Technobabbles I try to sound like I know what I'm talking about. Don't be fooled.


Always Check Embed Code, No Matter How Innocent-Sounding

Posted by dgw

Here's something that might be interesting: A blog readability test. Even cooler? You can embed the result on your site so your readers can see that shiny "College (Post-Grad)" badge (my latest result). And here's the coolest part: They include spam at no extra charge!

Yes, along with the wonderful button, you can also get a free spam link; for example, "Online Payday Loans". Sign up now! Test your blog, embed the badge, and watch your search engine ratings plummet!

(I do not in any way endorse embedding the code on your blog. The above is a joke.)

Here's a comparison of the preview and the actual embed:

Preview as seen on the site Rendered embed code

So, the moral of the story is: Check embed code and preview it offline before publishing it to your site. You never know what might be hiding in there. The image alt text is also spammy, so watch for those.

Hat tip to Jonathan Bailey at Plagiarism Today for pointing this out; I thought I'd help spread the word.

Filed under: danger, internet No Comments

Google Reader Just Doesn't "Get It"

Posted by dgw

The latest post to the Official Google Reader Blog concerns the recently launched share-with-your-"friends"-automatically feature and the uproar it's caused among the users. I myself have no real reason to care, since (sadly) nobody I know uses Google Reader, but I agree wholeheartedly that Google's launch of the "feature" was, in its own way, worse than Facebook's Beacon program.

The fact that Google's system assumes that anyone you talk to in Google Talk is a friend is the first part of the brokenness. Add to that the fact that you can't turn it off and have just the feed, with nothing automatic. And add to that the completely useless solutions Google has published to work around the problem.

So, what would be the logical way to give control to the user? How about a Shared Items control icon on the Tags tab of Settings, in the same column as the public/private toggle for the other tags, that allows you to turn off the automatic subscription of your "friends"? How about, since we can hide friends from showing up in our list, a function to block certain friends from seeing your feed automatically (for more-granular, Google Talk "Block" function-like control)? How about both?

What's Google done? Neither. Nothing. They've only just now begun to admit that they might have been wrong about the feature's usefulness. It's already ruined Christmas for someone, according to Garett Rogers' post on ZDNet (there's also a great Lolcat in that post).

Before today's post, Google's responses to the problem have included things like:

December 17: "There's a "clear your shared items" link on the Settings > Friends page if you urgently need to remove the items you've shared in the past."

December 18: "We just added a new option for those of you wishing to rearrange your sharing habits in light of the new features."

December 19: "Additionally, please note that blocking a person in Google Talk doesn't remove them from your Reader friends list. They'll need to be actually deleted for this to happen."

December 21: "This should help with the issue of unrecognized nicknames."

December 21: "Let me reiterate: If you're uncomfortable sharing items, you can unshare everything in a single click."

None of the features or processes that those posts refer to actually solve the underlying problem. Why would I want to clear my shared items? Why should I even have to? Why can't Google go back and hit the Undo button? Sure, I can move things to a new tag, too, but then everyone to whom I've ever sent the Shared Items URL has to get an updated address from me to continue following the items I shared under the protection of an obviously obfuscated address.

And notice that December 19 comment, about blocking people in Google Talk. I have to delete my contacts to keep them from seeing my shared items (if I don't want them to)? Sheesh!

So, to keep this post from getting too long, let me just say that I think Google should rethink this "feature." I won't go through every possible point, but this has been, all in all, a very bad move on Google's part, and I hope that, by January 1 (or at least the first week of January), Google will have switched off the feature, and maybe provided an option to turn it on.

Of course, this might be the least of our worries if what this post at Wise Bread says is true. There are rumors that Google wants to build a "universal activity feed" that will show up in Reader and possibly other services like Gmail. If I want to broadcast things I do on the Internet, there's a wonderful little service written by former Googler Paul Buchheit to do just that (it has privacy controls and you opt-in for each service you want to broadcast). Perhaps George Orwell was right about everything (except who would be doing the watching)...


Two More Illustrations of Battery Dangers

Posted by dgw

As I've written about before, Li-ion batteries are definite dangers. Today in my newsletter, I got two more articles -- one from yesterday, one from today -- that further prove the point.

The first (I'll go by chronology) details an IBM lawsuit against an apparently Web-only company that has been manufacturing and selling fake laptop batteries bearing the IBM logo. The batteries are flammable, and are of quite low quality. IBM seeks millions of dollars in damages from trademark infringement and lost profits, among other things.

The highlight here is that fake batteries are everywhere. Lithium-ion technology comes from hundreds or thousands of different companies, only a few of which are really any good. The bad ones pose a severe safety risk to consumers. They can catch fire, overheat, explode, leak, or do any number of dangerous things. It's not a simple task to make a Li-ion battery that works, much less one that is safe. I think there should be stricter regulations in place, and that certification by a reliable (perhaps government, though reliability is never a guarantee) organization should be required before batteries made by any given company can be sold. Hey, I just value my life.

The second article tells of a New Zealand man's cell phone battery, and how it exploded into flames while charging in the middle of the night. He says he was awoken around 0130 by a loud bang, and got out of bed to find his cell phone on the carpet, burning. According to the article, this is the second report of an exploding cell phone this week; another report Wednesday had information on a South Korean worker who "may have" died as a result of a cell phone battery in his shirt pocket.

These two incidents again highlight the danger contained in lithium-ion battery technology. I personally like the batteries, and never want to go back to NiMH (Nickel-Metal Hydride) or NiCd (Nickel-Cadmium) again, as they have lower energy densities; but manufacturers need to find a way to reliably prevent these things from happening. I don't particularly care if the odds are 1/1,000 or 1/1,000,000,000,000; there shouldn't be any question that the battery in my hand, in my pocket, or on my lap is safe and won't explode on me.


PDF Spam Malware

Posted by dgw

A new malware-distribution scam is sending out fake order-confirmation messages with "self-extracting" attachments (EXE files) that supposedly contain PDF order summaries, but really drop a Haxdoor/Goldun (depending on what antivirus program you ask) payload that can severely compromise your computer's security, plus steal passwords, give a hacker control of your PC, and display ads. Some variants can also disable anti-virus and anti-spyware apps and firewalls.

The scary part of this scam is the fact that it is constructed in such a way that lots of users will probably fall for it. It appears to prey on the modern public's knowledge of identity theft. Users receiving this will want to open that supposed PDF attachment to see if the order is a result of identity theft and will infect their computers as a result. This could be a bad one.


Microsoft and Privacy

Posted by dgw

Microsoft reportedly released results of a three-month phishing study conducted through an add-on to their Windows Live toolbar, the Phishing Detective. The software compared passwords used on various websites and reported URLs to Microsoft if the passwords for two sites matched. Admittedly, it is an interesting approach, and legitimate matches are easily weeded out, but it raises issues about how much Microsoft knows about you.

Microsoft could theoretically profile all its toolbar users and keep track of what sites they have accounts at by what sites generate hits to the password-comparing program. Other companies like Google also collect the URLs their toolbar users visit, but the features are clearly marked as having privacy implications and they promise not to log your traffic. Microsoft was definitely logging, though the degree of user specificity is unclear.

This wouldn't be so much of a bother if it was going to be limited to the Windows Live Toolbar add-on; rumors are afoot that Microsoft might add the technology to Internet Explorer, which already has an anti-phishing system similar to the one in Mozilla Firefox. Whether or not that version would send logs back to the company or just alert users if it detects suspicious password similarity, I can't tell, but it still makes my skin crawl a bit. I think I'll continue doing what I've been doing: sticking with Firefox and, for the occasional Explorer site, IE6.


eBay Phishers are Getting Smarter with Linux

Posted by dgw

PC World reports that eBay phishing attacks are getting more sophisticated. Attack networks and servers, including those that control spam botnets and host phishing sites, are being run from rootkitted Linux machines whose owners haven't a clue they've been infected. eBay recently reported that data on over 1,000 of its members had been stolen through a phishing attack. The online world appears to be getting more dangerous.

It's intriguing that cybercriminals are turning to Linux attacks; the penguin has long been regarded as the most secure of the three major operating systems, yet cracked (not hacked) servers and desktop machines running various brands of the open-source software serve as command networks for botnets and data collection servers for phishing sites. Linux machines apparently fetch a premium over PCs in the underground market, but their primary purpose seems to be staying in the control and hosting fields. When it comes to the actual bots in a botnet, Windows is preferred.


WiFi Surfers Beware

Posted by dgw

Having just encountered this issue myself, I find it a good idea to reiterate this tip. When going to a business with free WiFi, such as Panera Bread, Dunn Brothers Coffee, Caribou, etc., make sure you know the name of the network to connect to, and that you only click on access point networks. I just logged on here at Panera Bread and was faced with two public networks: One named PANERA and one named Free Public WiFi. The former, which was an access point, is the real network, and the other, scammy-looking one (to me) was an ad-hoc network between computers. Connecting to this kind of network could lead to anything from simple data skimming to identity theft. Just a word of warning. I think I'll go notify the manager of this malicious network (whose signal strength was stronger than the real one).


Glob@t is Criminal?

Posted by dgw

Hi again. Here at Technobabbles I usually express opinions on various things, but in this case we are posting a warning. According to some of the the more-recent reviews at, the cheap web host Glob@t is running a scam. Nefarious business practices like hidden charges (up to $39.95, from what I saw), and horrible tech support combine to give this hosting provider a very bad reputation. From what I can judge by the reputation data from WOT, this site does a very bad job with personal information, and reviewers back at the Web Hosting Jury say this host charges you even after you cancel your account...if you can manage to cancel it.

They also make it very difficult to cancel accounts, probably figuring most people will give up. I have the distinguished "fortune" of knowing someone who is signed up with them, and he just found out what they do today when I inquired about his hosting provider. He now wants to cancel his account, for obvious reasons.

My point in writing this is simple: I would like to prevent others from falling victim to this host's seemingly innocent practices. They offer ridiculously good prices on enormous amounts of storage, bandwidth, and features, but you will eventually end up being charged the proper price for this.

Strangely, McAfee SiteAdvisor's review page for this site gives it a Green rating. If anyone who hosts with Glob@t is reading this, please, register for a SiteAdvisor account and give them a "Phishing or other scam" review. Same for any hosting review sites, and a report to the BBB and/or the FTC couldn't hurt. Let's keep this business from conning anyone else.

Update (2008-03-19): Trimmed some weird markup, including a comment that was hiding the last paragraph. Whiskey Tango Foxtrot was up with that? I could have sworn I published the entire post...