MagicalTux in Japan

Geekness brought me to Japan!

KalyHost – Domain names now available

Feb 14

Posted by MagicalTux in Tibanne | No Comments

After some months of work, we finally are able to have our first shop online, with domain names sales and management.

You can see this on the KalyHost page for domains, where you can order many extensions for cheap (.NET are on sale until 27 february).

Sale is done via Paypal, and domain is usable immediatly after sale. You can then manage your domain as you want to. Once we finish setting up webhosting and some other services (affiliation, etc) KalyHost will finally be ready for the real show. For now cheap domains are already a great thing, and I wish more people could have a look at it.

Tags: , , , , ,

Nigeria Spam 419 – A new pattern

Feb 10

Posted by MagicalTux in Geek Attitude | 2 Comments

Today I was surprised to receive a new kind of african spam I never saw before. It seems “they” noticed their usual pattern is too impossible (hidden money of an african country, I will give it to you because I don’t know who you are), so they finally got innovative.

Today the spam I got was different, but is indeed a spam, and based on the origin (tracked from the mail’s “received” headers, strangly I reached Nigeria), I believe responding to this email will get me involved in something like “He finally paid but the money is blocked in Nigeria and I’m blocked in XXX, please go there and get it for me young man, I will give you half of it”. Anyway here we go:

Dear Counsel,

My name is Clara Jong and I am a contacting your firm in regards to a
divorce settlement with my ex husband (Paul Lee Jong) who resides in
your jurisdiction. I am currently on assignment in Japan.

We had an out of court agreement (Collaborative Law Agreement) for him
to pay $448,450.00 plus legal fees in 2008, but to date he has only
paid me $44,000.

I am hereby seeking your firm’s to assistance in collecting the
balance which was agreed upon when we got in

See, quite original isn’t it. So everything needed is in there. High amount of money, a (young?) damselle blocked in an exotic country (Japan in this case, which is not quite exotic for me), and a problem with a husband. Headers are revealing the sender’s IP on a network managed by:

org-name:       MTN Nigeria
org-type:       LIR
country:        NG

I believe this is rather obvious and leaves no place for doubt. Welcome to new Spam 419, more subtle and likely to get more people involved with this scam which has been known to strip people of their money for years. I guess we’ll soon see the same pattern emerge from ex-USSR as they have been working closely (copying?) with nigerians.

Anyway be careful and never respond to those.

Tags: , , ,

Invision Power Board and FaceBook connect on Chrome

Feb 3

Posted by MagicalTux in Hacking | No Comments

Some people who manage Invision Boards have seen the new “FaceBook connect” feature as something interesting… However at first, I couldn’t see the “Connect with FaceBook” button.

Searching around a bit finally got this error from Chrome:

Unsafe JavaScript attempt to access frame with URL http://bbs.gg.st/index.php?app=core&module=global&section=login from frame with URL http://www.facebook.com/extern/login_status.php?api_key=10e950be918b8f0561e2073c53f2ab8e&extern=0&channel=http%3A%2F%2Fbbs.gg.st%2Finterface%2Ffacebook%2Fxd_receiver.php&locale=en_US. Domains, protocols and ports must match.

On Firefox (and probably other browsers), this works without problem. Just sharing that so other people do not get stuck with the same problem.

Tags: , , , , , ,

Google Translation and Japanese (half-width katakana)

Jan 19

Posted by MagicalTux in Geek Attitude, Japan | 3 Comments

Google Translation seems to have some difficulties with half-width katakana in google translate.

My text “グ-グルインク フリコミ” reads as “Go-goruinku furikomi”, which I’d translate as “Google Inc Bank transfer”. I’m just wondering how google reached a translation of “¸ – ¸ Ý Ù ² ¸ Ø º Ì Ð”.

Tags: , , ,

Mailing: why double-optin should be the only allowed solution

Jan 19

Posted by MagicalTux in Geek Attitude | No Comments

Sending mailing to your customers and/or visitors is often an important way to bring additionnal revenues for your company. Regulary sending emails (between one week and one month between each batch) is important so people don’t forget about you and know about your latest offers. Add some discounts and stuff in the mail to ensure people will have a good reason to read them, and you’re done.

Now the question is “who should receive your mailing”. People usually thing it’s OK to just buy an email address database and send them ads everyday to let them know about you, and your offers they all really need. This is most likely going to result into your company name becoming a keyword to detect spam, which is probably not what you are expecting.
Even if you let them a choice to “opt out” from your mailing, most people will not optout in fear this will just reveal their email is valid and read, and trigger more spam. So your list will be full of people who will not opt out, but instead click “report as spam” button. This is most likely not what you want.

Now, you know you can only send mailings to people who have subscribed of their own will on your website. “Their own will” cannot be verified simply. As far as I am concerned, there are two solutions. For a visitor you have to send an email notifying him he asked to subscribe to your list, and that he must click some link to actually receive it. Including a link to privacy policies can be a good idea too.
Next comes real customers, people who have actually bought on your site and asked to receive your mailing (not with a pre-accepted subscription). For them, as they are more likely to trust your “optout” link, you can probably skip the double optin step.

Don’t forget that you also need to send mails from times to times. One full month without mail is a no-go, as customers will have forgotten about you and their subscriptions, and will immediatly suspect spam.

Sending mailings is an important communication job, and you need to have news and stuff to put in your mailing. Make it interesting for your subscribers, and send mailing regulary (every two weeks sounds like a good idea). If you can’t include a “new cool products” part, try to include news from other activies from your company or special offers. Sending the same newsletter everytime is a no-go.

Anyway remember that spam (any unwanted email, even if it’s unwanted because the subscriber forgot he was subscribed) is not good for your subscribers, not good for your image, and not good for Internet as a whole.

Tags: , ,

Doing the impossible with apache modules

Jan 15

Posted by MagicalTux in Geek Attitude, Hacking | No Comments

I’ve been fighting with apache during the past few days to try to accomplish something that has never been done until now.

Apache has some nice included modules, for example mod_vhost_alias. This module allows someone to configure vhosts by just creating directories however it has some limitations:

  • It will cause problems with some other modules like mod_rewrite
  • You can’t configure stuff (php options, etc) by host (only with .htaccess files, but you can’t alter all settings)
  • It can’t handle variable kinds of domains

I decided to do something better, even with the people on #apache-modules (freenode) saying it’s not possible. It was even no possible to do this cleanly, however looking in apache’s code allowed me to reach my goal without too many problems, but with some really dirty parts.

#define CORE_PRIVATE

To reach my goal I needed to use some functions from Apache2’s core. I just wanted to say that I am really sorry, and won’t do it again (maybe). The functions I used are not meant to be used the way I used them, however I had no choice has there is no publicly available function to change the document root, or to inject configuration directives in the current request.

Anyway don’t do this at home, kids!

ap_get_module_config(…, &core_module)

One of the keys to play with core config dynamically is to fetch it. This is the way to modify ap_document_root. I just return DECLINED after completing my dirty work to let apache think it still has to do its work. Yes this is dirty. But it works.

ap_walk_config()

Ever wanted to do bad things in a per-config context? Now you can. I won’t comment this too much, but I’ll just say that it saved me big time (this one is not part of CORE_PRIVATE, so you can use it freely I guess).

The final step was to make logging easier. I decided to throw all the logging info through a udg socket which is then collected by a daemon, stored locally, and transferred to the logging server at the same time.

Tags: , , ,

New AkihabaraNews website released

Jan 9

Posted by MagicalTux in IRL, Tibanne | No Comments

After a really long development period full of unknows, problems and troubles, the new version of AkihabaraNews.com website has been released.

It took a really long time until we finally reached release, and I must say we can be proud of the result.

Tags: , , ,

Visa Credit Cards and expirations

Jan 7

Posted by MagicalTux in IRL | No Comments

If you got a credit card, you most likely got an expiration date written on it, which you must give to any website you want to pay to. On many websites, submitting transaction to the credit card processor costs money, and to avoid paying money for nothing something that will fail anyway, many stores will apply some checks beforehand, including luhn check and expiration check.

Now here’s the thing, as far as I can tell, when we implemented our store, our credit card processors didn’t give us any information about expiration date. The documentation explains how to submit a transaction, and not how to check for credit card informations validity (probably because they want us to submit it to them – and pay – in every case). I guess it’s the case for many other online stores. Now here’s the catch: I believe most shops do not know the exact rule behind the expiration date. Some will consider a card expired on the first day of the expiration month, some on the last day…
They are both wrong. I my card is expiring this month, I asked my credit card company and was told that my VISA card is expiring 30 days after the last day of the month written on it. An “expired card” is still valid for 30 days, however it will not work on some online shops which implements extra checks by themselves.

Now I’m stuck for one month on a card which doesn’t work on some stores, and started receiving “please give us your new card” emails from some subscriptions I have.

Anyway this “30 days after” rule isn’t documented anyway in the doc from our credit card processors, so I guess writing about it somewhere can be a good idea.

Tags: , ,

NoSpam – Getting rid of email spam when registering to suspicious websites

Dec 27

Posted by MagicalTux in Geek Attitude, News, Tibanne | No Comments

Ever wanted to avoid receiving a mountain of spam when registering on a website you don’t know? NoSpam.st is made for you.

The basic idea is simple: you tell NoSpam.st your email, and you get a temporary email from us. You can then use this email on the website you don’t trust. If you indeed get subscribed to many spam lists, it will be with the nospam.st email, which will be automatically disabled when the time comes. Once disabled, any email attempt to this address will be refused.

I am also preparing a nice feature for webmasters: the ability to make a mailto link on your site via NoSpam.st: you login on NoSpam.st, enter your email address, the expiration time you wish (default would be 4 hours) and get a snippet of javascript you can include on your website. Each time someone sees the page, a different email address will be generated. A normal user will usually send an email within the next minutes if he really want to contact you about your site, and not spam you for the next years.
With this system you might get some spam if spammers are fast enough (usually spam is sent a few days/weeks/months after email address has been crawled), but in this case you’ll get informations about the crawl (ip and date) in the email headers, and anyway you won’t get much spam as the email will soon be disabled.

Anyway a lot can be do to fight email spam. Also as soon as spammers see that emails @nospam.st are soon blocked, they might even consider automatically removing @nospam.st emails from their lists (we can dream).

By the way if you have nice spam-related domain names you don’t use, you can give them to us and we’ll make them available for email addresses.

Tags: , , ,

PInetd2: New launcher

Dec 22

Posted by MagicalTux in Geek Attitude | No Comments

PInetd2 is closing to release with the addition of two elements, a new launcher, and logs.

The new launcher is the first step toward the ability to dynamically start and stop subprocesses without restarting the whole daemon. The old “start.sh” has been replaced with a “daemonctl” tool, like in the old pinetd. This allows to start pinetd2 in the background (if forking is enabled), see processes status, and stop/restart the daemon directly. However since daemon can now be started in background, another feature was needed, which is…

Logging to a file

Of course, the whole system was made to centralize logs. Each child transmits logs via IPC to its parent, and the main launcher display logs on screen. It wasn’t difficult from there to write logs to a file. This means that even a FTP client chrooted somewhere can still send log events to its parent and get them written to the main logfile.

What’s next?

Now, I need to make those two elements less hack-like (ie. add some config options, add ability to log to syslog, etc), then I’ll have to finalize PMaild’s IMAP daemon thanks to the fact I added mailparse to the required elements in the PHP distribution. MailParse will handle the difficult mime-decoding part, and will make the next steps much easier. Parsed data will be cached in database (one new table per domain), and this should finally makes PMaild usable in imap-based webmails like Horde IMP.

Tags: , ,