Horses are terrible people

Should I be concerned that the company that I use to ensure deliverability and that our emails don't end up in spam folders shows up in my spam folder?

Google has yet again given us a glimpse at the future of business productivity with the release of Google Spreadsheets. This is the killer AJAX/Web 2.0 app. Its intuitive interface and collaborative editing features paint a future of Google as the productivity center for companies. No software licensing. No version incompatibilities. No having to move files from work computer to laptop, etc.

They started with Gmail, which has become one of my primary email apps. Add to that Google Calendar which is yet another brilliant collaborative app. Combine all this with Gmail for Domains and you might have a picture of things to come. Imagine "Google Office for Domains" where you brand the entire google productivity suite: Gmail, Calendar, Spreadsheets, and Writely with your company logo, and allow your users to have their own company based accounts. No longer do you worry about data backup, Google takes care of that for you. Your spreadsheet, word processing documents, calendars, etc are shared amongst your company and are available to the people that should be allowed to have them. 

You won\'t have to worry about steep per computer licensing fees. Perhaps the revenue model is the current adwords model, perhaps it becomes a monthly fee. Regardless, where other companies and open source projects attempt to give you the tools to have similar apps on your local intranet or your own servers, Google\'s service based approach offers a much lower cost option while providing a higher level of functionality and reliability.

Google Spreadsheets is a full functionality browser based application with integrated chat and collaboration. As you change a cell, others in your document see it change. As you change a formula, it changes for them as well. Create a spreadsheet and invite others to participate in editing it. It appears in their file folder, as it does in yours. You all have the ability to edit it at any time. Font formatting, sorting, multiple spreadsheets in a workbook, cell linking, it\'s all there.

Speed is entirely based upon your browser and computer. While it\'s not the fastest thing in the world with large amounts of data, it did load and open a document on my computer faster than Excel.

If I had the change to buy the already expensive Google stock, I\'d be picking it up right about now.

&t

Over the years I've always been amazed at the amount of immaturity on the internet. Add immaturiy to the illusion of anonymity that most people seem to have on the internet and it can be a recipe for large amounts of hate. There is a certain type of users on GameSurge that typifies the worst the internet has to offer. Some are racists, some are wannabe eThugs who pretend to be gang-bangers and talk like idiots.

Then you have the kids who have too much free time on their hand and made to order trojan horse applications at their control. They've managed to infect hundreds or thousands of Windows machines which are generally more open to takeover. There are libraries of these trojans freely available with source code and generally these kids don't have to (and don't ) know anything about programming and are not good enough to program such things on their own.  If left to their own devices without any examples or code to use, they'd just go back to perusing the internet for porn. The sad thing is these kids are generally under the age of 18 and their parents either don't know or don't care about their activities. I say the parents don't care because on multiple occasions I have tracked down these kids and spoke with their parents.  Their lack of understanding about what their children are getting into leads them to generally ignore the behavior.  They wouldn't let their kids vandalize other peoples property, but when it comes to terrorist like activities on the internet, it goes right over their heads.

Here's an example of a kid who may either be posturing or actually have a legion of infected machines at his control:

(h4ck3r) u <3 cokc eh fag??? 
(h4ck3r) w8 til i intorduc u 2 my boatss!@! 

This past weekend one of our security guys on GameSurge noticed the #botnet channel and its topic.

-OpServ- #botnet Information 
-OpServ- Created on: Sun Jun 04 08:41:44 2006 (1149439304) 
-OpServ- Modes: +stnC 
-OpServ- Topic (set by xenex`, Sun Jun 04 13:53:10 2006): GameSurge will be DDoSed on 6/6/06 at 6:06pm PST. Be ready. 
-OpServ- Users (1): -OpServ- @xam (~zgqwz@68.180.9.13) 

I should point out that the ~zgqwz@68.180.9.13 user is probably on via an infected machine.  When we try and block these users, they just connect from any of their  "legion" of infected machines with different address.

As of right now (1.5 hours earlier than the threat) I'm being DDoS'ed (Distributed Denial of Service Attack) for ~300mbit/s. Now mind you that's not a big attack. Frankly it's a small attack compared to many of the attacks we've received. The point is more that these kids don't know or don't care about the implications of what they do. These attacks affect everyone from the users of the infected machines they use, their ISP, every ISP between them, to the target machine. Often times these attacks are so big as to affect other customers of the ISP where the target machine is being hit. I've seen ISP's fold under pressure, such as The Planet and Speakeasy.

When one talks about recourse for actions like these, it can be a nebulous area. Sometimes the authorities will get involved, most times they will not. Attacks like these cost money and time. For every person you hear about on the news getting busted for DDoS'ing, there are hundreds of others. I've seen kids grow from being in their mid-teens to adults, the whole time attacking people, and while I know the authorities know about them and their activities, they're not "big" enough to warrent the expense of prosecution.

On GameSurge we keep an extensive database of our users who participate in these activies, cataloging their trojans, names, real life information if possible, associations and logs of activities which we provide to various law enforcement agencies.  To date we've found limited success in doing this and have seen some of our "Script Kiddies" and attackers prosecuted for their activities.  In most cases they are not prosecuted for attacking us directly, but rather for their other activities which our information has helped, at least in part, uncover.

DDoS'ing and threats of DDoS have been used to extort people and they've been used to try and stifle competition. DDoS'ing also comes up as an act of eBullying, kids who aren't socially adjusted, who are probably bullied in real life use it as a release to be the aggressor.

The sad thing about this phenomena for me is I'm now at a loss as to what to do about such things. The authorities do what they can, I'm sure, but in the long run I've found the only real option is to weather the storm and move on. I guess being attacked is one of the ways to know you're successful, but it sure sucks as a thank you for providing a free community service to people.

;p>As I finish this blog entry the attack subsiding and is down to 70mbit/s. In about 20 minutes it should subside completely, for now anyway.

The following is the log which illustrates the wonderful types of messages I get on GameSurge:

--- Log opened Thu Jan 19 19:23:14 2006
19:23 -!- Irssi: Starting query in gamesurge with GP|Novo[insert-club-here]
19:23 <GP|Novo[insert-club-here]> heya hows it going
19:23 <GP|Novo[insert-club-here]> ip68-108-40-138.lv.lv.cox.net
19:23 <GP|Novo[insert-club-here]> <---- my ip
19:23 <GP|Novo[insert-club-here]> so check this out
19:23 <GP|Novo[insert-club-here]> im offering you a deal
19:24 <GP|Novo[insert-club-here]> NoR|CelciuS-1HP- is a threat to my community
19:24 <GP|Novo[insert-club-here]> im holding gamesurge responsible for his acts if you dont give me his ip
19:25 <GP|Novo[insert-club-here]> you have until 8pm tomorrow to give me his ip
19:25 <GP|Novo[insert-club-here]> or I will take gamesurge and all of its resources offline forever
19:25 <GP|Novo[insert-club-here]> and dont give me that privacy policy bs
19:26 <GP|Novo[insert-club-here]> and if you dont think im serious
19:27 <GP|Novo[insert-club-here]> you know a few ppl
19:27 <GP|Novo[insert-club-here]> do the names
19:27 <GP|Novo[insert-club-here]> Sisco and bman mean anything to you
19:30 -!- GP|Novo[insert-club-here] [~none@ip68-108-40-138.lv.lv.cox.net] has quit [Quit: ( www.nnscript.de :: NoNameScript 3.81 :: www.XLhost.de )]
--- Log closed Thu Jan 19 19:36:25 2006

I just setup a Flickr account and uploaded some of my old photos up there. Is a pretty interesting site, but like all communities, I think I'll only get out of it what I put into it.

Lately friends, family, and friends of family have decided that I need to be included in their flurry of forward emails. You know the kind, emails that are cute, funny, or scary. Perhaps they're a call to action or friendly warning. Generally these emails fall into two categories: happy emails and sad emails. Happy emails have funny or patriotic pictures. Cute and fuzzy bunnies and American flags with a crying bald eagle with "9-11 Never Forget" stamped over them. Funny emails of hot girls and ugly girls side by side. You know what I mean. These emails are a waste of bandwidth. Yes jokes are funny. But when I have to weed through every one of your friends email addresses, and their friends email address, and their friends email address to get to the joke, well I'm just tired and ready to move on. If you're going to forward cute and fuzzy emails, at least clean out the email headers from when you click forward. Better yet, don't forward it. Or if you want to be really cool, ask your friends if they want to be on your SPAM list of noxious cuteness prior to sending them said spam. Why is it spam? Spam's generally considered "Unsolicited Email." If I didn't solicit you to send me monkeys flinging poop at people watching at the zoo, then I'm not terribly concerned if my email program carefully files your email in the Spam folder.

Scary emails are where the hoaxes come in. It's unlikely the FCC is about to rule that Christianity can't be talked about on the radio or TV if you've not heard about it on the radio or TV, even if that email said Dr. James Dobson said it was so. It's very likely he didn't. And why not go to Dr. Dobsons website and see what he has to say about it? If he feels so strongly that he wants an email forwarded to all of your friends, he would probably ask for it on his website. In this case, his website dispells the myth. How did I find that magic article? Google. Simply typing "Dobson FCC petition" yielded several pages in the top spots pointing out it was a hoax. Amazing thing, it took less time to do that then it would take to include every friend, relative, and co-worker from my address book on my soon to be forwarded email.

Ok that's one scary type, the call to action... The other is the doomsday, sky-is-falling, internet is going to explode and President Bush has personally tapped your computer riding a patriot act cruise missle in a blaze of Dr. Strangelove glory. The worst virus ever is out! There is some benfit to computer related emails like this, it will possibly scare the person who is inclined to read it and forward it to me and all the world, out of opening attachments that say "Brittany Spears Nude Screen Saver" or "I make greeting card for happy you.zip." YES email viruses are real. They're real because people open attachements and run the viruses. But if you get an email that says "OMG CNN SAYS WORSE VIRUS EVER" why not check CNN and see if it's true? If not you're just wasting time and scaring people. If it is true, it's likely that when people check the news, watch tv, etc, they will find out about it. Unless they live on a small island in the south pacific and only enter the numbers 4 8 15 16 23 42 into their computer.

One more thought on these emails. Usually people send these emails to all of their friends displaying all of their friends email addresses for all to see. This is like sending phone numbers out all over the internet. When I see a list of emails like that, it makes me want to email photos of you out to every email address I can find. You know the ones, you were at my party, drunk, dancing naked on the table. I don't think your Aunt Jean would want to have to endure THOSE photos. Think of Aunt Jean.

Well here you go: 703.742.0400

Google's Web API is amazingly easy to program for. In ten minutes I had an integrated site search engine for a Glyphix client. Gotta love that.