Stefano Rivera (Posts about rant)

International 419-SMS

Stefano Rivera — Tue, 30 Sep 2008 09:54:43 GMT

I don't know if I get more spam than other people because my phone numbers are public, or if I'm just more of a touchy, grouchy git than other people and just react to every spam I get.

So, here is another SPAM-related post.

I just got an SMS from +256715316646 saying:

CONGRATULATION- You have won a TOYOTA LANDCRUISER VX worth $80,000 US DOLLARS.Contact the manager DR: STEPHEN through +254720043297 (JAPAN INT. MOTORS) THANKS.

Look closely. Firstly, it's a 419-scam via SMS. I've never seen one of those before. 2nd, it's from Uganda (a Uganda Telecom cellphone number). Third, it wants me to call someone in Kenya (a Safaricom cell number).

What on earth does one do to stop such things? Either this is run by a group with people on the ground in both countries, or they are using online bulk-SMS services. But International SMSs aren't cheap. And I have no idea who to complain to about this. Let's hope that this kind of spam doesn't become common, because it's virtually unstoppable if it does (like International e-mail spam).

Update: This page seems to have become a rant-board for people getting this spam. If it isn't plainly obvious, here's what to do: nothing. Don't respond, don't give them details, it's a scam!.

Update 2: I won't be replying to any of these comments any more - read the update above.

Update 3: Comments disabled, as this post is collecting more of the same comments. Don't try and contact me personally if you have got a similar message, I'm not interested.

Ctrl-Alt-shortcuts considered harmful

Stefano Rivera — Fri, 26 Sep 2008 18:32:12 GMT

I've written about this before, but Ctrl-Alt-workspace switching key-presses nail me routinely.

Let's go through some history:

We have Ctrl-Alt-Delete, the "three-fingered-salute", meaning reboot, right? That combination was designed to NEVER be pressed by accident. And it never used to be.

The X guys needed a kill-X key-press, as things can sometimes get broken in X. So they chose Ctrl-Alt-Backspace, which is also a pretty sensible combination. It's very similar to Ctrl-Alt-Delete, so we remember it, and backspace has milder connotations than delete, so we understand it to mean that it'll only kill a part of the system.

X also has some other Ctl-Alt- shortcuts. Some of these are also suitably obscure, i.e. NumPad+ and NumPad-. Others like Ctrl-Alt-F1 mean change to virtual console 1. That one might do by accident, if you are an old WordPerfect user, but should be safe enough otherwise. They were designed to look like big brothers of (and even work as) standard VT-changing behaviour.

For changing workspaces, Alt-F1 style key-presses were used, mimicing VT-changing key-presses. This is great for *nix users, but people coming from Windows expect Alt-F4 to close a program, not take them to workspace 4.

So GNOME came along, and decided that instead, they'd use Ctrl-Alt-Arrow key-presses to change workspace. That's fine, but it's a pretty common action, so I'm often holding down Ctrl-Alt without even thinking about it. If I start editing something and press delete/backspace, before I've released Ctrl-Alt, boom! And I run screaming and write a blog post.

Now, I know that Ctl-Alt-{Delete,Backspace} can be disabled (even if the latter is a little tricky to do), but I'd really like to change them. I like to be able to kill X without using another machine and ssh, I just don't like this to happen by accident. And no, the solution isn't for me to change my workspace-changing keys, because this problem must affect every GNOME user, not just me.

Dangerous key-presses should be really unlikely key-presses. Alt-SysRq- key-presses are good in this regard, they'll always be unlikely. (Oh, and they are insanely useful.)

Spelunking in M&G's Zapiro Archive

Stefano Rivera — Sat, 13 Sep 2008 00:24:32 GMT

Those who follow me will know that I used to maintain a web frontend to the Mail & Guardian Online Zapiro archive.

M&G used to have a rather crufty website. Subscriber-only content was trivial to access (for non-subscribers), URLs were ugly, and dinosaurs roamed in the far corners of the site. It had RSS feeds, but not an RSS feed for the zapiro archive (or any specific-interest RSS feeds for that matter). I don't check websites, I read RSS feeds.

Me being a young geek with a little too much spare time, I put together zapiro.rivera.za.net, as a ~200-line PHP script (with no SQL DB) that was really nice to use (in my books) and gave me a Zapiro RSS feed.

When they noticed, the powers at be at M&G weren't too impressed with it, because it deprived them of eyeballs (and hot-linked their Zapiro images). However I felt satisfied that I was merely providing a fair-use access to their content and allowing people to follow it who wouldn't have been able to otherwise. The site never got much traffic, so thus far it's not been a serious problem.

Around June this year, M&G redesigned their website, and I don't think I even noticed (did I say something about them not having decent feeds?). This redesign broke the machinery in zapiro.rivera.za.net but I didn't notice that because Zapiro had taken a sabbatical earlier this year, and was going weeks without posting cartoons.

Enough back-story. Point is I took a look at the new M&G Zapiro Archive this evening and was shocked. Before I go into all my problems with it, let me just disclaim that they are rather nit-picky but if these problems weren't there they site would be a hell of a lot more usable:

There are still no useful RSS feeds. There is a rather terse selection of general feeds.
The Archive menu only goes back to 2001. M&G has zapiro cartoons going back to 1999.
Archive menu URLs are in /Month/Year format. Did anyone even think about URL-scheme when they were designing?
Their tagging feature while using multi-select widgets only allows single tags to be selected (oh, and it requires Javascript)
Each cartoon has two URLs. Ok, I guess they weren't thinking about URL scheme.
1. Today's cartoon has the /zapiro/all/ URL. Yesterdays /zapiro/all/1, etc. going back to the begging of time (currently residing at /zapiro/all/1870). Way to go with permalinks guys. Oh and did you notice that they are all titled "Latest Zapiro"?
2. Clicking on the "Comments" link or using the "Archive" menu below takes you to something like /zapiro/fullcartoon/1. Oh, except 1 gives us a non-existent cartoon at the beginning of this Unix Epoch. But take a closer look: it has tags associated. Can anyone say WTF?.

The insanity continues: 2 gives us a cartoon from September 1999. 3-25 are more non-existent wonders, and then things go backwards in time until 36 which jumps us to June 3 2008. (Hmm, I think that may have been around the M&G redesign launch date.)

We move forward in time until 40, when we start moving backwards from May 2008, through many seas of well-tagged gaps, to ... well somewhere. (OK, so I got bored and didn't manually crawl 2000 pages, but would you?) Some cartoons are in totally the wrong position, we randomly move backwards and forwards and sideways.

Finally things settle down, and we go forwards again (with gaps of course) from 2054 to today's cartoon at 2101 — a fine Zapiro specimen if every I saw one.

Why was I doing all this mind-numbing crawling you ask? Well I wanted to know if I could do anything to make my Zapiro scraper work again. The answer? Not simply. They don't have any sensible way to locate the cartoon from a specific day, short of crawling the entire archive and recording the URLs found. I don't think there is any logic to this LSD-induced URL scheme.

URL schemes matter. This seems to be something that the big guns haven't noticed. I don't think it's a co-incidence that the most expensive CMSs out there have the worst URLs, whereas Wordpress and Drupal (with pathauto) encourage sensible URLs and are Open Source.

Sure, most users don't change what they see in the address bar, but if people are going to link into your site, you should provide nice permalinks. Then, if you want anyone to build anything on top of your site (where anyone includes yourself), it would really help if you had a sane URL scheme. Finally, it gives you geek-cred. :-)

While I think of a better way to get my scraper working again, Happy Spelunking!

An open letter to NatWest bank

Stefano Rivera — Wed, 28 May 2008 16:27:30 GMT

Subject: Strict Browser restrictions

Hi, I'm a customer of yours, and a GNU/Linux user who gets frequently frustrated by your browser detection.

Basically, the problem is that very few web browsers have been certified with your website. Now, I have no real issue with that, nobody has enough time to try every web browser in the world, and adjust their websites to fit around every browser's bugs. But that doesn't mean it's acceptable to reject your users with a message like "The Internet browser you are using is not supported by online banking. Use the link below to see the complete list of browsers we support."

Firstly, the browsers I use are listed as being supported on your list 1:

On this laptop, I use a Firefox 3.0 beta. Firefox 3.0 is listed is being supported, and it works (if I tweak it to identify it as Firefox 2.0, then I can use the site just fine).

On my desktops, I use Iceweasel 2.x. Iceweasel is Firefox with a different name, to get around trademark issues. Ask your Linux-techies, they should know about it. Again, it works as expected.

Secondly, 1 states: "Netscape, Mozilla and Firefox users with other operating systems such as Linux may also be able to access the service." How are we supposed to access the service if you deny us access?

More generally, locking out unknown browsers goes completely against your policy of Accessibility 2. While the WAI 3 doesn't specifically recommend against turning away unknown browsers, I think you'll find that's because the authors didn't even dream of considering such a thing. The entire point of WAI, is to make your site as portable as possible, and to work for everyone with a far wider variety of user agents than you could ever test with.

I don't know how you can call yourself WAI-compliant and reject un-"certified" browsers. Your webmasters should hang their heads in shame.

Now, I don't intend to rant any more than that, because that's the only problem I have with your site (and your service). Beyond this little niggle (which stops me being able to bank, without configuring my browser to lie) I'm very impressed with your services.

Please sort this out, it'll turn me back into a happy customer.

SR

PS: I'd have sent this by e-mail, where I'd, but you don't provide any e-mail contact details on your site. PPS: Only providing a small feedback form doesn't help users give you real feedback, it just intimidates and irritates them.

--
Stefano Rivera
http://rivera.za.net/
H: +27 21 794 7937 C: +27 72 419 8559

Now, that was rather harsh to them, but this has been irritating me for ages. Then, when I did decide to do something about it, I was rather worked up, and ranted.

I got a call back from NatWest this morning, and was basically told that they aren't going to change anything. I can understand their position, but I don't that they were seeing mine. (Oh, and I think they are wrong.)

The reasons I was given for this non-approved lockout are:

Support. But of course, if your web site is decent, then you shouldn't have any support issues. (OK, that's rather utopic, but the kind of people who use alternative browsers will be OK in such situations).
Security. Apparently Opera caches previously visited pages as they were. Clicking back doesn't revalidate with the server, and so someone who's logged out of their Internet banking and gone on to google still has their private data visible in the history. Anyone coming up to their computer can go back to it.

Now, I don't think point 2 is NatWest's problem. If Opera doesn't support revalidation, then Opera must fix it. If Opera do, and NatWest doesn't send the correct Pragma headers, then it's NatWest's problem.

But still, that doesn't mean you lock-out untested browers, dammit. Especially if you call yourself WAI-compliant.

I'd love to see some feedback from a WAI board member on this type of issue. I don't think the WAI specs address it.

Oh, and everyone, please stand up for your right to browse the web however you see fit. If more people did so, these kind of issues would crop up less often.

A telecoms rant

Stefano Rivera — Sun, 10 Feb 2008 12:43:49 GMT

You'd think that telecoms (esp in South Africa, where being one is a license to print money) would do everything they could to get you to spend money with them? If only.

Cellphones (at least Vodacom) have always required you to manually enable International phone calls & International roaming, by giving them a call and requesting it. This is a pain, to say the least. And you normally forget until you are already in another country.

But Telkom have taken this to a new level. I got a new phone line last month (which still doesn't have working DSL, grr!), and just noticed that I can't make International calls on it. So I phone telkom. Amazingly I didn't have to wait on hold at all (something never before experienced when calling the beast), and the lady I spoke to told me I have to "Visit a Telkom Shop with my ID". WTF? How hard are they making it to spend money on them?

Is there any legitimate reason that international calls are blocked? With our pricing, it's easy to knock up a multi-k-ZAR bill without even thinking about dialling an international number, so they aren't protecting anyone.

In related news, the reason you can't have incoming connections on Vodacom 3G (even with "internetvpn") is because then you'd be liable for the cost of any DOS you received. Isn't this a problem that hosting providers and ISPs already have to deal with? Why are mobile operators special? We need some Internet Neutrality and Telecoms sense in this country...

Gnome virtual desktop bindings

Stefano Rivera — Sat, 10 Nov 2007 20:34:10 GMT

This might sound like a silly topic, but it's infuriating.

It's only very recently (since July) that I've adopted the Ctrl-Alt-Arrow Virtual Desktop bindings. Call me an old todger, but up until now, I've always remapped Alt-F1 through Alt-F6 as my Virtual Desktop keys. That's how I always switched desktop, and I couldn't bring myself to change to the Ctrl-Alt style.

I try to slowly align myself with the new defaults, so that I have to do less customisation to feel comfortable when I sit down at a box. With the MacBook which infuriatingly requires Fn+ for the F-keys, I thought I'd switch. It took a bit of re-training to switch, and now I'm comfortable. But, every now an then, I accidentally press Ctrl-Alt-Backspace and kill X. This combination is supposed to be highly unlikely to be accidental, and used to be. But with the default gnome bindings, it's quite common. You just finish editing some text, and switch desktop, to find that your right hand hadn't fully released the backspace key before the Ctrl+Alt went down.

I think either the X kill key needs to be changed, or we have to get rid of this silly gnome desktop-switching binding.

OTOH, I'm almost entirely in line with the modern GNOME defaults. On a foreign machine, I need to set up Dvorak keyboard, change the terminal to grey-on-black, and I'm pretty much ready to go. (My .ssh/config is also nice to have, as are my firefox quick links)