred users yet...)

jducoeur: (Default)

Just came across this sobering article from a few weeks ago. Summary: LiveJournal has been sued, possibly successfully, over their ONTD group -- apparently somebody posted copyright-infringing material there, and because ONTD is vaguely official and (volunteer-)moderated, there's a strong suggestion that the traditional "safe harbor" provisions may not apply.

Suffice it to say, this is not good news. The precise details of how this falls out will determine how much (if at all) it damages the assumptions of zillions of websites, but a broad interpretation of it could be hugely damaging. One to keep an eye on...

ETA: Okay, it's worth reading the actual appellate decision, at least the summary at the top. (Much of this decision is nicely readable.) This clarifies several things:

  • First and most important, this wasn't a decision against LJ per se. Rather, it was the reversal of a summary judgement in favor of LJ. That is, the district court had simply dismissed the case on the grounds that LJ was clearly protected by the DMCA. The appellate court is essentially saying, "No, this one is kind of complicated -- let it go to trial".

  • Second, the key reason why this is muddy is that the moderation team of ONTD is apparently led by an LJ employee. ("Although users submitted Mavrix’s photographs to LiveJournal, LiveJournal posted the photographs after a team of volunteer moderators led by a LiveJournal employee reviewed and approved them.") So it's not just "the users" involved: LJ has a quasi-official presence in the group, so they might be legally liable. That's not actually surprising -- I could have told LJ that that's a legally dumb policy.

    (This is why Querki is designed to be strictly self-policing by the users, and why it's intentionally difficult (at the technical level) for company employees to mess with user Spaces: the line between "official" and "user-directed" needs to be crisp and sharp in order to enjoy solid DMCA protections.)

  • Third, ONTD isn't a normal LJ group. "In 2010, LiveJournal sought to exercise more control over ONTD so that it could generate advertising revenue from the popular community. LiveJournal hired a then active moderator, Brendan Delzer, to serve as the community’s full time “primary leader.” By hiring Delzer, LiveJournal intended to “take over” ONTD, grow the site, and run ads on it." So claiming that this group is run by "users", and therefore is protected by DMCA, is a bit disingenuous.

Overall, I'm somewhat less worried about it, having skimmed the decision. My read of this is that LJ got way too casual about DMCA, and did something strikingly stupid; Mavrix' claim that ONTD is not sufficiently independent to enjoy DMCA protection seems at least somewhat plausible on its face. The court is simply saying that, in this case, it is not obvious that LJ is covered by the DMCA.

While I do think Mavrix are kinda being assholes about it, by the spirit of the DMCA they may well have reasonable grounds for the suit. I'm not sure they're right, and I don't know how this will play out in court, but IMO the appeals court was probably correct in rejecting the summary judgement -- this one is messy, and does need to be properly litigated...

jducoeur: (Default)

Today in "boneheaded corporate moves", we have Verizon.

My mother has triple-play (Internet/phone/TV) service from Verizon; as such, her primary email address is currently through verizon.net, as you'd expect. She also has a Gmail address, that I nudged her into.

She got a letter yesterday, announcing that Verizon is terminating its email service. She has three weeks to decide whether to transition entirely to a third-party service, or switch to AOL.

AOL.

Even Mom, who is, shall we say, not the most tech-savvy member of the family, had the reaction of, "Isn't AOL -- bad?". I've told her to just switch everything to her Gmail account: while Google may not be my favorite company in the world, this is yet more proof that getting your email through your ISP is just a bad plan.

But still -- AOL? Really? I mean, yes, they want to justify their ownership of the stupid company, but that's one of the most poisoned brands in the history of tech. Pushing all of their ISP customers over to it seems like a recipe to lose a lot of customers, with no obvious benefit.

Anybody have any insights into this apparently-foolish move?

Adtech

Mar. 29th, 2017 08:42 am
jducoeur: (Default)

Here's an interesting article about "adtech" -- those automated algorithms that companies like Google and Facebook use to spy on you and serve up advertisements that they think you will respond to. The major upshots are:

  • Adtech is at best wildly ineffective, and at worst actively damaging, for brands that are trying to advertise.
  • The core precepts of adtech is going to be illegal in Europe starting next year.

I'm not sure how accurate all this is -- it sounds a tad self-serving in favor of traditional advertising, so I take it with a grain of salt -- but I suspect there's a substantial grain of truth in it. It clarifies a distinction that the tech world has been trying very hard to blur, between direct sales and branding. It appears to me that adtech works a little for direct sales, but I suspect the article is right that it's inappropriate for serious branding.

I find myself ever more glad that Querki's business plan is specifically not built on the "spy on the users for purposes of advertising" model, which is looking ever more rickety. Asking people to pay for a service is old-fashioned, but it at least makes sense...

jducoeur: (Default)

For the past week or two, Chrome has become surprisingly unstable -- it's been crashing on me about once a day. Weirdly, it is usually when I'm not using it that it crashes: typically, I wake my computer from idle and find that Chrome has gone splat.

Anybody else seeing anything like this? I'm mystified about where the problem is.

(And man, it is wonderful to know that DW now supports Markdown. Hadn't even occurred to me until they mentioned it in today's update. The custom entry URL thing is pretty neat, too...)

jducoeur: (Default)
[Trying out posting from DreamWidth. Let's see if everything is configured right.]

Just saw Rogue One.  Capsule Summary: not an epic for the ages, but a solidly good Star Wars movie, a good prequel with fine depth of appropriate detail.  While feeling like the main saga, this one has the freedom to be a more honest (and dark) war movie, which makes an interesting change of pace.  Worth seeing at the big Jordan's IMAX, which is why we didn't see it at Christmas.

But what I hadn't realized until I was there was that this movie was finally going to cross the Co-Starring A Dead Actor rubicon.  I've long known this was coming, and I had known that Grand Moff Tarkin appeared in the story, but I didn't realize he had such a significant part.  They didn't shy away from the challenge: he dominates several scenes.

Overall, it's a good effort, but they're not quite there yet.  It reminds me of starship battles before Independence Day -- while that was by no means a great movie, it was the first time I ever watched one of those scenes and couldn't perceive any seams: it just felt real.

Tarkin *doesn't* quite feel real here.  It's ever-so-close -- 90% of the way across the Uncanny Valley -- but something was still just a bit off.  I can't put my finger on what, but he looked like a character from a good videogame cut scene, not quite a person.

They'll get there.  Having done this in a major movie and not entirely fallen on their faces, I'm sure more movies will try this, and eventually somebody will get all the details right.  I wonder how many actors are already writing contracts that involve digital rights to their likeness.  (And what the eventual lawsuits are going to look like...)
jducoeur: (device)
[I'm mostly just posting links over in Facebook, but my more technical friends tend to be over here.]

Here is a really excellent collection of ideas about how to fight the Fake News problem -- the way that services like Facebook and Google have been used as propaganda tools by the people (on all sides) who are muddying truth by propagating bullshit. The article suggests a bunch of relatively plausible approaches, both technical and organizational, that these companies could use to ameliorate the problem without undermining their core missions.

It's explicitly not trying to present a comprehensive solution, just some possibilities. But it's a fine rebuttal to the usual line that these services are nothing but pipes, and can't do anything about it. I commend it to everyone, but especially my friends *at* the various big tech companies, who should consider passing this link around as useful food for thought...
jducoeur: (Default)
... and all I can think is, "Oh, look -- they've reinvented Clippy".
jducoeur: (Default)
It says something about the way I'm connected to the Internet that, when I get a Facebook PM during the workday:
  • The phone in my pocket gives a distinctive "bing", which tells me it's Facebook;

  • I glance at my watch, and about a second later it vibrates and shows me the beginning of the message, so I can see who it's from and how much I care;

  • If it looks interesting and I'm not in the middle of something, I flip over to the open Facebook tab in Chrome, which has just popped open the message for me to read and respond to (with the real keyboard).

  • If I'm too distracted at the moment, I'll get an email in a little while, which serves as a reminder to get back to this conversation.
(Facebook is the extreme case, but this multi-way interaction is *very* common for me nowadays.)

Having all these different modes of interaction, each tuned differently but closely tied together, has *seriously* changed the way I deal with online, more than I would have guessed in the pre-Pebble days. And for all that FB is an annoying system in many ways, this workflow suits me quite nicely...
jducoeur: (Default)
I would be exasperated by this one, if I didn't expect this kind of idiocy by now.

Finally allowed my laptop to upgrade to Windows 10. (Yes, intentionally -- it's a touchscreen laptop, originally built to 10 specs, and was bought with the expectation of upgrading eventually.)

That went fairly smoothly. Well, aside from the 30-second bluescreen that just says "Your files have not been moved" in big letters (no other text or anything) and won't respond to *anything*, which is probably supposed to be reassuring but mostly left me wondering if the laptop had been bricked. And of course, having to go through all of the settings manually, because their "express" settings are almost entirely bad. But I was kind of wondering why I didn't get any sort of "Hi! Welcome to Windows 10!" tutorial on what had changed.

I just discovered that I *did* get that. In email. In my Spam box, because as Gmail puts it:
Why is this message in Spam? It has a from address in communication.microsoft.com but has failed communication.microsoft.com's required tests for authentication.
Yes, they are essentially *telling* Gmail to send the email to Spam, because they don't know how to use the protocol correctly.

So close. But I suppose it wouldn't be Windows if it had a good upgrade experience...
jducoeur: (Default)
Home from SCA 50 Year (I did a quick, 4-day trip for the first half of it), catching up on email, and just got to this little oddness, which starts with:
On Monday (June 20th, 2016), Francisco Partners and Elliott Management announced they have signed a definitive agreement to acquire the Dell Software Group. This transaction includes Dell’s Systems and Information Management (SIM), Security, and Advanced Analytics business units.
It appears to be legit (looking around, I find the deal on TechCrunch, so this isn't some pump-and-dump scheme), and I would normally just skim past it, except for one thing -- I got *six* copies of it, *all* of them to fake email addresses at waks.org.

I don't even know where these particular addresses originated. They all look relatively legitimate -- none are real addresses scraped off my pages, but they're not the usual made-up "mom294784@waks.org" that the spammers make up by computer to sell to other gullible spammers, either. They're things like "msutton", "rgordon", "howard", and so on. I've seen them from time to time, so they've been making the resale rounds, but they look like someone spent the time to handcraft fake email addresses, or at least to mix and match real account names from one domain onto another.

But mostly I'm amused and slightly puzzled. Bad enough that the new acquirers of Dell Software send out such a wide email blast announcing the sale. Doing so to such an unvetted list, making unambiguously clear that they are simply buying and blasting to spam lists, is just embarrassing.

And the cherry on top? When I Google for "Francisco Partners spam", my first hit is one of their portfolio companies, Barracuda Networks, which sells spam-fighting tech. Way to undermine the corporate message...
jducoeur: (Default)
One of the odd side-effects of having owned and used my own domain for a *long* time now is that I wind up with an interesting and sometimes annoying view into the world of Spam. I've had waks.org for well over 20 years, and I used it as my primary email for much of that, as did Jane.

More importantly, we were both great devotees of giving out bespoke addresses to anybody we didn't entirely trust. Hotels get *very* confused when I tell them to use, eg, "radisson@waks.org" as my email address, but it means that I've been able to detect who has bad email security and filter out anything to that address if it gets picked up by the spammers. If you sell your email address list, or are just careless about it, I will know. (As it turns out, political groups tend to be the worst.)

(NB: you can do this in Gmail, at least most of the time, by putting a "+" suffix onto your email address. So if you are actually "joe@gmail.com", you can give out "joe+radisson@gmail.com" -- it'll still go to you, and lets you do smart filtering based on the To: field. Some sites choke on the "+", but it usually works.)

The result is that I have given out hundreds, maybe thousands of email addresses on waks.org over the years, including my legitimate ones, the ones given to vendors, and specialized addresses I've put on websites, like "cookbook@waks.org". And it turns out, that makes waks.org a remarkably effective honeypot for spam.

A "honeypot", in computer security, is something you put out there to lure the bad guys in -- typically some fake data that looks real and appealing, that you use to draw them in and trap them. In this particular case, much of the content of my spambox is *wildly* obvious spam -- not so much because any individual email is conspicuously bad, but because I receive two dozen copies of it to two dozen email addresses.

So for instance, today's biggest example has the subject line "Image[some random number].pdf", and the body "Sent from my Sony Xperia™ smartphone", plus an attached "image" that is, of course, actually a virus. It's unlikely I would fall for such a thing anyway, but I'm certainly less likely to when I have multiple screenfuls of them. Google is smart enough to notice that these contain viruses, and put them into Spam -- I'm downright surprised that they aren't smart enough to notice that there are so many near-identical emails, and just trash-can them. I would far rather they did.

I've long been amused at the lack of honor among thieves -- it's been very clear for 10-15 years that some people are simply taking existing waks.org email addresses, modifying them in trivial ways, and reselling them in order to bulk up the lists. For example, caitlin@waks was a real email address, but about ten years ago I started to notice "caitlinn", and then "caitlinnn", or "aitlin" -- non-existent email addresses that somebody invented. (I rather like "ookbook", which sounds like I'm writing about monkeys.) I'd bet good money that that was done simply so that people could sell packages of "ten million email addresses!" and suchlike. Indeed, many of them are even less real -- addresses that look like nothing so much as a cat walking across the keyboard.

The really interesting thing I'm noticing this week, though, is a sudden spike in what I can only describe as industrial-scale spam. There's been an *enormous* uptick in the number of spams landing in my Spambox. Traditionally, I would get ten of something; now, I'm getting a hundred. And they are from all of the above categories -- addresses stolen from vendors, addresses from websites, and the various multilated forms that have gradually come into common use over the years.

I suspect somebody has gotten serious about selling Spam as a Service. This feels like some site has bought up *all* the lists they can find, and opened up an API for blasting out trivial variations of a template to umpteen million addresses at high speed. The virus-laden ones have a straightforward business plan behind them (one thing you learn in financial security is how much spam is all about stealing ACH credentials); the ones that are simply, eg, "Hi ekyz how are you?" are a bit more mysterious, but I assume are attempting to lure a victim into a conversation.

Anyway, just some food for thought. There is one sad consequence of all this: I think it's time for me to turn most of Jane's email addresses off. The various forms of "jane@waks", "caitlin@waks", and so on, have been coming to me over the years, but we're down to well under one legitimate email per year, and a fair number of spams per day. So I think it's time to filter those into the bit-bucket. I will admit, even knowing that it's the sensible thing to do, it's remarkably hard for me to set up those filters...
jducoeur: (Default)
[Context: Windows 7]

Garh; this is driving my crazy. For the past couple of weeks, the mouse on my desktop machine has been notably sluggish -- the pointer is "stuttering" a lot, not keeping up with me as I move the mouse. I've replaced the mouse's batteries (a common recommendation), and that doesn't seem to do it. Antivirus is up to date, and I believe the problem is happening a *little* even at system start, although it tends to take a while to become grotesquely annoying; none of my usual foreground processes seem to be involved. Likely related, I'm sometimes seeing difficulty with typing -- stuff I type takes a long time to register, and sometimes doesn't work at all. CPU is *not* pegging at all: moving the mouse around a lot barely registers on the CPU meter, even when it's stuttering and catching constantly.

The problem almost has to be something to do with interrupts and a bollixed driver, but I have no idea where to look to diagnose it. Any pointers on how to track down the offending process, short of wiping and reinstalling the whole bloody computer, would be greatly appreciated. (Comments recommending that I change operating systems would not. Please don't; I'm not in the mood.)

Thanks...
jducoeur: (device)
Just for once, I actually posted something to The Art of Conversation -- here's the link, for those who are interested...

Profile

jducoeur: (Default)
jducoeur

June 2025

S M T W T F S
12 34567
891011121314
15161718192021
22232425262728
2930     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags