25 Aug 2008 Doing the same thing again and expecting different results

I was shooting a herd of Wapiti which were jumping into freezing white waters of Athabasca river near the Ice Fields parkway in Canada. My Canon SLR stopped working and gave the dreaded Err 99.

Later Canon service folks diagnosed and asked me to parcel the dead camera to their factory service center in Irvine, California along with a copy of original receipt.

Not having preserved the original receipt, I went to the electronics supermarket chain I bought the camera. The customer service specialist there took my creditcard and worked for about five minutes on the LCD screen and said "Sorry! you will have to try at the shop you bought your camera... We cant print your receipt here". Then I drove ten miles to the shop where I had purchased it.

Customer service specialist there took more time, couldn't figure out how to print a duplicate receipt. The boss in that store came down. He gave his experienced gaze at the terminal and he suggested something. The service specialist then went inside and came out with a printout of an excel sheet containing all the purchases I had ever made with that company.

Then I called Canon, to check if that spreadsheet is acceptable, but they insisted on giving the original proof of purchase. I went to the nearest store again, but this time the customer service person there swiped my credit card, and my duplicate receipt came out the printer in matter of seconds!!

Someone defined insanity to be doing the same thing over and over again and expecting different results, but might work for you when you call for customer service help.

By the way, Canon replaced my SLR camera's shutter assembly and sent it back in a week.

Photos from Canada are here

Canada

Vancouver

Link | Comments [0]

18 Aug 2008 To prevent auto-reply e-mails

To keep some of the Sun's internal processes rolling my crontab(4) has accumulated a number of scripts that are run daily. These scripts send out emails of anything from a "gentle reminder" to gory details of process steps to follow.

In return for that service, a dozen or so vacation auto reply messages would get bounced at me automatically everyday when ever these scripts run. Looking at my mails I know who is on vacation or who is traveling.

So far I had a server-side filter that would filter out such responses. However is there way to stop these vacation auto-replies at the source?

It seems there is a way to tell the auto responders to ignore sending a reply to a mail, if the mail contains the header:

Auto-Submitted: auto-generated

Headers indicating an email to list can also suppress the autoreplies:

Precedence: list

After I added these to my scripts, I haven't seen any reply so far...

Link | Comments [0]

30 Jul 2008 Secure your Wi-Fi networks now!

Last time I visited an Internet cafe in Bangalore to scan a few documents I was in for a surprise. They asked for a photo ID before they offered me any service, even if it is just to scan a couple of documents to my USB stick. That is a good thing - makes it difficult for terrorists to operate and communicate.

This person apparently had his WiFi network wide open for anyone to access and abuse it. It is suspected that terrorists used his network or mail account to send a warning email hours before the blasts in Ahmadabad where about 54 people were killed.

He says "I'm not an IT professional. I have no idea how all that works". It is as good an excuse as saying "I am not a locksmith. I have no idea how to lock my doors". Search google or ask a friend.

Some amount of blame rests with folks who make these Wi-Fi devices and not making them easy to operate in a secure by default mode.

Link | Comments [4]

28 Jul 2008 Notes from the 20th FIRST conference in Vancouver
I was at 20th FIRST Conference Vancouver last month. Forum of Incident Response and Security Teams is a community of folks who work behind the scenes to keep the world running - from people securing your banks to people protecting your national infrastructure. Here are pointers to some of the interesting topics from the conference:

• Fast Flux networks Fast Flux nets are where compromised computers are used to temporarily host malware.

• A talk on "Applied Security Visualization" demoed state of art of network visualizations and tools. There is a live CD project called DAVIX which aggregates the tools.

• An interesting demo was of "RFID hacking" - where Adam Laurie demonstrated duplicating company badges and electronic passports with gadgets that cost less than $100. He could take his scanner near a passport with RFID (aka E-passport) and display holder's information including passport photo

• A Keynote presentation from former security chief of OLPC (One Laptop per child) talked about features of OLPC as something as a great advancement in security - for eg. the ability that only a open dialog box can open files! (BTW, that sounds very similar to what we call in the UNIX setuid - that only password command can change passwords)

• A presentation about Mozilla development process talked about how testing is done: they are always running enormous number of test suites against the latest tree. They don't rely on the developers to do the testing for changes.

• Honey spiders - that crawl spam and phishing sites in search of malware and execute or analyze them.

• Atanai Sousa showed how a phishing malware operated in Brazil, giving insight into how the spyware and malware have an upper hand in capturing your bank passwords weather you type them or use any other practically useless mechanisms invented to circumvent keyboard spys.

Overall it was good listening to stories direct from people in the battleground, to get an understanding of real world problems and threats they face. It also gave a good opportunity to meet product security folks other companies and CERT folks from around the world - many whom we communicate over email daily.

Link | Comments [0]

04 Jun 2008 In the heart of Europe
I was in Praha (or Prague) a couple of weeks ago. Praha is a neat little capitol of a beautiful state in the middle of Europe.


Old city is full of buildings with great design, each is different from the others. City's old buildings - unscathed in the world war - and neatly dressed old ladies and gentlemen make the whole place a surreal theme park. An old Czech lady was telling me that she has seen her country occupied by three regimes: Germans, Soviets and now tourists :-) While Praha is a clean city, the most unpleasant experience was its cigarette smoke. Restaurants and most souvenir shops had an ambiance of tobacco haze.


In the city I marveled at the architecture and design of Obecní Dům (or the Municipal House) where every door knob and hinge seems to have been crafted with the same care and attention to detail as rest of the ornate building.


Czech countryside is full of castles that dwarf any western mockups in both in size and grandeur. Spring weather was brilliant with full bloom of yellow flowers on lush green grazing grounds and bright red roofs.
The thing I enjoyed most was an evening walk in the hilly Village of Large Bungalows (sorry I don't recall the name of the Village). It was a small village with large houses with beautiful gates, gardens, statues, fountains and luxury cars. Dates on the houses ranged from 1800 to 1950s and styles reflecting the era they were built in. There were rows and rows of such bungalows. There seemed to be only one restaurant in town which was closed.


Link | Comments [1]

10 Apr 2008 Fast Forward in Time

I was trying out time lapse photography. My camera was clicking every 5 seconds whole evening and through the night. Captured set of photos (thousands) were converted to a movie using mencoder, then cropped to 1080-HD resolution. You can see stars glide towards the horizon and moon going down (but google video quality is not HD and and not all starts can be noticed)

Last weekend I was on top of a hill to capture sun rise over the Sierra Valley in California. It was freezing and windy in the morning and the movie is a bit shaken:

Link | Comments [2]

29 Mar 2008 Goodthings: The Greatest Invention since Bell's Telephone..
No, its not the iPhone, nor VoIP and forget the cordless phones.. A while back, shopping for a land line phone. I would ask the shop sales folks if they had anything which had:

• quick dial - i.e ability to directly dial a handful of numbers quickly (max one or two button press)
• mute button
• speaker phone
• no AC adapter or batteries

I am surprised that there are really advanced phones (phones with bluetooth, skype etc.,) which don't even have quick dial settings. (I returned a good glossy black Philips Skype phone because it had no quick dial!) At first it did not seem possible for me that such a phone could exist, because the smart sales folks at Fry's or BestBuy told me that they had never seen aything like that. The closest they could get was a Panasonic It did not have an AC adapter but needed three batteries.

Then recently I stumbled upon this GE phone at OfficeDepot. (There is also an Activa branded one which is exactly the same model) It provided all the features I was looking for without an ugly AC adapter or batteries. I couldn't believe it, I unpacked it in store to double check what it claimed on the carton. Apparently it is powered by the telephone line! It doesn't have glossy black designer finish, but it gets my nomination for the greatest invention in telephone hardware since Alexander Gram Bell's phone.

A cordless phone which adds two more cords at poor voice quality isn't an advancement, a 500 number phone book which gets erased every time the power gets disconnected isn't an advancement, but a phone which gives more features without retrogression is worth a praise.

Link | Comments [2]