Sunday, September 06, 2009

Death of email part XI: forwarded emails with big red phishing warnings

I own a few domains, including a Google Apps domain we use for our family [1]. My immediate family members, excluding Kateva (canid), have calendars and emails in the family domain. Overall, it works pretty well. It pounds Apple's warped MobileMe into the sand. Savagely.

For reasons that aren't worth trying to describe, I've used an email redirector for some of these accounts. This is forwarding at the domain level, not forwarding from an email account.

This used to work pretty well, but when I tested it on a new account two problems appeared:
  1. It was filtered to Google spam.
  2. A BIG RED PHISHING warning appeared when I opened the email.
I was able to correct this by marking it as 'not spam' and 'not phishing' (the UI for the latter is a bit non-obvious, I had to follow the help link in the phishing notice).

This is a great example of the tech churn meme I wrote of yesterday. Email is in a troubled state as it painfully moves from the old world of the naive net to the new world of authenticated messaging [2].

This redirect mechanism is clearly not going to work, perhaps because the redirecting domain has been used by spammers in forged email headers [3].

Ouch. This is definitely a problem. I have some workaround ideas, but this will be a bugger to test since Google doesn't talk much about what it's doing.

--

[1] Free edition. If google drops the price on their small business product I'd upgrade to get some customer support options.
[2] One reason people like facebook messaging is that it's deeply authenticated.
[3] The curse of old, private, domains. Mine is very old. There's no defense against such forgery. See also two 2006 posts about a related problem (this isn't new)

Saturday, September 05, 2009

Google storage isn't so free any more ...

Remember when Gmail storage was supposed to be "infinite"? That didn't last long, but at least the storage seemed to grow all the time.

Not so now. My Gmail storage is pretty static. When I started using Picasa I had to pay $20 a year to store my images with a 10GB limit.

I'm nearing the limit, and the next step is "40 GB ($75.00 USD per year)".

Ouch!! That's comparable to the cost of MobileMe, and it's just storage.

Google is getting to be expensive.

Update 9/6/09: I looked over a few of the usual suspects. I have a five year old SmugMug account, but their iPhoto uploader is awful. (PictureSync, which I used to use with them, has been abandoned.) I considered Flickr, but I don't want yet another service. MobileMe is about $70 for 20GB, so it's about the same cost as Google's services once you factor in its other features.

Through DreamHost (KATEVA is my promo code) I have unlimited storage that I'm already paying for, and automated installation of ZenPhoto. I have to export my images from iPhoto and upload them via FTP or sFTP to DreamHost. The downside is there's no provision to pass on any iPhoto metadata, but then that barely works with any of the alternatives. (Maybe MobileMe is better, but Apple routinely screws up anything to do with the intertubes.)

I'm still turning this over. For the meantime I'll use Facebook more (low res images) and use Picasa selectively to reduce my storage drain. Maybe Google will come up with a better approach in the near term

Whatever I do the good news is that I've long used a private blogger blog to track where photos go. So even if I change providers there's a single index to all of our albums.

Update 11/11/09: Google gave us a 75% drop in storage costs. About six months late, but very welcome. So I'm cool with Picasa now.

Friday, September 04, 2009

Baseball parent communication: is it getting easier?

Naively, one would think it's getting easier to communicate with the parents of a 10 yo baseball player. After all, we have so many more ways to communicate than we did in the dark ages. Let's count them ...

1910 (2)
  • Letter
  • Handout (person present)
1950 - all of the above plus (4)
  • Home phone (both parents)
  • Work phone (father)
1990 - all of the above plus (11)
  • Home phone (father) + answering machine
  • Home phone (mother) + answering machine
  • Work phone (mother) + answering machine
  • Home email (father)
  • Home email (mother)
  • Work email (father)
  • Work email (mother)
2009 - all of the above plus (now using m/f to represent mother/father) (20+)
  • Mobile phone (m/f) + answering machine
  • Web page
  • Blog with feed
  • Twitter
  • Facebook page
  • Google group or similar
  • Google Voice
  • SMS
  • MMS
  • Instant Messaging (multiple variants)
  • Other email (m/f)
  • and many more ...
So in about 100 years we've gone from 2 communication options to at least 20. So communicating about practice times, rain-outs, schedules, playoff and so on must be at least 10 times easier ...

Yeah, right.

Writing as a kid baseball coach, I'm guessing 1950 was probably the heyday of parental communication. Back then phone trees more or less worked and families were forced to more or less live in the same space. This year it was damned near impossible -- perhaps due to the profusion of communication channels, the increasingly failure of email (spam, message loss, account turnover) the disruption of employment changes (phone changes, lost mobile phone, etc), the failure of the feed reader, and the virus infestations that have disabled many XP-based home computers.

We tried to use a blog (so web access + feed) supplemented with email and, when pressed, a phone call (inevitably to a voice mail that seemed to be rarely checked). It didn't really work, but I"m not sure what would.

When it comes to communication, we're in full throttle tech churn. There's no common, standard communication channel that reaches a diverse group of people. We had one parent on Twitter, a few that checked their email somewhat reliably, perhaps 1-2 who would visit the web page, and several that were fairly unreachable.

I'm betting that we've reached an apotheosis of communication of communication dysfunction. Communication is important, and, sooner or later, people are going to figure out that we need fewer, better, options.

Alas, I suspect we won't get back to the highpoint of the 1950s for decades to come ...

Armstrong admits moon landing faked!!

OMIGOD!!!
Conspiracy Theorist Convinces Neil Armstrong Moon Landing Was Faked | Aug 31, 2009
Apollo 11 mission commander and famed astronaut Neil Armstrong shocked reporters at a press conference Monday, announcing he had been convinced that his historic first step on the moon was part of an elaborate hoax orchestrated by the United States government...
The best part is that apparently some people read this Onion spoof as fact. A delicious hit. (Sorry for the late post on this, I was on holiday when it was published. Just glad I got to read it.)

Monday, August 31, 2009

Obamacare. Wait. It's not over.

Birthers. Tea baggers. Deathers. Glen Beck inspired assassin wannabes. The weak dancing to their amoral master's tunes. Elders at town meetings demonstrating the pernicious effects of early dementia. Ratings starved media playing destructive games. Rupert Murdoch's Fox News and Wall Street Journal. Obama below 50%, vilified by the raving right and attacked by the fearful left. Kennedy dead and Robert Byrd 91 and ailing. Congressional democrats retreating on health care. And then there's the "bipartisan" "gang of six".

It's been a bad August for anyone worried about civilization. Despair is easy.

Don't despair.

This isn't new, and Obama is both lucky and good. It's not just him, look at his team. They're extremely formidable, and they've been in this game a while. They know the nation they're dealing with.

It's easy to underestimate Obama. He's identified with a tribe (black America) culturally associated with defeat. Unlike both Bill Clinton, GWB and most every GOP politician he doesn't rant and rave.

And yet, he tends to win.

For those who fear the worst, I suggest John Harwood's NYT article and John Scalzi's recent summary post.

Remember, any remotely sane American has to think that reform with enemies like Beck and the Birthers must be good.

Obama has been falling back, and the enemy has been charging forward. They think they see a soft center -- but they've forgotten about the hills on both sides ...

Update 9/9/09: I was early on this train, but now the NYT is catching up. President Barack Hussein Obama has not yet begun to fight.

PS. In case my use of the term "Obamacare" is confusing readers, I should mention that we have an inaugural postcard of President Obama prominently featured on our kitchen corridor wall at the children's eye level. I give it a nod every so often.

Update 10/1/09: As predicted, the forces on the western hill are now swooping down on the battle crazed spittle-flecked GOP berserkers. The eastern hill is standing by. Reminds me of the scene in "The Two Towers' when Gandalf leads the Horsemen of Rohan down upon the Orcs.

Sunday, August 30, 2009

The evolution of comment spam - from parasite to symbiote?

Lately I've been getting blog comments that blur the spam/non-spam species boundary.

Comment spam used to be pretty clear. It would be unrelated to the post topic, and contained a link to a splog or other more or less fraudulent web page. These were easy to automatically block, so spammers dropped the links. Second generation comment spam aimed for search engine "optimization" through reputation enhancing back links to the author URL. Second generation comment spam was made of strings like "thanks for the the great post"

These were harder to machine reject, but easy for human reviewers to spot.

Now I'm seeing third generation comment spam. These have no links, and they're actually related to the original post. Sometimes they're almost non-sequiturs, but mostly they read like a fourth grade student answering a homework assignment. The grammar suggests either a very young or non-english writer. They do link back to splogs.

So how's the new species of comment spam being authored? It could be AI based -- maybe calling Wolfram Alpha or Wikipedia to retrieve relevant strings. It's probably human though -- outsourced work being done by low paid labor churning out comments at high speed.

This third generation spam isn't trivial to reject. Sometimes I have to think about it.

We know where this is going. Fourth generation spam comments will actually make sense. They'll be legitimate comments.

Fifth Generation spam comments will be very high quality. Skynet will appreciate them.

Update 9/4/09: Another (funny) take on the theme. Also, see the comment by one of my favorite writers.

Update 1/1/10: Cory Doctorow's excellent 2006 novella I, Row-boat (read it, it's online) tells us how Robbie the row-boat's ancestors became sentient ...
“Back in the net’s prehistory it was mostly universities online, and every September a new cohort of students would come online and make all those noob mistakes. Then this commercial service full of noobs called AOL interconnected with the net and all its users came online at once, faster than the net could absorb them, and they called it Perpetual September.”...

... “AOL is the origin of intelligence?” She laughed, and he couldn’t tell if she thought he was funny or stupid. He wished she would act more like he remembered people acting. Her body-language was no more readable than her facial expressions.

“Spam-filters, actually. Once they became self-modifying, spam-filters and spam-bots got into a war to see which could act more human, and since their failures invoked a human judgement about whether their material were convincingly human, it was like a trillion Turing-tests from which they could learn. From there came the first machine-intelligence algorithms, and then my kind...

Friday, August 28, 2009

OS X 10.6 - do you feel lucky punk? Do you?

I need to use my machines. So I'm the kind of geek who likes to, barring the addition of a new non-critical machine, wait 6-18 months before switching major releases of OS X.

As it happens I am going to buy an iMac in the next few months, but for now I've no hands on experience with 10.6. Still, if you review the late Aug 2009 late Aug 2009 OS X related reads the dog whistles are loud and clear.

Snow Leopard breaks stuff. Lots of stuff. It's also slower or only minimally faster than 10.5 on most machines, and Apple blew their major security feature (memory randomization) -- they obviously couldn't get it to work. So Windows 7 has better fundamental security -- as does Vista for that matter. Resolution independence? Oh, you remember that from 10.4 days? Of course not.

The only good news is that you can (illegally) install the $30 of 10.6 over 10.4. Considering Apple's long tradition of abusing early adopters I give everyone my ethical permission to do so. It's only fair.

There's good stuff in 10.6, and there's bad stuff. (For example, it looks like Apple continues to wreak havoc on pioneering concepts in the old Mac Classic file system.) There's enough good stuff that I'm looking forward to running 10.6.1 on a non-essential new iMac. Otherwise I strongly advise waiting 6 months before updating -- and even then you should confirm that your current printers and scanners and so on will work with 10.6.

Unless, that is, you're feeling lucky.

Update: This is the best review so far.

Update 9/6/09: I played with Snow Leopard in the Apple store today. As others have noted, it's hard to find any differences from 10.5. From what I read at least as many things have been broken as have been fixed. Unless you have to upgrade from 10.4, or you're buying a new machine, you shouldn't consider Snow Leopard before March of 2010.

Update 3/13/2010: I was too optimistic. My 10.6.2 machine crashes hard frequently. Among other issues, Apple screwed permissions and firewire. As usual.

Saturday, August 22, 2009

Yeah, Cheney/Bush used the orange alerts to scare up votes

As suspected, despite fervent Bush admin denials, Cheney Bush used the "terror alert" scheme to scare up votes prior to Bush/Kerry: Informed Comment: Bush Admin. worse than our Nightmares.

Not really news, but, for the sake of history, important to note.

That administration was a cancer on the American psyche -- and their blight is far from gone.

The Google Voice story: It was Apple, not AT&T

As all true geeks know, a few weeks ago Apple purged the iPhone app catalog of all Google Voice apps, including GV Mobile. Apple then rejected a pending application from Google for their Google Voice app.

Geeks know this is big. Google Voice (it's available in the US, just go to the linked page and request a number) is fabulous tech. I've been a regular user for over a year, enjoying my 1 cent/min good quality cell phone calls to Canada (as of a week ago, free). When my family travels our cell phones forward to Google Voice so we get voice mail messages emailed to us -- along with quite good transcriptions. It doesn't need a dedicated app to work, but a good iPhone app would take it up another notch.

It's one thing for Apple to reject crappy stuff like Flash from the iPhone, but rejecting high value innovation is an injury to the geek soul.

Happily, the FCC then piled on Apple and demanded an explanation.

So, in record time, we have Apple's letter to the FCC, dissected by Gruber (who apologizes for blaming AT&T), Arrington (he's bested Gruber on this one - that's gotta sting), Mike Ash, and a zillion others.

Basically, Apple dodges, twists, hurls, whines, and, basically, lies big time - except when they admit full responsibility and absolve AT&T of all sins.

Besides generating a rich stream of bs, Apple also surrenders. As just about every blogger notes, one of Apple's whoppers is that they haven't really "rejected" Google Voice (or the other apps they removed from the app store?!), they're just "under review".

Which means Google can make some face saving changes and Apple will cave. I'm hoping to be using my iPhone Google Voice app within a month.

I thought Arrington had the best analysis. A heck of a lot of the iPhone's value is now tied to Google -- and Google Voice just hammers that home. Apple can't compete in the Cloud -- as we can gather from watching MobileMe twist in the wind.

I'm happy to see that a few bloggers have noticed that while AT&T played no role in this decision, there are AT&T rules blocking VOIP products that seem to apply to the entire world -- not just AT&T's turf. (If only AT&T had anticipated Google Voice they'd have banned that class of service as well. I wonder if they've fired anyone for missing that angle.)

Incidentally, the AT&T response to the FCC is interesting -- they're asking how Google is able to dodge various mandates applied to phone companies. This is how the big gun lawyers earn their yachts.

Thursday, August 20, 2009

Conde Nast's latest spam ploy - Axciom's Delivery.net

Conde Nast, publishers of Gourmet and other periodicals, holds a place of dishonor among the world's scummiest spammers. It will be a sad commentary on humanity if the New York Times goes under and Conde Nast survives.

Spam must work for them, because they invest a fortune in spam and associated legal fees. They're not too hard to block; even though they change their email address every few months it's only a moments work to add another Gmail 'filter to trash' rule.

Today, though, they're trying something knew. They're sending their email using a "delivery.net" account with a dedicated spamming service:
Acxiom Digital

... Acxiom Digital helps the world's leading marketers create and deliver permission-based email marketing campaigns. Acxiom Digital acts as an agent for our clients in delivering email communications to their customers. Our clients own the data on their customers, including email addresses, which are gathered via permission-based processes at their website or other online and offline sources...
"Permission-based" my ass.

So now anything from 'delivery.net' is immediately deleted. It will be interesting to see what email address Conde Nast uses next.

Friends don't let friends buy Conde Nast products.

The check engine light in the mobile net era

We're on day two of a two week family road trip and our 2000 Mazda MPV Van check engine light comes on.

On a Sunday.

Once upon a time, this might have led to an urgent search for an open garage.

Ahh, but now we have and iPhone and, at least until we hit Canada, net access.

So instead of pulling over, Emily researched and I drove. We found out ...
  • This should really be called the check emission control system light. In most vehicles it's triggered by a sensor in the emission side of the engine.
  • The most common cause is a loose gas cap. Presumably the loss of suction causes venting of gas into the emission systems.
  • Rarely it can be something bad with the engine, so the official word is always to get it checked out. If you play the odds though ...
  • Depending on the car it can cost $150 or more to read off the error code (my next car needs to have a diagnostic USB port on the dash as well as 4 110 V outlets - it's insane these are so hard to read).
  • In some cars the light won't ever go off until the dealer checks it out. In others, if the problem is corrected the light will eventually go off. The trick is that this may take 15-20 restarts (the number of restarts seems to be more important than time, presumably due to how the sensor works.
Emily had already noted that I'd only turned the cap 'one click'. (Ok, so it wasn't all iPhone. She remembered some of this stuff.) So simple Bayesian reasoning (prior probability, etc) meant there was a very high probability this was a (stupid) gas cap alarm.

So we just drove.

We stop and start a lot on our family trips, so about 3 days later we' d hit about 15-20 restarts and ...

The light went out.

We sacrificed a GB to Google in gratitude.

Tuesday, August 18, 2009

One possible strategic error in the Obama reform

In his NYT essay Obama talks about making medicare more efficient.

I wonder why his team chose to tie insurance reform and access to any kind of changes to medicare. Politically, would it have been wiser to have kept the two topics completely separate? The problems of medicare are huge, but perhaps should have been addressed in year 2 or 3 of the administration.

We'll get something, but it will be another patch. We'll be back in 10 years.

Alas, a large portion of America seems to suffer from Stockholm syndrome. They prefer familiar misery to the terrors of hope.

Friday, August 14, 2009

The CDC's vaccine data mess - please help them out

This page is how America distributes the data set that's supposed to represents all the vaccine information used in electronic health records and national reporting: Vaccines: IIS/Stds/CVX-Vaccines Administered

You know, the kind of reporting that's useful, for, say managing swine flu vaccine programs.

It's not being distributed in some UMLS data format, or a tab delimited UTF-8 file, or a Microsoft Acccess table or XML or even Microsoft Excel or ... or ... or even a 4 column RTF or .DOC table.

It's distributed as an HTML page with inline comments and footnotes or as a PDF document.

Anyone wanting to actually implement this has to cut and paste into something like Excel, move the inline annotations around, get rid of the footnotes, represent color and font changes as attributes, and so on.

This isn't rocket science guys. The management of this sort of data set was well understood in the 1960s. Forget about all those wonderful visions of just-in-time clinical decision support, this is really simple, basic, stuff.

Every American should give the CDC a penny so they can engage an underemployed informaticist to fix up their CVX distribution system.

Or maybe the CDC could, you know, hand this over to the NLM to manage?

PS. This story is consistent with the way ICD-9 was once managed. ICD-9-CM (diagnostic) is the payment justification code set that's sort of used to track diseases and horribly misused in clinical care reporting and automation. I'd love to see a sociology researcher dig down and find out why it is we end up with such bad management of fairly simple things.

Update: The CVX to CPT map table is even worse.

American Express credit card information theft

We just received official notification that our AMEX credit card information was stolen. Inside job, as usual.

Same old, same old.

I'm astounded that web services expect me to give them my Google authentication credentials. They're conning us when they claim mere encryption will secure the data.

Incidentally, this emphasizes the stupidity of the "secret security question" fail (see US Bank security shield makes me scream). Not only do they make it easier to hack into user data, they do nothing to protect us from the commonplace insider thefts and other, old, tactics.