Hacker's ramblings

On my Google AdSense payment history: Jan 28 2013: Invalid Traffic - AdSense for Content

They reduced my monthly payment with about 1% of the total sum. No explanations, no nothing. They're just claiming that I'm not following the mutual agreement made about AdSense usage policy and provide no proof of that. Quite literally they're saying is that I'm abusing the system to gain extra payments out of Google and if not abusing the system, I'm a liar because I don't admit doing that. Nice!

There is a discussion thread Help to identify Invalid Traffic Source in the Google AdSense in English support forums. Lot of people having this issue since December 2012, and no possibility of tracking who clicked what to cause the alleged invalid clicks.

This is not about the 1% of lost revenue, it's about me being called a liar and not introducing any kind of evidence what I did. The AdSense payments fluctuate a lot anyway, they somewhat correlate with visitor flow, but sometimes Google issues more expensive ads which yield more cost-per-click. Then again they issue cheaper ads with lower CPC. Since they get to control who gets what, in the end it is a zero-sum-game and on a monthly payment differences equal out resulting something that correlates the site visitor flow. But this 100% control is not enough for them, they don't want to pay out what they're agreed to do and get 101% of control.

It is needless to say this, but I'm doing it anyway: This sucks like a Kirby vacuum cleaner scam!

My production box crashed with:

** glibc detected ** nginx: worker process: malloc(): memory corruption: 0x00000000012f9d20 ***
** glibc detected ** nginx: worker process: malloc(): memory corruption: 0x00000000012f9d20 ***
2013/02/21 21:34:30 [alert] 20048#0: worker process 7258 exited on signal 9

Which was bad.

I like ETags to reduce page loads, and Nginx does not support them. To get it support ETags, there is a module in GitHub, which I am using.

After a nice couple of hours of debugging it turned out that all other places in Nginx-code call ngx_memzero() before calling ngx_open_cached_file(). It turned out to be the crucial mistake in the module. I filed an issue to the original author to notify everybody else.

My production boxes did actually return weird errors now and then, which I didn't think much of. Weird things happen sometimes. However, this fix seems to help, there are no worker processes dying and page load erros seem to gone away. Hopefully the box does not crash again.

Adblock Plus is a great add-on for Fire-/Waterfox, Chrome and Opera. It really keeps the unwanted commercial crap out of your browsing experience. There are so many badly designed and implemented ads in the world, that they triple or quadruple page loading time, look ugly and sometimes when programmer has really been a total idiot, a failure to load the stupid ad crashes the JavaScript functionality which would be otherwise needed. Programmers: Test your site with ads blocked, please.

My point is, that if ad programmers are idiots, equally idiotic programmer in Adblock Plus project decided that I cannot type. Sure, now and then my fingers do not hit they keys they should have been, but I most definitely don't need a machine to fix my typos. That's for sure. Now the braniac that made the decision that I cannot type, enables this useless helper as default.

The entire feature is fucking useless! It never works when I mis-type, but it always triggers when I enter the address correctly. Looks like somebody else has the same issue and wrote instructions on how to disable the I-think-you-wrote-it-wrong-I'll-make-it-much-worse-for-you -addon.

Can you show me a single working example, where machine would 100% detect user's mistake and 100% of the time correct it properly? No you cannot. Nobody can.

Earlier I wrote about elaborate Chinese scam to shake down money from unsuspecting corporate domain owners.

This time the e-mail really didn't specify any URLs to fake companies, nor really specify any fake company names. The e-mail was sent by clark.yang@picweb.net. There is a web site http://www.picweb.net/, which is located in Los Angeles, USA. The content has lot of references to China. Un-surprisingly, most of the links are either non-existent or actually are not links. Especially the top menu for "Products and Services" is not a link, so they actually don't sell anything. The web site looked like this:

The e-mail for picweb.net is handled by mx168.cn4e.com which is in CHINANET Fujian province network. There actually is a mail server in the address, but I don't know if they handle any e-mail for picweb.net. In the e-mail headers they tried to fake SMTP-route and point finger to a most likely innocent Chinese IP-address. They are not very good in forging headers and the attempt is rather childish.

Also un-surprisingly, the e-mail arrived to Google via IP-address 117.27.141.168, which is in same network as the previous domain scam e-mail. Also the above mail server is in the same ISP's block. They still don't care what kind of crybercrime is going on on their wire.

I'll post the contents of the e-mail here:

(Mail to the brand holder, thanks)

Dear Brand Holder,
We are the department of Asian Domain Registration Service in China. I have something to confirm with you. We formally received an application on February 20, 2013 that a company which self-styled "HongDa International Co.,Ltd" were applying to register "hqcodeshop" as their Net Brand and some domain names through our firm.

Now we are handling this registration, and after our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we will finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we will handle this issue better. Out of the time limit we will unconditionally finish the registration for "HongDa International Co.,Ltd". Looking forward to your prompt reply.

Best Regards,
Clark Yang
Regional Manager

AnHui Office:
Phone: +86-551 6512 0117      
    Fax: +86-551 6512 3308
Postal Code:230022

Address:AnGao World Cities,No. 99,WangJiang West Road,HeFei,AnHui Province,China

ShangHai Headquarters:
Postal Code:201315
Address:No.11,Lane 788,Xiupu Road,Nanhui District,ShangHai,China

The e-mail headers are here:

Delivered-To: jatu@hqcodeshop.fi
Received: by 10.64.148.67 with SMTP id tq3csp180927ieb;
        Wed, 20 Feb 2013 00:58:50 -0800 (PST)
X-Received: by 10.66.243.169 with SMTP id wz9mr52609194pac.34.1361350730222;
        Wed, 20 Feb 2013 00:58:50 -0800 (PST)
Return-Path: <clark.yang@picweb.net>
Received: from mail.umail168.cn4e.com (mail.umail168.cn4e.com. [117.27.141.168])
        by mx.google.com with ESMTP id o4si27012995paw.72.2013.02.20.00.58.48;
        Wed, 20 Feb 2013 00:58:50 -0800 (PST)
Received-SPF: neutral (google.com: 117.27.141.168 is neither permitted nor denied by best guess record for domain of clark.yang@picweb.net) client-ip=117.27.141.168;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 117.27.141.168 is neither permitted nor denied by best guess record for domain of clark.yang@picweb.net) smtp.mail=clark.yang@picweb.net
Received: from clarkyangpc (localhost.localdomain [127.0.0.1])
    by mail.umail168.cn4e.com (Postfix) with SMTP id 9B02BA28004;
    Wed, 20 Feb 2013 16:58:46 +0800 (CST)
Received: from clarkyangpc (unknown [124.73.90.238])
    by mail.umail168.cn4e.com (Postfix) with ESMTPA;
    Wed, 20 Feb 2013 16:58:46 +0800 (CST)
From: "Clark Yang"<clark.yang@picweb.net>
To:
Subject: "hqcodeshop" Net Brand and domain name registration
Date: Wed, 20 Feb 2013 17:00:53 +0800
Message-Id: <DM__130220165401_37568426463@mail.picweb.net>
MIME-Version: 1.0
Content-Type: multipart/related;
    boundary="----=_NextPart_13022017005237571425618_001"
X-Priority: 1
X-Mailer: DreamMail 4.6.9.2
Disposition-Notification-To: clark.yang@picweb.net

Yet again I did report this scam to Google. Looks like they are powerless with these ones.

What happened to Symantec / Norton?

They used to be the backup company, but they have not release anything after Norton Ghost 15.0 (yes, I am an user). That is from Nov 2009, making newest version over 3 years old! On top of that they announced that Windows 8 will not be supported. WTF!? That is an excellent indication of their commitment to the product. Those who cannot understand sarcasm: they abandoned the product years ago.

Screw you Symantec! I'm going home.... erhm... to Acronis True Image. They release updates, they release new versions, they support Windows 8. Their level of commitment is from a totally different planet than Symantec.

I ended up gotting a new laptop. Since my weapon of choice has been Thinkpad for ages, I got me a new Lenovo. The T-series has existed for ages. Even IBM made them during 90s. The T-series laptops are a bit pricey, but they are meant for working. Couple of years ago a colleague said "and they look like tools, too!".

Here is the link to Lenovo-page.

Since this is an ultrabook (whatever that actually means). It is quite light and only 22 mm thick, as you would expect there is no DVD-drive and only 2 USB-ports. They are USB3, but still, only two of them. Everything in this reminds me of Apple laptops, with the difference that there is a latch at the bottom of the machine. You can open the bottom very easily and all of the parts are easily accessible. It is easy to notice the philosophical difference in design and the ease of manufacturing with Lenovo and Apple. This one was designed by the same people, who actually build and fix them.

The really exciting part is that the state-of-the-art Ivy Bridge CPU/chipset/graphics -combo runs really, really fast. The difference to my previous laptop is a huge. To speed up things even more, I changed the 128 MiB Samsung SSD into 240 MiB Intel SpeedDaemon 520-series. I'm getting Windows Performance index of 4,9 with the weakest link being GPU and specifically desktop graphics. i5 CPU gets 6,9, memory gets 5,9 and SSD gets maximum reading of 7,9. All of these are really good numbers for a 1,7 GHz machine!

Typical usage scenario for a business laptop is to use it in docking station at the office. I got the Lenovo USB3-dock, but still I wouldn't call this a traditional docking station. To "dock" the laptop, you just connect USB3-cable and charger. The dock has quite a many USB3-ports, two DV-i ports and a 1Gbit/s Ethernet connector, all of which I require when docked.

But I'll stamp this with my seal-of-approval. T430u is definitely one to get!

The puzzle at Mystery Hunt site. A PDF-version of it, to solve it with paper and pencil.

I wrote the regexp-puzzle into a HTML / JavaScript -page, go see it at http://opensource.hqcodeshop.com/grid/. It will display the regexp with red colour if it does not match.

This one is really tough to solve. Good luck!

I got my hands on Huawei B593, punched in a SIM-card and turned the thing on. The admin is at http://192.168.1.1/ and admin password is admin like on many other devices, no surprises there.

Since my SIM is a pre-paid one which I use for testing and temporary Internet access, I simply wanted to see how much credit I had there. But wait! There is no Send SMS -functionality. I got the PDF-manual which said that there would be one. I think every 3G USB-stick software has that, why a 4G router wouldn't have the simple thing?

Little bit of Googling revealed that some telcos actually don't put it there. I did get my box from an independent reseller, but it looked like it was a Sonera (Telia) branded hardware. Little bit of more Googling ended me to one of their competitors, Saunalahti. From their customer support page, I got their firmware, uploaded it and noticed a number of drastic changes. Login screen was changed in to a generic Huawei one. After login my precious SMS-menu was there!

Yet another shame on you Sonera! Why did you leave the SMS-sending out. Idiots!

Update:
The login screen for the Saunalahti firmware version V100R001C260SP055 looks like this.

Update 2:
Most non-Finnish readers cannot read the telco's support-page. Download link for the firmware is http://www.elisa.fi/elisa/docimages/attachment/tuki/elisa_r+m+h+s.tar.bz2

Update 3:
There is an article about firmware from 3 Denmark.

Earlier I wrote about running CentOS 6.3 with Windows 8 Hyper-V.

One day I realized that the status of my network says: Degraded (Integration Services upgrade required). Well... I dunno what that means. Everything seems to work, but if there are any issues I'm not noticing them.

According this conversation at Microsoft's social network, somebody else is having this issue too. They are not noticing anything wrong either. Except the fact that status is degraded. I did try fiddling around with virtual network settings, but no avail.

I guess it is fully working after all.

Is it just me or is vim's automatic comment continue to the next line completely unnecessary? Every time I copy/paste anything into vim it makes the smart choice and completely messes up the code. And this is enabled as a default! WTF?

Something like this will help:

:set formatoptions-=cro

This reads, disable following:

• c
  • Auto-wrap comments using textwidth, inserting the current comment leader automatically
• r
  • Automatically insert the current comment leader after hitting <Enter> in Insert mode
• o
  • Automatically insert the current comment leader after hitting 'o' or 'O' in Normal mode

After that copy/paste works as it should.

PHP has been lacking properly implemented password-hash function. Many web-sites really would benefit from having such a thing available. Zend Framework -guys implemented that into their ZF2. Nice! But for us not running ZF2, doing 1000 hashes in a loop with PHP-code does not sound like a good idea.

Initially I thought that Mcrypt-project would implement PBKDF2 and PHP would gain the function that way. Apparently they're not interested either.

The good news comes from PHP-project. They implemented hash_pbkdf() into native PHP. Great! The problem is, that PHP 5.5.0 has not been released yet. I didn't want to wait and back-ported the function from PHP 5.5.0 source tree into my own 5.4.11.

For those wanting to build their own, the patch is here: php-5.4.11-pbkdf2.patch

The test from PHP manual page:

$hash = hash_pbkdf2("sha256", $password, $salt, 1, 20);
echo $hash . "\n";

Yields exactly correct result: 120fb6cffcf8b32c43e7

Doing only 1 round is very naive. The recommended minimum is 1000 and apparently 2000 is the way to go. I took Zend Framework's Zend\Crypt\Key\Derivation\Pbkdf2 as a reference and did 2000 rounds instead of 20. Both algoritms return exactly the same result, though they handle the length-parameter differently. ZF2 assumes bytes, but PHP's native version assumes hex-string length. But I did iron out the difference in my code.

The native version does 2000 rounds in 0.00674 seconds, and native PHP-version does that in 0.012470 seconds, so C-compiled binary is 100% faster.

My test code for native version:

<?php

$password = "password";
$salt = "salt";

$now = microtime(true);
$hash = hash_pbkdf2("sha256", $password, $salt, 2000, 20);
$dura = microtime(true) - $now;
echo $hash . "\n";
echo sprintf("%12.11F", $dura) . " seconds\n";

?>

My test code for Zend Framework 2 version:

<?php
require_once 'Hmac.php';
require_once 'Pbkdf2.php';

$password = "password";
$salt = "salt";

$now = microtime(true);
$hash = Zend\Crypt\Key\Derivation\Pbkdf2::calc("sha256", $password, $salt, 2000, 10);
$dura = microtime(true) - $now;
echo bin2hex($hash) . "\n";
echo sprintf("%12.11F", $dura) . " seconds\n";

?>

If you're site is not storing passwords properly, its about time to start now.

My weapon-of-choice in Linux CLI is vim. However, out-of-the-box it acts very stubbornly when editing files with modeline. The nice modelines seem to have zero effect. WTF!?

To my amazement, it appears that modelines are turned off as a default. It can be verified with a simple echo command from vim:

:echo &modeline

will yield 0 as an answer. So step 1 is to enable them in ~/.vimrc, if the file does not exist, create it. If it does exist, make sure that it contains following:

set modeline

Then confirm that echo will display 1 to indicate that modeline is enforced. What a great idea to not enable them! Nice going suckers!

To create your own modeline, put something like this into your file:

# vim: tabstop=4 shiftwidth=4 softtabstop=4 expandtab:

It reads:

• tabstop=4
• The width of a TAB is set to 4. Still it is a \t. It is just that vim will interpret it to be having  width of 4.
• shiftwidth=4
• Indents will have a width of 4
• softtabstop=4
• Sets the number of columns for a TAB
• expandtab
• Expand TABs to spaces
  

There is this guy, whose hobby is to do penetration testing for websites of his interest. He's a white hat -guy, so he does his best to inform webmasters. Quite often he reaches nobody and eventually publishes his findings.

Janne's blog is at http://janne.is/. I'd sure hate to see one of my sites listed there.

Windows 8 Pro comes with Microsoft's Hyper-V virtualization platform. If you have new and beefy PC, it is likely that the CPU supports Hyper-V (Celeron owners, don't bother). Everybody needs couple of Linuxes running inside your Windows, right? At least I do.

Getting the newly installed CentOS 6.3 to support networking is a bitch. After the CentOS installation finishes you're left on a virtual console screen with little possibilities of getting to outside world from your sandbox. The Wikipedia article about the subject reveals, that Microsoft had to submit their code into Linux kernel to comply with GPL license requirements. But still, CentOS 6.3 has kernel 2.6.32, but the much needed Hyper-V kernel modules are not available. Darn!

It took me an hour of Googling around, before I ended on Microsoft web page titled Linux Integration Services Version 3.4 for Hyper-V. I got the .ISO image, mounted it into my virtual Linux and run the install script. Yesh! The script managed to get my NIC to appear as eth0. After that it was just a breeze to get it configured with DHCP-client. It's a pity that nobody clearly documents this part of the installation process. People could save hours of work if somebody said to go get them.

Apparently new Linux distros come with Hyper-V drivers built in. In my case I need to run the same OS than my production server does.

MagicISO is ancient ISO-image editing app. If you want to install it and see the ancient look it has and notice that the trial versio is hugely crippled, you may choose to uninstall it like I did.

Guess what! It does not remove the shell extension and the DLL-file associated with it. The software is gone and there is very little you can do to get rid of the context menu.

I found that NirSoft's ShellExView is the tool for that job. Just pick the MagicISO context menu and disable it. The menu does not disappear from the context menu automatically. Explorer needs to be reloaded for that. I simply killed the process with Windows Task Manager and restarted it.

Done!