Fields of Athenry

Not a normal post for this blog, but I was looking all over the web for the music to the hauntingly beautiful and heartbreakingly sad ballad “Fields of Athenry” for the tin whistle in D. I ran across a version over here that claims to have a sheet music for the tune in for D whistles. However, the music is in the key of F, and includes notes too low for a tin whistle in D to even play. So here is that music, transposed to the key of D.

Download: .pdf, .mscz

 

In unrelated news, this guy here thinks he figured out a way to get rid of passwords altogether. He goes into great detail on the way that his device that stores passwords and transmits them wirelessly to the needed app. That’s all very well and good, but can he convince people to use it? I don’t know…

 

and what if the battery dies and you need to check your email? :-/

Sample IMAP exchange

From the IETF Documentation:

S:   a002 OK [READ-WRITE] SELECT completed
C:   a003 fetch 12 full
S:   * 12 FETCH (FLAGS (\Seen) INTERNALDATE "17-Jul-1996 02:44:25 -0700"
      RFC822.SIZE 4286 ENVELOPE ("Wed, 17 Jul 1996 02:23:25 -0700 (PDT)"
      "IMAP4rev1 WG mtg summary and minutes"
      (("Terry Gray" NIL "gray" "cac.washington.edu"))
      (("Terry Gray" NIL "gray" "cac.washington.edu"))
      (("Terry Gray" NIL "gray" "cac.washington.edu"))
      ((NIL NIL "imap" "cac.washington.edu"))
      ((NIL NIL "minutes" "CNRI.Reston.VA.US")
      ("John Klensin" NIL "KLENSIN" "INFOODS.MIT.EDU")) NIL NIL
      "")
       BODY ("TEXT" "PLAIN" ("CHARSET" "US-ASCII") NIL NIL "7BIT" 3028 92))
S:    a003 OK FETCH completed
C:    a004 fetch 12 body[header]
S:    * 12 FETCH (BODY[HEADER] {350}
S:    Date: Wed, 17 Jul 1996 02:23:25 -0700 (PDT)
S:    From: Terry Gray
S:    Subject: IMAP4rev1 WG mtg summary and minutes
S:    To: imap@cac.washington.edu
S:    cc: minutes@CNRI.Reston.VA.US, John Klensin
S:    Message-Id:
S:    MIME-Version: 1.0
S:    Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
S:
S:    )
S:    a004 OK FETCH completed
C:    a005 store 12 +flags \deleted
S:    * 12 FETCH (FLAGS (\Seen \Deleted))
S:    a005 OK +FLAGS completed
C:    a006 logout
S:    * BYE IMAP4rev1 server terminating connection
S:    a006 OK LOGOUT completed

On Facebook’s One Time Password Scheme

Regarding the post by Beth Jones over at Dark Reading today: Facebook One-Time Password: Gold or Pyrite?. Jones agrees with another commentator that this [Facebook one-time passwords) might not be a very wise idea, as losing phones could result in Facebook security breaches on the users’ accounts.

A few issues with this though. Firstly, the phone would have to be taken by a malicious attacker. I still have some faith in humanity left, and from what I’ve seen, the vast majority of people would simply try to get the phone back to its owner. Secondly, if the phone WAS taken by a malicious user, there is no guarantee that they would think to check if the phone was set up to use this new feature. Finally, more and more handheld devices are being coming with password-like PIN entry required to unlock.

What these commentators need to do is think about whether the net gain is going to outweigh the net loss. Yes, phone losses will result in some Facebook account compromises. However, the number of account break-ins that will be prevented due to fewer keylogging incidents will almost certainly outweigh that.

Note also, that many people use the same passwords on multiple accounts, and attacker know that. So the actual impact of minimizing keylogging attacks could be much larger than it might seem.

http://www.darkreading.com/blog/archives/2010/10/facebook_one_ti.html?cid=RSSfeed_DR_ALL

Javascript injections in a select-option form.

Many resources are available concerning Javascript injections.

However, most of these suggest one uses something such as:

javascript:alert(document.forms[0].to.value=”something”)

This will not work correctly on a form such as the one below:

<form action="" method="post">
 <select name="name">
 <option value="apple">A</option>
 <option value="banana">B</option>
 <option value="coconut">C</option>
 </select>
 <input type="submit" value="Letter" />
</form>

In order to change the values of a form which uses the <select> and <option> format. In order to access these elements using Javascript, try the following:

javascript:alert(document.forms[0].name.options[0].value=”peach”)

That will make it so that submitting the form with letter ‘A’ selected will submit a value of “peach”, instead of “apple” as the original code would have.

Python Traveling Salesman Algorithm Solution.

I found a great post here which really helps one understand the Traveling Salesman problem, and at least one solution to it.Language used is Python.

Javascript link redirection

Considering that I tell people to hover over a suspicious link before clicking to see where it really is going, this little trick could be rather dangerous.

http://h.ackack.net/?p=80

Use visualserver.org for a free linux shell.

I found myself in need of a linux shell recently in order to do some classwork. Rather than going through the work of setting up a virtual machine running Linux and booting it up every time I needed it, I went on a quick search for an easier alternative. I found visualserver.org, a fantastic free service. One has three choices when signing up: a shell account, an email account, or a hosting account.

I used PuTTy to access the account.

PuTTy in use

The shell is a bit slow, but seems to be constantly being upgraded. It also has a decent number of services available.

In the account

Google Buzz: A Disaster on the Magnitude of Wave.

The general consensus appears to be: “I signed up for email, not a social network”. Google, in trying to catch up with Facebook/Twitter has come up with nothing new in their idea of a social network.

It is a simplified Facebook, a complexified Twitter. It is not revolutionary, it is not easy to turn off, the settings are non-existent, and any post you reply in appears to email you any additional comments in that thread/buzz/whatever.

A serious disappointment. The lack of innovation is breathtaking.

By the way, if you do want to turn Google Buzz off, the kill switch is all the way at the bottom.

New Google Interface

You might have heard that Google is slowly introducing a new search interface.

The new Google user interface.

Gizmodo discovered how you too can get this preview of Google to come.

1. You must have a Google account and be signed in.
2. Do a Google search for something.
3. Wait for the search to finish loading, then copy and paste this into the URL bar, OVER the existing http://www.google.com/…

javascript:void(document.cookie=”PREF=ID=20b6e4c2f44943bb:U=4bf292d46faad806:TM=1249677602:LM=1257919388:S=odm0Ys-53ZueXfZG;path=/; domain=.google.com”);

You should then be able to refresh and see the changes.

Contact me at joseph.a.marlin at gmail dot com.

The 12 Scams of Christmas

The crunched economy has made scammers all the more desperate. Seriously, viruses are real, and they can happen to you! You really need anti-virus. AVG makes free anti-virus programs if you need it.

Anyway, the point is, David Marcus, from McAfee, outlined twelve major points to be on guard against in a recent podcast.  Here they are, as transcribed by Larry Magid of CNET.

1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
2. Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
3. Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
4. Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it’s from a site you haven’t heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it’s from someone you know. If you’re going to send an e-card, be sure you’re dealing with a reputable service lest you risk infecting yourself and your friends.
5. Fake “luxury” jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that’s too good to be true, it probably isn’t true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
6. Practice safe holiday shopping. Make sure your wireless network is secure and be sure you’re shopping on sites that are secure. Though it isn’t an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The “s” stands for “secure.”
7. Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
8. Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your “set up fee” but misuse your credit card too. Marcus said that some “get rich quick” sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
9. Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you’re actually going to eBay or whatever site you plan to deal with.
10. Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
11. E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don’t click on any links but type in your bank’s Web address manually if you need to access your account.
12. Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.