JD's Brain

Using the Compaq PA-1 with Linux

I purchased one of these little guys in 2001 and used it very little at the time. It took forever to transfer songs, only worked under Winblows, and the capacity was very limited (they come with two 32MB MMC cards).

]]> Fast-forward 4 years and podcasting is born. It's really nice to always have new interesting content to listen to while you're comuting or working outside. So I downloaded a bunch of podcasts (in MP3 format for now) and proceeded to install the Compaq-bundled RioPort software inside a Winblows session in VMWare. File transfers worked one third of the time, and drained the batteries pretty badly. The real problem, however, was the time wasted in other parts of the process. Waiting one full minute for RioPort to read the list of files transfered was too much. As with anything else in Winblows, it's not the apps that suck that much, but the OS just makes the user experience a real nightmare.

Being a happy resident of a non-DMCA encumbered country, I decided to reverse engineer the filesystem used to store the files to the flash cards. This way I can transfer files without using the PA-1 itself, which saves on the USB hassles and uses zero battery power. The first step was to dump a working flash image and examine it using a binary editor (bvi in this case).

It turns out that the filesystem was created by a company called Eiger M&C, which doesn't seem to be doing business anymore. I even tried emailing their contact listed on their website (last updated in 2002), but of course got no reply. To make a long story short, I ended up successfully reverse engineering most of the filesystem format, and used a bare bones version of it as the basis for a small Python script.

And so was born jdeigerfs v0.1 (3.4KB) :) It allows you to generate a mm.img file that contains a filesystem image that you can copy to any flash card. I use 32MB and 64MB MMC cards on my device, but your device may use other cards/sizes. All should work, up to 128MB per card. From what I can tell the format used for the FAT reserves 128KB for a 1 to 1024 mapping of the flash card, so anything over 128MB would actually cause the FAT to overwrite the first file in the card.

The script is barely useable. Actually it's a bit better than that, and in a works-for-me state. I decided to release it early so that if anyone else has any use for it I can get feedback at an early stage, although I don't plan on making any major improvements to it. Now I can finally test if the claim to support AAC is true (hard to believe for 2000 hardware). Later.

Multi-DVD backups using zero disk space

As a few million other people, I have started doing my backups on DVD+RW. With a capacity of 4.7GB (that's 4.7 billion bytes, not 4.7 * 2^20 bytes), fast write speeds (compared to CD-RW) and the ability to reuse the media thousands of times, it's hard to ask for more.

]]> Unfortunately the problem when backing up to DVD starts when you have to choose a format. You could theoretically use any default filesystem that your OS likes and burn that directly to the media, but it would be highly incompatible with any other OS. One of the desired characteristics of a backup is the ability to restore easily under any circumstance (or any OS).

That basically leaves us with ISO-9660 as a format. Virtually every OS supports that. Of course there's your Rock Ridge extensions for Unix, and your Joliet for Windows, but that's easy to implement (most software supports both). The problem is, even with these extension, the ISO-9660 format is pretty limited. It needs a lot of hand-holding in order to solve duplicate filenames (inside different directories, which is quite common in any filesystem), and the most common utility to generate such a filesystem (mkisofs) tends to require _a lot_ of switches to do what you want.

OK, so all we have to do is come up with a script to feed mkisofs with the proper switches, resolve the duplicate filenames, and we're set, right? Not quite.

Making an ISO-9660 image of your data and then burning it would require lots of temporary storage. At least the 4.7GB to be exact. And in lots of situations, that temporary space just won't be available, or your /tmp or /home partitions may be too full to fit that image in. That's why we need to backup in lots of situations--to free up some space. How can you free space up when you need _more_ space to do it? Sounds like asking a bank manager for a loan--he'll want you to prove that you already have the money in order to lend it to you!

Back to software land, we'll need a neat utility called growisofs. It is named like that for historical reasons, but can actually burn the DVD for you, as well as making the ISO-9660 filesystem. The strategy here will be to identify the files that we're backing up, and group them until we reach the media size, then provide that list of files to growisofs so that it can make the filesystem and burn it on the fly, without using temporary storage :)

Another alternative would be to use the mkisofs -stream-media-size switch, but that way we could end up splitting up a file (I think--I didn't actually test this), which is not at least what I personally want with my backups. Notice that my technique here can waste a lot of space if you have lots of huge files, and won't even work at all if you have files larger than 4.7GB. I use this script to backup my pictures, music, and data. For movies and other large files I create a directory, move files to fit nicely inside the 4.7GB, and then backup "." (the current directory) using the same script. Works quite nicely.

Please also note that this script is not for production purposes. It's a hack that I came up with to do simple yet effective backups to DVD. Again, works fine for me. YMMV.

And finally for the script itself. You can find it here. It takes only 2 command line parameters: the volume label prefix, and the directory to backup. The volume label of your burned DVDs will be the prefix appended with "_01", "_02" and so on. There's a bug where when the backup is finished it'll still ask you for one more DVD. Just press Enter and it will quit harmlessly (without turning your DVD into a coaster ;)).

online-replica-store.com sucks!

It has been a few weeks since I reported about simply-rx.com. Lots of people posted comments saying they were ripped off. I decided to check if several of the redirected domains (those that point any subdomain to the sucky site) were still up, and they are--except that they now all point to online-replica-store.com.

]]> A quick search on Google will tell you that this is just another scam by the same people. The domain was registered by another fine Spanish citizen:

domain:       online-replica-store.com
status:       production
owner:        Sanchez Gonzalez
email:        gruco99@rodrun.com
address:      San Roque 889
city:         Castiblanco
state:        --
postal-code:  41230
country:      ES
admin-c:      gruco99@rodrun.com#0
tech-c:       gruco99@rodrun.com#0
billing-c:    gruco99@rodrun.com#0
nserver:      ns1.dns889.com 203.98.159.136
nserver:      ns2.dns889.com 203.98.159.136
registrar:    JORE-1
created:      2004-12-17 10:56:45 UTC JORE-1
modified:     2005-01-23 17:10:37 UTC JORE-1
expires:      2005-12-17 05:56:45 UTC 
source:       joker.com

Looks like a bogus name to me, as both "Sanchez" and "Gonzalez" are usually last names.

A few of the domains redirecting to the site are:

*.iazy.com (as listed before)
*.keej.com (as listed before)

*.yomoi.com:

Domain Name: YOMOI.COM 
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

We know Mr. Bee Aa already, right? :P

*.roiex.com:

Domain Name: ROIEX.COM 
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-10-26 GMT.
Domain Expiration Date......: 2005-10-26 GMT.
Domain Last Updated Date....: 2004-12-24 10:49:27 GMT.

Registrant:
    smith a
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Now _that's_ a real name: "Smith A". "How are you doing today, Mr. A?".

*.jeou.com:

Domain Name: JEOU.COM 
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Looks like Wooho is making a killing on registering domains for these people!

*.vievv.com:

Domain Name: VIEVV.COM 
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-10-04 GMT.
Domain Expiration Date......: 2005-10-04 GMT.
Domain Last Updated Date....: 2004-12-24 10:47:26 GMT.

Registrant:
    aweb 
    588-5, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

*.repllca.com:

Domain Name: REPLLCA.COM 
Domain Status: ACTIVE
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2005-01-21 GMT.
Domain Expiration Date......: 2006-01-21 GMT.
Domain Last Updated Date....: 2005-01-21 17:24:09 GMT.

Registrant:
    Kimbo K
    Gangdong-gu, Seoul Gangdong P.O.Box, Gangdong-gu
    Seoul,  134600
    GB

A few other domains at Wooho (raoy.com, mejc.com, etc.) are not responding right now. I wonder if Wooho is doing something about this or if they're just having technical difficulties.

The "modus operandi" for these scammers is the usual: design a professionally looking site (probably by just stealing the layout from an honest site), list products that are not readily available (cheap medicine, fake watches, sex toys) due to grey market concerns, charge about half the price of regular grey market items, and PROFIT! I wouldn't be surprised to hear that the credit card charges point back to India or China even if the site is in English. That makes it a lot more difficult for credit card companies to get their money back. Of course customers should get their chargeback even if the CC company never seems a dime back from these scammers.

What really made me mad about these guys this time is that they spammed _all_ of the GNU mailing lists (glibc, a2ps, smalltalk, chess, etc.). Do they _really_ think that Free Software / Open Source people fall for this kind of scam? I'd think that their 0.01% sales over advertisement must come from people who are using the Net for the first time or something like that. I mean, they don't even post contact information on the site. Or list a company name. It's just a pretty site with _no credentials_ whatsoever.

So there you go, same gang, new site, beware.

Updated: [6-Feb-05] Added repllca.com.

Upgraded to MT 3.15

Movable Type 3.15 adds a few goodies like the "nofollow" tag proposed by Google (to fight spam--yay!) and a fix for a hole that allowed people to send mail using your forms (yes, spammers). I've just upgraded so dunno if anything broke, but it looks fine so far.

]]> The sad part about it is that basically anything being done to improve email and blog products these days seems to be trying to prevent spam. I hope the "spam bubble" burst pretty soon and that spammers go back to their trailler parks (as opposed to the current mansions). At least I'd expect them to come from trailler parks and guettos. You wouldn't think that well educated American college kids would be the world's biggest spammers, right? Nah.

simply-rx.com sucks!

simply-rx.com is the first entry in my new category, "This Sucks!". Everyone knows that I just _hate_ spam (uh, I said the "H" word, sue me!), and some spammers are just a lot more annoying than others. So to the proud owner of simply-rx.com, let me just say: YOU SUCK!

]]> It's impossible to know for sure if any of the information collected by registars about the domains they get paid to register is true, but for whatever it's worth, here's some interesting info.

simply-rx.com

::Registrant::

Name      : Francisco Sneed
Email     : admin@simply-rx.com
Address   : La Mina No. 55, Cantabria
Zipcode   : 39478
Nation    : ES
Tel       : +34-942589889

This guy apparently hires some teenage punk to send all different kinds of spam using various methods. These spam messages point to bogus domains, which redirect (and presumably even account for - wow, spam affiliates!!!) back to simply-rx.com. Here are some of these bogus domains:

iazy.com
domain:       iazy.com
status:       lock
owner:        Mohammad Khan
email:        admin@taiwanmedialtd.com
address:      Kizilelma Caddesi No
address:      Findikzade
city:         Istanbul

Try visiting "http://Mohammad-eats-shit-for-breakfast.iazy.com" to see where you end up :)

Domain Name: NEATA.COM
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Surely "Bee Aa" is a real name!

Domain Name: KEEJ.COM
Domain Status: LOCK
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2004-11-04 GMT.
Domain Expiration Date......: 2005-11-04 GMT.
Domain Last Updated Date....: 2004-12-24 08:23:40 GMT.

Registrant:
    bee aa
    588, Seocho-dong, Seocho-gu
    Seoul,  137070
    KR

Wooho corporation was really busy on Nov-11-04 :D. Goes to show that this information is pretty recent. I'm sure there are hundreds of others. Maybe spamhaus already has a lead on this guy, I surely hope so.

Feel free to block all the domains listed above, there's no chance in hell you'll ever get any legitimate email from them.

Peace.

Edited on 2005-01-13: Removed links, to prevent simply-rx from increasing its PageRank™. Duh! :P

My own DNSBL

My trash folder used to hold about 2,000 spam (and non-spam) messages. Any mail older than 7 days is automatically deleted. Most of what was there never got to my email client, because I use bogofilter to do bayesian spam filtering.

]]> That worked well on its own until I started getting _tons_ of spam. I wrote a bunch of scripts to identify the offending IPs and compile them into my own DNSBL (DNS Block List). It is publicly available at dnsbl.jdrowell.com. That's not a homepage, but a domain for the reverse IP lookups.

Since I started using this DNSBL, my trash folder trimmed down to about 200 messages (for the week). That includes my legitimate email (which I read and then delete). Not bad :) It also unloads my mail server, and, most importantly, makes spammers really angry. And poor. And suicidal (I wish).

The current count for dnsbl.jdrowell.com is about 70,000 IPs. I don't add blocks, only single IPs. I don't remove IPs unless I feel like it. I don't recommend that anyone use this DNSBL to actually block messages, but instead to flag spam as part of some greater process, such as using SpamAssassin or another similar tool.

That's about it. At a rate of about 2,000 new IPs every day (boy do I get spammed!), I'll probably have over 100,000 spam sources identified by the time you read this! Bring on the zombie botnets!

Fighting SPAM with DNSBL

I've been getting an average of 20,000 spam emails a day on one of my servers. Apparently some nice spammer included a domain I own as a target for his zombies. That means I kind of get DDOS'ed with spam :P

]]> Most approaches to filtering spam don't work well when you're only getting a spam or two from each IP that connects to your server. For instance, one very nice way of catching spammers is by placing a few honeypots around and then blocking whatever IP sends mail to them. Unfortunately the kind of spam I'm getting is really dumb, in the form of messages to addresses that _don't_ exist. This causes the message to bounce back to the faked originating address. I say it is dumb because the person who actually receives the bounce gets it is "error" form, not as the clean original message, and thus will more than likely not read it. Even if they do, they'll be pretty sure that they didn't send the message, and will not click on the spam link that they supposedly sent someone else. SIGH!

Anyway, some pathetic spammer with a fairly big botnet thinks it's a great idea and decided to bounce some of his trash off my server. I'd really like to block that spam _before_ it gets delivered to my SMTP server (Exim in my case--yes it's very l33t). That being the case I created a tiny Perl script to tail the Exim log files and block access to port 25 from any IP that sent me spam. The idea was to prevent any further spam from that IP from even connecting to my box.

That worked fine and dandy, with only a small problem (or two). Very few IPs returned to spam me again. As I said, this guy's botnet is quite large, and many of his zombies have dialup or dynamic IP DSL/cable. The other problem is that there are just _a lot_ of them. A single day of logging resulted in over 15,000 IPs added to my firewall.

OK, let's go to plan B. Lots of other people are getting this spam, right? Let's see what they're doing about it! Turn out that a very efficient way of dealing with this type of bot is by allowing a pool of servers to rat on the IPs that are delivering spam. That way other servers can block their spam _before_ it's delivered. I guess this is how Vipul's Razor works, but I've never gotten to install it. I just used the lazy approach: filter whatever everyone else is filtering.

Most people don't worry that much about spam because they get only a few messages a day. ISPs and large companies, however, _do_ mind. And so a few "central" facilities for consolidating these spam sources were born. To distribute the data, a very clever approach is used: DNS. The fact that everyone that uses the Internet already uses DNS, and that it is distributed and has built-in caching, and deals with IPs, make it the prime candidate for the job. All that has to be done is to create a dummy (non-authoritative) reverse zone, and then clients can query the database using W.Z.Y.X.dnsbl.domain.tld to check if IP X.Y.Z.W is blacklisted. BTW "DNSBL" simply means DNS Block (or Black) List.

This all sounds quite complicated, but to implement it with Exim takes only a few lines. Exim4 supports ACLs (Access Control Lists), so all you have to do is add an ACL entry:

  deny   hosts = !+relay_from_hosts
         message = $sender_host_address is listed \
                   at $dnslist_domain
         dnslists = dnsbl.njabl.org : \
                    bl.spamcop.net : \
                    dnsbl.sorbs.net : \
                    blackholes.five-ten-sg.com : \
                    cbl.abuseat.org : \
                    psbl.surriel.com : \
                    list.dsbl.org

I chose to not check for spam from anything in my relay_from_hosts variable (for obvious reasons). You basically choose a message to use when rejecting (and logging) an attempt of spam delivery, and specify a list of domains to be used for the reverse mapping checks. Normally these DNS servers will return NXDOMAIN for regular IPs, or 127.0.0.2 for known spam sources.

So there you have it. I came up with my list of DNSBL sources by searching the excelent OpenRBL (a kind of DNSBL meta-search) for the spam sources that reached my box.

Also note that on of my DNSBL sources is psbl.surriel.com. This is Rik van Riel's (of Linux Kernel hacking fame) site, and is powered by Spamikaze, a tool that I plan to run on one of my boxes soon. The plan is to have my own DNSBL based on the spam that still gets through to my box.

I'll end this entry with a big "THANKS!" to all the projects mentioned (this is all free, folks) and look forward to paying them back with some pizza and beer in the future.

If you're a Dilbert fan...

...then surely you must be a geek, just like me. I can't say that I'm insanely into comic strips or anything like that, but a visit to comics.com made me want to have _all_ Dilbert strips really bad.

]]> While I'm not prepared to pony up for their paid service, I did subscribe to the free "Basic" service to see what it looks like. Not being able to wait to start my collection, I decided to fetch the 30 or so strips that are available in the Archive for free.

Obviously I'm not the first person to have such an urge. The guys at comics.com don't use a very common filename scheme for their content, presumably for the exact reason of making mass-fetching harder. A quick search on Google showed that every geek and his grandma has already written a script to fetch these strips. Instead of making my life easier, this simply proved that every minimally proud Dilbert fan _must_ make his/her own script.

And so I proceeded to code my hack, jdilbert. Don't expect much--it's just a hack--but it does work. So much so that my collection now contains exactly 31 strips :)

"1st World" Oysters

Today is the first business day for willapa-oysters.com, my Dad's pet project and future online seafood behemoth.

]]> Not that I could tell, because the main means of advertisement for the site, Google Ads, does not show up on my search (remember, I live in a 3rd World country :P). But thankfully my Dad told me about it and I was able to see his ads by using a US proxy. If you're not in the US you can't get his oysters/clams/etc. anyway, so I guess it makes sense.

OTOH, if you can get his products, it's most definitively worth a try. I happened to live in Oysterville, WA for a few years and the local seafood is fantastic. Everything that is produced locally is extremely fresh and has excellent taste. That includes oysters and clams (which you can now get next-day from my Dad's site) and also salmon, halibut, sturgeon and other yummy seafood (which you'll actually have to visit the Peninsula to try for yourself--like Bill Clinton did).

When you place an order, remember to mention the keyword "FREECAP" and get a really nice "absolutely fresh" baseball cap for free :) (valid until Xmas '04).

Multi-head screenshot

I was talking to my good friend gzp on AIM, bragging about my new (but made from old parts) box, and the fact that it had RAID1, RAID5, three heads, etc. So he asked me for a screenshot. I tried to use xwd to make it--to no avail--so he told me about scrot.

]]> And what can I say, it's just sweet! Here's the result.

I'm feeling taller

Yesterday Giovanna ate her first meal on the high chair!

]]> The menu for that meal was something like carrots, beef, potatoes, brocoli and fubá :)

Using the 'Net to help cats and dogs

My wife and I just love pets. We currently have 3 dogs (Thor, Mel & Meg) and 4 cats (Sebastian, Chiquinha, Matilda & Samantha), and they're all mutts (no pedigree). While we couldn't possibly handle any more pets, we would sure like to help others to get a home, and so the idea of creating a website for that purpose was born.

]]> Since we moved to Indaiatuba, SP (Brazil), it became obvious that there were plenty of little animals around that could use some help. After rescuing a few cats and dogs in our neighborhood we started to get more involved with other people who did the same. It turned out that there was already more than one local association specifically setup to help the homeless cats and dogs. Unfortunately, none of them are very organized, and only one gets any help from the local administration.

My wife continued to show up at the pet donation spots on weekends to help out and chat with other animal lovers. From those contacts came our friendship with Eliane, the founder for UPAR ("União Protetora dos Animais de Rua"), a new but thriving association that had already helped hundreds of unfortunate animals. We volunteered to create and host a web site containing relevant information and tools to better manage her association. Not only could we inform people about the problem, but we were going to do something about it!

And so the site was born (content in Brazilian Portuguese only). The official launch was in October, and we're currently working on the animal donation part--photographing the animals, inputing their characteristics, and allowing visitors to browse our database and select their new friend. Check out the photo galleries, I'm sure you'll find some adorable cats and dogs there :).

New home for jdresolve

I've changed jdrowell.com about a hundred times in the past few years. And every time I do so, I need to find a place to put my Free Software projects.

]]> jdresolve-0.6.1.tar.gz (50KB)