Archive for July, 2008

« Older Entries

Online Celebrity status and Social Engineering: Ze Frank Steals Your Facebook

Thursday, July 31st, 2008

Most of you probably know about Ze Frank. If you don’t you should go and watch The Show right now. It was one of the most insightful, hilarious and nutty online shows that I have ever seen. It was not really a vlog (btw, who the hell came up with the word vlog? It sounds like someone throwing up), but something else. It is an important bit in the history of online hilarity and you don’t want to be the person who doesn’t get the jokes about duckies, giant babies and etc.

Anyway, I found it amusing that Ze’s latest exploit was a classic bit of social engineering. Ze asked his fans, readers and followers to let him borrow their Facebook profile for a month. During that month he would maintain their profile, make status updates, post on people’s walls and generally pretend to be you based on the notes you provided him. I guess the idea was to expose how your online persona can easily be disassociated from you without anyone noticing. Interesting concept and the person who participated in this experiment admitted that she sort of wished that Ze would take her online identity into new bold directions she never considered. And he sort of did, by flirting with her “crush of the moment” as she described it.

What kills me though is that people actually allowed Ze to do this. And that they sent him their login information en masse:

Last month i asked people on twitter whether they would allow me to take over their facebook accounts for a week. Within a half hour I had to remove the request due to the volume of incoming username and passwords.

I’m amazed, and terrified by this at the same time. I know that we live in a society that worships celebrities the same way ancient Greeks worshiped their promiscuous, quarreling, unruly gods. So I guess it should be no surprise that if a celebrity (even a minor online one) asks people for their login information, his loyal fans will be more than happy to provide. Still, it frightens me.

Personally I don’t care who you are – you can be the emperor of the universe for all I care but if you ask me for my password my answer will be the same as to anyone else: “GO TO HELL!” Sharing your login information for any online service or email is a horrible idea.

I’m not sure whether or not Ze realizes this (but I suspect he might), and whether or not his fans ever even considered it but this was classic social engineering. Using a gimmick to weasel out personal information from a group of people. All the people who sent him their password they got duped. Naturally I’m sure Ze is a responsible person, and he had no malicious intent but he could easily turn around and cash in on his fans trust by selling their login info to Facebook spammers. Would his fans know? Would they even be able to connect total pwnage of their accounts with the fact they sent their login info to a complete stranger over an unencrypted protocol? I don’t know. Half of them would probably never figure it out. The fact they gave away their info so easily and willingly is just scary, and underlines how little value people put on privacy these days.

It disturbs me to no end that the person who participated in the experiment actually viewed it as a positive experience. I guess she doesn’t realize it yet. She gave a complete stranger access to her facebook account allowing him to explore her personal correspondence and all sorts of private and semi-private information along with a written guideline on how to act like her on Facebook. Who knows what he could dig out with this information. Could he figure out her other passwords and secret questions based on her friend list, and her private emails (you know, name of your dog, name of your childhood friend and etc)? A skillful social engineer could take that account and milk it for information potentially leading to an all out identity theft (“hey mom, what was my social security number? I forgot. Send it to my facebook!”).

Which brings me to a question for you. Do you share passwords with anyone? Can anyone except you log into your email, social media or your desktop? Personally I am very conscious about electronic privacy and I will not give my passwords to anyone. Not even my closest family. No one except me gets to read my email and use my social media profiles. I’m even in a habit of locking my workstation when I leave my desk even if I’m home alone. Not that I have anything to hide (well, except maybe the pr0n folder) but I personally believe that everyone should have a certain degree of personal privacy – even in close personal relationships.

I believe that your personal email, your social media accounts and the contents of your hard drive are off-limits to me. I have no business looking through them – and in fact I have no interest in what I might find there. I know people who either have their girlfriend’s/boyfriend’s email/facebook/myspace password or gave her/him theirs (or both). To me that sort of thing implies an alarming lack of trust, and excessive jealousy in the relationship. I personally believe that it is much healthier to simply respect each other’s privacy and have trust in the other person. Healthier, and more secure – because if you won’t give your password to your significant other, then you will be less likely to give it to Ze Frank or that Nigerian prince who promised you 10% of his wealth if you just hook him up with your pin number.

tags: , , , , ,

Posted in security, social networks | 8 Comments »

Stupid Monsters of D&D

Wednesday, July 30th, 2008

I never played D&D. This is probably due to the fact that I grew up in Poland where D&D and AD&D manuals were not easily available. Besides, we had a home grown clone called KrysztaƂy Czasu (Crystals of Time) had an unique (and by unique I mean stupid) fantasy setting and overly complex mechanics (and by overly complex I mean stupid). It is only notable because it is probably the first domestic full fledged RPG ever published. We did not play it because the game was widely considered to be “fucking stupid”. AD&D was sort of in the same ballpark and my gaming group never bothered acquiring the expensive rulebooks which were not printed in our native tongue.

Guess what was the most popular foreign fantasy RPG franchise when I lived in Poland? You will never guess. No, it was not the time crystal thing. It was not D&D or anything even remotely related. The most popular fantasy RPG on the Polish market at the time was Warhammer Fantasy RPG. Yeah, a game derived from that tactical miniature tabletop game. Someone got a bright idea to translate and publish it and it killed. I swear, everyone played it.

Me and my friend once decided to start like a little local RPG gaming club – we put out an add, secured a locale where we could meet and everything. Few people showed up, and we asked what games they played before. It was a wild scatter shot – everyone played widely different systems… There was only a single common system amongst all of us. We were all were familiar with Warhammer FRPG. So guess what game we played? Ok, we played Cyberpunk 2020 that day (with a beautiful TPK) but it was pretty much Warhammer from there on out.

It’s strange but the game was not bad. The rules were sort of crappy of course but they were simple. It was pretty much roll d100 under the attribute. If you don’t have the right skill, GM may force a negative penalty. Combat was pretty much lifted straight from the miniature game and was serviceable, if a bit simplistic. The system of professions and buying increases for your attributes for the XP was a total mess but we managed.

The game was very well supported and there were dozens of supplements and campaigns available for it. In addition the Warhammer Fantasy Battles game was well established and had lots of background fluff floating around in various Army books and publications – and porting them into the RPG game was fairly painless.

Besides Warhammer I played Star Wars D6, Mutant Chronicles, Dzikie Pola, Vampire: The Masquerade, the already mentioned Cyberpunk 2020 and Spacemaster (but using GURPS not Rolemaster ruleset – I don’t know why, ask my former GM – but likely cause Rolemaster was a clusterfaq of confusion).

All of these games had fairly specific settings. D&D is on the other hand this incredibly huge… Thing with many planes of existence and various crazy campaign settings such as Spelljammer (BTW, what the fuck in hell were they smoking when they made Spelljammer?). So it is almost like several games in one. If you thumb through the Monster Manual without realizing that the critters depicted there come from a wide array of planes, that do not all reside in the same setting you may think that the D&D is just plain fucking nuts.

I’m probably late to the party pointing out the Stupid Monsters of D&D article that has been making rounds on the interwebs lately. This fun article plucks out the silliest and most retarded monsters from few dozen D&D related books and some of them are just plain hilarious. I think my favorite ones are Monkeybees and Duckbunny. And no, I’m totally not shitting you. Check out the page and see what I mean. Silly!

WTF????

There is another series of posts in a very similar vein which starts here. In this one the author pretty much goes alphabetically through the 3rd edition Monster Manual. So it’s not just selective cherry-picking of some inane acid induced creations from 70’s which since vanished from the books. These are recent – and some of them are mighty retarded. Too bad the blog seems to have fizzled out and there have been no new posts from months now.

After looking through these articles I started thinking that perhaps I didn’t miss much by never playing D&D. This whole “let’s make as many monsters as we possibly can” philosophy can’t be healthy. I’m sure that a lot here depends on the GM and the setting you pick. I also know that D&D pretty much started this whole RPG thing we all know and love. It is also the only RPG game that “normal” people know about.

For example if I told someone I play Role Playing Games they would probably give me that “I really don’t want to hear about your sexual perversions look”. When I say “I play D&D” they instantly know what I mean, and simply give me “OMG, you are such a nerd” look instead.

Did I miss out by not playing this game? To me it doesn’t seem so – especially since I’m more into the Role Playing aspect of the game rather than into “Roll Playing”. I don’t mind rolling dice, but once you break out a grid with figurines and ask me how many squares I want to move, I’m fucking leaving.

Anyone here ever played D&D? What are your experiences with it? What other RPG games have you played? I’m writing all of this stuff because I want to see if any of my regulars (you know who you are guys!) has any clue what I’m talking about. I’m aware that this will probably be one of those posts with like a single comment that said “I know nothing of this stuff, but that article you liked to was pretty funny”. But hey, I figured that I’ll try.

If you ever played RPG’s (not on your computer) please sound off. Let’s see how many people we have here and what systems you played.

tags: , , , , ,

Posted in rpg | 12 Comments »

MS Office Addiction

Tuesday, July 29th, 2008

I prefer to use specialized tools that were designed to perform a specific job, rather than universal tools that claim they can be adapted to perform a multitude of tasks. While in many cases they are perfectly serviceable, I usually find that dedicated tools are simply better at what they do. There are exceptions of course, but in most cases a jack of all trades is a master of none. And the biggest, baddest universal software tool that claims to do everything is of course Microsoft Office.

The full MS Office suite is a package of tools for just about anything you can think of – from writing letters and memos, publishing, creating spreadsheets, presentations to databases. It was designed to cover all your bases, and let you do all sorts of things without needing to go look for the right tools elsewhere.

Sadly, all the tools in the suite are of sub-par quality. Everyone knows Access sucks. It is a single-user toy database that should not be used for anything other than small personal projects – such as cataloging your book collection perhaps. But people use it for all kinds of projects because it’s there in the office suite.

Word is a decent WYSIWYG editor but as all WYSIWYG tools it is deeply flawed. Not only does it hide and abstract vital information from the user. It also doesn’t guarantee in any way that the document you created on your computer will look the same on another one. The layout of a .doc file is largely dependent on the MS Office version, the availability of the fonts, and the default printer on a given machine and it’s settings. It is an ok tool to write a short letter, and maybe interoffice memo. But people use it to write research papers, books, and design promotional materials which in my opinion is insane.

Word also pretends it is able to save documents as HTML pages, which is a blatant lie. It doesn’t create HTML pages but rather vomits up non compliant MSHTML specific markup garbage with little regard for human readability. But some people use it for designing web pages.

Excel is a very nice spreadsheet application for quickly tabulating data, or creating simple charts. It is also hopelessly limited with arbitrary limits on number of rows per sheet, and invisible, counter-intuitive limits on the way worksheets can be formated. That issue was resolved in the OpenXML version but the binary xls format is still the de-facto standard in the corporate world. It was never designed to be used for storing and processing massive amounts of information but that’s what people use it for these days. And that’s despite the fact that storing data as comma separated or tab separated list is more efficient and much easier to parse by a variety of other tools.

They are all useful tools that are appropriate for certain problems. But since they are all bundled together, and marketed as the “be all, end all” office productivity solution people learn to rely on it. MS Office file formats are the standard formats for corporate information exchange these days. And since these formats are standards, hardly anyone, save for few geeks like you and me, considers using anything else. Office is the swiss army knife for office clerks, financial analysts, secretaries, CEO’s, technical writers, philosophers, sociologists, fiction writers, poets and just about anyone else. They use Office for anything and everything because:

  1. they don’t know how to use anything else
  2. they don’t know that anything else exists
  3. and therefore they don’t feel that they need to learn anything else but Office

Sadly, when the only tool you know how to use is a hammer, every problem starts to look like a nail. And if it does not look like a nail, you change the definition of the word “nail” until it fits your problem.

Time and time again I get approached by people who have an issue that Office was not designed to handle, and ask me if I could design VBA macros to solve it. Instead of asking whether or not there exists a tool that does X, they instead insist that we figure out a way to coerce Word or Excel to do it instead.

Apologists and Office addicts will of course say that learning new tools is difficult, unnecessary and counterproductive. Why for example would one need to learn LaTex if Word is perfectly serviceable, and easy to use substitute. Unfortunately easy to use does not mean best for a given domain of problems. In fact, quite to the contrary it usually means: simplistic, limited, and inflexible. While learning something new may slow you down at first, it is usually a wise investment of time and effort which will benefit you greatly at a later date. If nothing else it will help you grow as a person. I mean hell, you even had to learn how to use Office at one point, didn’t you?

You’re not going to tell me you write lengthy papers in Word without figuring out how to automatically enumerate figures, create bibliographies, tables of contents, and how to deal with page/section break and paragraph formatting oddities not to mention using features such as mail merge. Oh, wait… I forget that our regular office addicts don’t do that either. They rely on intuitive understanding of the tool and often for example do things like manually numbering their pages, or manually double spacing their text by hitting enter between lines.

The thing is that intuitive understanding of a tool is not enough. Everyone knows how to use a hammer for example. But nailing things together without damaging the wood, wasting nails, or hitting your thumbs is not trivial and takes some practice. Same goes with software but on a much higher level of complexity.

I’m not saying you should be experimenting with new software when under strict deadlines. I’m just suggesting that perhaps sometimes the right question to ask is not “how do I transform this data so that I can dump it into Excel” but rather “what tool should I use to efficiently analyze this data and get the answers I’m looking for”.

Posted in rant, software, technology | 14 Comments »

What’s in your Quick Launch Toolbar / System Tray

Monday, July 28th, 2008

It’s time of yet another show and tell moment. It always interests me to see what people have in their quick-launch tool bar and/or system tray. I know, not all of us use these things. I remember quite a few people in the Show me your desktop thread were using desktop managers that eschew tool bars and trays. We had some users of Awesome, some users of Ratpoison and few others. But if you own a system that does have a quick launch tool bar of sorts, let me know what is in it.

Why do I want to know this? Because it shows me what software you use on your daily basis – what tools do you consider to be so essential they need to be accessible with just one click. For most of my software I use Launchy and Katapult. I hate navigating application menus. But I still keep bunch of apps on the tool bar for an even quicker access:

taskbar1.png

This is a screen shot from my Kubuntu machine at work. Let’s ignore the K menu which is standard, and the two icons next to it. One expands to a list of frequently used file system locations (home, storage media etx..) the other is a standard KDE “show desktop” icon. These are fairly standard in KDE. The rest of the apps (from left to right, top to bottom) are:

  1. Kontact – my default email client on that machine
  2. Terminal – opens a kterm for me – I tend to hit this 10 million times a day on average
  3. Firefox – first thing I open, last thing I close before logging off (I close it because of memory leaks)
  4. Kile – LaTex editor. I used to use it a lot when I was in school – I don’t really need it for work, but it’s there
  5. SmartSVN – it did not have an icon, so I used this squirrelly thing
  6. Virtual Box – I use it to run a Windows XP copy so that I can test windows specific things on it
  7. Komodo Edit – my current IDE of choice for PHP
  8. CrossLoop – remote screen sharing app based on TightVNC I often use to troubleshoot things with coworkers on location. Runs perfectly well under Wine btw.
  9. Speed Crunch Calculator – just a basic calculator for when I need to crunch some numbers or make a quick dec to hex/binary conversion
  10. KSnapshot – basic KDE app for taking screenshots

My Windows box at home has a much more minimalistic setup:

Windows Quicklaunch
  1. Firefox – as above
  2. Thunderbird – my primary email client on the windows platform
  3. µtorrent – it only weighs in at few hundred KB, is full featured and the memory footprint is almost nonexistent – there is just no way you couldn’t love it.
  4. Foobar 2000 – if I want to listen to music, I use Foobar because it is minimalistic simple and functional

This sort of shows that at home I’m primarily running Firefox. Everything else is secondary. Also, the canonical “Show Desktop” icon is not there because I simply use Win+D for that.

The system tray is another matter. It shows how many services you are running on your machine. Here is my Kubuntu tray:

tray1.png

This may seem like a lot of stuff but it is not. Almost all of these apps are actually native to KDE and start with my window manager. If you use KDE you should recognize them:

  1. The flag is the keyboard layout switcher (I frequently switch to Polish Programmer’s layout and back).
  2. The padlock is the GPG key manager (running because Kontact is using it).
  3. The standard Network tray icon
  4. The standard power management icon
  5. The Korganize notification daemon (part of the Kontact suite)
  6. The standard volume management icon
  7. The standard clipboard management icon (aka Klipper)
  8. The standard bluetooth management icon
  9. The standard Kmail icon (shows a number of unread emails)
  10. Kwallet – the standard KDE password manager (not shown)
  11. Google Desktop Search – yeah, I use it – sue me (not shown)

Here is my windows machine:

Windows Tray

Once again, minimalistic approach. I try to run as few things on that machine because it is old, and I want to squeeze as much performance out of it as I can.

  1. The Language Bar – for switching keyboard layouts
  2. The Standard Network Manager Icon
  3. McAfee Antivirus (hidden) – I paid for it few millenia ago and they have been diligently charging my credit card ever since and I never got around to cancel it and use something else
  4. There is also a sound manager, and “safely remove hardware” icon there and nothing else.

Now it’s your turn. What is in your Quick Launch tool bar? What is running in your tray. Let me know!

tags: , , , ,

Posted in random, software, technology | 12 Comments »

« Older Entries