Category Archives: Internet

Unhelpful web help

Just… just… wrong. So wrong.

Firstly, note the error message “Enter a valid email addresss”. Where, pray tell, ought I do this?  Why do I need to upload any attachment again?  Why do I have to prove I’m a human time-after-time, when all I’m doing is wrestling with your completely broken attempt at a web form?

Have they noticed that no-one is submitting help requests via this form, what with its refusal to accept said requests?

Dear Flickr: stop sucking balls.

Where did I take that photo?

I couldn’t find anyone extracting out the geolocation geotagging EXIF data from their photographs so they could pull it up on something like Google Maps.  There are stand-alone programs with embedded maps, but the bits and bobs lying around on the average system ought to be enough to just generate a URL to a mapping website.  The following bash script echoes the  URL that geolocates your JPEG.  Because my camera doesn’t emit it, I couldn’t be bothered dealing with the seconds part of a location, but I did detect that you don’t have a camera the same as mine.  Drop a line if you’ve used this and fixed it.

# emit a hyperlink to google maps for the location of a photograph
declare Seconds=""
Seconds=`exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "[\d|\d\.]+$"`
if (( $Seconds=='0' ))
  Seconds=`exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "[\d|\d\.]+$"`
if (( $Seconds!='0' ))
  echo "Script does not support seconds being specified"
echo -n ""
declare NorthSouth=`exif -m --ifd=GPS --tag=0x01 $1`
if [ "$NorthSouth" == "S" ] 
  echo -n "-"
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "(?<= )[\d|\d\.]+,"`
declare EastWest=`exif -m --ifd=GPS --tag=0x03 $1`
if [ "$EastWest" == "W" ]
  echo -n "-"
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "(?<= )[\d|\d\.]+(?=,)"`

Gmail: wrong messages ended up in deleted/spam folders

Anybody else get this warning?

Gmail warning

This article has some more detail — it appears to have only affected GMail mobile/iPad apps.

I’ve checked — nothing seems to have accidentally fallen into the Bin/Trash or Spam folders.

Just goes to show, even GMail/Google ain’t perfect.

Can’t copy address bar from Google Chrome

I’ve had periodic problems with Google Chrome on Windows (Version 32.0.1700.102 m, but this has also happened occasionally in the past); sometimes it will refuse to copy the address bar.

Instead of copying, it will clear the clipboard.

Copying from other places, such as a web page (content or using Right-click / Copy Link Address) works fine.

Not sure if it’s an environmental issue — only seems to happen on my work machine; I haven’t seen the same at home.

Very odd.

Blogging it here because I can’t see any mentions of it online (which might be because it’s just me). Will post back if I find the solution.

Update 2014-01-31: I uninstalled and reinstalled Chrome… it seems to work again, for now.

Update 2014-02-05: The problem seems to have come back. Very odd.

Update 2014-02-20: Some old posts on a related problem seemed to suggest it might be a Chrome Extension causing issues, so I removed all of mine. The problem seems to still be intermittently occurring.

Postscript: As per the comments, if you have Remote Desktop running, try shutting it down.

ANZ: The rodeo clowns of online security

For years now I’ve been… less than impressed with the ANZ bank’s concept of how a secure banking website should work. Finally they’ve taken steps to harden their site. They’ve introduced “secret questions”, like “who was your best friend in high school”, “what’s your partner’s nickname” and “what’s your nickname for your youngest child”. At last, my money is now safe from thieves who will never guess that my my partner’s nickname is Cathy, my best friend in High School was Robert, and my youngest’s nickname is Marky. Oh, darn! I accidentally disclosed the answers to those secret questions! It’s as if that information would be widely available to any thief who took the time to look me up on Facebook (don’t bother, I’m not on Facebook).

Because in providing answers to these questions the security on my account was going up, not down, I couldn’t possibly be allowed to opt-out, with dire warnings about being liable for losses if someone found out the answers. To these most basic of questions.

Most other banks have implemented two-factor authentication. Even G-mail has two-factor authentication. But not the ANZ, they’ve stepped things up a notch. They’ve eschewed two-factor, and gone for “You’ll never guess the name of my pet, which I post on Facebook all day long”.

So I took my standard defensive action: attack surface reduction and target-value minimisation. To reduce the attack surface, for each answer I mashed the keyboard – so thieves, remember my first Primary School was in the suburb of pwofkmvosffslkdflsifcmmsmclsefscdsfpsdfpefsdflsd, or something. To minimise the value of the target, I swept all the funds out of the account. What’s wrong the the technique of establishing identity by the production and examination of 100 points of identifying documents?  Why do I need to have a favourite colour?

Cathy worked for the ANZ until recently, and the day she received her final paypacket she shut the account. Hated their account with a passion, but the ANZ is incapable of paying their employees through anything other than an ANZ account. Because, you know, banking is hard.

Allow more JavaScript, maintain privacy

I’ve long regarded JavaScript in the browser to be one of the biggest security holes in web-browsing, and at the same time the Internet works less and less well without it. In 2008 Joel Spolsky made the observation that for some people the Internet is just broken:

Spolsky:   Does anybody really turn off JavaScript nowadays, and like successfully surf the Internets?

Atwood:   Yeah, I was going through my blog…

Spolsky:   It seems like half of all sites would be broken.

Which is not wrong.  Things have changed in the last five years, and now the Internet is even more broken if you’re not willing to do whatever random things the site you’re looking at tells you to, and whatever other random sites that site links off to tell you to, plus whatever their JavaScript in turn tells you to. This bugs me because it marginalizes the vulnerable (the visually impaired, specifically), and is also a gaping security hole.  And the performance drain!

Normally I rock with JavaScript disabling tools and part of my tin-foil-hat approach to the Internet, but I’m now seeing that the Internet is increasingly dependent on fat clients. I’ve seen blogging sites that come up empty, because they can’t lay out their content without client-side scripting and refuse to fall back gracefully.

So, I need finer granularity of control.  Part one is RequestPolicy for FireFox, similar to which (but not as fine-grained) is Cross-Domain Request Filter for Chrome.

The extensive tracking performed by Google, Facebook, Twitter et al gives me the willys. These particular organisations can be blocked by ShareMeNot, but the galling thing is that the ShareMeNot download page demands JavaScript to display a screenshot and a clickable graphical button – which could easily been implemented as an image with a href. What the hell is wrong with kids these days?

Anyway, here’s the base configuration for my browsers these days:

FireFox Chrome Reason
HTTPSEverywhere HTTPSEverywhere Avoid inadvertent privacy leakage
Self Destructing Cookies “Third party cookies and site data” is blocked via the browser’s Settings, manual approval of individual third party cookies. Avoid tracking; StackOverflow (for example) completely breaks without cookies
RequestPolicy Cross-Domain Request Filter for Chrome Browser security and performance, avoid tracking
NoScript NotScripts Browser security and performance, avoid tracking
AdBlock Edge Adblock Plus Ad blocking
DoNotTrackMe DoNotTrackMe Avoid tracking – use social media when you want, not all the time
Firegloves (no longer available), could replace with Blender or Blend In I’ve have had layout issues when using Firegloves and couldn’t turn it off site-by-site

Tell us what you think!

Tell us what you think!

Tell us what you think!

It doesn’t really work like that.

A week to go for Google Reader – and… why is Feedly taking liberties with Chrome?

G Reader shuts down in a week.

I’ve been trying Feedly, but and have been trying to love it, but it’s annoying in a couple of significant ways.

Firstly, after clicking on a feed, I want to use the cursor down or Page Down key to move through the items in that feed. Unlike G Reader, Feedly doesn’t put the focus in the right place. Drives me up the wall.

Secondly, it’s embedding itself in multiple places in Chrome. First it put an icon of itself in the bottom-right of every browser tab (which even shows up in print outs, would you believe?)… and just in the last few days it’s started creating its own tab, which doesn’t even have a close icon on it. Is this conceited or what?

Feedly embeds itself into Chrome

Frankly this does not bode well for my future with Feedly, if they’re going to take liberties like this.

Perhaps it’s time to look at alternatives — even if they don’t have accompanying smartphone/iPad apps.

Anybody tried The Old Reader?

Any other good ones which are as close to Google Reader as possible?

Chrome crashing in OSX – fixed by re-installing

I’m no OS X expert, so I was a bit befuddled to find Google Chrome began crashing on startup a few days ago. Was it some evil Apple plot to lock Google out of the Mac?

Chrome crashing on start up in OSX

All the grisly details from the automated report are below… it's not the most readable of reports.

The fix: What I did was to download Chrome again and re-install. That seems to have fixed it for now.

Continue reading

Much spam from iCMG/KnowledgeHut/bmsend

At work I’m getting repeated spams from one mob which send surprisingly similar emails about conferences and training from various domains, which include: (added 2014-01-13) (added 2014-04-01) (added 2014-04-07) — (added 2014-07-24 — also noted use of the brand name KnowledgeHut ) — (added 2014-08-06 — still using KnowledgeHut name)
Sent by on behalf of (added 2014-08-18) (added 2014-08-26) (added 2014-09-16) (added 2014-09-16) (added 2014-09-18) (added 2014-09-18) (added 2014-09-26 — note typo) (added 2014-09-26) (added 2014-09-30) (added 2014-09-30) (added 2014-10-03) (added 2014-10-13) (added 2014-10-15) (added 2014-10-22) (added 2014-10-27) (added 2014-10-30) (added 2014-10-30) (added 2014-11-10) (added 2014-11-14) (added 2014-12-09 — note it appears to misspell “initial”) (added 2014-12-19) (added 2014-12-19) (added 2014-12-19) (added 2015-01-12) (added 2015-01-13) (added 2015-01-22) (added 2015-02-17) (added 2015-02-17) (added 2015-03-05) (added 2015-02-17 — includes “” in unsubscribe links) (added 2015-02-17 — other domains mentioned include,, (added 2015-03-11) (added 2015-03-11) (added 2015-03-16) (added 2015-04-10) (added 2015-05-14 — using… Is this ICMG branching out into health services, or a different company making use of the same spam sending service? Looks like the latter. They even quote an Melbourne address: Level 2, 607 Bourke Street) (added 2015-06-25 — also quotes in the dodgy unsubscribe link) (added 2015-07-15) (added 2015-07-15) (added 2015-07-15) (added 2015-07-21) (added 2015-08-24) (added 2015-12-02) (added 2015-12-02) (added 2015-12-02) (added 2015-12-10) (added 2015-12-10) (added 2015-12-10) (added 2015-12-22) (added 2015-12-22) (added 2016-04-06) (added 2016-04-06) (added 2016-04-06) – emails include subject lines proclaiming “Learn Andorid”! (added 2016-04-06) (added 2016-04-28) (added 2016-05-18) (added 2016-05-18) (added 2016-05-18) (added 2016-06-21) (added 2016-06-21) (added 2016-06-21) – used as a Reply-To address (added 2016-06-21) (added 2016-06-21) (added 2016-06-21) (added 2016-06-22) (added 2016-06-22) (added 2016-06-28) (added 2016-06-29) – this appears to be sent via (added 2016-07-04) (added 2016-08-23) (added 2016-08-23)

Apart from using many different domains, these guys also continually change the address within the domain, and Outlook doesn’t appear to be able to consign an entire domain to the blocked senders list.

Many include this footer:

You are receiving this e-mail because you happen to be either our client or were added to our comprehensive database on account of your contribution in the IT domain. However, should you no longer wish to receive any further mails from our side, please Click here Unsubscribe iCMG | Level 9, Avaya House, 123 Epping Road, North Ryde, NSW.| Phone +61 2 8005 0977

…but of course I’ve tried that and it doesn’t work… it probably only served to prove to them that mine was a live address.

Perhaps unsurprisingly, the street address quoted is a serviced office.

I have been putting these domains into the spam senders list in Exchange, but they still get through. I can only assume that the list in Exchange is a “soft” one.


I have, of course, passed on a spam message to the ACMA spam reporting people… but I don’t hold out much hope of any success there.

I’m adding additional domains as they come up — when I get the chance. It’s interesting to see that some of them include spelling errors; most are just semi-random buzzwords stuck together.

Thunderbird does error message wrong

Thunderbird discovered that yahoo have changed their mail server’s POP3 behaviour, meaning you can’t leave mail on their server and download it locally. So it pops up the following message box:
POP3 has failed
This message box is app-modal. You can’t just fix the problem, you’ve got to take notes (a screenshot suffices) and then fix the problem. A bunch of faffing around, when it could have just said “Do you want your Server Settings automatically changed so that your mail can be fetched? Yes/No”. Or you could have this pile of technical information in a non-modal dialog box, and bring up the settings dialog for the user to solve the problem. Or just have this pile of technical information in a non-modal dialog box, so a screenshot isn’t necessary.

Or you could just make people angry, that works too.