Sunday, July 5, 2015

Miniinthebox.com Spammers

A couple years I did a couple small orders with miniinthebox.com and I've regretted it ever since. The orders actually shipped and were fine, but I've been constantly email spammed by them since that time, and their emails have been getting progressively more obnoxious. Unsubscribing from their email has no effect.

Not only does unsubscribing from their email offers have no effect, this is one of the few companies I've found that does not appear to have a single contact point that I can find. They get horrible reviews, and I'm not the only one accusing them of being spammers.

Notice below that the email from miniinthebox doesn't even have a return address to their domain.

It has the word 'trust' in the subject line, better open it soon!


On the site gethuman.com, it lists Mini In The Box's reasoning for not having any email address to contact the company:

- Few miniinthebox.com customers have wanted it
- They simply don't use email for support
- They don't feel email is secure

...and yet they have no problem filling my inbox with email I don't want and have no way of turning off or contacting them to turn off. Smells a little funny to me. I've seen these Chinese super-stores have some pretty nonsensical behavior, but I haven't seen one stoop this low or lay it on so thick.

This is not a good company by any stretch of the imagination and I highly recommend avoiding them like you would an infectious disease.

Notice below that when you unsubscribe, it's not even the same domain, and you can see the second hint of trouble by the wording it gives you. Like "You've unsubscribed but don't worry, you'll still enjoy our spam."

Wait, what?
From this point on I'm going to definitely pay attention and document all the spam they send me, and will try to come back to this article.

Below is the domain registration information for miniinthebox.com. Notice that they have enabled privacy protection to obscure the public information about their web site. Who a web site belongs to has always been public record, until the registrars decided they could milk the shit out of their customers and sell them privacy. Mini in the box is a Chinese company that's definitely not located in Florida with any phone numbers that ring anywhere in America.


A shady company that's done everything they can to make themselves hard to contact, say it aint so!

Wednesday, June 24, 2015

Your ISP Could Be Using Javascript Injection Attacks Against You

You are sitting at your computer surfing the web like the time waster you are. You click on a web site link and the web site comes up. But another tab opens asking you to take a short survey. Even novice computer users are skeptical these days with all the hacks, attacks and phishing attacks.

But you are not on a shady site. You just got a popup from a legitimate site asking you to take a survey from your local Internet provider. Maybe you close the popup and ignore it. But an hour later, the same popup appears on a different web site.

Are all those companies in cahoots, or is your computer infected? What's going on?

What's happening is that your Internet provider is using hacking techniques on you in order to put that survey tab in front of your eyeballs. When you go to load a web page, your provider gives you the web page you asked for, but injects its own code into that web page, masquerading as part of the page.

Now, your browser doesn't think there's any security issue because that injected code is pretending to be part of the page you asked for. The browser has no way of knowing what should be the legitimate content of that legitimate site you are trying to browse.

You trust your Internet provider to give you the content of web sites you visit. That's the whole point of their service. But your trust is misplaced for several reasons, and one of these reasons is these man-in-the-middle style attacks where they trick the browser into accepting code that's not part of the site you are browsing.

Does it sound like hacking to you? It sounds like hacking to me. I'm not lawyer but I was under the impression that these type of attacks are exactly what the Computer Fraud and Abuse Act was created for, if only for high-value computers. Again, I'm no lawyer, but since the ISP is injecting these surveys into everyone's traffic, doesn't that mean any bank or government employee who sees this survey is a victim of a man-in-the-middle hacking attack under the CFAA?

Other than the recent backbone shown by the FCC comminsioner with net neutrality, when it comes to technology, the law for the most part does not apply to large corporations. It's usually the Aaron Swartz's of the world that technology law applies to.

They threatened Aaron Swartz with 30 years for making copies of public domain documents before he took his own life. What jail time do you think anyone at Comcast will do for using black hat hacking techniques against you in order to show you surveys?

And everything in this post so far ignores the security implications of not being able to verify the authenticity of this on-the-fly injected javascript code. How do I know the difference between this opportunity to tell my provider how much they suck and a black hat attack, trying to steal my identity?



Wednesday, June 10, 2015

Clickbait Must Be Stopped

Early TV was free. If you owned a television set from the 1950's all the way up through the early 1980's, free programming was the norm. Most people understood it was free because sponsors paid large sums to these stations to sell us more beer, soda and cars.

Newspapers traditionally have cost money. They take plenty of money from advertisers, but they have other costs involved with printing and transporting their media around, unlike a TV station that just beams a signal out. Most people understood that it was a decent value to pay a small amount to buy a newspaper.

Enter the Internet, where not just media but all forms of information move at the speed of light. And with it came societal expectations for news more in line with broadcast TV. Now the "signal" is a web site, but conceptually it's similar.



With the Internet, lots of media companies and just companies in general had to change the way they do business. I'm not going to pay a dollar to find out what happened overseas yesterday. I understand that just like for broadcast TV, these media companies are still taking in vast sums of money from advertisers, and seeing ads on a web site doesn't bother me in the least.

...Except that somewhere along the line, the tone of these media companies changed dramatically. Some of them didn't meet their ridiculous estimates to grow to a size big enough to blot out the sun. Some media companies even *gasp* lost  money because they refused to adapt.

Did they blame their own complacency or hubris for refusing to capitalize on what's obviously a lucrative medium like the Internet? Nope. They saw the Internet as bad, and they saw you the customer as a freeloading potential thief.

Since you have the poor taste to try to find out what's happening in the world without having to pay one of a handful of gatekeepers, you are obviously a freeloader trying to steal legitimate content off the hard working backs of the mega-media-corporations.

It should then be no surprise that most of the big media web sites are partners hand-in-hand with click bait, shock photo ad banner farms with no ethics or scruples whatsoever. The "good" ones will put "sponsored" in tiny letters.

Some corporations have grown so big that they just dropped all pretense of caring about their customers or their own conduct as corporate citizens.

I remember reading iconic magazines like Popular Mechanics and newspapers like the LA Times growing up, and none of these proud institutions went out of their way to steer your towards their advertisers by pretending that their ads were content and news articles.

This behavior of throwing you, the reader, under the bus to make a few extra bucks from their uber-aggressive advertisers is shamefully commonplace among even the biggest news sites. I won't even go into depth that most of the new sites these days are clickbait sites.

In my opinion, if the business model of your company involves tricking people into clicking on ads you know they probably don't want to see because they think it's your content, then you are only diluting and devaluing your own content over time. I think many of these huge media corporations are click-baiting themselves out of a job.

My blogs have ads and affiliate links. They pretty much have to, though it barely covers my own expenses of running my sites. I put the ads where Google tells me it thinks I should put them and it looks reasonable to me. For every business decision about my blog, I ask myself "would my mom approve?"

Everyone tells me "You are so good at this stuff-- you should be making millions on the Interwebs." And I say "Yep, I probably could. All I have to do is stop being passionate about writing real content and start cranking out the cat photos and clickbait captions like "12 reasons why these cute kittens will be dead tomorrow" and "Emily Blunt wore what dress?" which take them to even shadier sites, in an increasingly-shameful progression of faux content usually ending in the purchase of a Chinese made waffle iron or similar high margin item. No, I won't do that. But that's OK, because there's only about a million hands up saying "I will!" So: I get to be poor for my ideals--go me.

What will stop clickbait? Well, there are some good news apps for phones and tablets which seem good at filtering it out and showing just bona fide news, eventually you will get linked to something that will spam you with clickbait.

Thursday, May 28, 2015

FM Radio On Your PC For 17 Bucks

Ever since discovering my new favorite toy a month or so ago, the SDR radio USB dongle for my computer, I've been finding all these fun things I can do with it.

Currently I'm living in a cabin in the woods which barely has reliable power and Internet. The big power items are my fridge and desktop computer, all being powered by a long strand of romex to the neighbor's house, and I'd rather not push it with more devices like an FM stereo receiver. I already have a sound system on my PC.

So, finding out that this SDR dongle receives stereo FM was immediately appealing to me. It took a week of playing with it, but I finally have about a half dozen radio stations getting a good signal here in a valley which is known for not getting a reliable signal for anything!

1. Get An SDR Dongle


There's a million of these dongles out there based on the Realtek RTL2832U chipset. They vary in price from about $24 all the way down to $10. I paid about $12 for mine, and I've noticed the price fluctuates a little bit in either direction with every seller almost, so look around before you buy it.

2. Get An MCX Male To Coax Male Connector


This little dongle comes with a tiny antenna which is barely good enough to show you what an awesome device you have. It might even be good enough for an urban area depending on where you are. But I'm in the middle of nowhere, so I need a real antenna. The problem is that most FM antennas are coax, and this dongle comes with an MCX connector.

In order to attach a third party antenna, you'll want to make sure you have the adapter.


Above you can see the special adapter allowing me to plug in the FM antenna

3. Get An FM Antenna


The market is flooded with thousands of different kinds of FM antennas. There's enough antennas to devote an entire blog too, not just an article. But once you have the adapter above, you can connect it to anything coax and even make an old school dipole antenna if you want.

What I ended up doing was using a fancy amplified indoor antenna like this one that my sister gave me. I bought another strand of coax cable to make it longer and ended up mounting it outside. We'll see whether it stands up to the elements. It works awesome and I haven't even connected the little signal booster it comes with.


The flat indoor antenna sitting right below the cellular signal booster antenna

4. Install The Software


Once you have the dongle plugged into a USB port  and connected to a real antenna, all that's left is to install some software. I have personally connected my SDR dongle into Android tablets and even my Raspberry Pi 2, but so far I like running it best on Windows with SDRSharp because it's so easy to use.

Below is a screen shot of what I've heard referred to as "the most complicated way possible to listen to FM radio" but I think it's cool. You also have so many more settings to fiddle with. The taller the wave form, the better the signal.

Notice that it even shows the song and station info if the station supports it

5. Fine Tune Your Antenna


Once it's all setup and you're receiving FM radio, you can move the antenna around and experiment by seeing which stations get a better signal with the antenna in different positions. I picked a spot outside right next to the cellular GSM signal booster where it gets the best reception for my favorite station and also gets good reception for the local police / fire / medical services.

Final Thoughts


Combined with a good sound system, this setup gives me great sound from my favorite station, 97.1 Charlie FM in Portland, OR. It came in at a total cost of about $17: $12 for the dongle and $5 for the adapter. If you can't find an antenna lying around or don't want to build one for free / cheap, then add the cost of an antenna and you're still nowhere near what a good FM receiver costs, and I consider this setup a good FM receiver.

Another thing to keep in mind is that most of the software programs to play FM radio could use a good chunk of your CPU's processing power if you are using an old PC or tablet. My PC is older but it has a 6 core AMD Phenom II inside of it, so there's no problem. My new quad core Raspberry Pi also plays FM radio with no problem, though I have read that older versions could have trouble with certain software.


Friday, May 1, 2015

Adventures in SDR: Software Defined Radio For Cheap

Background (Not For TV!)


My quest originally involved looking for a cheap TV tuner while I stay out in a cabin in the woods, rehabbing my sister's property in a very rural area. I can get satellite but I don't watch much TV. I could stream Netflix or something but I'm lucky to have this semi-reliable, low-bandwidth Wi-Fi connection across a small valley to the neighbor's house.

So I bought this $13 dongle from Amazon which says "TV" in its name. I didn't catch that other identical versions of this product from other sellers had obvious reviews complaining that this USB dongle did not decode ATSC, meaning you can not use it to watch TV in the USA. The only reviews I noticed just mentioned how awesome this device is.

For anyone who doesn't understand, the irony of these USB devices based on the RTL2832U chipset is that they can basically receive anything but TV.

I was about to return this dongle when I did a little research, stumbling on one of the coolest hobbyist toys I've ever owned, and the second most fun I've ever had for 13 bucks.

Software Defined Radio: SDR


It's exactly what it sounds like: a programmable tuner. Mine has the Rafael Micro R820T tuner in it, meaning it can receive radio frequencies from 24 MHz to 1766 MHz, which is a very wide range for something under 20 dollars.

Lucky for us, an electronics enthusiast discovered a fluke (?) in the chipset of these dongles a few years ago, and now there's a whole community and a boat load of software making use of this dongle. There are applications for Linux, Android and Windows which can do everything from receive FM radio transmissions to police scanners and even some exotic things like pick up airplane transponder data and satellite signals.


Magnetic base stuck to a wood screw!


What Can It Pick Up? 


This dongle can basically pick up any signal in its frequency range, which is wide. Not only is the frequency range large, but so are the implications for its use because most of us take for granted all the little wireless gadgets we have.


  • CB: Citizen's Band
  • FM Stereo Radio 
  • Standard Police and Fire Frequencies
  • Weather and Emergency Broadcasts
  • CDMA and GSM celluar signals from phones and towers
  • Family Radio and other store-bought walkie talkie frequencies
  • Store bought baby monitors and similar devices
  • Automotive key fobs and garage door openers
  • Weather balloons
  • Radio Astronomy
  • Airplane transponder data

Jeez, What Can't It Pick Up?


  • American ATSC TV, which it doesn't have the bandwidth for.
  • Ham radio is below its range, and so is AM radio
  • Wi-Fi is above its range
  • Most land-line wireless phones are above its range
  • It obviously can't decrypt encrypted radio transmissions

The Sky Is The Limit


Actually since this thing can pick up signals from airplane transponders and satellites, so the sky isn't the limit. For the most part, the capabilities of this device is limited more by the software than the hardware. It can't fully decode ATSC television signals, though there is an app which can partially decode TV and give you an almost clear black-and-white TV picture ... no thanks.

The great thing about these RTL2832U dongles is that they run on so many platforms. I just ordered a Raspberry Pi 2 kit yesterday and I intend to hook it up to my dongle and put my SDR device on the network.

SDR# Software For Windows


If you are using this device for Windows, which most of us are, then your best best is probably SDR# which is pronounced "SDR Sharp" because it is written in the C# language and is open source. Here is a link to their web site. Once you download the ZIP file, all you need to do is:
  1. Unzip the ZIP file into its own folder
  2. Run the installer batch file and let it download the software
  3. Run the zadiag.exe diagnostic program, list the devices, and install the driver for your dongle
  4. Run SDR sharp and choose "RTL-SDR / USB" for your device
  5. Press the Play button
To listen to FM radio, just tune somewhere between 88,000,000 and 108,000,00 making sure to select "WFM" as your modulation setting. What's nice about SDR#'s built in FM radio is that it picks up the song and station information as you can see in the screen shot below. I've seen it called "the most complicated way possible to listen to FM radio"


There are lots of plugins on their web site, and I use one as a scanner, where I can set the frequency range and cut it loose to listen to local fire, police and medical. Below the scanner stopped to listen to the local police dispatch. 




More Resources for Software Defined Radio


The SDR Wiki Page is a good starting point
RTL-SDR.COM is a good resource
OSMOCOM who are the experts
SDR# is a must if you are using Windows
Hack RF is a powerful but expensive alternative platform
Web SDR radios can be connected to and controlled over the web!
Reddit has a whole community devoted to SDR

Friday, March 27, 2015

Petco Spammers

I love Petco. The wife got to keep the Petco account with our recent breakup, so I went ahead and got my own rewards card, which obviously you have to put your email on. I mentioned that I love Petco, right? So I gave them my real email address, and that's where I started liking them less.

The first couple days I got probably a dozen emails from them. Well I just signed up, so maybe they have a lot of good deals to tell me about. And then the next day, just as many emails, and the day after that.

About the third day after getting my new rewards card, I went to their site and opted out of all their emails. They sent me confirmation that I had opted out, and reminded me in the email that it would take a while to "process" my request. So they continued to spam me for about 24 hours after that.

I had almost forgot about them when I started getting spam yesterday. Just a few little spam emails, not the onslaught I originally got. But I have opted out of all email communication from them. You would think in this age of big data, a large database would not "forget" that I told the company I didn't want any more emails from them.

There's no excuse for companies like this to push the envelope with not only my decades of good will as a customer, but the law as well. I'm sure if I could magically talk to one of their executives, they would say something like "oops, we're still working on that" when we all know it's in their best financial interest to make lots of mistakes with their email marketing. Mistakes that I'm guessing are all in their favor.

So, I'm doing about what anyone can do, which is make my complaint on my blog where a mega-company like Petco can't spin the facts, and the fact is that they don't honor their opt-out email operations.

Over the last couple months I've really cut down the spam in my many inboxes, mostly by holding legitimate companies to their opt out, which I'm sad to say almost never happens simply by opting out. I normally have to make a big production out of it.

Monday, February 2, 2015

Raspberry Pi 2: A New Slice

Today Raspberry Pi announced a new version of their massively popular single-board computer system, used by faithful hobbyists worldwide. The really awesome thing is that they didn't change the price. Now you get a quad core ARM-Cortex A7 and a gigabyte of RAM for the same price of 35 bucks!


Better still, they claim full backward compatibility with the original Raspberry Pi, and it supposedly even fits in existing enclosures. Four cores running at 900 MHz opens up a whole new realm of possibilities for the device. It's frankly exciting to see a quad core hobbyist computer for 35 bucks. I believe the old version is going to stay the same price. I wouldn't be surprised if they dropped the price on the original version eventually.