» Spam, Technology



CASL – The Canadian Anti-Spam Legislation – Is it working?
Posted by GeorgeB on July 24th, 2014

UPDATE – Posted 30 July 2014 @ 16:08 -

Six days later and not a word. That’s been my usual experience with the sources of junk mail, assuming you can even make contact with a human. Often, the registration information is bogus.

We’ll have to wait to see about the enforcement of the legislation which Niesoft may have violated on behalf of their US-based client.

ORIGINAL ITEM – Posted 24 July 2014 @ 14:55 -

As most Canadian companies and non-profits know, the new Canadian Anti-Spam Legislation (CASL) came into effect on 1 July 2014, and in many cases, they were required to seek clear, unequivocal, and documented permission to keep sending unsolicited email. This is particularly true of organizations using mail lists. Details can be found on the Canadian government’s Fight Spam web site.

While there are exemptions, the law is taking special aim at unsolicited promotional email.

Enter Gil Cargill – an American based in California who promotes himself as a sales coach – using the services of which is registered to Neisoft Corporation of St. Catherines, Ontario.

Cargill started spamming us on July 17th. He followed up with more junk mail on the 18th, again on the 22nd, and once more this morning (24 July 2014).

The outbound mail seems to be cycling through various servers at and with no effort on the part of Cargill or Neisoft to request and receive the explicit permission that is a requirement of this type of email under the new CASL rules.

I called Neisoft to ask why they’re ignoring the new CASL regulations and to find out where they found my email address. I spoke briefly with Nick Taylor who said he’s willing to talk but was headed into a meeting. He says he’ll call back.

Stay tuned…




» Post a Comment


ExpressionEngine – Display Flickr stream with FeedParser
Posted by Stephen B. on July 3rd, 2014

Recently, a Flickr-powered photo gallery stopped working on a site that we developed. Investigating the problem a bit further, it appears that the add-on we were using (Brett Dewoody’s “Flickr” plugin for ExpressionEngine) had stopped working – apparently due to recent changes to the Flickr API. As the developer of the plugin has announced that he is no longer updating it, so we needed to find another way to do the same thing.

Fortunately, it turns out that the (excellent) FeedParser plugin can do the same thing – read on for the details. We’ll also cover how to display more than 20 images from Flickr via RSS, working around a limitation of their default RSS feeds.


» Post a Comment – Google’s link-shortening feature – used to spread malware
Posted by GeorgeB on June 26th, 2014

Spam watchers are noting a new trend: using Google’s link shortening tool to hide the real location of links to malicious software.

The links are in a variety of spam attacks, including supposed access to Dropbox files, tax refunds, voice mails and faxes. This replaces the usual bait-and-switch links that, as anyone familiar with even basic html will know, claim to point to one web site address while the underlying, hidden link actually goes somewhere else. It’s a bait-and-switch trick that’s simple to expose: hover your cursor over the visible link and, if the actual link that pops up is different, then you’re being phished.

In this case, however, the visible link and the underlying link are the same:

Hover over the link, and you get the same web address. But when you actually click on the link, you go first to the Google link shortening tool which then redirects you to the link containing the malicious software that will now infect your computer. Thanks, Google.

So there are two solutions: Google needs to put a stop to this, or Internet users need to stop clicking on any links using Google’s link shortener.

Since we have no control over Google – and don’t know how or when they’ll deal with this problem – our solution is to block any email that contains and warn the crew here never to click on that type of link in any emails that slip through our filters.


» Post a Comment


Firefox – Stop Pages from Hijacking the “Tab” Key
Posted by Stephen B. on February 16th, 2014

This one has been a personal pet-peeve of mine for a while now: text fields that hijack the “Tab” key, breaking the Ctrl-Tab & Ctrl-Shift-Tab keyboard shortcuts (to switch between browser tabs) in Mozilla Firefox. Many text editing components do this, particularly ones meant for editing code of some kind, so that pressing the tab key indents instead of switching to the next form field – inadvertently breaking a common, useful keyboard shortcut.

A Google search turns up numerous bug reports, feature requests, and support forum posts complaining about the issue – going as far back as Firefox 3.6 (2010), so it doesn’t seem to be a big priority for Firefox’s developers (evidently they’re too busy creating a poor imitation of Chrome’s user interface). But, as is often the case with Firefox issues, it is possible to fix with some 3rd-party add-ons – read on for the details.


» Post a Comment


Rogers “Extreme Text Messaging”: Useful Features, Silly Name, and Glaring Security/Privacy Risks
Posted by Stephen B. on December 28th, 2013

There’s a set of options that Rogers Wireless bundles under the heading “Extreme Text Messaging” – while it’s not heavily publicized (apparently it’s been around since 2010), it does include some very useful options. It also illustrates one of the more annoyingly-lazy product/service-naming trends (at least they didn’t call it “Xtreme”), and opens Rogers customers up to some fairly serious security/privacy risks – but more on that aspect later. (more…)

» Post a Comment


iPad2 – Two Years On
Posted by on May 9th, 2013

Product reviews are generally all about being the first out of the gate or second-wave expansions of detail and insight. But it’s also worth looking at products after they have some dents and bruises from heavy long-term use, and my iPad2 has some dents and bruises.

It’s a 3G 16GB model.

Here’s what it’s good for:

  • Time tracking and reporting
  • Astronomical charts
  • Email in a larger format than a phone
  • Signing and annotating documents
  • Creating documents to sign and annotate
  • Google maps
  • Nautical charts
  • Skype on the fly (not any more – mic stopped working a year ago)
  • Portable video viewer – bigger than a phone

What it’s not so good for:

  • Writing / editing lengthy documents
  • Typing – even with a decent Bluetooth keyboard
  • Video editing
  • Skype on the fly – now that the mic stopped working
  • Email storage – it’s really limited if you’re a heavy user
  • Email management – GRRRRR! – too small, poor search
  • Being spied on by Apple and some app developers
  • Safari in general
  • Calendar and duplicate entries
  • Cameras

Would I buy it again if there was time travel? Probably. It’s still running, is used daily, and is a fairly good consumption tablet. Production not so much, though that’s partly the a weakness of the tablet platform.

Size does matter, after all. That’s why newspapers and magazines used to put their pages up on a wall or on long shelves for layout and design. (And someone’s now doing it with monitors and I’m betting the design folks are going to go back to the big desk approach as soon as they can pry the money out of management.)

When you’re dealing with large amounts of data, trying to work on a cellphone-sized screen is like working through a keyhole. An iPad just feels like a somewhat larger keyhole.

The apps that have lasted:

  • HoursTracker – track multiple projects for multiple clients simultaneously and spit out spreadsheet-formatted reports via email – awesome
  • Notability – mark up PDFs and images with your finger tip, sign contracts and email them from the app – seriously useful tool
  • Planets – want to see where Jupiter is or the name of that constellation? in real time? gets a WOW every time
  • Flashlight – including a keyable green (for video)
  • AR.FreeFlight – for flying a small, dual camera drop helicopter
  • Clock Pro – superb full featured timer app (stopwatch, countdown, various time zones, etc.)
  • Find iPhone – required
  • Keynote – for creating (if no other choice) and displaying slide decks
  • iTunes U – one of the world’s best travel companions – load up some audio / video learning for travel
  • CBC Radio – limited time travel that lets me catch shows played west of here that conflict with things I’m doing when they run locally

I’ve also made heavy use of a Blackberry Playbook, and have occasional use of an Android tablet, so have had an opportunity to compare. Playbook has THE best camera / mic of the bunch, and the crispest screen. But time tracking – a critical feature for me – just wasn’t there so it moved on.

I didn’t feel any need to upgrade to the iPad that should be called the 3.

And if the iPad has given me anything significant to take away from the experience is the immersive power of touch. After a month-long experiment of using the iPad2 pretty much exclusively, I was both ready to toss it into the lake and kept trying to use touch on non-touch enabled computers.

My next desktop / laptop monitors will definitely be touch enabled. While I don’t like onscreen keyboards one bit – few touch typists do – touch-enabled screens let you do a lot of very neat things with your hands directly on the user interface.

And dictation software is improving. It’s not an option in noisy environments and if you type quickly, it’s often faster to type than to talk and then correct.

But at the end of it all, a tablet is pretty much a tablet with both product-specific and general strengths and weakness. I’d give the iPad2 7.5 out of 10.









» Post a Comment


A Beginner’s Guide to WordPress Security
Posted by Stephen B. on April 8th, 2013

WordPress is one of the most popular blogging/CMS (Content Management System) applications in existence; according to some statistics, WordPress accounts for more than 50 per cent of all CMS-powered websites totaling more than 60 million websites worldwide. This popularity has a flip-side though: there are probably more compromised (hacked) sites running WordPress than any other CMS. But this does not mean that WordPress is inherently insecure – or that it cannot be made secure.

In this post, we’ll take a look at some of the common issues that can lead to compromised WordPress sites – and some of the basic strategies that web developers can use to help ensure the security of WordPress-based sites.




Exporting User List From
Posted by Stephen B. on March 5th, 2013

One of the main problems with the web-based application “” is the absence of many basic features – this includes the lack of any built-in functionality for exporting a list of EMail addresses for the site’s users. The only instructions I could find appear to assume that you’re already familiar with Python development in general, and Zope/Plone in particular (in which case you probably wouldn’t need the instructions in the first place). Faced with a need to export a list of user EMail addresses from a install, and not being familiar with its underlying technologies, I had to find a different method – preferably one that didn’t involve hours of manual copy-pasting.

Read on for the instructions.


» Post a Comment


Updating Expression Engine – The Fast Way
Posted by Stephen B. on February 15th, 2013

Ellis Labs’ ExpressionEngine is one of the best CMS packages available; if you’ve done development work with it, then you’re probably already familiar with its advantages over other CMS software, including free/open source options like Drupal or WordPress. And you also probably know that the process of installing updates is definitely NOT one of ExpressionEngine’s advantages. The upgrade process involves numerous manual steps, you can’t simply overwrite the old files & folders with the new ones (problems will often occur if you don’t remove old files first), and the process involves taking your site offline for at least 10-15 minutes – if you follow the upgrade instructions provided by Ellis Labs, that is.

Fortunately, there are a few simple tricks that can speed up the upgrade process considerably, while also making it more straightforward and removing the need to take your site offline for more than a few seconds. Read on for the details.




Revealing Glimpse Under the Hood of a Broken Comment Spam Bot
Posted by Stephen B. on January 18th, 2013

Earlier today, the Smartypants blog received yet another “faux-praise” spam comment – one of those comments that attempt to look legit, but are still obvious spam because of how generic and semi-literate they are (“Thanks you for all the wonderful infos!!!”). Run of the mill stuff for anyone who runs a blog, or any other type of site that allows commenting, right? This one was a bit more interesting, though.

One of the oldest methods of identifying spam is to look for multiple, identical messages (old-timers are probably thinking “Briedbart Index” right about now) – so spammers will often add random variations to each message in order circumvent filters. And that’s what makes this particular comment spam interesting – for some reason (probably misconfiguration), the comment contains some sort of template markup, which show all of the possible variations of the message. Most of them are minor, such as slight changes in wording:

I {couldn’t|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!

In simple terms, this spammer has accidentally posted his entire script/template for generating seemingly-unique comments. Read on for the full script.


» One Comment



this isn't the link you're looking for (REALLY, we mean it)