Google Flags MSNBC.Com as Malware Site

I was reading news stories this afternoon on MSNBC when one of its pages triggered a malware warning in Google Chrome:

The website at www.msnbc.msn.com contains elements from the site adrotator.mediaplex.feed-mnptr.com, which appears to host malware -- software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.

According to Google's safe browsing alert for that feed-mnptr.com domain, it has contained three trojan programs and five browser security exploits. The domain has been used as an intermediary to infect users of Digg, CNBC and MSN.Com.

I can't check without visiting the MSNBC page, which would be extremely dumb, but based on the domain the malware appears to be coming in from a third-party ad service. There was a report Wednesday that the Drudge Report had hosted malware, probably from an ad network.

Security · Viruses · Journalism · 2010/03/11 · 3 COMMENTS · Link

AP Keeps Accused Rapist's Name Secret

The Associated Press reported today on a 51-year-old New Jersey man facing trial for raping five of his daughters, three of whom allegedly bore his children from the assaults. He faces 27 charges including sexual assault, child endangerment and criminal sexual contact, but the wire service has decided not to name him in its coverage:

The Associated Press generally doesn't identify victims of sexual crimes and is not reporting the names of the husband and wife to protect the identities of their children, now all over 18 years of age.

The longstanding media policy to shield some crime victims from being identified has always been a questionable one, since people who suffer rape aren't the only victims who might be harmed by the publicity generated by a trial. Here, though, the policy has been extended to the perpetrator of a crime.

I question whether in a free society it is acceptable to put someone on trial and potentially imprison them while never revealing the person's name to the public. What if someone has information pertaining to the accused that ought to be known to police? What if other victims are out there who might never know to come forward unless told of the arrest?

In any case, the web has made it considerably more difficult for information of this kind to stay secret. The New Jersey Star-Ledger and New York Daily News identify the accused rapist as Aswad Ayinde.

Journalism · Crime · Law · 2010/03/11 · 5 COMMENTS · Link

Deterring Spammers with Fake MX Records

For the past 48 hours, I've been dealing with a Sendmail server that was shutting down frequently with a load average above 13. The server's getting flooded constantly with spam attempts to non-existent users on more than 100 domains.

I've set up Sendmail to use a virtusertable that rejects every non-valid email address with a "user unknown" error. This is helpful, but Sendmail still has to take the time to reject each spam attempt. Since all but six domains on the server don't receive any mail at all, I wanted to find a way to stop Sendmail from receiving any requests for those domains.

After doing some research, I decided to try setting a fake MX record for the domains that do not send or receive mail. Here's how MX records are set for these domains:

IN MX 10 mail.example.com.

There's no mail server associated with that hostname.

On servers that do exchange email, fake MX records can be used to deter spammers. Most email servers are equipped to deal with mail servers that are unavailable. They queue the outgoing mail and try an alternate mail server, if one has been defined for the domain. Spam software can't take the time to queue an outgoing mail for delivery later because it is sending millions of messages. If it finds a mail server that's unavailable, it gives up and goes on to the next server.

Putting fake servers as the first and last MX record in a domain supposedly discourages spammers without affecting the receipt of legitimate email. Spammers hit the fakes and give up. Legitimate mail servers hit a fake, then try the next option and deliver the mail.

Here's how MX records can be set to achieve this:

IN MX 10 mail1.example.com.
IN MX 20 mail2.example.com.
IN MX 30 mail3.example.com.

The mail1.example.com and mail3.example.com servers are fakes that don't resolve properly. The functioning mail server is at mail2.example.com.

So far, the approach appears to work. Legitimate email is getting through and most domains aren't getting any spam attempts at all.

Linux · Sendmail · Dns · Spam · 2010/03/09 · 7 COMMENTS · Link

Former Sun CEO: Steve Jobs Threatened Patent Suit

Former Sun Microsystems CEO Jonathan Schwartz began a new blog three weeks ago called What I Couldn't Say to "put context around some of the decisions I faced at Sun," now that he's free from the corporate obligations to watch his words.

Schwartz writes today about tech company patent wars, revealing a 2003 meeting where Apple's Steve Jobs threatened Sun over patents:

In 2003, after I unveiled a prototype Linux desktop called Project Looking Glass*, Steve called my office to let me know the graphical effects were "stepping all over Apple's IP." (IP = Intellectual Property = patents, trademarks and copyrights.) If we moved forward to commercialize it, "I'll just sue you."

My response was simple. "Steve, I was just watching your last presentation, and Keynote looks identical to Concurrence -- do you own that IP?" Concurrence was a presentation product built by Lighthouse Design, a company I'd help to found and which Sun acquired in 1996. Lighthouse built applications for NeXTSTEP, the Unix based operating system whose core would become the foundation for all Mac products after Apple acquired NeXT in 1996. Steve had used Concurrence for years, and as Apple built their own presentation tool, it was obvious where they’d found inspiration. "And last I checked, MacOS is now built on Unix. I think Sun has a few OS patents, too." Steve was silent.

As a longtime Java book author I can remember the Project Looking Glass pitch. I can't think of any reason why Jobs would threaten patent litigation to stop it. Sun proposed and abandoned countless big ideas over the years.

Law · Patents · Tech · 2010/03/09 · Comment · Link

Meet Sarah Killen, Conan O'Brien's Favorite Twit

Sarah Killen

Since joining Twitter on Feb. 24, Conan O'Brien has amassed more than 534,000 followers and posted 10 tweets. Contractually exiled from late night television until September, O'Brien has embraced the new medium, sharing inane personal details of his life, airing petty grievances and even posting a Twitpic of how many people it takes for him to compose each tweet.

Friday afternoon, O'Brien announced that he has taken his first follower:

I've decided to follow someone at random. She likes peanut butter and gummy dinosaurs. Sarah Killen, your life is about to change.

Killen, a Fowlerville, Michigan, resident who has the username LovelyButton, has already acquired 10,200 followers and become one of Twitter's trending topics.

Furthering the insanity, her recent tweet calling Fowlerville resident Russell Bigos "an idiot" is making him a figure of scorn and sympathy. Killen's fiance John Slowik Jr. posted on Facebook Jan. 12 that he was "about to woop bigos in nba2k10," so this could be a videogame basketball rivalry gone terribly wrong. We'll have to wait for the media to dig for answers.

MTV did a video interview with Killen Friday night. She told MTV she was asked in advance by an O'Brien rep if it would be OK to pick her. Since her selection, she's received a free Apple iMac from HornBlasters and offered other freebies for her impending wedding.

Killen posted a link on Twitter to her Susan G. Komen 3-Day for the Cure donation page, where she's raised $1,100 towards her $5,000 goal in nine hours.

By the way, I've also decided to follow someone at random. He likes Jewish action figures and the metric system. Jonathan Bourne, your life is about to change.

Update: Sarah Killen is friends on Facebook with Aaron Bleyaert, the former Tonight Show with Conan O'Brien blogger, so it's possible that the selection wasn't entirely random. This scandal could go all the way up to the top! What did Coco know and when did he know it?

Twitter · Celebrity · Television · 2010/03/05 · 4 COMMENTS · Link

Google Isn't Trying to Screw RSS

Dave Winer claims on Scripting News today that Google is playing dirty with RSS in favor of Atom:

... Google is going to start reading feeds, but if I understand correctly, they're going to ignore the billions of RSS feeds out there, and ask everyone to convert to Atom to get more currency in search. You can imagine that I don't like this. I wouldn't like it even if I didn't play a big role in getting those billions of feeds out there. I wouldn't like because I have thousands of RSS feeds on my servers, and believe me -- they are not changing to Atom anytime in the next few decades. I don't think I'm alone in that.

Now a little preaching. Big companies always feel they can push the rest of us around, but I gotta say -- I've never seen it work. Usually the lesson they learn is that they would be better off if they would just Go With The Flow, and let the users guide them. Nothing wrong with reading Atom feeds, but to ignore RSS, well guys that's just plain dumb.

Give up the fight Google. You don't have to acknowlege me, but RSS -- that's a force of nature. That's why I did rssCloud -- for you -- to give you the impetus to do what you should have done naturally, support the formats that the users have chosen. It's not too late to get our relationship back on track. I'm not your enemy, I'm just one guy in an apartment in the West Village writing on my blog.

He understands incorrectly.

If he's talking about the news that Google may use PubSubHubbub (PuSH) to allow web publishers to submit new content to the search engine, there's no reason that this development would exclude "billions of RSS feeds." The PuSH protocol does not make feed publishers or software developers choose Atom instead of RSS. The protocol works equally well with feeds in both formats. If a hub is monitoring an RSS feed, it sends RSS data out to interested clients. If it monitors an Atom feed, it sends Atom.

PubSubHubbubThere was some early confusion because the PuSH specification was not clear on this point. To address the issue, I made some spec suggestions in September and Brett Slatkin incorporated them into the current draft of the specification. The spec leaves no doubt that PuSH is designed for both formats.

This blog is proof of that. I upgraded my blog a few months ago to send out updates using the protocol. Although my feed is in RSS format, PuSH has no trouble transmitting updates. People who are reading my blog in Google Reader or Google Buzz -- two of the first popular clients to support PuSH -- will get this blog entry a few seconds after I publish it.

PuSH is the best way to deliver real-time updates to RSS or Atom feeds. Now that WordPress supports the format on all 7.5 million blogs on WordPress.Com, all of the leading blog platforms have adopted the format.

The alternative, RSSCloud, still lacks a specification seven months after Winer revived it. There's only some rough implementation notes and no process in place to enable interested parties to decide what features the protocol will contain or how the spec will be written.

Google, if you're reading this, I'm concerned about our relationship. Why don't you call me any more? Things can be good again, baby. I'm sorry I got so angry before. I love you so much sometimes it just makes me crazy.

Rss · Google · Pubsubhubbub · 2010/03/04 · 5 COMMENTS · Link

Parenthood: So Heart-Warming It Hurts

I posted a review on Mister Television of NBC's new drama Parenthood:

The Parenthood pilot on NBC was the most exhausting television I've endured this season.

The show begins with Peter Krause jogging down a Berkeley, Calif., street. The jog has left him wheezing for air, in spite of the fact that Krause is physically fit and doesn't appear to have an ounce of fat on him. (I make this observation in an entirely heterosexual way.) He's sitting on his taut buttocks (OK, that was a little gay) when he gets a call from his sister Lauren Graham. She's moving to Berkeley with her teen-age daughter, who is acting out sexually with boys out of frustration with the fact that her mom is hotter. Graham needs to know that she's making the right decision by moving, and if she's making the wrong decision she wants to blame Krause. In between his dying breaths, Krause agrees to this deal.

I challenge anyone to write a more detailed review while missing the last 50 minutes of the episode.

I run the site with television's Jonathan Bourne. We're going to start up a TV death pool there in the fall that's 10 percent better than the competition.

Television · Nbc · Parenting · 2010/03/04 · Comment · Link

Read More Entries

Microsoft Bob icon

Rogers Cadenhead

Social Media

Mastodon

Mastodon

Subscriptions

Workbench RSS feed RSS Feed

Blogroll

Projects

RSS Advisory Board

How to Read an RSS Feed with Java Using XOM

The RSS Advisory Board Just Turned 20

Downloading 50,000 Podcast Feeds to Analyze Their RSS

Tara Calishain Explains: What is RSS?

Be Unique And Use RSS Guid Like Everybody Else

Statistics

Line drawing of cowboy on horse

This blog has been published since Nov. 7, 1999 (a span of 9,219 days).

Thank you for visiting Workbench.

Drawing of an owl with glasses reading a book