aubreyturner.org

Given my usual antipathy towards customer tracking technology, many would be surprised to know that I have a vehicle with OnStar.  They would be further surprised to know that it’s actually active and subscribed!  What can I say?  I guess we’re not always rational or consistent.  However, it should also be stated that I went into this knowing the full capabilities of the equipment, and further, knowing how to disable it if I so desired (i.e. I found some simple instructions on how to disconnect the unit).  Anyhow, I decided that the features of the service were worth the privacy tradeoff, but this isn’t the primary point of this post.

I recently saw that OnStar was offering regular diagnostics via email (i.e. you get a periodic email showing the overall state of several vehicle systems).  Since it was free I went ahead and enabled it to see how it would work.  Along the way I was looking at their FAQ and noticed some interesting things about the equipment.  In 2008 the FCC will allow cellphone carriers to discontinue service for analog cell service.  OnStar systems produced before 2004 are mostly analog, and in 2004 they introduced digital-ready systems.  The latest OnStar systems are analog/digital.  This means that there are three possible outcomes for the OnStar user in 2008:

1. Analog only system.

   Cannot be upgraded.  Service will end in 2008.

2. Digital-ready

   System will require an upgrade to the equipment to continue working

3. Analog/Digital

   System will work without interruption and no upgrade is needed

Since my truck is a 2004 model, it is possible that it has either the digital-ready or the digital system, depending on exactly when it was built.  The FAQ states that I should contact OnStar to find out exactly which it has.

Q2. What kind of hardware does my OnStar-equipped vehicle have?

A2. To determine the equipment type in an OnStar-equipped vehicle, you may:

1. Press the blue OnStar button in the vehicle and ask the OnStar Advisor to identify which equipment type was factory-installed in the vehicle.
2. Call OnStar toll-free at 1.888.206.0031, or to contact us online, click here. (Please have your OnStar account number or your vehicle identification number (VIN) available.)

 

IMPORTANT NOTE:

In November 2002, the U.S. Federal Communications Commission (FCC) ruled that wireless carriers will no longer be required to support the analog wireless network as of early 2008. As a result, beginning January 1, 2008, OnStar service in the U.S. and Canada will be available only through dual-mode (analog/digital) equipment.

For more information about the analog to digital transition, click here.

I actually like the idea of online support forms, since it allow an asynchronous communications method for answers to questions that aren’t high priority for me.  It means I don’t have to sit there on the phone and take up a lot of time waiting.  Unfortunately, I’ve noticed a trend for companies to answer online request forms with a message to call them.  I find this infuriating, since the whole point of online support forms is to get questions answered without calling.

I guess you can see where this is going now.  I followed their FAQ and submitted a question online to find out what kind of equipment I have.  The answer was less than helpful (I removed the rep’s name to be nice).

Dear Mr. Turner,

Thank you for taking the time to contact OnStar. Our goal is always to provide the safety, security and peace of mind that OnStar offers.

In order to properly identify your vehicle’s hardware and eligibility for the analog to digital hardware upgrade program, please press the blue OnStar button or contact us at 1.888.4.ONSTAR (1.888.466.7827).

Sincerely,

<name>
OnStar Information Specialist

I’ve heard this kind of excuse before from some companies.  They claim that in order to verify my identity I should call.  However, this problem is easily correctable by putting a contact form behind the member login.  I’ve seen companies that do this so that they know they’re dealing with the right person.  Still, though, if I have the account number and VIN, it wouldn’t have been a national security breach to tell me what kind of equipment was in the truck.

Needless to say, I was less than pleased, and wrote back to him that if OnStar isn’t going to accept online inquiries, then they should at least remove the instructions from their FAQ.  Amazingly enough, he replied to my email with the information I was seeking! 

Dear Mr. Turner,

Your vehicle was built with Analog/Digital-Ready hardware. This hardware is currently eligible for an upgrade to digital hardware. This upgrade will be required for your vehicle to be eligble for service beyond OnSatr’s analog sunset date of December 31, 2007.

A non refundable three year subscription purchase is required.

Payment for the three-year subscrioption is due to the dealership at the time the dealer performs the digital upgrade.

The pre paid subscription is tranferreable.

Please contact your dealer for an appointment.

If you have any other concerns, please feel free to contact the OnStar Customer Care Department at 1-888-4ONSTAR (1-888-466-7827), prompt 4, between the hours of 6am and 1am EST.

Sincerely,

<Name>
OnStar Information Specialist

(Interesting.  Anyone else notice the hours for calling?  Is this a mistake or a subtle hint to call at some time when he’s not there?  )

Hmm….  being peeved gets results for a change.  And no, I wasn’t rude to the rep, although I was a bit miffed and allowed the tone to come through.  My email is in the extended entry, though, just to show I’m not hiding anything in the exchange.

My response to the initial OnStar response:

From: <My email address />
Date: 10/19/05
To: <OnStar Email Address />
Subject: Re: Question [#<CaseNum />]

I hate to say this, but I was kind of expecting this answer,
because I have noticed a trend of companies giving this
response to online questions.

Frankly, I find this answer infuriating. Why?  Because your
own customer FAQ says that the online inquiry form is a
proper way to ask this question.  What’s the point of
having it if you can’t use it?

Specifically, let me quote from your own technical equipment
FAQ, Question 2, Answer 2, Section 2:
http://www.onstar.com/us_english/jsp/explore/onstar_basics/helpful_info.jsp?info-view=tech_equip

“2.  Call OnStar toll-free at 1.888.206.0031, or to contact us online, click here. (Please have your OnStar account number or your vehicle identification number (VIN) available.)”

Notice the “click here” link.  I followed the instruction by clicking
the link and providing my account number (on the form) and the VIN (in
the text of the inquiry).

If you are not able to answer questions online, then please remove this
from the FAQ.

However, I will admit that the priority of the answer to this question
has dropped after I read other sections of the FAQ that stated that
the only way to get an upgrade for a digital-ready system in 2008
would be to purchase a three-year prepaid subscription.  If that’s
the only option, and if my system isn’t digital, I will end my OnStar
subscription at that time, as I will NOT pay for three years up front.

I have a bad habit of waiting until my hair is unmanageable before I get a haircut.  I’m not sure why, but there’s some sort of unconscious procrastination involved. 

Anyhow, I was all set to go in on Saturday, but much to my chagrin I discovered that Fantastic Sam’s had gone out of business and come back as a new hair salon*, which appeared to cater to women only.  Now I’m going to have to drag my shaggy behind to some other place.

I was kind of afraid that something like this would happen, since I had previously noticed that they had cut their hours.  It’s usually a bad sign when a business cuts back on hours, as it indicates they’re not getting enough business to stay open the whole time.  I suspect it’s partially related to their location.  They were in a shopping center that has been fairly deserted since it lost its anchor store (a Winn-Dixie).  I keep hearing that new businesses are coming to that building, but so far nothing has materialized.  Without an anchor, though, I suspect that this shopping center will remain deserted. 

* On a tangential note, any time I see a banner for a store that has obvious misspellings it automatically drops my opinion of the business.  In this case they were offering “waxs,” which set off my bad spelling alarm.

I think I’m starting to get a little bit of a handle on referrer spam, although I’ve had to be pretty ruthless about what gets filtered.  But since my “referrer” page is not published anymore, I consider anyone trying to hit it as a spammer.  It’s not perfect, but it’s better, and my CPU usage is now down to acceptable levels.  There were 21148 requests for the referrer page, of which all but 2057 were rejected.  The problem is that these bastards keep buying new domain names to replace the ones that are blocked. 

But along the way I’ve discovered that they’re also hitting my trackback script, to the tune of 1987 hits yesterday.  This is a troubling, as it appears to have increased since I’ve begun blocking referrers.  Unfortunately, these hits contribute to server load because EE has to validate the “token” (I use randomized trackback URLs) and then filter the content.  None of the attempts from yesterday were successful, though, due to the filtering.  The problem with these is that there is nothing in the access.log to use to filter on.  The request is an HTTP POST, and consequently we can’t see what they were trying to pass.  So for now I’m blocking the worst offenders by IP.  It’s not likely that any legitimate user will attempt to post more than 10 trackbacks from the same IP in one day.

The following bit of UNIX command-line hackery is what I use to determine the offenders.  It reports the IP of each system that has submitted 10 or more trackback requests during the previous day.

grep trackback access.log.2005-10-13 | grep -v 403 | grep -v 503 | awk ‘’ | sort | uniq -c | awk ‘{ if (strtonum($1)>=10) print $1,$2; }’


Here’s an example of the output:

20 212.142.33.108
11 216.56.240.71
56 217.219.39.3
108 219.144.196.226
12 219.93.174.101
21 219.93.174.102
12 219.93.174.105
13 219.93.174.109
26 63.144.59.210
59 63.144.59.211
14 64.89.16.7
10 67.50.44.156
10 82.110.130.58


Finding and printing the referrer spammers who leaked through the filters is a little more challenging, since some of them use a full HTML <a> tag in their referrer and some don’t.  I suspect that there is some handy-dandy regular expression that would make this simpler, but I’m not a regex guru.  It’s also interesting that some of them (for some reason) are using my own domain in the referrer.  I suspect this is a simplistic attempt to get me to blacklist myself, but I’m not sure.  Given all that, here’s an example of what I use to identify the worst referrer offenders for the previous day.

grep referrer access.log.2005-10-13 | grep -v 403 | grep -v 503 | grep -v aubreyturner | awk ‘{ if ($11=="\"<a"){ $t=substr($12,6); print substr($t,0,index($t,">")-1)} else print substr($11,2,length($11)-2);}’ | sort | uniq -c | awk ‘{ if(strtonum($1)>=10) print $1,$2; }’


And an example of the output:

215 -
88 http://agrino.org/uichsa/wwwboard/567.html
86 http://agrino.org/uichsa/wwwboard/568.html
86 http://agrino.org/uichsa/wwwboard/569.html
85 http://agrino.org/uichsa/wwwboard/570.html
84 http://agrino.org/uichsa/wwwboard/644.html
48 http://generic-######.splinder.com
204 http://#############.50webs.com
32 http://tinman.cs.gsu.edu/~cscjghx/csc3360/wwwboard/messages/86.html
32 http://www.horrorseek.com/horror/dreadful/wwwboard/34.html


As you can see, there are a lot of ones with blank or “-” for the referrer.  Those are particularly troublesome in that they’re hard to block (except by IP, but that’s a losing game).  I’m not sure what they intend to gain from hitting the referrer URL without any referrer.  All it ends up doing is sending them a nearly-blank page (about 100 bytes of almost static content).

One of these days I guess I’ll glue the above commands together into a nightly job that sends me a report in email.  Unless these idiots magically disappear before I get tired of doing this manually…

(Updated to try out word censoring for ###### and a couple of other words…)

This technique is an interesting security measure.

Finnish scientists have invented a device to make it harder to steal mobile phones and laptops by enabling them to detect changes in their owner’s walking style and then freeze to prevent unauthorized use.

The first thing to enter my mind was what happens if you sprain your ankle?  It turns out they’ve included a password challenge if it detects that you’re “walking funny.” 

I can’t emphasize just how much I hate spammers.  It’s come to the point where I regard their activities as theft of service. 

As I mentioned on Tuesday, I got a warning from my webhosting company that I was using too many resources on the shared server.  A quick check of logs showed that the majority of my traffic was driven by referral spammers.  Their requests were hitting Expression Engine and the database, but nothing was being displayed.  Using the EE Blacklist module I had it write an .htaccess file that returned a 403 error (Access Forbidden) to any request that met the blacklist criteria (such as having “viagra” in the referral URL). 

Until checking the stats, though, I didn’t really have a handle on the real size of the problem.  Here is the request status report for this domain for just yesterday:

That tells me that 46772 spam referral requests were rejected before they had a chance to hit the database.  This definitely reduced the load on the DB, as shown in the table in the extended text.

The data for 10/13 is incomplete, as that’s today.  But the difference between 10/11 and 10/12 is quite large, going from 995,418 to 243,434 queries.

Details for ExpEngine from 2005-10-03 to 2005-11-02

Day Disk Usage Connects Queries (Conueries) (Ratio) 2005-10-03 52.996 MB 50953 1101616 2.375 MCn 0.865 2005-10-04 54.277 MB 31219 623202 1.404 MCn 0.798 2005-10-05 55.949 MB 38577 872707 1.837 MCn 0.905 2005-10-06 59.941 MB 26323 595988 1.254 MCn 0.906 2005-10-07 61.781 MB 32295 653220 1.461 MCn 0.809 2005-10-08 62.094 MB 34573 636960 1.501 MCn 0.737 2005-10-09 62.426 MB 49681 973017 2.215 MCn 0.783 2005-10-10 63.047 MB 54033 1115019 2.466 MCn 0.825 2005-10-11 63.867 MB 49832 995418 2.241 MCn 0.799 2005-10-12 64.250 MB 12745 243434 0.562 MCn 0.764 2005-10-13 64.406 MB 2183 41183 0.096 MCn 0.755 Totals: 60.458 MB 382414 7851764 17.412 MCn 0.821

I always cringe when I see some dumbass go around the arms at a railroad crossing.  Most of the time they get away with it.  But every now and then one of them will get smashed.  Unfortunately, the latest incident resulted in the instantaneous death of a mother (the driver) and the later death of the father.  The 11-month old child, who is now an orphan, is still in the hospital.

It seems that the mother, in her haste to beat the east-bound train didn’t notice the west-bound Amtrack train on the other set of tracks.  I really wish this would be a lesson to people that the five minute wait for the train to pass isn’t the end of the world.  Better to be five minutes late than permanently late.

When I heard a brief bit on the radio this morning about the City of Ft. Worth asking residents to take up their shotguns against the yearly invasion of the grackles I was surprised.  Given the usual GFW’s who run the damn place it was definitely out of character for them.

However, I now find that the real story is actually in keeping with their nature.  It seems they’re only going to allow people to use bird bombs and the people participating have to get special training (some sort of pyrotechnic permit to use “cracker shells”).  Oh well…  I should have known it was too good to be true.

Those shells just send the birds elsewhere, so they’ll be somebody else’s problem.  A dead grackle will crap and swoop no more.

Whatever is stomping my wireless network kicked back in this morning with a vengence.  For now I’ve given up and strung a 50-ft Cat-5 cable between the router and the switch in my office.  I just have to remember not to trip over the damn thing.

I now see that Buy.com has shipped my wireless signal sniffer.  I hope it comes soon.  I really want to track down the offender and put an end to this once and for all.

For the past couple of weeks I’ve been experiencing intermittent failure on my wireless network.  The first thing I noticed is that a site survey showed that someone else had put up a network on the same channel as me.  Since I had used the Linksys default of 6, I decided to go ahead and move to 11 so as to avoid interference from the other network.  That worked for a few days, but then I started experiencing it again.  Only it was worse in that not only did the bridge go down, but all the other wireless clients would lose connection (including a laptop that’s only about 12-ft away from the router/AP). 

I switched to channel 9 after being down for a while this morning and I was OK until a few minutes ago.  I changed to 7 for now and got it working.  But I noticed that when the network went down that the wireless utility on the laptop showed that the noise levels went through the roof.  I am now starting to suspect that someone nearby has a FHSS 2.4 GHz cordless phone.  These phones hop frequencies across the 2.4 GHz spectrum, which causes symptoms similar to the ones I’m seeing now.  When I first installed my Wi-Fi network a couple of years ago I ran into this same problem.  I ended up throwing out my Panasonic 2.4 GHz cordless and getting a Uniden 5.8 GHz system, which cured the problem.

Coincidentally (and I don’t believe much in coincidences) my new next-door neighbor moved in about two weeks ago.  I guess I’ll need to inquire with him as to what kind of phone he has.  But to definitively pin-point the source of the interference I’ve ordered a Wi-Fi signal finder that also helps find signals from phones, microwaves, and surveillance cameras.  Since it is my understanding that there is no FCC rule about which takes precedence, if it turns out that it is his phone, I may just go ahead and offer to buy him a new phone.  It’s either that or wire the whole house and give up on Wi-Fi.  I rely on my network to be up all the time, since I work from home.  I can’t afford to have my network taken down at random times by an errant wireless phone.

I received a rather alarming email from my hosting provider today, informing me that I was using an excessive amount of CPU, to the tune of 137.59 CPU minutes today.  Further, my account was now to be subject to resource monitoring (starting tonight).  The email was to inform me that I needed to start watching the resource monitor logs to find the source of the excessive usage.

Well, it didn’t take me long to find the likely source, even though I hadn’t yet been able to see the resource logs.  A quick look at the Apache access.log shows that the bastard spammers are hitting my server about 30,000 times per day trying to insert their crap into my referral logs.  The referral attack is the most common one that is launched against EE weblogs, since comment and trackback spam is much more difficult with EE.  Because of this problem I’d turned off referrers about two months ago and I’d made the old referrer template inaccessible to anyone who was not a logged in member. 

I thought (mistakenly) that by making the referral information inaccessible that the asshat spammers would lose the incentive to spam my referrer scripts and would eventually give up.  Instead, it appears that they stepped up their attempts to the point of verging on a DDOS attack.

So today I took more drastic action.  I used the .htaccess feature of EE’s Blacklist module to block these bastards before they can even hit EE, which should cut down dramatically on the number of PHP sessions and database connections.  Since about 2:00pm today 10,609 spam referral attempts have already been blocked.

While I was at it I also disabled hotlinking of all images on this domain from outside domains.  Analysis of my logs shows that there were a lot of young thug-wannabes who were linking to my gun pictures from their horribly formatted online profiles.  Some examples:
Bustmygunphilly (definitely not safe for work)
cameronknight
Bobby04
airlydzie

It’s kind of funny to see their attempts to hotlink my gun pictures replaced with this: