ビックカメラ.com事件：パスワードの不正利用

Yes, it really happens, even with sales giants... I wonder what caused (not detailed) BicCamera to reset all passwords of all accounts, and return points to affected cards. This is big, but Japanese media is not taking too hard on them.

Here is the email notification I received earlier today:

お客様への重要なお知らせ

拝啓　いつも弊社インターネットショッピングサイト「ビックカメラドットコム」

（以下、「ドットコム」といいます）をご利用賜り心から御礼申し上げます。
さて、ドットコムトップページの平成22年11月22日付「インターネット
ショッピングサイトの再開予定について」でもお知らせしておりますが、
ドットコムで発生しましたネットショップ会員のＩＤ・パスワードの不正利用
の事案について、お客様には多大なるご迷惑、ご心配をお掛けいたし
ましたこと、深くお詫び申し上げます。
今般、第三者機関によるセキュリティ診断によりドットコムサイトの安全
性が確認されましたので11月24日の午後2時をもちましてサイトを再開
させていただく予定でございます。

つきましては、安全性確保の為、 現在ご使用いただいているドットコムの
アクセスパスワードについては全て変更させて頂きました。
会員の皆様には大変ご迷惑をおかけいたしますが、今回ご案内させて
いただきました新しいアクセスパスワードにてご利用をお願いします。

尚、当面の間はドットコムサイトでの一時的なポイント使用・ 会員登録
の変更停止措置をとり、段階的に使用・変更停止措置を解除させて
いただきます。ポイント加算は従来どおり行われますのでご安心くだ
さい。また、より一層の安全面を考慮し、クレジットカード情報の事前登録
のサービスは停止させていただきます。会員の皆様にはご不自由を
お掛けしますが、何卒ご理解のほどよろしくお願い申し上げます。

パスワード：*******

ビックカメラドットコムのパスワード等に関するお問い合わせ先
ビックカメラドットコムサポートセンター
フリーダイヤル：0120-301-097　 電話番号：03-5985-7000
（営業時間　10:00～20:00年中無休）
※フリーダイヤルのご利用は11月24日午後2時～開始致します。
ｅメール　　：support@cc.biccamera.com
ビックカメラドットコム　http://www.biccamera.com

The message seems original (and there is official note in their website), but the mail server used is a bit suspicious (siella.jp, weird).

Official info:
http://www.biccamera.co.jp/ir/info101122.html
http://www.biccamera.co.jp/ir/info101123.html
http://www.biccamera.co.jp/ir/news/pdf2010/20101115news.pdf

Symbolic links on Windows

 I can't deny that this is not something most users will ever need. Nevertheless, I thought worthy to comment about as some issues from original sources are still to be fixed, so this might help people stuck in the same kind of problems.

The symlinks (symbolic links) or junctions as more commonly called in Windows (actually this is NTFS's junction point), are simple files or directories that actually are localed in some place else. The only difference here from usual links you can create on your desktop, for example, is the fact that all software (most of them) use the link location as if it was the real file. This is very handy in cases you want to move specific directories or files into other drives on your computer. Although Windows do not officially added support for NTFS junctions, it has released some official tools to handle it.

A classic case here for me is the virtual machine. Trying to update the latest version of the iPad, I need to run a backup first, which takes nothing less than 10~20GB of my virtual hard drive (thank you iTunes - I am being sarcastic btw)... my solution here then is to simply create a new temporary virtual drive just for this task (don't ask me how long this takes).

Junction application

You need to install (my suggestion is to save the file into c:\Windows\system32\, which will make the command available anywhere from the command-line) the junction application from Microsoft SysInternals: http://technet.microsoft.com/en-us/sysinternals/bb896768.aspx

Do not follow the instructions of usage there, because they are incorrect (well, as far as this post date). I have sent a message to them to fix it, but only almighty knows when or if this is going to happen.

Junction commands

Creating

just go to the path where you want to create the junction (from command-line)

c:\> junction iTunes h:\iTunes

(here I am setting the real files of iTunes directory to be in H drive)

Note: The local iTunes file/directory is going to be created by the junction application, so DO NOT create a real file with the same name here in advance (as specified in official documentation).

Searching

c:\> junction -s

(this will search and list for all junctions available in C drive)

Removing

c:\> junction -d iTunes 

But...

The only bad side here is that this action really happens in the file system level, leaving Windows dumb to deal with them (in Windows Explorer, you will just see it as another directory like any other)... forgetting about what you did may give you some headaches later, so I usually write a README file to really remember me about something unusual I have done in that particular location.

Creating ISO images on Ubuntu

I couldn't hold myself... it is just THAT easy!

$> cat /dev/cdrom > ~/cd.iso

This will create an ISO image file for all contents on your CD device.

Now, if you want to create ISO with files/directories from your local conputer:

$> mkisofs -r -o file.iso /path/to/directory

Note: This is installed in Ubuntu by default.

Stupidly easy!


Source: http://ubuntuguide.org/wiki/Ubuntu:Feisty/CDDVDBurning

Download Youtube Videos: The easy way

Once in a while I get to download Youtube videos here and there, but in most cases I am always targeting  some particular topic, and the result, as expected, is just so overwhelming (meaning, so many videos available, you don't know from where to start).

In many cases, though, you just have a bunch of small files that are not least important, but the pain to go over all of them page by page can become the reason for you not to watch them at all. Ok, if you have the time to stay in front of the computer and watch them in a batch, Youtube has features to help you on that.

In my case, however, I mostly want to check them out later, specially carrying the files on my mobile device (iPhone), so I can watch them whenever I have spare time.

So I was looking for some tools to ease my downloading pain (used to use the Easy Youtube Video Downloader, an add-on for Firefox, but it is still one-by-one kind of tool, which was still painful), I came across the youtube-dl script, which solved all my problems.

With very minimum command-line options, you are able to download all videos in specific format of any playlist, search results... really the kind of thing I was looking for!

Here is an example to download from a playlist (which I use a lot):

# from command-line (terminal)

./youtube-dl -m -o "%(title)s_%(id)s.%(ext)s" {link}

Notes:

• the original downloable file is downloaded as a simple file by default. To execute it such as above, you will need to give executable permissions to it: sudo chmod 755 youtube-dl
• the "-m" option is for "mp4" mobile formats
• the output name by default comes as an ID only, which is hard to track what was that video file about, so we can adjust its name such as my example above.
• the "link" can be either:
• a video link, such as  http://www.youtube.com/watch?v=V5QIboyWscY
• a playlist link, such as http://www.youtube.com/user/AtGoogleTalks#p/c/B74595015191C796
• searches, etc...

See the youtube-dl main page for additional information.

Ubuntu, it has never been so easy

Not so much free time to write here recently, but I just wanted to share how easy things are getting with Ubuntu, and Linux in general. I can really forecast the moment when the whole idea of Linux = Geek will simply disappear, opening space for it to really scale in the market.

My post today talks about drivers, still one of the hard things to do in Linux (I mean, for "human beings").

I have two updates that surprised me with the simplicity.

1) Printers

This has always been a pain in the Linux world. First, you go buy a printer, and usually you focus on features and price, right? How about support and software? Only Windows, sometimes Mac (but still rare). When you decide to use a printer on Linux, you have to pray so that someone coded the driver for your hardware (the printer), and most of the time, there is none.

One big example is at my company, which uses Xerox network printers, with simply no support or drivers available. You can manage, with some work, to find similar drivers that will partially make it functional, but of course this is not enough (imagine if you are talking about migrating end-users to Linux... this is killer-feature). How do we solve the problem? Workaround by sending the data to a Windows machine that talks to the Xerox printer. At least it works.


At home I use HP (of course), which has people more interested in contributing to the open-source community, so you can find lots of drivers to install... but still, it was a matter of installing the driver, all that hard work... I had to do that until Ubuntu 9, very recent.

Today I had to use my printer again after a while (after iPhones and iPads, who needs paper?) so I had to install the drivers again... oops, I am lying. I didn't do a thing. Just went to:

 System > Administration > Printing

My printer just appeared there, so I added it, and that was it. All the pain, just gone. Really impressive.  If you need to use a printer in Ubuntu, try this first.

2) Web Cameras

This one here was never as hard as the printers, but lack of software for webcams were the problem, IMO. In the last couple of years, this has already changed considerably, but I never thought it would be so easy to do stuff with webcam in Linux.

So I bought this nice (and cheap) webcam with HD resolution, Buffalo BSW32K01H, and plugged it in. That is all. Even if Buffalo does not officially give support for drivers in Linux, webcams talk on a standard way to the computer, which makes it simple to give support to practically any webcam there is.

I wanted to test it out (usually use the Cheese application), but I wanted to provide a visualization through web. I ran into this post, that talks about he webcam-server, a very simple and interesting application which gives access to the camera through HTTP. Then, with a simple Java applet (already included in the package), you can build a simply surveillance system at home. I put it working and "streaming" to my mobile in less than 10 min (most of the time was spent reading the post, lol).

For my personal reference, I will leave a sample of what needs to be done:

 # install

 sudo apt-get install webcam-server

 # run it (and leave on background)

 webcam-server -v -g 640x480 -p 8081 -c Home-Cam &

 # access it

 firefox http://localhost:8081/

 # read the post if you want to implement a daemon mode (init.d)

 # and auto-refresh with java applet (also included in the man pages)

Alax/Javascript bugs are everywhere

Recently, I am working with teams doing tons of "usability" focused coding, which requires massive use of Javascript and Ajax. Besides the security problems, which are enormous (see this tutorial from Google about it: http://jarlsberg.appspot.com/), you have to deal with the unpredictable common-sense of the end-user, which is IMO, never as easy as it could be.

So, whenever I think about the bugs and problems we face all day because of it, I look back to giants and see that, even with all the power in their hands, still simple problems such as below keep showing up...

 
My gmail (yes, Gmail) account displaying zero messages (I just deleted the spam) but with some calculation errors (probably just a variable that was not updated in time)... But this bug caused my click to the "Older >" to get interestingly going forward on zero messages...

"To err is human, to forgive divine." -- Alexander Pope

Ubuntu Lucid Lynx - First impressions

Just to share some of the stones I came up with since I started using the recently released Ubuntu Lucid Lynx (10.04).

I always keep my stuff easy to move so that I can follow up the updates of Ubuntu (twice a year is pretty hard), and take the opportunity to clean up my machine for trashes I don't need anymore, by simply reformatting it entirely... neat!

Anyway, as every time, I come across some problems, of course all of them workable in some way, well, at least most of them. So I will document here in this post the "customizations" from default installation I needed to do in order to run the machine just the way I wanted.


1) Input Method Editor (iBus)

 Since version 9, the big change from SCIM to iBus hit me hard, as I was so used to it before, and used a lot (need to write in Japanese and sometimes Chinese). My mother language (Portuguese) is solved by switching keyboard layouts (gosh, that took me a while to figure out, since Windows handles this all within the IME itself).

As I reported on Ubuntu Forums here, I had some more stuff to do to get it done right:

1. Turn on iBus (from System > Preferences > iBus Preferences)
2. Follow the instructions in the warning message (to edit the ~/.bashrc file)
3. Force it to start automatically when the machine boots up (from System > Preferences Startup Applications)
4. Add the languages you want to use
5. Last, but not the least, install the language packages corresponding to the languages you added in (4).

For the last step, as you can read in the Ubuntu Forum here, you can do it all from user interface without touching a terminal... but I guess I am just getting to used to it by now (lol).

And that did the trick for me to be able to write Asian languages on Lucid:

2) Python2.5 - for Google App Engine development

I am a GAE enthusiast, and for that I always leave my machine ready to run its SDK, which requires python2.5 version, up to this moment. Unfortunately, the packages are not available anymore on Lucid.

I had some discussions on Ubuntu Forum here, but in the end, I just preferred to compile it from the source, which was fairly simple, besides the fact that it overwrote my python default (that you don't want to do, believe me). The workaround for that is to simply remove the /usr/local/bin/python file which is read first from the $PATH list. 



3) VirtualBox - Access to USB

Well, one of the big reasons I ever needed USB support on a virtual machine was because of my iPhone. This problem seems to be over with Lucid, that has plenty of support on it, with Rhythmbox. Until I noticed that, I did what I was already used to, and tried to get access on a USB port from a virtual machine, with no luck.

It turns out that the new Ubuntu has deprecated some of the mounting formats that were used by the VirtualBox to recognize the USB devices. Fortunately, the application is still installed by default, you just have to run it so that VirtualBox can gain access to the USB devices: HAL (hardware abstraction layer), by running: sudo hald --daemon=no command on a terminal (leave it running while accessing your virtual machine), and voila.

I got this from this discussion on VirtualBox Forum.


4) Screenshots - Shutter edit interface

This is one of the applications I simply can't live without. Getting screenshots from your desktop is so common action, specially if you like to document/report  well what you are doing, that being work or pleasure. You know, "an image is worth a thousand words".

Besides the fact that it is still not yet in the main repository (unfortunately), and because of that you need to either download it manually or add the repo sources in your machine, one of the features I also care the most on this application is the edit option, that allows you to do some basic image editing, such as cropping or adding additional images or shapes to it, without the pain of loading GIMP all the time (don't get me wrong here GIMP is powerful tool and I use it a lot too, but it give me the nerves to open it for a simple crop command).

Another problem with a simple solution: Lucid does not come with the package "libgoo-canvas-perl", so you need to install it by hand. I found about this on Shutter Bug #539527.


Others

Of course, as usual, lots of small changes, enough to break my installation script several times... no problem, 9.10 is already history, so I am preparing my 10.04 script, just in case I need to refresh my machine(s).

Some of them:

- Git: it is now on git-core package
- etc...


But some good improvements

One very good thing though, the external monitor handling issue (reported since 9.10 and not fixed by then) seems to be over (can't thank enough for that).

I refuse to write about the visual changes (window controls on left, blah blah.. I am tired of people talking about it), besides that I am totally in favor of it (in fact, since I used Mac4Lin for long, I was already used to have it like a Mac). One less thing for me to manually update from now on, lol....

If only Google App Engine had a SLA...

I am using Google App Engine for some time already, spent long time testing with small applications for my company, and even started a simple open-source library called Jobtracker, running on it, that helps tracking development costs through managing resource work time. With this one year of experience so far I can say that this is still an early stage of what is to come in the future of cloud computing, but I have high expectations (regardless the company).
Nevertheless, I still has my doubts on using such service for business purposes, as its reliability depends entirely on third-parties. Google has always tried, amazingly, to provide high-quality services with no cost to its customers, such as Gmail and even Google Apps, which are both very stable and mature. Even though the paid versions are guaranteed with a 99.9% SLA of uptime, I am most sure the actual number is much higher even for the free versions. Good for us, kudos for them.

Back to the real world...

The reality for Google App Engine, however, is not just there yet. I asked before directly to Google personnel about their expected SLA and current one, with no luck, so I decided to do a small investigation on their outages (openly reported here) and roughly estimate its value. You know, being a representative of such service and trying to push my own company to use it, I need data (I meant numbers) to prove it. So, here are my findings, considering one year up to now:

Event	Outage* (min)
March 02, 2009 06:45 PM - 08:45 PM	120
April 15, 2009 06:28 PM - 06:45 PM	17
April 20, 2009 09:30 AM - 03:45 PM	375
July 27, 2009 04:40 AM - 09:58 PM	318
August 20, 2009 01:30 AM - 02:00 AM	30
November 17, 2009 07:20 AM - 07:45 AM	25
December 09, 2009 07:45 AM - 08:00 AM	15
February 02, 2010 12:28 AM - 04:26 PM	238
February 24, 2010 07:53 AM - 10:30 AM	157
Total:	21.58hs

About 9 incidents in one year and a uptime SLA of 99.75%.

Note: Not all incidents represented completed service outage, instead they are mere rough values to measure the overall system stability, and may differ from an official source, that can analyze with care partial disruptions and present more valuable data for us customers.

Last thoughts

Of course we can not take this too hard on Google App Engine, considering it is a service free of charge, with lots of features, tools, documentation, etc. that can guide you or anyone (even without proper knowledge of python, django, MVC, XMPP, etc) to build simple applications in the cloud without any expenses rather than your own brain. This is already an achievement, and I am sure the service (which is growing rapidly) will only get better from this moment on.

The more reliable it gets, the higher are the chances companies and even people may find it as a trusted in-cloud solution to place their businesses or ideas, guaranteed that they can sleep at night without customer complaints or disappointments.

After all, the cloud and Google App Engine is what this is all about: ultra-redundant failure-proof solutions (at least at our end, as we don't have to worry about infrastructure, hardware, software, etc).

Video Screen Capture

Today, while reporting a simple (but still stupid) bug in Gmail here, I had to create a video to reproduce the error as I experience in my machine, so I took a look at the screen capture applications available for linux.

Among the options, although command-line based, RecordMyDesktop was the one I used. To have it with a proper GUI would help, but you can manage to do whatever you need just by reading the help available.

recordmydesktop --no-sound -y 75 -width 800 -height 600

Note: I added some extra options (didn't want to capture the entire desktop).

ffmpeg -i out.ogv out.flv

And you may see the result in Youtube here:
http://www.youtube.com/watch?v=QBBwEaA-MJ0

Nice and easy!

How are you contributing to the community?

Me? Producing the next geek programmers of tomorrow (lol)...

 

(that's my kid, 1 y.o.)

Handy actions on your right click menu: RAR extract

I already wrote about the nautilus-actions embedding application into the nautilus at Customizing the Right Click Menu, with the features of providing right click actions to whatever you want to do (in my example, how to convert multiverse files).

I've come across situations where I see myself doing the same actions over and over again, repetitively. If you are working on the terminal, it is fine just to type manually everything (it keeps you sharp, ya know!), but if you are on the desktop, trying to relax and watch a movie or listen to music, it is unlikely that you will open the terminal to execute certain commands...

One good example is the "extract" from archive feature. The truth is that the visual box (as below) is not accurate on the progress indicator, neither you have any other details of what's going on (is it stuck or what?).

So, I usually prefer the command-line because it simply gives me a better visual of what is going on:

Since I kind of do that all the time (yeah, I am a TV-Movie freak), I wrote a simple script to save my day. You can find the source code here.

Basically, I added the script call to nautilus-action-configuration window, and the output is something like:

The script is currently handling only RAR (maybe I will add more in future), but it process a single RAR, or a compressed content in volumes, or an entire directory in batch... later, deleting everything (send to trash only, just in case something goes weird).

Feedback and comments on it are very welcome: linscripts > nautilus-actions > ext-rar-clean.sh.

Disabling lock on Suspend

(for laptop users)

Just read about it at: Disabling Password When Waking a Laptop

For many it may be considered a security risk, blah, blah, but I still vote for commodity.

This one goes to my linscripts:

# execute these commands from terminal
gconftool -s -t bool /apps/gnome-power-manager/lock/hibernate false
gconftool -s -t bool /apps/gnome-power-manager/lock/suspend false
# Done! :-)

StdError Description in scripts

I never actually went that deep into the C code to understand the stderror codes that are returned in common bash scripts.

Recently, on a discussion thread from CoreUtils group, a simple implementation of error code translation caught my attention. Instead of relying on the errno.h file (which contains the list of errors with their respective brief description), you can incorporate secondary scripts (Perl, or Python) to do this job for you.

Thanks to Pádraig Brady for this:

$ test || python -c "import os; print $?, os.strerror($?);"

(you could just wrap this in a function).