“The Interview” and Hacking of Sony

We’re getting a little tired of reading harebrained opinions by pundits and experts about Sony’s decision to yank its movie “The Interview” after Sony was hacked, apparently by the petulant North Korean regime.

1) It’s Sony’s movie. There is no “right to be shown a movie.”

2) By all accounts this was a B-grade comedy with very little artistry or other redeeming merit. There are very few right-to-free-speech issues here.

3) The movie is Sony property and Sony’s decision to run it or not, not the media’s, and not the so-called cybersecurity experts’.

4) If Sony decided to run the movie anyway, and even one of 18,000+ theater outlets had been victimized by a terrorism bombing attack, the media and the public wouldn’t be screaming “capitulation,” they’d be screaming for Sony’s head on a platter for risking public safety by inviting a terrorist response.

5) The only appropriate response to North Korea is beyond Sony’s expertise, and hopefully Anonymous is working on that now.

575 total views, no views today

The Irony of It All: the Snowden Affair

Early this morning I was reading yet another news report on the celebrated and infamous Mr. Snowden, this one on the BBC web site, Edward Snowden documents show NSA broke privacy rules.

No real surprises there, but the following lines of text caught my eye. It caused a flashback to the different world of my youth in the 1950’s and 1960’s:

Mr Snowden, a former NSA contractor, has leaked top secret documents to the US and British media.

He has been given asylum in Russia.

If you’re too young to remember the Cold War years, the salvos of political diatribe hurled back and forth across the continents, the Spy vs. Spy cartoons in MAD Magazine, and the strong and justifiable condemnation of the pervasively brutal authoritarian state then called the Soviet Union, the irony of this all might take longer to sink in.

No matter what else we may think of this Mr. Snowden, he challenged the legality of our national security apparatus, and the authority of the United States of America to clandestinely and indiscriminately intrude into the private affairs of every ordinary American Citizen, without warrant or explicit legal consent.

Not to mention: our hacking into the very most private affairs of Downing Street, Whitehall, Brussels, Prague, Paris, Bonn, or anywhere else in the world.

Thus Mr. Snowden found refuge in Russia, still largely run by the vestiges of the old Soviet KGB apparatus, and there, for a time at least, it would seem, he has been provided refuge and shelter from the wrath of an authoritarian security apparatus, and from lifetime incarceration in some American prison camp.

925 total views, no views today

New “Write Us” Page

We’ve constructed a simple new WordPress page to take over sitewide “Write Us” functionality. This single dedicated page supports all 12 Summitlake departments, whether WordPress or “PhP” driven, and over 500 additional legacy HTML pages. The switchover took place this evening.

HISTORY: The old “Write Us” was a commercial-grade combination of cgi (Perl) and HTML forms. It was a spin-off from a two-person team effort to develop a website for a ski lodge. The owner decided to keep the website and let prospective customers telephone rather than use the advanced “forms” reservation system we developed. My part in this was over 1,000 free coding hours. I adapted it to “Write Us”, salvaging something from the project. Adding a security code to block spambots was its un-doing: impossible to get it working for all browsers, I got more letters of complaint about erratic “security” than I received on all other subjects.

NEW: the new form uses a simple WordPress plug-in for security, in an off-the-shelf WordPress comment form. You can use or preview it by clicking any Write Us button or link on this site. The free software plug-in is SimpleCAPTCHA by Law Eng Soon (zorex), Copyright 2008. (You can also see the form at the bottom of any post page, including this one.)

Users quickly realize they’re no longer sending a note directly to me: in submitting a comment, it goes to a moderation queue. If I approve it, it becomes publicly visible, and may also spool to an RSS feed. I would be happy if WordPress would add a “public/private” checkbox to the submission form. For the time being, the “Write Us” page advises users to include the phrase PRIVATE or DO NOT POST in the comment, and in that case, as moderator, I will not do so.

Registered users do not have to use the CAPTCHA security (the same system used by most of your financial institutions) , but comments should still go into moderation. I will respond via regular email to notes inviting a response that also include a working email address.

To register, or to submit a comment if you are not logged in, requires that you type in your email address. That information is private and WordPress does NOT publish it.

We do not get the volume of mail we used to get with our articles on the “Ford Bronco TFI Ignition” scandal, so this solution should work for “Write Us” until we find a low-maintenance anti-spam security e-mail solution.

Cheers,

Alex

956 total views, no views today

New for December

Well, if we don’t announce it here, it quickly becomes “not new”, doesn’t it? Still, we’ve been busy – here’s what we’ve been up to.

  1. Swan sent a new photo today, posted in PHOTO Notes
  2. We posted skeptical observations on the proposed new US Citizenship test, last week, in Commentary
  3. Noting the regrettable tragic death of James Kim last week in freezing weather at the bottom of a dead-end canyon in mountainous Oregon, we posted observations based on some personal incidents of our own. Even in balmy weather, nature can catastrophically exploit our disorientation, sense of urgency, or compulsion to stick to the original plan no matter what. In My Notes, December 8.
  4. Security in WRITE US: Almost every page at Summitlake.com contains a “Write” button, connected to an HTML “form”, connected to a number of programs that allow you to write Summitlake.com. Over the years, any mailbox connected to that button eventually gets filled with spam. Since there’s no way we’re going to post any of that garbage, we have to assume others are getting the spam too – probably showing summitlake.com as the sender! I’m no prude, but the spam is abusive and offensive. We took three steps to reduce that risk.

FORM MAIL SECURITY

  1. HTML not allowed. A simple filter wrecks the formatting so that any links or images that get through won’t work.
  2. Common cuss words are rejected. Everyone knows you can’t get them all, so we added a couple of tricks to the reject filter.
  3. Security Word – you know how secure financial sites now require you to read an image and type the word into the form? This requires that the user – or abuser – physcially go to the site, and spammers?prefer their back room smoke and mirrors?to wasting time at each individual site. We added a simple security word. Obviously, this is not a secure site, we don’t want or solicit sensitive information, and we don’t DO anything with the “word” – it is not a “password”, and is not linked to you or any ID.

634 total views, no views today

pbpBB Forum Taken Down

I removed our Summitlake “Forum” today, to devote our time to more rewarding projects at Summitlake.com. It took dozens of hours, perhaps a hundred, to install, configure, tweak, update, monitor and baby-sit the phpBB product. It took 20 minutes to back it up, delete the database, uninstall the site application, and remove links to the forum today.

We’ve had a forum of some sort or other for a long time, about five years according to the file dates on my local machine. It started with “Megadb”, a flat-file database I wrote myself as a training exercise. I upgraded to “YaBB” (“Yet Another Bulletin Board”), an early, plain-jane, perl-driven flat file bulletin board. I moved to the popular php-driven phpBB product shortly before my own web host rolled it out as?part of their stable of free house applications.

phpBB’s popularity was probably its major undoing, as far as we’re concerned. No, NONE of those forums were ever popular at Summitlake.com.

If you’ve ever seen an abandoned tract home project from the air, you’ll grasp the metaphor. You see the roads laid out like an aerial map, everything bulldozed and graded meticulously out of the dust, and, here and there, a structure 30,000 below. But nobody’s home.

We like the idea of having a “safe space” where our readers could exchange notes and interact, if they wanted to. Realistically, Summitlake.com has never been the kind of site where surfers “hang out”, nor have we tried to be. Honestly, we are oriented more toward to the solo reader who stops by to read the occasional article before moving on.

And we’ll probably try yet another bulletin board at some point down the line. Why? Just because we like the challenge.

What went wrong here? As a sophisticated free SQL database product with a thriving community of “plug-in” add-on coders, phpBB has placed enough sites out there to attract spammer attention. We spent most of our phpBB time maintaining bogus membership registrations; by use of email and website fields, they promoted the “V” drugs, gaming sites, occasional porn sites, and even their own advertising services. We’d write the registrants asking for verification that they wished to become forum members, and the emails would bounce, or there would never, ever, come back an answer of “Yes, because we like your site.”

Did these folks ever post to the forum? No. Were they perhaps just interested in phpBB’s Instant Messaging (which I disabled)? Maybe, but I have no interest in hosting secret chat rooms for the general public on my own nickel. Whatever happened to that horrible Microsoft IM that nobody can get rid of?

For a while, it was a challenge. After a while, it became a question of how to best invest our time. And, baby-sitting folks who get their kicks breaking the rules is not our idea of a good time. So we just pulled the plug. Happily, there are still some solutions for which no spammer can come up with a workaround.

2,347 total views, no views today

A Funny Thing Happened On The Way To The Forum …

Zero Mostel? Nope, more’s the pity, this isn’t about the immortal Broadway show and 1966 movie. It’s about our site’s installation of the ever-popular phpBB bulletin board forum.

For some reason, it’s become a magnet for spammers. The gimmick is, the spammer usually just registers as a member user, probably by “bot” at as many sites as possible. They rarely bother to attempt a post. If you follow their email and website links, these invariably point to poker sites and Viagra web pages. I deleted 150 such bogus “users” last night. Another one has since found its way through security to register their erectile dysfunction links.

You may wonder, why do they bother? Most of us aren’t dumb enough to click a link just to see what it does. You can see in the browser bar where the link points anyway (bottom bar on IE).

Well, Google scans all these pages, even those safely tucked deep in the site databases. A link is considered a point in the search engine?popularity algorithms, increasing the likelihood such links will float to near the top of a search results page. So, we don’t take?all this?personally.

Are we running out of patience? No, not yet. But, for a newly started?Forum with a scant 9 posts, it puts phpBB in the “very high-maintenance” category. This wouldn’t be so bad if the Forum was very popular, but it isn’t. If our experience with the mordant old YaBB is any indication, forums at Summitlake.com will never take off: unlike “Cloudy Nights”, we don’t have a critical mass of like-minded users ready and willing to devote an hour a night to exchanging ideas, info, witticisms and social bonding.

We’ll go the extra mile to support this poor ol’ feature, but don’t be too surprised if one day it simply disappears. Creating content is a lot more fun than wet-nursing the destructive, anti-social whims of spammers and taggers.

3,393 total views, no views today

Whither Spam?

Spam used to be a semi-edible canned meat product. Now, it’s more like the dust in a dust storm: it gets everywhere and into everything. Shake out those shorts, tuck in the shirt, lace the boots a little tighter, and hope for the best …

We just wasted an hour tightening up our other dusty wasteland, the new phpBB forum. Forums don’t seem to serve any real community function until there’s a congregation of a few hundred dedicated regular visitors. On remote outposts like Summitlake.com, forums seem to serve the same practical purpose as vacant lots: a weedy place of final repose?for discarded burger wrappers, ad throwaways and pizza flyers.

So, as of this evening, users will have to be registered to post on the phpBB forum. Our poor little fledgling forum has had one or two legitimate posts (mainly added as a courtesy by yours truly), and a small infestation of spam links. The next step might be to require admin approval for new registrations, and banning of offending IP addresses. But, we all know how effective a ban on static IP addresses is, don’t we?

Inevitably, the next step is going to be to take the board down, because I just won’t waste my time nursemaiding infantile parasites who may get paid one mil per post to harass our real user base, who don’t come to Summitlake.com?to look at that crap on our site anyway.

What a shame it’s come to this, you know?

1,515 total views, 1 views today

Goings-On

  • Q: How come some departments show an update in “AT A GLANCE” when there has been no recent activity? A: Blog spammers. I read they’re called “sploggers” now. Spammers have automated crawlers that leave comments on web logs. These are generally links to other sites which increase Google visibility, which gets somebody paid more advertising money. I have filters which almost always intercept and hold these postings, until I can delete them, but the files are all updated anyway to show “activity”.
  • Thanks to Dave N. for pointing out the broken “Write Us” buttons all over this site. In February I updated the Perl program which supports this function, in response to a server-mandated change, but failed to upload the changed file. “Write Us” works now. Hope I haven’t missed some more.
  • Dave and Swan continue to send fine contributions to “PHOTO notes”.
  • I am working on a major, almost scholarly review of the Darden Pyron biography “Liberace – An American Boy”. Analyzing the complex life of “Mr. Showmanship” has been a fascinating challenge. I am nearly finished with the article. I have some finishing positive touches I want to add, but I’m in no hurry to rush it through to completion. The article will be posted in WRITING when complete, and we’ll announce it here.

1,493 total views, no views today