Category: Troubleshooting

Posted on
by

Since upgrading to Mozilla Thunderbird 1.5 beta 2, I’ve seen a number of messages slapped with a warning label that “Thunderbird thinks this message might be an email scam.” It appears at the top of the message, in the same style as the junk mail notice bar or the warning that remote images have been blocked, and there’s a button to mark the message as “Not a Scam.”

There’s only one problem. Since SpamAssassin and ClamAV do such a good job of catching the phishing scams before they reach my inbox, Thunderbird has yet to catch any actual phish. But there’ve been a lot of false positives. It’s hit LiveJournal reply notices, newsletters from IEEE and Golden Key, a Spam Karma notice from my own blog, and I’ve seen it on both outbid notices and updates to saved searches from eBay.

I found myself wondering just how Thunderbird’s phishing detection decides that a message is suspicious—and how to teach it that the next LJ notice isn’t a scam.

The Thunderbird support website doesn’t seem to have been updated yet. Most of the articles I’ve found only talk about TB adding the feature, not how it works. The best information I found was this Mozillazine forum thread, which included a link to the actual code that makes the decision, in phishingDetector.js. Thunderbird looks at the following:

  • Links that only use an IP address, including dotted decimal, octal, hex, dword, or some mixed encoding.
  • Links that claim to go to one site, but actually go to another. (Phishers do this to fool you into going to their site. Legit mailing lists sometimes do this with redirectors for tracking purposes.)
  • Forms embedded in the email. (This explains the LiveJournal notices.)

It also appears to trap text URLs containing HTML-escaped characters, which explains the Spam Karma reports. In this case the report includes a spammer’s link with ​ in the hostname. The message is plain text, so Thunderbird leaves the entity as-is when displaying it…but decodes it when it creates the link. Result: a link where the text and URL don’t match.

The easiest way to prevent it from freaking out over the next message? Add the sender to your address book. I’m not sure that’s a great idea, since a phisher could guess which addresses you have saved and spoof them, but it’s at least simple. I guess I’ll find out whether it works the next time I get a reply notice from LJ. Update: Adding the sender to your address book doesn’t seem to have any effect.

Update 2 (July 12, 2006): The comment thread’s gotten long enough that I can see people might miss this, so here’s how to disable it:

  1. Open Options or Preferences (this will be under the Tools menu on Windows, Thunderbird on Mac, or Edit on Linux).
  2. Click on Privacy (there should be a big padlock icon).
  3. Click on the E-mail Scams tab.
  4. Disable the “Check mail messages for email scams” option and click on Close.

That’s it.

Posted on
by

Today I was trying to fix a problem in a section of a website that hadn’t been changed in roughly 5 years. The page in question retrieved data from a database and filled out an Acrobat form using FDF. Under some circumstances, Adobe Reader would generate an error message, “Expected a dict object.” Then it would freeze, and crash the web browser for good measure.

This site was built with ColdFusion, and used a then-freely-available library called PDFFormFiller.cfm (I can’t find any sign of it now) to generate the FDF code. After saving the offending FDF to a file (eliminating the browser as a factor), I started manually editing the code to see what happened.

The problem turned out to be parentheses appearing in the form data. FDF uses parentheses-delimited strings, and it was finding ) in the code and trying to parse what was left as FDF tokens. The solution was simple: just escape the parentheses as \( or \). Continue reading

Posted on
by

Opera BrowserI finally figured out why I’ve had so much trouble logging into sites with the latest version of Opera! (I’ve actually had to log into My Opera using Firefox. How’s that for irony?)

It’s all down to “Treat as specified in Server Manager,” which seems to be either the default or the way an old preference got interpreted after upgrading. First of all, you get to Server Manager by clicking on the “Manage cookies…” button. I’d been looking for something labeled Server Manager and didn’t find anything. Secondly, it seems to mean “Ignore any cookie for a site that isn’t explicitly listed in Server Manager.”

Once I added my.opera.com to the list, I was able to log in.

I may switch to “Accept all cookies,” though, since I’ve finally figured out another cookie issue.
Continue reading

Posted on
by

If you want to build a Linux or FreeBSD system around a RAID array, don’t use the Promise SuperTrak SX6000 controller. At least not for now.

The card used to work under Linux using the standard I2O drivers (i2o_block, etc.), but sometime last year Promise changed the firmware so that it no longer uses I2O. Now you’re stuck with Promise’s own driver, so if you want to use an old enough distribution* (say, Red Hat 7.3) that you can find a driver disk, or make your own driver disk, go ahead…but don’t expect to be able to upgrade it unless you can create a driver disk for the newer distro. This assumes the source code for the driver will work with recent 2.4 kernels—it won’t compile with 2.6. There has been talk of merging the pti_st driver into the kernel (fortunately it’s GPLed), but I can’t find anything more recent than August. Someday it might work again, but not today.

Now, FreeBSD is another matter. It has built-in drivers (pst), the installer will detect it automatically, and even let you install your entire system to it—without warning you that FreeBSD can’t boot from the SX6000. You can boot from another drive and interact with it once the system’s running, but you can’t put your entire system on the RAID array. (This information is not in the installer, not in the hardware notes, not in the driver man page. I only found the one 1½-year-old mailing list post by the driver’s author, and a bunch of “I don’t think it works” comments in other lists and forums.)

I hope this post will save someone a lot of frustration.

*Of the distributions for which Promise has provided driver disks, only one—SuSE 9.0—hasn’t already been retired.

Posted on
by

One of the reasons our Powerbook stays in Mac OS most of the time (aside from the fact that It Just Works™) is that Yellow Dog Linux 3.0 didn’t have drivers for Airport Extreme, so it can’t connect to the wireless network. I had hoped that YDL 4 (just released) would resolve this — perhaps the driver was only available for the 2.6 kernel, or something.

I finally started looking, and that’s not the case. It seems that the Airport Extreme chipset manufacturer, Broadcom, refuses to release Linux drivers or to release specs to allow anyone else to write Linux drivers.

I don’t expect it to do any good, but I signed my first online petition.

Ah, well, I can do almost everything under Mac OS, and for those occasions that I actually need Linux, I can always go solo or plug in a cable, though it does limit where I can hook it up.