Tag Archives: Informative

Strange TOR Traffic To Get IP

Is this evidence of another TOR and Firefox exploit to get your IP address, or something completely mundane?

I just checked the logs of a service that I provide that returns your IP address -

http://myip.wampdeveloper.com/

It was put up to be used under WampDeveloper Pro (to let the user know the server’s public IP address; usually the router’s IP) so as to not depend on any external services, and for anyone else that wanted to use it for whatever reason (no restrictions).

The logs had a large amount (relatively speaking to WampDeveloper’s use) of requests that started in May, different IPs, all with the same user-agent string (the string that identifies the make and build of the Browser you are using).
 
From doing a “resolveip” (attempts to turn the IP address into a potentially readable host name containing useful information) on some of the IPs, a lot of them are being reported as coming from -

  1. TOR exit nodes and routers
  2. Freedom and Privacy type hosting servers
  3. Some residential/home addresses (not WampDeveloper Pro related, it uses it’s own user-agent string)

 
Google returns no external results for query “myip.wampdeveloper.com”, except for the few times I mentioned it on HackerNews.

If these requests are coming from users of the Tor Bundle, the usage of myip.wampdeveloper.com appears to be under-the-radar, probably being used from within the Browser, like in a JS file that attempts to get your IP address (via a de-anonymized / local request).
 
The reason I say that (under-the-radar), is because the “reported” user-agent string of these requests is Chrome, not Firefox (Browser of the Tor Bundle). But the JS can set whatever user-agent string it wants, and those requests also don’t hit the favicon.ico URL (standard procedure for most browsers on first request to a website) – so it’s definitely not coming from the users going to (or being redirected to) the myip page, but rather coming from a script.
 
This is kind of really strange and unexpected, but hopefully is not related to all this -
Attackers wield Firefox exploit to uncloak anonymous Tor users
Tor security advisory: Old Tor Browser Bundles vulnerable
Torsploit takedown: analysis, reverse engineering, forensic

…But is rather just some other TOR based product/service using myip.wampdeveloper.com as part of a list of URLs it rotates through – a list of whats-my-ip services; or someone using this for their own needs.
 
The benefit of the above myip service is that it returns nothing but the IP, no HTML, no XML, etc. Just a few bytes of data via TCP/IP. Probably all within 1 packet.

Is your LCD making a buzzing or high pitch noise?

This seems to be a real problem with some LCD Monitors, especially the entry level TN panels like the popular Dell models (one of which I’m in front of right now).

In my case, the monitor was fine for the first two months. But then started making a buzzing noise… 1) when on, 2) worse when in power stand-by mode, and 3) even worse when turned off.

Thanks Dell!

It seems as if the cheap capacitors manufacturers’ use in these LCDs, after a while, start to resonate at a high pitch frequency that is very annoying in a quiet room. I’ve read that some people have fixed this by opening up the monitor and putting epoxy resin around parts … something I was not ready to do.

Adjusting the brightness setting of the LCD managed to fix this problem. Since this changes the power the monitor takes, this also changes the frequency these cheap capacitors resonate at… Sometimes for the better. You’ll have to play around and see what works for you best.

Next time I’m going for a nice non-TN Samsung.

Other reported fixes include changing the refresh rate (switching between 50Hz or 60Hz), and disabling the internal/integrated speakers or setting their volume to zero (they might be on without you knowing).

Windows Mail for Vista, Not As Bad As I Thought.

Having used Windows XP for the last several years, I’ve recently decided to migrate to Windows Vista after purchasing a Dell 530 quad core PC with a 24 inch LCD.

My choices were to:
1. Keep using Thunderbird
2. Migrate to Outlook [Office]
3. Or try the native Windows Vista Mail application ["Windows Mail" is the replacement for Outlook Express].

The choice of using Thunderbird was the simplest of them all… But I wanted to try something new. The stability issues and a non-modern UI were the other decisive factors at play.

In the end, Windows Mail was the winner. But not an easy one.

Here is what I have discovered, which should have been documented somewhere but is not.

a) There is no way to import mbox format mail from other Mail Clients.

I used a temporary IMAP folder to copy/move messages from one mail client to the other; to bypass the obvious underlining format issues.

b) All POP accounts go into the main Local Inbox folder.

If you want to structurally segment different POP accounts, you will need to create Local sub-folders and create message rules that are conditional on the specific account. I can make a case for or against this [if this is a feature or a limit].

c) Message Rules do not apply to IMAP folders.

And there are no setting to automatically copy/move messages from select IMAP folders or accounts to the Local Folders. Again, I can make a case for or against this [both ways].

d) The Spam filter does not automatically apply to IMAP accounts and folders even when “Synchronization Settings” are set to “All messages” [which downloads the entire message body].

You actually have to open the message for the spam filter to process it. Though I think it might act on the header data it receives, proactively, or perhaps even on the message body when you select “Work Offline”.

All in all, after using Windows Mail I’ve actually become fond of it. It’s a great app and integrates well with the system.

Note:
Gmail IMAP folders use a “/” path in their structure. Example: The All Mail folder is “[Gmail]/All Mail”. Windows Mail does not allow you to use this character to specify the special IMAP folders. It still works, but looks a little odd. There are ways to get around this if it bothers you.

It’s Not a Bug, It’s a Feature… No, It Really Is. Microsoft vs. Linux

Make an HTML form with a text field and two submit buttons. Load Firefox and IE, bring the text field into view, and press the enter key.

When you have a form with one or more buttons, hitting enter under Firefox will POST the value of the 1st form button. On the other hand, with IE, unless a specific button was selected, no button values will POST.

At this point, I know a lot of people would start claiming that Microsoft is sloppy, IE is brain dead, Firefox is so much better, and more similar tripe… But think about it, how should the browser know which button is “first”? Should it be the 1st one in the HTML code? Should the “tabindex” value affect the situation? Could something be manipulating the button visibility or placement under CSS or JavaScript? Can the true human-interpreted layout even be determined by code?

And what about the question of whether the ‘enter’ key signifies “submit form”, or “submit form and the 1st button value”?

Windows has been deployed on hundreds of millions of systems, if not more. The user-base is very diverse: with different cultures, languages, and processes. If you want to cater to that user-base, you cannot make assumptions. IE is absolutely correct in not POSTing the value of an unselected form button on an ‘enter’ key press.

And this does not even touch on the fact that when you have 100s of millions of users, you also absolutely have to consider backward compatibility. Who knows how this used to work in the past, or what assumptions coders have made.

As is turns out, this really is a feature after all. And chances are, the rest of what the Linux fan-base complains about with Microsoft falls exactly along these lines. I’m all for GNU/Linux, just not mindless accusations and false claims.

submit.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
	"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>It's not a bug, it's a feature!</title>
</head>
<body>
<form action="submit.php" method="post" name="form" id="form">

<p><?php
if (isset($_POST['action'])) {
	if (isset($_POST['submit_1'])) echo $_POST['submit_1'] . '<br/>';
	if (isset($_POST['submit_2'])) echo $_POST['submit_2'] . '<br/>';
}
?></p>

<div>
	<input type="text" name="text" id="text" tabindex="1" value="" /><br/>

	<input type="submit" name="submit_1" id="submit_1" tabindex="2" value="Button 1 Clicked" />
	<input type="submit" name="submit_2" id="submit_2" tabindex="3" value="Button 2 Clicked" />

	<input type="hidden" name="action" value="submitted" />
</div>
</form>
</body>
</html>

Do less, Not More

Getting Real, a book by 37signals.

It’s something that I have been thinking about for a while now… Will doing more work move projects like DeveloperSide.NET and DynamicSide.NET ahead?

Over time, with lots of mistakes, I have come to the conclusion that the answer to that question is “no”.

Doing more work will only make things more complicated, and will not increase the user-base. It’s all about ease-of-use, simplicity, and getting the end-users involved in the process [of working on the project] — that makes a project truly successful these days. [a hint of whats to come for devside.net]

80%-90% of the project time is spent working on 10-20% of the features. And it’s just not worth it, it makes the project too complicated, and does not particularly give you any returns.

Do the basics, and forget the rest. You do not need to match a competing project’s feature set. Just make it easy to use for the client, and let your competition self-destruct in complexity…

Here is an example… Take a look at the other dynamic dns providers. Setup an account, and try to figure out what that mess on your screen is. Now look at the DNS menu of dynside.net, pretty simple, right?