About 2/3 of the clocks in our house are 'set' automagically by the WWVB time clock radio. Both (all) of our alarms use this feature. If someone were to jam or override the time signal locally in SF I wonder how many people would be late to work the next day? How many other services uses these types of clocks because of their convenience?

I think a better solution is a closed and protected system that uses NTP and then rebroadcasts it through the house across our 802.11g wireless network. Our clocks could just pick it up from there and I could protected it somewhat.




technorati: WWVB, Atomc clock, Radio, NTP, network

Created 8 weeks, 15 hours ago

I was watching some TV program last night and I heard them mention these to companies. A quick read of their literature and I am convinced. Check them out.


Konarka (lightweight photo cell technology)
http://www.konarka.com/

Solucar (solar heat turbines)
http://www.solucar.es/





Created 29 weeks, 13 hours ago

I know there have been other posts on laptop thefts recently on the tubes, but I just had a family member have a laptop stolen and wanted to put together a list for him to follow to try and get it back.

1. Contact the police, file a theft report. You probably had more than just the laptop stolen, such as property damage and other items taken. If you want to file an insurance claim to replace your laptop, you will most definitely need a police report .

2. Setup an eBay advanced search monitor to see what laptops were recently posted in your area. Keep in mind that monitoring eBay is no easy task; however there are several softwares that can help you with this.

Hopefully the seller is wise to the eBay process and is using all the optimization techniques, such as location of sale, system specs and an actual photo of the laptop. They may wipe the laptop if they know what they are doing or use a stock photo for the item.

If you see your laptop come up for sale, start an e-mail conversation with the seller. What you are trying to do is track down the IP address of the suspect.

Ask for what accessories come with the laptop. For example, if they also took your laptop bag they may be willing to add that to the sale. These accessories could help you confirm that the item being sold is your laptop.






3. Monitor craigslist for laptops being sold in your area. Remember, the criminals will be removing the post as soon as they make the sale. You would be wise to use an RSS aggregator to monitor the RSS feed of your custom search and have it sync up very often to archive all of the posts that show up on the list.

If you can get an e-mail from the seller you might get an IP address from the e-mail headers. Also, you might get lucky with a phone number. Also, like the eBay suggestion, ask what accessories come with the laptop to help id it.


4. Consider adding an e-mail confirmation tracer to the e-mail you send to suspects. Even if they don't reply, once they open your e-mail you will have the IP address. If you become convinced this is your laptop, you will have some of the info you need to track them down.

5. Monitor the newspapers, pawn shops and other non-virtual methods to fence stolen goods. Acting quickly is the only way to stay ahead of the criminals. They aren't looking to hold on to your laptop any longer than they have to. They need the cash. A good tip comes from a comment posted on the XKCD blog:

Check the pawn shop regularly but DON’T tell them what you’re looking for. If they know you’re looking for a stolen computer it’ll just disappear.

6. Get the IP address. Say you do find your laptop for sale online, now what? Getting an e-mail from the suspect will help you get information on where the suspect is e-mailing from. Start a conversation with the seller. Make it seem you are interested (no threats) and ask for some information on the laptop before you finalize the sale. Like I mentioned before, ask about the accessories and what software it comes with to help you id your laptop.

What you are trying to do is get the IP address of the suspect. This will give you some clue as to where they are located. You will need to examine the details of the e-mail you receive. Most e-mail software will give you the option to view full header details or save the e-mail out to be examined with an editor. Look for the "Received:" details. There will be several lines marked "Received: ". Look for the original source that is not a local intranet IP address.



7. Track the IP address using any of several online IP tracing tools to determine the physical address or city/ISP of the computer being used to send and check e-mail by the suspect.

Keep in mind that there are many ways to spoof IP addresses. Also, not all e-mail systems log the source IP address of the sender. If you cannot get an IP address on the first try, on the next e-mail you send be sure to add an e-mail tracer as suggested in step 4.

If you use an e-mail tracer as suggested in step 4 you should rely on the reports they generate for your trace. Because these tracing systems do not rely on e-mail routing servers to provide the source IP address they may provide much more reliable tracing information. See this sample report from one of the e-mail tracing services.


8. Now that you know where your laptop is you should engage the help of the local police force to bring the thief to justice.

However, to make sure that you don't loose your laptop to another buyer you may need to purchase it from the criminal.

I do not recommend harming anyone or opening yourself up to criminal prosecution if you do find the location of the suspect.

Remember, that might not even be your laptop they are selling. It is also possible they are not the thief.

Use the information you gathered above to help the justice system work. Make sure to keep all shipping receipts, monetary receipts and communication as exhibits if you need them for a trial. Act as if you are just a P.I., not magnum though.


9. After you get your laptop back, you should use theft deterrents, data encryption, computer "phone home" software and identification marks on all laptops that risk being stolen.


technorati: laptop, loss, theft, tracking, encryption, tracing




Created 54 weeks, 2 days ago

Enough with the referral spam! I don't even display referrals publicly on my Web properties. You spammers are just succeeding in making my own narcissistic tendencies to check my site traffic difficult by polluting my data with your filth.


No doubt about it, the Web needs to grow a more secure referral system.

Until then I think the Technorati folks have come up with a great way of sharing referral information outside of private web logs. They call it "reactions" and even have a little widget for it.


It works on the principal that Technorati scrubs web and blog content in order to find links back to your content and thereby become the intermediary provider of 'approved referrals'. They hardly scan the known Web let alone the unknown, but I suppose it is better than the raw spammy world that exists today.

I was thinking of a way to remove all of this spam from my logs but instead I have decided that my web host needs to approach AKISMET to have them start scrubbing web traffic log files to remove all this spam for me.


technorati: referral, spam, links, technorati

Created 69 weeks, 1 minutes ago

A slice of conversation between John and Lee:

John:

did u get a xmas card from me?
im hoping i got your address right.

Lee:

You sent a scout card!
Dammit!
We fell for it.


John:

perfect. just perfect.
expect the reinforcements soon.

Lee:

I should have known from the:

    Dear You Guys,
    
        Happy Holidays!
    
    Your Friends from The West.


John:

This reminds me of Empire Strikes Back and the probe and the tontons.

Lee:

tawn tawns....
    
I think.

Can't remember the spelling.

But they're all gooey and warm inside.


John:

That would make a great cake - "Tauntaun Suprise"

Lee:
    
Nice.

John:

or...even better:

it would be an Italian dinner dish.

cut it open and it is filled with some spaghetti.

Lee:

Yeah.
     
Macaroni.

John:

a pastry filled with noodles and sauce.

Lee:

And the joke is that few people will understand why it's called Tauntaun Surprise.
    
"Mmm, this is good!", they will say.
     
And they won't get why there's a Luke - Star Wars action figure hidden in it.


John:

awesome


Lee:
     
I think if you posted that idea on some Star Wars geek forum, you'd be instantly thrust into some Grand Pubaa status.


John:

eventually Tauntaun Suprise will loose its connection from the movies though...
    
Yet, years from now people will still enjoy it much like we enjoy Shepherds Pie today.

Lee:

And there will be trivia question in Trivial Pursuit... and peoples' minds will be blown when they learn the origin of this traditional american dish.

Lee:

"I always wondered, but never thought there was a real connection..."

and, "Wow! My grandmother used to make Tawntawn Surprise all the time!"

Lee: 

The Luke action figure will be swapped out for a hidden carrot stick for practical purposes and the origin will, of course, be forgotten.

John:

Im sure other vegetables will work too.

Lee:

Right... the carrot stick will be sort of a midwest modification.

In the east, it will be an asparagus.



technorati: tauntaun, star wars, food

Created 73 weeks, 10 hours ago

So, its a very extravagant Halloween costume. Oh and it involves more than one person to operate, but it is interactive, responsive and pretty neat.



Check out HugeCamera.com to see some of the pictures it takes tonight (if everything works as planned).


Tonight, GooglePlex party and Castro Street.

And the future.... maybe we will take it to the park or the beach, who knows?

technorati: halloween,, costume,, camera

Created 80 weeks, 2 days ago

Lets get rid of CAPTCHA systems.

Testing for humanity isn't the answer to blog spam and form signup spoofing.


Before I left Texas for Silicon Valley I had an interesting conversation with a Flash developer friend of mine on creating little mini games as Turing tests for defeating comment spam on blogs. They would be infinitely more fun than identifying squiggly letters on a grid field.

Maybe a little mini Asteroids game in which you had to reach 10 points before you could continue? Or other simple games that we all love (Tetris, Matching tiles, etc).





The hope is that if you make the effort to post a new comment costly (time, thought, monetarily) than you defeat much of the spam that will make it to your Blog or forum or what have you. We are working on them.



However, the reality is that CAPTCHA systems are already compromised.

Have a peep at this example of code by Casey Chesnut of an AI system that will defeat moderate CAPTCHA systems. If you create a computerized test, it makes sense that a computerized system can then be created to defeat it.

Even more important than AI systems is a reference to a Boing Boing article on porn advertisers using free porn as an incentive to defeat CAPTCHA and post spam for them.

Other humans are the real threat.

This is where Turing tests start breaking down. If spammers incent humans to take simple tests confirming humanity than no system will ever stop them. If the reward is greater than the investment in time or complexity, how can it?

Spammers get people to signup for Yahoo! accounts, Hotmail e-mail, and most importantly comment on blogs and forums all over the Web with offers for free creams and airline tickets (I have had them even on this small blog).

Here is my proposal on how to prevent comment spam when free porn is on the line.

How about an approval system?

I agree that no one likes approval systems. The Web is real time baby! You want action and reaction. Post the first comment on a new post on a popular blog and feel like your day is complete. Start a flame on a forum, revel in the chaos.

Traditional approval systems just gum up the works. When you add a checkpoint on a highway everything behind it slows down. Same with a Web site; sales, traffic, interest are all tied to real-time. But so is good data. A comment stream full of spam isn't worth posting to. Nor is my trust in the owner of that stream when they don't have time to clean up their posts. What's the chances my comment will be read when it is buried within offers for free medicine?

The owner of a site doesn't have time to post new articles, manage the day-to-day conversations and build new interest if they have to approve comments as they arrive. And certainly they don't want to pay someone just to perform this approval task for them. Or do they?

Introducing Amazon's Mechanical Turk.

As Amazon puts it: "Complete simple tasks that people do better than computers. And, get paid for it". As a system developer, you can create automated systems for humans to interact with your data and provide you feedback on it for a modest fee.

Bingo. The same mode that spammers use to incent humans to defeat your humanity-checker is the same system we can use to prevent Spam. And in real time (or close to it). If we setup a system where comments can be moderated as they are posted and results show up in a timely manner, we achieve the goal of filtering spam and delivering a real time Web experience.

You are thinking, at what price? Having a staffing center open 24 hours a day doesn't seem cost effective.

I tried out Mechanical Turk the night Amazon released it. For about 10 minutes I matched up CD cover images to albums in a database. I think I was paid 1/3 of a cent per successful match I made. I earned about 2 cents in that 10 minutes. Of course I was poor talent as I was more interested in the system than the money. I could have made more money if I would have treated the task as a source of income.

Today, after logging into my dashboard account on Amazon, I see that I have offers of work for 1 cent to 5 dollars per successful work that I complete. The work obviously takes longer to complete the better it pays. Funny enough is that much of it is related to music. I guess they thought I did a good job during my 10 minutes of prior work. But the majority of work is 1 cent or less per item. If you had to add up all the comments I have had on this blog for the last year and pay 1 cent per approval,  I think I would approach a few dollars worth of labor.

As a work requestor in Mechanical Turk there are several thresholds you can add to help train a pool of talent for your data. You can have double validation done as you start to recruit talent. This sanitation period helps you gain qualified talent to work on your items. How hard is verifying that a post is genuine and not spam? I'm guessing 1 cent per comment is a fair price to pay. At 15 posts per minute validation (or 900 posts an hour), someone could make 9 dollars an hour at 1 cent per post for spam validation. Beats flipping burgers.

How would we implement a system to utilize Mechanical Turk?

First off, we need a company or organization willing to do centralized queuing. The more items you send to Amazon, the better rates you get for the humans doing the work for you. Having a small blog with 10 comments a month pay Amazon directly for the work won't be as cost effective as if Google Blogger had all comments on the Blogger system sent to Amazon.

If a subscriber paid a modest tiered fee to a company that consolidated all of the comments before being sent off to Amazon Mechanical Turk they would realize the best value.The organization performing the queuing would probably realize the most profit this way too.




As an added measure, the queuing company could setup a triage system to run some heuristic pattern matching against all incoming posts to see if they have ever rated a similar posts before. This would have worked really well against the Casey Chesnut CAPTCHA defeating system where his bot posted the same comment to 94 different blogs. The first comment would have been sent out for human validation, but each one after that would have been flagged as spam as the first one was. This duplicate matching of spam would also be instantly returned by the system in real-time, speeding up the systems response to flood spam (a common problem on forums).

And there we have it. Defeating human spam with human validation seems like the best way to defeat the blog spam conundrum.

Anyone want to start this service?



Additional related items to think about.

Instead of Amazons Mechanical Turk, we could use a distributed computing system to have people approve comments via e-mail, or through a special web service, etc. By no means does this have to be an economic gain for anyone if you can get free labor through some means.

Well designed CAPTCHA systems need to be designed with accessibility and compatibility in mind. Lawsuits, liability and ethics might concern your company or organization. Why take the risk if you don't have to.


technorati: CAPTCHA, Spam, Blog, Comments, Amazon, Mechanical Turk


Created 86 weeks, 13 hours ago