For those following events in Japan, the Japanese Nuclear and Industrial Safety Agency has just issued a statement comfirming core meltdown of the Fukushima Daiichi #1 reactor. STRATFOR observes that NISA and TEPCO reports have been observed to be in conflict before, and the Nikkei report has not been independently corroborated.
I'll keep this short:
When I built a new babylon5 recently, the first video card I ordered was a Gigabyte card which was priced with a $20 mail-in rebate (outsourced to 4myrebate.com, by the way). I filled in all the rebate paperwork and sent it in. The rebate was declined because they claimed the included paperwork did not show the item purchased or the purchase date.¹ (I'd highlighted the item on the invoice with yellow highlighter.) I forwarded them a copy of the NewEgg email invoice. They refused to accept it. I emailed them a PDF of the invoice. They refused to accept it and said they couldn't open email attachments for security reasons. I printed a new copy of the invoice directly from NewEgg.com and mailed it to them along with their resubmission form. They have not acknowledged receipt.
At this point there is no doubt in my mind that GigaByte (or at least, 4myrebate.com) never for a moment intended to honor the rebate.
Oh, the video card? It failed (stopped outputting video on its DVI port) after two weeks. I couldn't get it replaced by NewEgg because I was required to cut the UPC code out of the box to get the rebate. I still don't have an RMA authorization from GigaByte.
Needless to say, I won't be buying any more GigaByte products. I advise others to follow suit.
 I eventually learned, by the way, that all they filed was the rebate form (with attached UPC barcode from the box, as stipulated) and the page showing the item purchased (that's right, the "item purchased" data which they said they didn't have; it was right there in black and white). They apparently threw away the first page of the invoice,with the purchase date on it, without bothering to scan it in.
I'd hoped this keyboard might make an inexpensive replacement for my buggy Microsoft Natural Keyboard 4000 and its astoundingly fast-wearing key caps (which aren't a defect, because Microsoft has cunningly redefined keys wearing completely blank within a few months of use as "normal wear").
No such luck. "Comfort" and "ergonomic" on this keyboard are bad jokes. Cheap construction, appallingly poor key feel, almost nonexistent height adjusters, and so flat that it actually feels dished in the middle. It probably comes as no surprise that, just like the MS Natural 4000, it's made in China.
So is this one, of course, the only other Natural-style wired ergonomic keyboard I could find that's not made by Microsoft (since all the ergonomic keyboards Microsoft currently sells are, frankly, garbage). The hard part, of course, is finding one that ISN'T made in China.
If only Microsoft would start selling the Natural Keyboard Pro again... that was the best keyboard I've ever used. Dell even sold black ones with their name on them. But they haven't been made in at least ten years (manufacturing cost was too high, apparently, because they were decently made), and are pure unobtainium now. You might occasionally come across a refurbished one selling for almost as-new price.
Sometimes I regret ever getting used to this style of ergonomic keyboard. But then I remember the wrist pain I used to get from using traditional straight keyboards... it gets pretty hard to write code when it hurts to type. I suppose I can try the Adesso PCK-208; of course, it's Chinese too, but looks as though it may be a lot closer to the Natural Pro model. I just have to pray I never need tech support, because when I tried to ask Adesso about how the key caps are marked, the answers I got back were completely incomprehensible. All I can manage to recall is something incoherent¹ about "not possible laser".
 If you'll pardon the pun...
This outfit and this domain are in cahoots, signing up PHP robots to mailing lists in order to archive those mailing lists, and publish the archives, without the knowledge or permission of the list members or maintainers.
Sure, there is no legal expectation of privacy in email. But to publish an archive of someone else's mailing list without even telling them you're doing so, let alone asking permission, is damned rude at best. One assumes the intended business model is to monetize other people's content via targeted advertising (and, some reports allege, by harvesting addresses off the lists for sale to spammers).
If you run a Mailman-based mailing list, and don't want Answerpot leeching your list, here's how you slam the door on their sockpuppets: Simply go to each affected list's management page, go to the Privacy screen, and enter ^@zeusmail.org into the banned-addresses list. This is a wildcard regular expression that will match any zeusmail.org address. Then you'll probably want to go through and delete any zeusmail.org addresses. The easy way to do that is from the command line:
# cd [Mailman list directory] # for f in * ; do list_members $f | grep "zeusmail\.org$" | xargs remove_members -n $f ; done
(Note: This example assumes that all Mailman tools are in your PATH.)
A trojan identified as Rogue:W32/DotTorrent.A is spreading a new "copyright violation" scam that steals credit card information by pressuring the victim into making a $400 "pre-trial settlement" to a fictitious ICPP Copyright Foundation for unspecified copyright violations. The owner of the domain is a known bad actor associated with other malware including Zeus and koobface.
There is a new release of Mozilla's Weave Sync extension out (version 1.2). It appears to have problems. On one of the three machines on which I have it installed, it now causes Firefox 3.6.3 to go into permanent uninterruptible sleep at 100% CPU utilization as soon as it begins syncing form history.
If this happens to you, use the following procedure to escape from the problem.
- Kill firefox and restart it. Stand by with your mouse over the Weave control on the status bar.
- As soon as Weave connects to the server, bring up the Weave control menu and manually disconnect it.
- Open the Weave preferences and disable 'Sync Form History'.
- You can now reconnect and let it sync everything else.
(Update: Bug filed.)
Ever bought an Energizer Duo USB battery charger? Ever used it on a Windows PC? It may have trojanned your PC.
"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday. "Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."
Energizer reportedly has no idea how or when the trojan got into their software, but it may have been there ever since the Duo was launched three years ago.
That VirtualCD update problem I reported yesterday? H+H Software confirmed the problem, and reported it “fixed” a few hours after I reported it to them.
The bad news? The “fixed” update is still broken. It’s just broken differently. The updated version loads now, it just doesn’t create any virtual CD drives or allow you any means to create any.
This update seems to be being troublesome for H+H. However, it’s the first time they’ve had such a problem with an update. If I were them, at this point I’d recall the 22.214.171.124 update, make certain EVERYTHING is fixed, and only then roll the update back out as v126.96.36.199.
H+H Software GmbH pushed out an update for VirtualCD 9 to v188.8.131.52 today.
DO NOT APPLY THIS UPDATE.
VirtualCD 9 will not run after updating to v184.108.40.206, and the bad installation cannot be fixed by doing a repair installation. You will be able to fix your VirtualCD installation only by completely uninstalling the programs (you do not need to delete your configuration data) and performing a clean reinstallation of v220.127.116.11 or earlier.
Not all of you folks on my FL read databeast, or keep up with the tech press. Which is why I’m quoting his most recent post in its entirety here:
Next week, at 8pm EST/00:00 GST, the Conficker worm will download its next code update.
I’ve spent the last 4 months spending damn near my every waking hour fighting this thing.
If you have no idea what I’m talking about, just go google ‘Conficker’ now. I’ll be happy to answer any questions.
In the meantime, go to http://windowsupdate.microsoft.com/ and download every last update on there.
Tell your friends to do the same.
if you can’t reach that site, you are already infected. Take your machine offline and get it disinfected by a professional.
But remember this, right now If you are not part of the solution, you are part of the problem.
Conficker is shaping up to be the scariest, largest botnet ever to have existed. If you use Windows as your operating system, and you don’t regularly update it, you are part of the problem, and your computer is likely now the property of some shadowy criminal syndicate based out of God-Knows-Where.
If you aren’t a Windows user, but you know people who are, tell them the above instructions. We have less than 7 days until what could, in the worst case scenario, be the most destructive event ever witnessed on the internet, a vast, data-stealing network owned by an organized crime syndicate. We aren’t talking science fiction here folks.
If every man would sweep his own doorstep the city would soon be clean.
He’s not kidding, folks. Conficker (aka Downup, Downadup, or Kido) is serious bad news. It’s the next level of Internet worm evolution; it’s Botnet 2.0, the most sophisticated worm yet seen. During one of its major activity spikes, on January 15-16, Conficker infected 1.1 million PCs in less than 24 hours. At that time, F-Secure estimated — conservatively — that 3.52 million systems were infected worldwide. By January 21 the number was believed to be around 9 million. Current estimates run as high as 12 million.
For the technically knowledgeable among you, SRI International has an analysis of the most recent Conficker-C variant here. For the non-technical, McAfee has some less technical information about what it does here. And PC World has an article here detailing how it attacks and some measures you can take to protect yourself if you’re not already infected. (The article is slightly out of date; one recent Microsoft security patch disables AutoRun for you as a precaution.)
One point from databeast‘s post cannot be emphasized enough:
If you run Windows, with ANY browser, and you can read this post, but you cannot get to www.windowsupdate.com, or GRIsoft.com (home of AVG antivirus), or Trend Micro, or Sophos, McAfee or Kaspersky or any other antivirus site, assume you are already infected. Take your computer offline and seek professional assistance to get it disinfected and patched.
On April 1, the Conficker botnet goes active. And we don’t have any idea what its new instructions will tell it to do. But it could be very, very bad.
Since Conficker can’t block downloads of tools from sites that don’t match its internal list of strings, I’ve mirrored several of the free Conficker removal tools locally:
- Enigma Software’s Conficker removal tool
- BitDefender’s single-PC Conficker removal tool
- BitDefender’s Conficker removal tool for Microsoft networks
- F-Secure’s Conficker removal tool
- F-Secure standalone worm-detection scanner, less specific
So if you can’t get to windowsupdate or any of the antivirus sites, you can download removal tools here.
A while back, we bought a Revel electric spice grinder, a CCM101 exactly like this one except for being a 120V US version instead of 220V. It's all, like, shiny and stuff, and has a honking big powerful motor (280W) for a smallish grinder. We figured it ought to last quite a while.
You can probably imagine, then, we were quite disconcerted when despite following the instructions to use it in brief pulses allowing pauses in between for it to cool, after the second use or so it was shedding debris that appeared to be partly-melted plastic, and smelling of hot plastic. About the fourth or fifth time we used it, it failed. The blade is driven by a shaft with a splined nylon stub on the end which fits into a matching socket attached to the top of the motor shaft. It turned out that the drive stub is attached to the shaft by being molded onto a small square piece of steel, maybe .375" square by perhaps .05" thick, threaded onto the end of the shaft. It appeared this plate had gotten hot enough that it simply melted itself free of the splined stub.
Well, the other day, intending to see whether I could fabricate a new splined drive stub for the drive, I took the blade and bowl assembly completely apart. (The blade is not intended to be removable.) Thus it was that I discovered...
Well, hell, how would YOU mount a high-speed rotating shaft in a molded plastic part? You'd use a bearing, right? Or at least a solid metal bushing? And you'd use thrust washers or something similar to control end float, and probably have some kind of lubrication, right?
Revel's magnificent design features the blade shaft, with some kind of hard plastic bearing surface at the bottom of the blade assembly, going directly through the thin molded-plastic bottom of the grind bowl, then a single thin washer that's apparently there to give a solid shoulder to end-stop the drive stub, then the splined drive stub screwed onto the end of the shaft. Axial misalignment and end float are controlled by the simple expedient of the drive stub clamping the bottom of the bowl between itself and the blade assembly tightly enough to eliminate angular and axial play.
So, let's see. We have dry plastic (polystyrene or something similar), clamped tightly between dry plastic (possibly a phenolic resin) and dry plastic (nylon this time), completely unlubricated, and spinning at high speed?
In about five uses, following their instructions to use it in short bursts with pauses for cooling, this misbegotten contrivance had worn halfway through the bottom of the grind bowl. The half-melted plastic we'd found earlier was where the upper bearing surface of said splined stub was melting from friction where it was running dry pressed tightly against the bottom of the bowl. It was just chance that the drive stub failed altogether before the wretched excuse for a blade mounting wore and melted its way entirely through the bowl. In fact, it's probably only due to the use of mutually incompatible plastics that the thing hadn't friction-welded itself into an immovable piece of kitchen art the very first time we used it. The manual implies it needs to cool between bursts to prevent overheating the motor — not to prevent it from melting its own drivetrain due to frictional heating.
After a thorough examination, I concluded there was no way to fix it without completely re-engineering the bottom of the grind bowl to make it thick enough to support at least a solid or sintered bushing, and fabricating a completely new blade assembly from scratch with a metal drive stub and a shaft long enough to extend through the bushing.
Needless to say, we won't be buying another Revel kitchen grinder. We recommend you don't, either.
.....I said, the sky is falling!
... I said, the SKY is FALLING!
... Hello? Sky? YO! SKY! TALKIN' TO YOU HERE! I'm WAITING TO SEE some FALLING HERE!
Or, not. Rumors and galloping hysteria to the contrary, the sky is NOT falling. LiveJournal is NOT shutting down. It's not even ceasing US operations. The garbled rumor about 20 out of 28 US employees being fired is just that — a garbled rumor, and from a gossip blog not renowned for journalistic accuracy at that. Twelve total jobs, split between the US and Moscow, have been cut.
"LiveJournal Inc.'s headquarters, technical operations (and servers), legal, administration, and the customer service teams will remain in the United States," the release explained. "LiveJournal's global product development and design will now be coordinated out of its Moscow office. The pooling of resources between the U.S. and Russia will allow the company to build a stronger business model, well positioned to guarantee the long-term success of LiveJournal."
You may now all return to running in circles, screaming and shouting. Carry on.
So, I got spammed by this UK consumer-electronics vendor. They had an unsubscribe reply address, and there was also this marvellous little gem in the midst of their boilerplate:
*ANY QUESTIONS?* _*/IMPORTANT/!*_ Feel free to use email to contact us firstname.lastname@example.org <mailto:email@example.com> . The only person authorized to read and send email is one of the managers and will be dealt with promptly and efficiently.
(And severely, too, I hope? Oh, I so wish they meant that. But I'm sure it's just bad grammar.)
So anyway, I did, as a cc: to my unsubscribe message. Here's what I got back in response:
Date: Tue, 22 Apr 2008 14:29:38 +0100 Subject: Re: Vision Electronika IPOD specials for April From: Sales Department <firstname.lastname@example.org> To: [elided] Message-ID: <email@example.com> Thread-Topic: Vision Electronika IPOD specials for April Thread-Index: AcikfOl5KCRI/BBwEd29CQAX8thZXg== In-Reply-To: <480DD289.firstname.lastname@example.org> NO, I JUST DON'T CARE A RAT'S ASS ABOUT YOU. HIT THE DELETE BUTTON IT IS A LOT LESS TIME AND EFFORT.
"... Free bad publicity: PRICELESS!" Yup, you heard it here first, folks. Not only are these wankers asshats and spammers, they are RUDE asshat spammers. Remember that domain and company name, now — that's visionelectronika.co.uk, aka edisonwatt.co.uk. Be sure and pass it around. Hey, here's their mailing address too: Vision Electronika, Ltd., 85 Seaward Street, Glasgow G41 1HJ, Scotland, UK. You could stop by and jeer at them if you happen to find yourself passing nearby.
Wired has a how-to on converting your HD-DVDs to Blu-Ray. You'll need a fast Windows machine, a HD-DVD drive, a Blu-Ray burner, 30-40GB of available disk space, a whole bunch of software, and a whole lot of patience. But check your costs first; you may be able to just buy a Blu-Ray copy of the movie cheaper than you can buy a blank Blu-Ray disc ($15-$25 per blank for single-layer write-once media; dual-layer writeable Blu-Ray discs aren't available yet).
If you've bought anything from geeks.com in the last year or so, you many want to take appropriate measures. Geeks.com reports that they "recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised." Why it took them from December 5 until January 4 to actually tell anyone is a question you might want to take up with them, if your card may have been one of those compromised.
MAJOR UPDATE 17 APRIL, 20 APRIL, 29 APRIL, AND 1 MAY: RECALL IS NO LONGER RESTRICTED TO WHEAT OR WHEAT GLUTEN AND ALL FOOD PRODUCTS FROM CHINA SHOULD BE CONSIDERED HIGHLY SUSPECT. THERE IS ALSO THE RISK THE LIST OF POTENTIALLY CONTAMINATED FOOD MAY EXPAND FURTHER. HUMAN FOOD CONTAMINATION HAS ALSO BEEN CONFIRMED IN PORK AND CHICKEN AND THERE ARE REPORTS THAT AT LEAST 45 HUMANS ARE KNOWN TO HAVE EATEN CONTAMINATED PORK. THERE IS ALSO NOW EVIDENCE THAT MELAMINE DOPING, INCLUDING IN HUMAN FOOD PRODUCTS, IS WIDESPREAD, ROUTINE IN CHINESE FOOD PRODUCTS, AND HAS BEEN OCCURING FOR YEARS. IN ADDITION, CHICKEN IS NOW KNOWN TO BE CONTAMINATED AND LIKELY CONSUMED BY HUMANS. SEE BELOW.
Those of you who are voting today, you might want to consider this proposed rule change, just in case it might change your mind on who's a good idea to vote for. It has been pointed out that this proposed rule change from the Department of Homeland Security "will change the basic nature of international travel to essentially require every US citizen to get advance permission from Homeland Security before leaving or entering the country."
That may be an alarmist interpretation, but ... did you know that Congress just granted the President the authority to unilaterally declare martial law? You heard all about the Military Commissions Act that, among other things, de facto legalized US use of torture. What you may not have heard about was that on the same day, Congress also passed H.R. 5122, the "John Warner Defense Authorization Act of 2007". A little-noticed rider slipped in at the last moment amends the Insurrection Act to give the President direct command authority to deploy state National Guard units for domestic law enforcement purposes, without the consent or approval of the state legislatures or governors:
Public Law 109-364, or the "John Warner Defense Authorization Act of 2007" (H.R.5122) (2), which was signed by the commander in chief on October 17th, 2006, in a private Oval Office ceremony, allows the President to declare a "public emergency" and station troops anywhere in America and take control of state-based National Guard units without the consent of the governor or local authorities, in order to "suppress public disorder."
See the exact amendment here; Library of Congress Thomas reference here. This change to the Insurrection Act amounts to de facto repeal of the Posse Comitatus Act, which prohibits the use of military force for domestic law enforcement.
There's a reason the state National Guard detachments were placed under the command and control of state governors, and not of the President. It appears most of Congress has forgotten it.
Those of you who aren't planning to vote, probably deserve whatever you get.
First, because it's more timely and topical right now, Ars Technica explains how easy it is to steal an election conducted using Diebold direct-recording electronix machines.
Second, because it never hurts to share it, a UK driver-awareness movie about looking out for motorcycles. (If anyone can give me a quick pointer on how to embed an MPEG movie directly into a post, it'd be appreciated. For some reason, I was unable to get it to embed.)