MagicalTux in Japan

Geekness brought me to Japan!

Nigeria Spam 419 – A new pattern

Feb 10

Posted by MagicalTux in Geek Attitude | 2 Comments

Today I was surprised to receive a new kind of african spam I never saw before. It seems “they” noticed their usual pattern is too impossible (hidden money of an african country, I will give it to you because I don’t know who you are), so they finally got innovative.

Today the spam I got was different, but is indeed a spam, and based on the origin (tracked from the mail’s “received” headers, strangly I reached Nigeria), I believe responding to this email will get me involved in something like “He finally paid but the money is blocked in Nigeria and I’m blocked in XXX, please go there and get it for me young man, I will give you half of it”. Anyway here we go:

Dear Counsel,

My name is Clara Jong and I am a contacting your firm in regards to a
divorce settlement with my ex husband (Paul Lee Jong) who resides in
your jurisdiction. I am currently on assignment in Japan.

We had an out of court agreement (Collaborative Law Agreement) for him
to pay $448,450.00 plus legal fees in 2008, but to date he has only
paid me $44,000.

I am hereby seeking your firm’s to assistance in collecting the
balance which was agreed upon when we got in

See, quite original isn’t it. So everything needed is in there. High amount of money, a (young?) damselle blocked in an exotic country (Japan in this case, which is not quite exotic for me), and a problem with a husband. Headers are revealing the sender’s IP on a network managed by:

org-name:       MTN Nigeria
org-type:       LIR
country:        NG

I believe this is rather obvious and leaves no place for doubt. Welcome to new Spam 419, more subtle and likely to get more people involved with this scam which has been known to strip people of their money for years. I guess we’ll soon see the same pattern emerge from ex-USSR as they have been working closely (copying?) with nigerians.

Anyway be careful and never respond to those.

Tags: , , ,

Invision Power Board and FaceBook connect on Chrome

Feb 3

Posted by MagicalTux in Hacking | No Comments

Some people who manage Invision Boards have seen the new “FaceBook connect” feature as something interesting… However at first, I couldn’t see the “Connect with FaceBook” button.

Searching around a bit finally got this error from Chrome:

Unsafe JavaScript attempt to access frame with URL http://bbs.gg.st/index.php?app=core&module=global&section=login from frame with URL http://www.facebook.com/extern/login_status.php?api_key=10e950be918b8f0561e2073c53f2ab8e&extern=0&channel=http%3A%2F%2Fbbs.gg.st%2Finterface%2Ffacebook%2Fxd_receiver.php&locale=en_US. Domains, protocols and ports must match.

On Firefox (and probably other browsers), this works without problem. Just sharing that so other people do not get stuck with the same problem.

Tags: , , , , , ,

Google Translation and Japanese (half-width katakana)

Jan 19

Posted by MagicalTux in Geek Attitude, Japan | 3 Comments

Google Translation seems to have some difficulties with half-width katakana in google translate.

My text “グ-グルインク フリコミ” reads as “Go-goruinku furikomi”, which I’d translate as “Google Inc Bank transfer”. I’m just wondering how google reached a translation of “¸ – ¸ Ý Ù ² ¸ Ø º Ì Ð”.

Tags: , , ,

Mailing: why double-optin should be the only allowed solution

Jan 19

Posted by MagicalTux in Geek Attitude | No Comments

Sending mailing to your customers and/or visitors is often an important way to bring additionnal revenues for your company. Regulary sending emails (between one week and one month between each batch) is important so people don’t forget about you and know about your latest offers. Add some discounts and stuff in the mail to ensure people will have a good reason to read them, and you’re done.

Now the question is “who should receive your mailing”. People usually thing it’s OK to just buy an email address database and send them ads everyday to let them know about you, and your offers they all really need. This is most likely going to result into your company name becoming a keyword to detect spam, which is probably not what you are expecting.
Even if you let them a choice to “opt out” from your mailing, most people will not optout in fear this will just reveal their email is valid and read, and trigger more spam. So your list will be full of people who will not opt out, but instead click “report as spam” button. This is most likely not what you want.

Now, you know you can only send mailings to people who have subscribed of their own will on your website. “Their own will” cannot be verified simply. As far as I am concerned, there are two solutions. For a visitor you have to send an email notifying him he asked to subscribe to your list, and that he must click some link to actually receive it. Including a link to privacy policies can be a good idea too.
Next comes real customers, people who have actually bought on your site and asked to receive your mailing (not with a pre-accepted subscription). For them, as they are more likely to trust your “optout” link, you can probably skip the double optin step.

Don’t forget that you also need to send mails from times to times. One full month without mail is a no-go, as customers will have forgotten about you and their subscriptions, and will immediatly suspect spam.

Sending mailings is an important communication job, and you need to have news and stuff to put in your mailing. Make it interesting for your subscribers, and send mailing regulary (every two weeks sounds like a good idea). If you can’t include a “new cool products” part, try to include news from other activies from your company or special offers. Sending the same newsletter everytime is a no-go.

Anyway remember that spam (any unwanted email, even if it’s unwanted because the subscriber forgot he was subscribed) is not good for your subscribers, not good for your image, and not good for Internet as a whole.

Tags: , ,

Doing the impossible with apache modules

Jan 15

Posted by MagicalTux in Geek Attitude, Hacking | No Comments

I’ve been fighting with apache during the past few days to try to accomplish something that has never been done until now.

Apache has some nice included modules, for example mod_vhost_alias. This module allows someone to configure vhosts by just creating directories however it has some limitations:

  • It will cause problems with some other modules like mod_rewrite
  • You can’t configure stuff (php options, etc) by host (only with .htaccess files, but you can’t alter all settings)
  • It can’t handle variable kinds of domains

I decided to do something better, even with the people on #apache-modules (freenode) saying it’s not possible. It was even no possible to do this cleanly, however looking in apache’s code allowed me to reach my goal without too many problems, but with some really dirty parts.

#define CORE_PRIVATE

To reach my goal I needed to use some functions from Apache2′s core. I just wanted to say that I am really sorry, and won’t do it again (maybe). The functions I used are not meant to be used the way I used them, however I had no choice has there is no publicly available function to change the document root, or to inject configuration directives in the current request.

Anyway don’t do this at home, kids!

ap_get_module_config(…, &core_module)

One of the keys to play with core config dynamically is to fetch it. This is the way to modify ap_document_root. I just return DECLINED after completing my dirty work to let apache think it still has to do its work. Yes this is dirty. But it works.

ap_walk_config()

Ever wanted to do bad things in a per-config context? Now you can. I won’t comment this too much, but I’ll just say that it saved me big time (this one is not part of CORE_PRIVATE, so you can use it freely I guess).

The final step was to make logging easier. I decided to throw all the logging info through a udg socket which is then collected by a daemon, stored locally, and transferred to the logging server at the same time.

Tags: , , ,

New AkihabaraNews website released

Jan 9

Posted by MagicalTux in IRL, Tibanne | No Comments

After a really long development period full of unknows, problems and troubles, the new version of AkihabaraNews.com website has been released.

It took a really long time until we finally reached release, and I must say we can be proud of the result.

Tags: , , ,

Visa Credit Cards and expirations

Jan 7

Posted by MagicalTux in IRL | No Comments

If you got a credit card, you most likely got an expiration date written on it, which you must give to any website you want to pay to. On many websites, submitting transaction to the credit card processor costs money, and to avoid paying money for nothing something that will fail anyway, many stores will apply some checks beforehand, including luhn check and expiration check.

Now here’s the thing, as far as I can tell, when we implemented our store, our credit card processors didn’t give us any information about expiration date. The documentation explains how to submit a transaction, and not how to check for credit card informations validity (probably because they want us to submit it to them – and pay – in every case). I guess it’s the case for many other online stores. Now here’s the catch: I believe most shops do not know the exact rule behind the expiration date. Some will consider a card expired on the first day of the expiration month, some on the last day…
They are both wrong. I my card is expiring this month, I asked my credit card company and was told that my VISA card is expiring 30 days after the last day of the month written on it. An “expired card” is still valid for 30 days, however it will not work on some online shops which implements extra checks by themselves.

Now I’m stuck for one month on a card which doesn’t work on some stores, and started receiving “please give us your new card” emails from some subscriptions I have.

Anyway this “30 days after” rule isn’t documented anyway in the doc from our credit card processors, so I guess writing about it somewhere can be a good idea.

Tags: , ,

NoSpam – Getting rid of email spam when registering to suspicious websites

Dec 27

Posted by MagicalTux in Geek Attitude, News, Tibanne | No Comments

Ever wanted to avoid receiving a mountain of spam when registering on a website you don’t know? NoSpam.st is made for you.

The basic idea is simple: you tell NoSpam.st your email, and you get a temporary email from us. You can then use this email on the website you don’t trust. If you indeed get subscribed to many spam lists, it will be with the nospam.st email, which will be automatically disabled when the time comes. Once disabled, any email attempt to this address will be refused.

I am also preparing a nice feature for webmasters: the ability to make a mailto link on your site via NoSpam.st: you login on NoSpam.st, enter your email address, the expiration time you wish (default would be 4 hours) and get a snippet of javascript you can include on your website. Each time someone sees the page, a different email address will be generated. A normal user will usually send an email within the next minutes if he really want to contact you about your site, and not spam you for the next years.
With this system you might get some spam if spammers are fast enough (usually spam is sent a few days/weeks/months after email address has been crawled), but in this case you’ll get informations about the crawl (ip and date) in the email headers, and anyway you won’t get much spam as the email will soon be disabled.

Anyway a lot can be do to fight email spam. Also as soon as spammers see that emails @nospam.st are soon blocked, they might even consider automatically removing @nospam.st emails from their lists (we can dream).

By the way if you have nice spam-related domain names you don’t use, you can give them to us and we’ll make them available for email addresses.

Tags: , , ,

PInetd2: New launcher

Dec 22

Posted by MagicalTux in Geek Attitude | No Comments

PInetd2 is closing to release with the addition of two elements, a new launcher, and logs.

The new launcher is the first step toward the ability to dynamically start and stop subprocesses without restarting the whole daemon. The old “start.sh” has been replaced with a “daemonctl” tool, like in the old pinetd. This allows to start pinetd2 in the background (if forking is enabled), see processes status, and stop/restart the daemon directly. However since daemon can now be started in background, another feature was needed, which is…

Logging to a file

Of course, the whole system was made to centralize logs. Each child transmits logs via IPC to its parent, and the main launcher display logs on screen. It wasn’t difficult from there to write logs to a file. This means that even a FTP client chrooted somewhere can still send log events to its parent and get them written to the main logfile.

What’s next?

Now, I need to make those two elements less hack-like (ie. add some config options, add ability to log to syslog, etc), then I’ll have to finalize PMaild’s IMAP daemon thanks to the fact I added mailparse to the required elements in the PHP distribution. MailParse will handle the difficult mime-decoding part, and will make the next steps much easier. Parsed data will be cached in database (one new table per domain), and this should finally makes PMaild usable in imap-based webmails like Horde IMP.

Tags: , ,

Incorporation in Japan

Dec 22

Posted by MagicalTux in IRL | No Comments

This is an official announcement.

While being in Japan, I finally decided to start once again the experience. For those who knew me for a while, they know I’ve been involved in many web-hosting company creations, either indirectly (RYA-Network) or directly (ooKoo, etc).

Here is a list of companies involved in web hosting I’ve been involved in:

  • 1999: Upsilon Studio (legally declared as “association” in France), my first involvement in web hosting, without servers, and with free domains from namezero and hosting from various places…
  • 2001: FF.ST (declared as a company mid-2001, collapsed end of 2001 at the same time the WTC did) created, first servers in USA. Automated web hosting system, and various things…
  • 2002: helped in Kalyweb/Kalyone while still managing FF.ST (and installed my own server there too). Was going nice, but there was some problems I’m not fully aware of (was too young), and the whole thing went down without any second though about customers (searching for “kalyone” on Google France might give some results)
    One of my best experience there was R&D work, and configuration of Cisco hardware (especially Cisco 6204VXR, and cisco switches)
  • 2003: RYA-Network (with some of the guys from Kalyone), where I could use some of my past experience and improve many things. This allowed me to discover the datacenters world in Paris, with visits in different datacenters. Soon problems arised with unhappy customers, mainly because of poor sales methods, and I got kicked out while customers were sold to a third party (or so it seems).
    Today the RYA Network website is still up, displaying offers from another time (who wants a 10MB webhosting? A dedicated server with 500Mhz CPU/64MB ram/786kbps bandwidth under Debian 3.0?), and the company seems to be still existing.
  • 2006: Created “ooKoo” as a company, while overseas. This went pretty good until war started, which virtually made every customer go away, mainly because of frequent power loss at our “office” (power loss itself wasn’t a problem, but the fact ISP was going down with power too wasn’t nice). Had to go back to France in hurry (and of course the area we were in, while experiencing half-day long power losses, was not in an area covered by the country for war-related problems).
  • 2007: Back in France, creation of “Kinoko“, with less focus on web hosting and more focus on software development. Because I’m working full-time in another company, haven’t got enough time to make it work as it should.
  • 2009: finally, while in Japan, creation of K.K. Tibanne. I believe past experience have taught me many things including (but not limited to):
    • Working fulltime at the same time is a bad idea, unless there is a point in time where “things must work no matter what”. I resigned from my current work, and still have a few weeks there. I’m a bit sleep deprivated lately (mainly because I’m handling two works at the same time) but things are progressing at a good pace.
    • Having external investors is a pain, and can become a risk when they start to have their own ideas about how the company should be run while they were silent for the mast months and have no idea of how webhosting works
    • Sales staff can mess up everything if they do not have strict rules  they need to abide to. In one of the previous company I heared a story of a sales guy selling lifetime server at MacDonald’s, getting cash money from the customer, and few weeks/months later customer came back wondering when he’ll get his server (and ended punching someone).
    • Being nice with competitors and avoiding to attack market when the opportunity appears is a bad thing. They won’t care about you anyway.
    • Going in a country with unstable borders and war history can be really bad for overseas business. In a global world like the one we live in today, this is not acceptable.

I also accumulated a nice amount of networking experience (thanks to full-time jobs too, where I also could peek at some cisco IOS/CATOS configurations for a complex network with two AS, BGP uplinks, etc) and have a global understanding of how internet works (ip announces, dns system, etc). Created companies also taught me a lot about company management, legal requirements, taxes, etc (while laws in Japan are different, they are not that different).

Now, let’s make things work and start with web hosting, which is an activity requiring a lot of technical knowledge and that if done right can attract a lot of customers.

Tags: , ,