A few minutes ago, I was looking at the latest Stardust Photo Gallery (nicely pointed out by Neil Gaiman himself). To save time hitting back repeatedly, I just opened a bunch of the thumbnails in tabs.

Audio started playing, “Congratulations! You’ve been selected for…” Then a second round started in, “Congratulations! You’ve been sel…” A third round of the same ad had started, all of them overlapping, by the time I closed the window.

It’s 2007. People multitask. All modern web browsers have tabs available, not just the alternative ones. The time when you could assume you had the user’s undivided attention is long gone.

Note that I can’t tell you what the ad was for. I don’t know which tabs were playing it, so I didn’t even see the visual portion. It accomplished absolutely nothing that an advertisement is supposed to do—unless you want ads to drive people away from your site.

Oh, yeah, before I forget: Stardust!

Stardust Inn (via moviesonline.ca)

OK, I appreciate that eBay has a dedicated email address for reporting phishing attempts. I appreciate that their abuse department is a lot busier than I am, and therefore has to rely heavily on form letters. And I appreciate that they’re making an effort to educate the public on how to spot phishing and avoid getting caught.

But when I forward them a message with the comment, “Here’s a sample of a blatant phish,” is it really necessary to reply with the full two-page notice explaining, “This is a spoof, we didn’t send it, here’s how to avoid it, blah blah blah” and the entire body of the original message, complete with the links to the phishing site?

I’d think in this case a simple, “Thanks for the report, we’ve notified the authorities” note would be sufficient, especially since the “how to spot a phish” stuff is already in the auto-response. All it takes is giving their abuse staff an extra choice for the form letter.

And under no circumstances should they be including the full, original text of the phish. At best, it’s asking for the response to get lost in a spam box or blocked outright. At worst, it’s a security risk waiting to happen (since this copy really did come from eBay). Somewhere in the middle is the risk of mucking up adaptive filters as they try to reconcile the original message, which was spam, with the new message, which isn’t.

It’s really annoying that the writers and editors on The Flash didn’t see fit to actually tell us the names of Wally and Linda’s children during the final 6 issues of the series. All we know is that one is a boy and the other is a girl.

Even more annoying is the fan speculation that the twins will turn out to be one of two existing pairs of characters:

  1. The Tornado Twins, who first appeared in Legion of Super-Heroes, or
  2. Más y Menos, a pair of speedster twins from the Teen Titans cartoon.

Continue reading

Here’s a piece of friendly advice from a mail server admin to companies that interact with subscribers and customers via email:

Pick one domain name for your business. Just one. Don’t use any other domains in your emails, even if you want to keep order confirmations separate from promotions. If you contract out for some other company to send out a newsletter or survey to your customers, insist that they send it out using your own domain name. If you’re using DomainKeys or SPF, make sure they’re authorized or send it yourself. And don’t even think of making the links through redirection scripts, even if you really want to track which subscribers are clicking.


Two words: Spam and fraud. Continue reading

The SANS Internet Storm Center remarks on the challenges of fixing Java vulnerabilities, since Sun’s installer only checks once a month by default—based on when you installed it, not on a standard schedule.

Well, it’s worse than that. My Windows 2000 box at work was easy. I just went into Control Panel, opened the Java Plugin, and told it to update. At home, on our Windows XP box, I had to go through multiple reboots just to get the installer started.

It wasn’t XP that was the problem, though: It was Norton Internet Security. First it disabled all network access from Firefox when I installed the new version. Then it blocked access to the Java updater, so whenever I clicked on “Install” it would just disappear instead of launching the installer. I resolved it (for now) by disabling Norton while I did the install…but I had to reboot in order to get as far as the first step again.