Technology

Just like quack magnetic therapy for improving human health, Alan Archer’s product claims to improve fuel efficiency for your car. According to a ridiculously skepticism-free article on ABC15’s website: The gas blaster clamps to your car’s fuel line. Two powerful magnets change the molecular structure of gasoline causing it to burn cleaner and more efficient.Archer, whose company’s name isn’t mentioned in the article (but it’s Adaptive Energy Solutions, LLC according to their website, a company incorporated in September 2003), guarantees that the product will improve gas mileage by at least 10% or your money will be returned. He’s probably banking on the fact that most people won’t have carefully measured their gas mileage before using it, and the fact that a 10% gain for a car that gets 25 mpg is only 2.5 mpg, well within the range of normal mileage variability given normal variations in driving conditions. There’s a quote in the news article from an individual who says “(Ten percent) is a lot when I only get ten miles to the gallon.” No, it’s only 1 mpg difference, and I bet his 10 mpg is already variable by more than 1 mpg. Archer’s claims for this product, an “adaptive gas blaster,” are identical to claims that have been made for similar fuel line magnet products for decades. All of them that have actually been tested have been found to have no measurable effect on gas mileage, and no doubt the same is true of Archer’s hokum. What I find remarkable is that the media continue to uncritically give a forum to hucksters to promote their nonsense. In this case, ABC15 even helpfully provides a link at the bottom of the page where you can click to order a $48 (plus shipping and handling) “adaptive gas blaster." The money-back guarantee lasts for 60 days, doesn’t include the shipping and handling fee, is available for only a limited time, and requires that you have the device installed by an “ASE” (I think they mean AES) mechanic or the guarantee is only for 30 days–I suspect there’s a nonrefundable installation fee if they do it for you. Save your money–you can save gas more easily without buying a bogus product by driving less often and more efficiently. (Hat tip to Gridman for bringing this to my attention.) ...

(Via jwz’s blog.)

The Filter, officially debuting tomorrow but already available today, is a website that asks for some basic information about your tastes in film and music, and then makes recommendations about other things you’d like–music, movies, web videos, and TV. It’s not clear from the CNN coverage how it compares to Amazon.com’s recommendation engine or to sites like Pandora, but it looks interesting.

26 Americans, mostly CIA operatives, are currently on trial in absentia in Italy for the kidnapping and “extraordinary rendition” of a radical Muslim cleric, Abu Omar, who was taken to Egypt to be tortured. On Thursday, Italy’s top counterterrorism official, Bruno Megale, explained in court how they identified the CIA operatives responsible for Omar’s kidnapping: Megale obtained records of all cellphone traffic from the transmission tower nearest the spot where Abu Omar was abducted, for a 2 1/2 -hour period around the time he disappeared. There were 2,000 calls. Then, using a computer program, Megale was able to narrow down the pool by tracing the phones that had called each other, in other words, an indication of a group of people working together. Seventeen phone numbers, which showed intensifying use around the time of the abduction, were pinpointed. By following all other calls made from those phones, the investigators ultimately identified 60 numbers, including that of a CIA officer working undercover at the U.S. Embassy in Rome. ...

An article by Col. Charles W. Williamson III titled “Carpet bombing in cyberspace: Why America needs a military botnet” has been published by the Armed Forces Journal. Col. Williamson, seeing that miscreants are using compromised machines all over the Internet to create botnets used for malicious purposes, has decided that the military needs to create its own, legitimate botnet. He proposes that this would be used in order to respond to online attacks from foreign countries by attacking the attackers, including both government and civilian attacking machines as necessary. He specifically proposes not using compromised machines (which would be illegal), but using machines on the af.mil (U.S. Air Force) network, including all hosts on the NIPRNet (Nonsecret IP Network). The proposal doesn’t really make any sense to me. First of all, attacks from hostile compromised machines on the Internet occur on a daily basis and are already handled by network service providers. These attacks are never likely to be initiated specifically from an individual attacking country’s systems, but rather from compromised systems all over the world–sometimes including compromised systems belonging to the U.S. military. Second, the best way to respond to attacking systems is not by launching hostile traffic back at them, but by filtering them or nullrouting them. Again, network service providers already do this today, and cooperate with each other in addressing major attacks. Thirdly, if the U.S. military sets up a botnet and uses it to launch denial of service attacks, it will be in violation of its own contracts with its network service providers–I don’t know of any network service provider that offers a military exception to its terms of service regarding denial of service attacks. Fourth, if all of the U.S. military bots are on its own network, their aggregate bandwidth still can’t exceed the bandwidth of its connections to other networks. Fifth, if there are attacks coming from another country that the U.S. is at war with, the recent subsea cable outages in the Middle East suggest that there are other effective mechanisms for disabling their ability to engage in Internet attacks. Finally, it’s not clear to me what benefit would be obtained from the military setting up its own botnet on its own network using its own IPs. Botnets offer two main benefits–(1) offering a distributed platform for computing and traffic generation and (2) creating a buffer of separation between the agent performing an action and the action itself. The second benefit occurs because the miscreant doesn’t own the machines that make up the botnet, lots of other people do. A botnet composed entirely of hosts on the military’s network is relatively easy to identify, filter, and block–the second benefit doesn’t exist. The first benefit is also mostly lost if you use your own network and hosts. The point of a distributed denial of service attack is to use up the other guy’s bandwidth, but not your own. That’s very easy to do if you’re not using your own resources, which is why distributed denial of service attacks use compromised systems and, sometimes, methods to amplify attacks using other people’s servers that send out responses that are larger than the requests that prompt them. But if you’re using your own resources on your own networks, you’re limited to the bandwidth you have at your network interconnection points, and multiplying hosts inside that perimeter gains you nothing except a guarantee that you can saturate your own internetwork connectivity and cut yourself off from the outside unless your target has less bandwidth than you do. It’s ironic that Williamson complains about a “fortress mentality,” while making a proposal to create a gigantic bot army inside the military’s own perimeter. A million-man army doesn’t help you if they’re inside a fortress with exits that restrict its ability to be deployed, except when you can win the battle with the number of men who can leave the exits at any one time. I’ve also posted a comment on the Armed Forces Journal article at the AFJ’s forum where I make a few additional points. I also agree with many of the other critical remarks that have been made in the thread there. “Crass Spektakel”’s point that “Whoever controls BGP and the backbone routers controls the internet” and that most of the control of BGP routing and the routing registries resides in the U.S. is a good one. A similar point could be made about DNS. Other posts on this subject: Kevin Poulsen at the Wired blog Jon Stokes at Ars Technica UPDATE (May 14, 2008): I may take some heat for even suggesting this, but an idea which actually takes advantage of both of the characteristic benefits of botnets I listed above and would be far, far more effective than Williamson’s proposal would be if the military produced bot software along the lines of SETI@Home and Folding@Home, which anyone could volunteer to download and run on their home or corporate machines (or better still, made available to run on XBoxes and Play Station 3s), for use by the military when needed. Some of the abuse worries could be defeated if the activation and deactivation of the software was fully under the control of the end user, and the military obtained appropriate permission from upstream ISPs for activities which would otherwise constitute AUP violations by end users. I hasten to add that this is still a terrible idea–putting such software out in public makes it a certainty that it would be reverse-engineered, and the probability of it being compromised by third parties for their own abuses would correspondingly increase. UPDATE: Looks like Paul Raven beat me to the “Milnet@Home” idea, as he dubs it. A commenter at Bruce Schneier’s blog also came up with the same idea. F-Secure’s blog also offers some good criticisms of Williamson’s proposal. ...

I was saddened to learn this morning of the death of Bill McCauley, who was my boss when he was Vice President of Operations for GlobalCenter for a year or so around 1999-2000. I last saw him in 2001 at NANOG 21, when he was working for a company called iAsiaWorks, and we chatted briefly. I never knew him well, but when I worked for him he would occasionally chat with me about network security. Bill had left the technology field to run a food distributorship, Red Rock Foods, and recently opened a coffee shop in Queen Creek called Daily Buzz. Unfortunately, he was having financial troubles, and chose a gruesome and horrible way to end his own life, by backing his car into a storage area at his food distribution business, pouring gasoline behind his car, and setting it on fire. The fire burned him and his dachshund, Millikin, killing his dog and leading to his death in a hospital several hours after firefighters pulled him from his car, mortally injured but still alive. His death has been reported at the Arizona-Coffee blog where he frequently posted. He apparently left no suicide note. It’s very sad that he chose to end his life this way, as well as that of his dog. ...

<img style=“display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;” src="/images/08AprNTR.jpg" border=“0” alt=““id=“BLOGGER_PHOTO_ID_5196577505470399650” />Based on this chart, Ray Kurzweil would undoubtedly predict that in late 2009 or early 2010, Maricopa County will reach its foreclosure singularity - the moment at which all homes will simultaneously be served notices of foreclosure and beyond which it is impossible to predict what will happen. April’s 6184 notices were yet another unprecedented high. Historical Comments Michael Norton (2008-05-05): Perhaps Doug Adams would call it the "trustee sale event horizon"? ...

Marco Cova looks in some detail at the contents of some phishing scam kits targeting particular banks that were released to the public recently. These sorts of kits, containing web code, are ordinarily sold to scammers, but these were given away free. It wasn’t out of generosity, but part of a larger scam–the code was written using a variety of obfuscation techniques so that the unwary script kiddie who modifies it to send the captured information to their own email address will not receive it. Instead, that information is sent to various email addresses presumably controlled by the distributor of the scammer-scamming phishing kits.

Andy Brice decided to test various download sites to see which ones would give awards (and expect a banner to be posted by the developer’s website with a link back) to a piece of “software” that consisted only of a text file named “awardmestars” containing the words “this program does nothing at all” repeated several times. He submitted it to 1033 sites, of which 218 sites listed it and 421 rejected it. Of those that accepted it, 11% gave it an award (he’s currently at 23 awards): The truth is that many download sites are just electronic dung heaps, using fake awards, dubious SEO and content misappropriated from PAD files in a pathetic attempt to make a few dollars from Google Adwords. Hopefully these bottom-feeders will be put out of business by the continually improving search engines, leaving only the better sites.He notes the following sites which wrote him to say to stop wasting their time, indicating that they actually check submissions: ...

The Swedish Church of Scientology’s online personality test page has a very interesting test for valid zipcodes, phone numbers, and ages, as TheDailyWTF reports. The same checks could each have been done in a single line with an appropriate regular expression.