If I ever encounter this kind of crap, I think we’re going to have to invent a new adjective to describe super-white-hot pissed-off.

If a new idea from Philips catches on, the company may not be very popular with TV viewers. The company’s labs in Eindhoven, The Netherlands, has been cooking up a way to stop people changing channels to avoid adverts or fast forwarding through ads they have recorded along with their target programme.

The secret, according to a new patent filing, is to take advantage of Multimedia Home Platform – the technology behind interactive television in many countries around the world. MHP software now comes built into most modern digital TV receivers and recorders. It looks for digital flags buried in a broadcast, and displays messages on screen that let the viewer call up extra features, such as additional footage or information about a programme.

Philips suggests adding flags to commercial breaks to stop a viewer from changing channels until the adverts are over. The flags could also be recognised by digital video recorders, which would then disable the fast forward control while the ads are playing.

Philips’ patent acknowledges that this may be “greatly resented by viewers” who could initially think their equipment has gone wrong. So it suggests the new system could throw up a warning on screen when it is enforcing advert viewing. The patent also suggests that the system could offer viewers the chance to pay a fee interactively to go back to skipping adverts.

I predict many Elvis moments in the future of Philips products, should this crap make it to the market.  Heck, I was sorely tempted to shred my copy of Shrek 2 and send the pieces back to Dreamworks because of the damn unskippable advertisement at the beginning.  Listen carefully, marketdroids!  People are sick and tired of losing control over their own DVDs as it is.  We will not tolerate being forced to watch your asinine commercials or previews.  If I encounter such a device, I will be returning it with prejudice through your front window!

On a more serious note, a couple of interesting points came up in the Slashdot discussion about this article.  First, if you can rip a DVD (or otherwise “pirate” the content), you can often disable this sort of nonsense.  So if the controls become too obnoxious or onerous, it may likely encourage people to go around the content providers to get the content through “alternate” channels.  Second, adding these sorts of flags to advertisements might make it easier for home-brew/open-source DVR software to skip commercials.  A “this is a commercial” flag would be a major bonus for something like MythTV.

It seems like a lot of people have either been spammed by “tententwelvecorp” or have been on the receiving end of a Joe Job from their spams.  The onslaught continues apace, but I’ve learned quite a bit from the comments on my earlier post.  People have been finding my site when running searches for info on this stock scammer.

There is also some new information to put out here.  Specifically, in his latest emails he’s expanded his stock picks to include Labwire (LBWR) and Southwestern Medical INC (SWNM), and in a few he’s including a phone number for people to opt-out (since his domains seem to have been suspended).  The number given is (310)598-7434.  Searching Google and doing some reverse searches didn’t turn up anything of interest (or anything linked to “Johnson Eddisson”, should he actually exist).

I’ve also gotten a few emails via the contact form from people who are wondering what’s going on.  This is most especially true for people who don’t know much about computers or email.  I’m including my answer to the latest one here in the hope that people who search for information on this spammer will find it.  I’ve tried to make it readable for the lay person, but as always, it’s difficult to talk about computers, the Internet, and email without using some amount of jargon.

The original message:

I did a search on tententwe… and noticed that you made reference to them.  I keep getting emails (addressed to me) from people who I don’t know and it said to contact info-att-tententwelvecorp.com if I wanted them to stop.  I changed the -att- to @ and tried to send the email but it didn’t work.  I don’t know a lot about the interenet.  Since it sounds like your situation might be similar, I was wondering if you could explain any of it to me?  Thank you.

My response:

What is happening here is that a spammer is using a network of infected PCs to send spam to various people.  These networks of infected PCs are often called “botnets” (from the term “robot network”).  When the PC is infected (which can occur through a virus, a worm, or a trojan) it becomes a node in the botnet and takes commands from a central controller.  In this case, the spammer is using the network of PCs to send out spam.  They do this because sending spam from a legitimate internet-connected server is a quick way to have it shut down (since this act violates the Terms of Service of almost all legitimate hosting services).  These PCs are usually connected to the internet via Cable Modem or DSL and offer a quick and anonymous method to blast out thousands of emails in a short period of time.

The other part of the problem is that the protocols used on the Internet for exchanging email don’t have any security built into them.  They were developed in an era of mutual trust when the Internet was much smaller (and only universities, the military, and very few corporations were connected).  Because the protocols are so lax, it is a simple matter for the spammer to compose a message that appears to be from someone else.  In fact, I did the same thing with the contact form that you filled out to send me your original message.  When it arrives in my Inbox it appears to be from you, even though my web server actually sent it (this is actually considered a legitimate use of the protocol, though).

Since no one likes spam, putting your real email address in the “From:” of a mass mailing is a quick way to render that email address useless.  In fact, many email providers/ISPs will cancel an account if it can be proved that the person who owns the email address actually sent the spam from it.  So, the crafty spammer will either put a bogus email in the “From:” and “Reply To:” fields, or he will put someone else’s email address in there (this is known as a “Joe Job” in that it can be a form of attack against the person whose email address was used by the spammer).

This particular spammer is just making up email addresses as he goes by picking a person’s name and then associating a made-up email address with a VALID domain (the part after the “@” sign).  An example (that I just pulled out of my Trash folder): “Rosamund Hutchins” <hfl-at-aubreyturner.org>.  There is no user named “hfl” at aubreyturner.org, and I don’t know a person named “Rosamund Hutchins.”  But anyone receiving this email will possibly think it’s from her and that it came from my domain, when in fact it came from an infected PC in Switzerland (84-72-176-238.dclient.hispeed.ch to be exact).

However, since I’ve configured a “catch all” address for the domain (i.e. any email that isn’t addressed to a particular user goes to this address), then I receive a message for every single spam email that did not make it to the destination (a “return to sender” or “bounce” email).  So my interest in finding and eradicating the owner of tententwelvecorp is because I own “aubreyturner.com” and “aubreyturner.org”, both of which have been used for the “From:” address in this spammer’s email blasts.  So far I’ve received well over 200 bounce messages.  It’s not clear at this point whether I (and the others who have been on the receiving end of these bounces) was selected because I ticked this guy off at some point in the past or whether he just randomly picked some domains.

Recent legislation in the U.S., called the “CAN-SPAM” act, requires that every commercial email have a valid “From:” address and include information on how to opt-out of the mailings.  None of this spammer’s messages conform to these requirements, so if he is in the United States, he could be liable for a civil judgement of up to $11,000 per violation.  Additionally, by pumping these stocks, he could also be in violation of various S.E.C. (Securities and Exchange Commision) rules (which could be a criminal matter).  So it’s no surprise that “[email protected]” didn’t work.  His domain has probably been suspended because of the spam he’s been sending.  Further, it appears that his domain’s contact information is bogus, so it’s nearly impossible to contact him.

In his latest round of emails, he is now including a phone number, but I haven’t had time to investigate it.  My suspicion is that the number is either bogus or it belongs to someone he doesn’t like (who will get irate phone calls from people who got the emails).

So, to sum up this long-winded reply: “spammers suck.” 

Since I wrote that reply, I’ve learned (from a commenter in the original post) that the phone number actually has a message requesting you to leave your email address to have it removed.  I’m not sure I’d trust it, though.  An asshole who would use other peoples’ domains for his bounces would just as likely take the opt-out list and use it as a list of “confirmed, hot” leads…

Update:  I see from the latest bounce that he has yet another domain, senginernd.com, which redirects to a Lycos-France member page, appearing to belong to a member called “removalsystem2”.  That site contains his “disclaimer.”  I found this bit interesting:

In compliance with the Securities act of 1933, Section 17(b), the publisher of this newsletter discloses they received payment from an unaffiliated third party for the circulation of this report in the amount of $200,000. Be aware of an inherent conflict of interest resulting from such compensation due to the fact that this is a paid advertisement and is not without bias. As we have received compensation in the form of free trading securities, we may directly benefit from any increase in the price of these securities.

So it would appear that this is a “pump and dump” sort of thing, where he is trying to inflate the price and then dump his shares.  I suppose by his disclosure he thinks he’s covering his butt legally.  Perhaps he is, as I’m not a lawyer.  But it’s pretty slimy.  Also notice that his verbiage implies that this is a “newsletter” and that there are “subscribers” (a term he used earlier in the disclaimer).

Here’s the WhoIs for senginerd.com:


Registration Service Provided By: NameCheap.com
Contact: [email protected]
Visit: http://www.namecheap.com/

Domain name: SENGINERND.COM

Registrant Contact:
  MTG-Experts
  Carl Bach ([email protected])
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Administrative Contact:
  MTG-Experts
  Carl Bach ([email protected])
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Technical Contact:
  MTG-Experts
  Carl Bach ([email protected])
  +1.6025413374
  Fax: +1.5555555555
  Pol Comtois Str.
  Los Angeles, CA 60981
  US

Status: Locked

Name Servers:
  dns1.name-services.com
  dns2.name-services.com
  dns3.name-services.com
  dns4.name-services.com
  dns5.name-services.com
 
Creation date: 18 Oct 2005 14:43:36
Expiration date: 18 Oct 2006 14:43:36


I wonder if there’s really a “Carl Bach”?  It sounds fake.

Ah, spring!  When one’s fancy turns to …  DOG HAIR!  And the occasional doggie hurl.

Oh well…  as a wise man once said in comments:

You can have a nice, clean, mud- and dirt-free house.  Or you can have a dog.  Dogs are better.

How true:

I’ll admit to a bout or two of frustration over badly designed and implemented self-checkout systems, but I think this guy went just a little over the edge.

GRAPEVINE – First there was road rage. Then there was cellphone rage. And now there’s self-checkout-screen rage.

A customer upset that his debit card wasn’t being accepted punched a self-checkout screen Tuesday at a Wal-Mart Supercenter in Grapevine and then walked out.

The suspect had not been arrested by Thursday, but employees got the license plate number of his pickup and investigators awaited a copy of a surveillance video showing him leaving the store.

The damaging blow came shortly before 5:30 p.m. at the store in the 1600 block of Texas 114 when the man tried to buy a few food items, according to police reports.

After a clerk and the manager heard the bang, the suspect told them that he had broken the monitor because “it was a piece of s—-.”

As he left the store, the man yelled: “Don’t get close to me or I’ll kill you.”

The punch left the monitor with a $2,000 black eye.

I was sympathetic with him up until he threatened the store employees.  And that will probably be the bit that increases the severity of the charges once the police catch up with him.

I’m not dead.  Or at least my body continues to move about under its own power.  Allergy season just zaps the hell out of me.  And the pounding headache didn’t help.  But today seems a little better in that at least the headache is gone.

Anyhow, it seems that some “sidewindin bushwackin, hornswaglin, cracker croaker” has used one of my domains for the return address on their POS spam emailing.

So far I’ve only gotten 12 bounces, but it’s really annoying, and it’s a form of theft.  They’re stealing my resources to abdicate their own responsibility for spewing crap about some stupid penny stock.

If any of you should come across “Budget Waste Inc” or “tententwelvecorp.info”, drop a bomb on them for me.

Update:  More on this topic here.

It would appear that D-Link is causing considerable grief for a guy in Denmark who was attempting to provide a public service for Denmark’s internet infrastructure.

A number of D-Link products, so far I have at least identified DI-604, DI-614+, DI-624, DI-754, DI-764, DI-774, DI-784, VDI604 and VDI624, contain a list of NTP servers in their firmware and using some sort of algorithm, they pick one and send packets to it.

This is about as wrong a way to do things as one can imagine. There is no way D-Link can change the list once the product is shipped, unless D-Link can persuade the customer to upgrade the firmware.

The problem is that a lot of these routers are picking GPS.DIX.dk and are eating up his bandwidth (despite the NTP server’s description showing that it’s intended for the local infrastructure and that end-client use is PROHIBITED).

I have no idea how many devices D-Link has sold, but between 75% and 90% of the packets which arrive at my server come from D-Link products via this mechanism.

Up until now, the management has been allowing him to host the NTP server for free, since he’s providing a service (there would normally be a $4400 connection fee).  But because of the traffic, DIX is looking to charge him for the increase in usage. 

Negotiations with the DIX management are ongoing, but the current theory is that I will have to close the GPS.DIX.dk server or pay a connection-fee of DKR 54.000,00 (approx USD 8,800) a year as long as the traffic is a significant fraction of total traffic to the server.

I owe $5000 to an external consultant who helped me track down where these packets came from.

I have already spent close to 120 non-billable hours (I’m an independent contractor) negotiating with D-Link’s laywers and mitigating the effect of the packets on the services provided to the legitimate users of GPS.dix.dk.

Finally I have spent approx DKR 15.000,00 (USD 2,500) on lawyers fees trying to get D-Link to negotiate in good faith.

If I closed the GPS.dix.dk server right now, wrote off all the time I have spent myself, then my expenses would amount to between DKR 45.000,00 and DKR 99.000,00 (USD 7,300 to 16,000) and several hundered administrators throughout Denmark would have to spend time reconfiguring their servers.

If on the other hand we assume I leave the service running and that the unauthorized packets from D-Link products continue for the next five years, the total cost for me will be around DKR 115.000,00 + 54.000,00 per year (approx USD 18,500 + USD 8,800 per year) or DKR 385.000,00 over the next five years (USD 62,000).

All of this is entirely due to D-Link’s incompetent product design and I have no way to mitigate it.

In the end, it’s likely that he’s going to have to move his NTP server, as he’s had no luck in getting D-Link to even acknowledge the problem, much less getting them to pick up the costs for their actions.

Because of Verizon I have one of these DI-604’s, whether I want it or not.  As an interim fix to try to help this guy out I found a public secondary NTP server at Texas A&M and pointed my router at it instead of letting it decide randomly (I also changed it to only check every 8 hours).  I’m tempted to set up an NTP server on my Linux box so that none of this traffic will be flooding internet sites (even if they list themselves as allowing public access), since it appears that the default for the DI-604 is to poll once per hour.  I’ve already got an NTP client daemon running on there to keep the system clock synced, so I suppose it wouldn’t be too hard to add the required server component and just point the DI-604 at it.

Anyhow, this isn’t the only time D-Link has been caught abusing public services.  I recently began investigating to try to see why my DynDns.org host entry wasn’t automatically updating.  The router is supposed to have DynDns support, but I got an email that my host entry was expiring.  In the past, I’d seen this occasionally when my IP address didn’t change for long periods of time.  Since the router didn’t see an address change, it didn’t try to update DynDns.org, and so the host would eventually expire.  I’d usually work around this by forcing a manual update on their website, but this time I noticed that the current address was different than the address in the DNS record.  Some further research turned up the fact that almost all D-Link routers have been blocked by DynDns.org due to abusive updates and incorrect implementation of the protocol (it appears they just “borrowed” an example implementation without bothering to change the User Agent).

So now I’m stuck with a POS router that a) causes headaches for NTP server owners, and b) won’t update DynDns anymore.  But I guess Verizon support is happy that they get to use a “standard” router (with its non-standard Verizon-specific, but still buggy, firmware).  I complained in no uncertain terms to Verizon about this when they sent me a customer survey about Fios.  I don’t know if they’ll ever listen, though.  Perhaps in the meantime Verizon could put up an NTP server and update all these stupid D-Link devices to help mitigate some of the problem.

Link via Slashdot.

I always hate the transition from standard time to daylight time.  We talk about it as if it was as simple as just losing an hour of sleep, but it’s probably more complicated than that.  Or maybe it’s just me…  I have a pretty good internal clock.  Even without a watch, I usually know the time to within 10 or 15 minutes.  But I spent most of the day yesterday feeling like I was late because my internal clock was still set for standard time (I kept saying “It’s later than you think” to myself…).

I couldn’t help but notice that this morning’s traffic reports were a litany of accidents and backups.  Perhaps it was just coincidence, but my suspicion is that there were a lot of sleepy drivers out there (or maybe drivers who were just a bit “out of sorts”). 

The other thing that’s fun is working with people who don’t observe DST.  I’ve got a regular Monday afternoon meeting called by someone in Tucson.  This week she had to manually reschedule the meeting.  It seems that our calendering tool doesn’t understand how to handle these things.  But she kept it at 2:00pm for her, which meant that it moved to an hour later for the rest of us (i.e. it moved from 3:00pm-4:00pm to 4:00pm-5:00pm for me).

I just wish we’d pick a time and stick with it (even if it means dealing with early dark in winter), rather than dragging the whole country back and forth twice a year.