Category Archives: Blog

Strange TOR Traffic To Get IP

Is this evidence of another TOR and Firefox exploit to get your IP address, or something completely mundane?

I just checked the logs of a service that I provide that returns your IP address -

http://myip.wampdeveloper.com/

It was put up to be used under WampDeveloper Pro (to let the user know the server’s public IP address; usually the router’s IP) so as to not depend on any external services, and for anyone else that wanted to use it for whatever reason (no restrictions).

The logs had a large amount (relatively speaking to WampDeveloper’s use) of requests that started in May, different IPs, all with the same user-agent string (the string that identifies the make and build of the Browser you are using).
 
From doing a “resolveip” (attempts to turn the IP address into a potentially readable host name containing useful information) on some of the IPs, a lot of them are being reported as coming from -

  1. TOR exit nodes and routers
  2. Freedom and Privacy type hosting servers
  3. Some residential/home addresses (not WampDeveloper Pro related, it uses it’s own user-agent string)

 
Google returns no external results for query “myip.wampdeveloper.com”, except for the few times I mentioned it on HackerNews.

If these requests are coming from users of the Tor Bundle, the usage of myip.wampdeveloper.com appears to be under-the-radar, probably being used from within the Browser, like in a JS file that attempts to get your IP address (via a de-anonymized / local request).
 
The reason I say that (under-the-radar), is because the “reported” user-agent string of these requests is Chrome, not Firefox (Browser of the Tor Bundle). But the JS can set whatever user-agent string it wants, and those requests also don’t hit the favicon.ico URL (standard procedure for most browsers on first request to a website) – so it’s definitely not coming from the users going to (or being redirected to) the myip page, but rather coming from a script.
 
This is kind of really strange and unexpected, but hopefully is not related to all this -
Attackers wield Firefox exploit to uncloak anonymous Tor users
Tor security advisory: Old Tor Browser Bundles vulnerable
Torsploit takedown: analysis, reverse engineering, forensic

…But is rather just some other TOR based product/service using myip.wampdeveloper.com as part of a list of URLs it rotates through – a list of whats-my-ip services; or someone using this for their own needs.
 
The benefit of the above myip service is that it returns nothing but the IP, no HTML, no XML, etc. Just a few bytes of data via TCP/IP. Probably all within 1 packet.

Microsoft Responds to Horrified Developers on Future of Windows 8

A few weeks ago Microsoft released a preview video of Windows 8. Almost immediately developers all over the internet became enraged that Microsoft (with Windows 8) was leaving behind the platform and framework that they have been working with for a decade … all having hedged their bets on: win32 or .NET Framework + C# (language).

Except that Microsoft made no such moves. And no real developers were “horrified”, because a real developer knows that HTML is just a markup language and JavaScript is not a replacement for the CLR + .NET Framework.

At least that was what I thought!

Microsoft has now released a video demonstrating what Windows 8 is about.

The simple truth is that Windows 8 is a re-imagination of the desktop … geared towards the mass market which primarily uses their systems to browse the internet, post on facebook, check their email.

Windows 8 can run tailored apps where HTML and JavaScript widgets replace the traditional desktop window for the benefit of the user.

The underlining platform does not change. We simply get a new fancy UI option that uses a DLL shared with IE 10.

Apache Conference Videos and Slides

The ASF (Apache Software Foundation) organizes and hosts talks every year.

I’ve gathered links to keynotes from this year’s conference and videos from 2009 and 2008.

Start with the videos if you are mostly interested in the Apache Web Server. It seems to be a very small part of the 2010 slides.

ApacheCon US 2009 Videos: Hadoop Track, Apache HTTPD Track, Lucene Track.
ApacheCon US 2008 Videos: Apache HTTPD System Administration, Security, Administration.

2010 ApacheCon Slides and the schedule of the talks.

Google Toolbar Is a Resource Hog

I installed Google Toolbar in IE8 on Windows Vista.

It took up an entire cpu on a 4 core processor, ballooned IE load time from 1 second to 15 seconds, caused tabs to crash, and just made the entire system sluggish.

And that was after I turned all the toolbar’s options off.

It’s too high of a price to pay for seeing the PR of websites. Thanks, but no thanks Google. It’s now disabled.

Google Toolbar Performance

Google Took A Principled Stand On China.

Google Took A Principled Stand On China.

I doubt it.

Ask yourself this… What is it that has changed since Google entered the Chinese market in 2006?

Google knew what they were getting themselves into: dealing with censored results, government interference, corporate espionage (sanctioned by the state), and much much more. Not to mention having the entire deck stacked from the onset against all foreign companies (in China, you get used, striped, and then disgarded in favor of the home-grown competitor).

So a dozen Gmail accounts get compromised and the finger points to China. A few networks get breached.

So what?

How many Gmail accounts where compromised by government interest in the rest of the world? How many times did a corporate network get compromised by a competitor or a foreign interest? This is standard-operating-procedure in big business and politics.

Let’s try this on for size…

1. Google enters the Chinese market.

2. Chinese market/government favors own state side Baidu.com

3. Google breaks even or loses money on investment. Marketshare does not come.

4. Google realizes how difficult things are in China for “outside” companies.

5. Google, not being able to hack it here, to save face and score some points, uses its PR machine to a) start the process of pulling out of the market, b) make themselves look good doing it, and c) take advantage of a whole lot of people in the process.

And what do you know, it fits!




I’ll concede this could be a bluff to get something they want or there is much more going on that we have not been made aware of.

Google Failures of Epic Proportions

Every day I get up, turn my system on and spend a few hours reading the blogs I follow. And every day I read posts hating Microsoft for reasons that can only be explained by a serious misunderstanding of reality.

Here I present you Google Failures of Epic Proportions (a.k.a the other side of the story).

Original Idea Google Copy Result
Wikipedia Knol Fail, no one uses
YouTube Google Video Buyout, users don’t come
Exchange Wave Hype, does not deliver
Office Docs Mediocrity, does not compete
Paypal Checkout Poor vendor uptake, too many issues
Amazon Google Catalogs Discontinued
DMOZ Google Directory Fail
Y! Answers Google Answer Fail
Craigslist Google Base Fail
Twitter Jaiku acquisition Fail
Live Messenger GTalk Fail
WolframAlpha Google Squared Fail

Why Microsoft Needs Yahoo…

I was reading the comments in this article today and could not resist observing (once more) how bloggers and anonymous commenters love to pretend they know Microsoft’s business better then Microsoft *knows it itself*.

I think the real question here is why has Microsoft been unsuccessful in dominating this area of [internet search] business. Right? After all, this is what everyone agrees on — that Microsoft has failed here.

But have they?…

If you take the time to try Live Search, you’ll know it’s just as good as Google Search.

The problem here is not with better algorithms or a bigger database, but rather with consumer perception.

Consumers *have* made up their minds (< one of a thousand examples) that Google is king of internet search. And any decent marketer will tell you that once a consumer has made up his mind, it is impossible to change his notion from that point forward.

*It is that simple.*

Live Search can never compete with Google Search directly.

The above is a failed strategy. It’s just like Google Knol trying to compete with Wikipedia (fail!). It’s just not going to happen unless they are prepared to spend 100s of millions on marketing and the next 10 years slowly leaching away at the user base of whoever is #1.

There are only two ways Microsoft can win market share here: buy another major Search company such as Yahoo (to get their users and brand), or compete with Google search on different attributes.

And this is exactly what they have been trying to do, as everything else is a dead end. And of course with some creative marketing thrown in, they can attack Google on all fronts.

Update: Just take a look a Bing! Fantastic strategy on their part. Rebranding (of Live Search) and marketing at work creating a clean slate in the consumer’s mind.

Bing

Bing is a search engine that finds and organizes the answers you need so you can make faster, more informed decisions.

vs. Google

Enables users to search the Web, Usenet, and images. Features include PageRank, caching and translation of results, and an option to find similar pages.

WordPress, Disable and Delete Post Revisions

Post revisions are one of the more useless features of WordPress that do little but add bloat to the database.

At first they were kind of cool, but then what do you do with them?

You’re not running a wiki. Right?

Here is how to get rid of them once and for all.

Edit wp-config.php, add this line in to disable the post revisions feature.

define('WP_POST_REVISIONS', false);

You will also need to clean the database of all the previous entries under the wp_posts and wp_postmeta tables.

use database_name;
DELETE a,b,c FROM wp_posts a LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id) LEFT JOIN wp_postmeta c ON (a.ID = c.post_id) WHERE a.post_type = 'revision';

Congratulations, you are done! Enjoy your now much smaller database.