American. Husband. Father. Geek.


Cringely Solves Phishing

OK, his readers did.
And maybe they didn't solve it.

But their suggestion sounds like fun, and ripe for automation:

If you get phishing e-mail, go the web sites and enter false data. Make up everything -- name, sign-on name, password, credit card numbers, everything. Instead of one million messages yielding 100 good replies, now the phisher will have one million messages yielding 100,000 replies of which 100 are good, but WHICH 100?

This technique kills phishing two ways. It certainly increases the phishing labor requirement by about 10,000X. But even more importantly, if banks and e-commerce sites limit the number of failed sign-on attempts from a single IP address to, say, 10 per day, theft as an outcome of phishing becomes close to impossible.

A simple start would to find a link in an e-mail whose text begins with "http://" or "https://", but does not match exactly with the href attribute. Or links to pages by IP address. Get the page - say with a WWW::Mechanize based bot, masquerading as MSIE - fill in the form with gibberish, submit it, and move on to the next one.

This could be fun!


Responsibilities for Kids

A nice starting point.

I see that I'm supposed to wait until fifth grade before asking the little guy to man the mower.



I hope this is true

Declan McCullagh says that the legislation mandating that all devices capable of receiving a digital TV signal also respect the "Broadcast Flag" has been struck down by the courts.

What's the "Broadcast Flag"? It's a bit in the transmission that instructs receivers not to allow the transmission to be recorded. It was a crime (until today, it seems) to manufacture a device that ignored that flag in a digital broadcast and, say, allowed you to record an episode of a TV show that's on while you're away from home so you could watch it later.

This is excellent news for tinkerers and people who like to watch TV on their own schedules.

Update:CNet's story about the ruling.


Flash Cookies

I didn't know that Macromedia Flash has cookie-like client storage.
So, if you're one of those people (like me) who deletes his cookies now and then, you might want to see what Macromedia has to say about doing the same for these PIEs (Persistent Identification Elements - how's that for a name...)

Like cookies, I don't think these are evil on their face, but few things are. It's how they're used. I don't mind cookies that, say, store my preferences for a website. There are maybe 10 or 12 of those. The other several-hundred that appear over the weeks are unwelcome. I don't recognize the sites they're from, much less their purpose. So, out they go.

The more you know, the more you know. Go take a look.


The Coming Crackdown on Blogging

That's CNet's title. How's that for over-the-top? There are non-partisan - even non-political - blogs out there, you know...

Anyhow - Declan McCullagh interviews Bradley Smith, of the Federal Elections Commission.

Nutshell: hyperlinks to a campaign site have value, so they may be regulated soon. Internet-only publications don't fit under the "press exemption" to the campaign finance reform law.

In just a few months, he warns, bloggers and news organizations could risk the wrath of the federal government if they improperly link to a campaign's Web site. Even forwarding a political candidate's press release to a mailing list, depending on the details, could be punished by fines

Certainly a lot of bloggers are very much out front. Do we give bloggers the press exemption? If we don't give bloggers the press exemption, we have the question of, do we extend this to online-only journals like CNET?

Never mind that this is the United States, where "Congress shall make no law ... abridging the freedom of speech, or of the press..."

In the spirit of technical support, I think I may have a workaround: Offer a print-subscription to your blog. Each month, you print out your monthly archives and mail them to your subscribers. Charge enough for it to cover your printing and postage expenses, just in case anyone actually subscribes. Put a prominent link to "subscribe!" on your blog. Presto - you're a "periodical publication" and therefore exempt* from the law.

Seems like that would cover it. If the law uses "periodical" in the normal sense of the word... I wonder what the legal definition of "publication" is...

(*Disclaimer: I'm not a lawyer, this isn't legal advice. I don't know if it'll work this way. Clearly my reading of the First Amendment is flawed, given that we're even having this discussion. So, if I were you, I wouldn't trust me, here. If you try this to shield yourself, I wish you great success, but I cannot help you. It is thoroughly annoying that I feel like I have to say that to protect myself... I'm just some guy speculating, here ... wondering how far this crazy crap is going to go in my country before some elected official stumbles upon American political documents from the late 1700's and finds in them his purpose.)


Democratic Lifespan

A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves largesse from the public treasury. From that moment on the majority always votes for the candidate promising the most from the public treasury with the result that a democracy always collapses over loose fiscal policy, always followed by dictatorship.
The only way to stop it that I know of, Ray, is education. It is possible to teach people that there's no such thing as "something for nothing."

So, how do you get the education started?
With all of the institutions and popular press looking to "the government" for solutions ... how do you begin to convince lots and lots of people that that way lies bondage?


Honda Safety

Saw a commercial for Honda - pointing out that all car makers test for the safety of the car occupants. But who tests for everyone else?
Honda does.

Already, more than two million U.S. Honda and Acura vehicles including the 2005 Accord, Civic, CR-V, Element, Odyssey and Pilot, along with the 2005 Acura RL, RSX, TSX and TL are equipped with a number of these [pedestrian-conscious] features including specially designed hood structures, hood hinges, hood hinges, front frame construction and breakaway wiper pivots.