ac's blog

Craigslist full of rental scams

So Craigslist is making it hard to post ads for real posters who care about their privacy (Craigslist Wants Your Phone Number) and simultaneously letting very easy-to-spot scam postings totally fill their vacation rental pages!

New York, and London - just look at the vacation rental pages on craigslist. So easy to spot the scams - when you see the same pattern of ad repeated many times, it is a scam. In addition to scams, craigslist is now filled with useless Airbnb postings which are just noise and do not provide a contact email address or phone number. The Airbnb automated postings are for Airbnb members only - craigslist should not allow them, they are just ads for Airbnb.

There are many sites with information on scams: Rental Scams, and here's a guide to craigslist scams. And important to note that while it is easy to spot the scammers that are from out-of-town, there are also scams involving local people, as shown in NY Times - Renters Get Swindled and Scammed article.

The easy signs of a scam are poor English in the posting and in subsequent communication, too many postings that look the same with different rentals and different email addresses, "contract" does not contain dates (they want you to fill in dates which means they don't really care), you can change dates a lot and apartment will still be available, and sometimes - low prices (no way a NYC midtown 2-bedroom apartment is available for $200/day). And if you ask to see the apartment and the renting agent immediately (even just as a bait - ask this even if you are not in that town), they will make up a reason why that is not possible, and that indicates a scam.

craigslist entering the dark side with compulsory phone verification

I had not used for craigslist to post classifieds for a long time and had never run into this problem. But looks like now any posting to craigslist requires a phone number where they send a code which has to be entered into the phone authentication page.

They now want a phone number for posting a $10 ad about selling old chairs? Why on earth?

If this is supposed to filter spam, it certainly won't - spammers will find it worth their time to provide a phone number. And it has not cut down on spam at all - the electronics section is so full of spam - it is mostly spam - with text not matching the title and a big image on the page displaying a web site to go to for "deals". And vacation section pages are full of people posting from other cities and completely useless for actually finding a place in the local city.

So, craigslist has just made life difficult for ordinary citizens, who no longer have a phone or don't want craigslist to know their phone number. Another site gone to the dark side, what happened to all the free speech principles that founder Craig Newmark seemed to have started off with in the early days of craigslist. Now all gone by the wayside ostensibly for spam prevention but probably more of a corporate strategy to get more information about the posters. So sad.

craigslist is now completely useless for posting any ads. Need to find other online classified site that can use automated means to weed out spammers, and don't penalize real users of the site by asking for unnecessary information such as private phone numbers.

Blogger missing features

Providing assistance recently to a few people who started using Blogger, it becomes clear that while Blogger provides a wide range of tools, some key features are missing. The current feature set of blogger is somewhat confusing in terms of which target audience is actually fully covered.

Here are some things that are not easy to do in current Blogger - while some gadgets or widgets may be claim to provide the feature, they are not really easily usable. Though things do seem to be improving periodically, and there may come a time in the future when a decent, complete set of features is available.

The audience for these type of features is the low-volume blogger, blogging for personal use, and for friends and family. These features are very easy to provide in a hosted version of Wordpress, as a comparison point. It would be nice if Blogger could be used to build a social-media network for a small group, kind of like a friends-and-family network. This is something not doable right now.

Breckenridge Ski Review

Breckenridge, Colorado claims to be one of the largest and most-visited ski resorts in North America, but it is not easy to get much information on the mountain related to ski trail reviews. All the search engines spew out is sales info on condos and travel packages. Here are some usable reviews: NYTimes, Dom's Skiing Breckenridge, Epinions.

So, here's a collection of brief points and answers a first-time traveler might want to know. Mostly from the point of view of intermediate skiers, who may also handle a few of the black diamond expert trails.
Here's a (large PDF) Breckenridge trail map.

  • Altitude-sickness is real! There is a lot of information on this on the web. For recreational skiers, not a serious problem, just take headache medicines every day - good chance of a splitting headache everyday. Climbing uphill is also a strain, so avoid it.
  • It is not called Brecken-wind for nothing. Extremely windy and blustery at the top of the lifts. One of the days, the important Beaver Run Superchair was closed all morning, causing major backups on other lifts. And Peak 10 Falcon Superchair was also closed - which meant no Peak 10 skiing.
  • Pre-peak season such as end of January is nice - not very crowded, but still great packed powder conditions. Most lifts had no waits, or very short waits, except for some of the key Peak 8 and Peak 9 lifts. Definitely nothing like the reported 45-minute waits during peak season here. Entry to lifts is not always well organized - just a mass of people all converging to the chair and merging crowds. Easier to squeeze in from the outer rows.

NetLibrary Media Center - Belongs in the Trash Bin

So my local library is using NetLibrary for renting out audio books.

This was working just fine, though the download process was a three-step thing - first download to local computer, play MP3 to obtain license, and then copy to portable MP3 player using Windows MediaPlayer. But - this process worked just fine, with no problems.

Then, in their infinite wisdom, the NetLibrary people have unleashed a separate stand-alone Windows program, called "NetLibrary Media Center" - which is supposed to make downloads easier. Good idea - but pretty bad execution.

Be warned - that program is nothing but grief. First of all, its user-interface is from the dark ages - windows that cannot be moved or re-sized, clunky buttons, no good feedback on actions or what it is doing.

But - it also deletes all files in folders without warning. Yes, here is a program that NetLibrary asks to be downloaded to make transferring eAudioBooks easier, and that program will clean out certain folders. If you go into Preferences, and point the folder to a different location, NetLibrary will delete all files without any warning. And with all this, it did not recognize the MP3 player plugged in - which Windows Media Player located just fine. So, there was no way to actually transfer the audio to the player.

This program belongs in the trash bin - it is one of the most poorly designed - and useless - utilities developed. And of course, now that NetLibrary has this new program, their old way of downloading a audiobook to the local disk does not work. The web pages claim it works, but it ends up in "Requested page could not be found" error. Thankfully, there is a way around this - in the Web NetLibrary account "Edit My Account" page, uncheck the Download Preference "Use NetLibrary Media Center". This should reset the download option, and show the link to download the CD-quality MP3 which can be copied to portable players.

Public DNS Server with no hijacking!

DNS hijacking has become common place, not just used by rogue DNS servers anymore, but seems like most (all?) Internet Service providers are now resolving non-existent domains to the ISP's own servers.

This is very irritating, and causes numerous problems - where a NXDOMAIN response is expected, applications now get a valid response. RCN puts up a search page, which contains search data, and does not even contain a link to the address actually typed. All so the ISP can serve more ads to the end-user. And RCN has no easy way to opt-out that would work for all applications and operating systems.

So users have turned to many different methods: installing browser plug-ins - poor solution since all non-browser applications won't see the fix, or using Public DNS Servers and configuring their DNS lookups to go to these Public Servers.

But now, even the Public DNS Servers are involved in subverting NXDOMAIN responses - they too want to serve ads and issue redirects. A web search on this issue results in many people saying that OpenDNS has fixed their problems - which is not really true. It is in fact, quite complicated to figure out what the basic, free, OpenDNS really does, and it requires jumping through many steps to make it stop the hijacking - they claim it can be done, but requires registration, etc. They do offer other services, which may be useful to most regular users - such as security features, but they are certainly not providing easy access to non-hijacking DNS servers.

Just last month, turns out that there is one public DNS service that promises to Get the results you expect with absolutely no redirection. - Google's Public DNS.

Ubuntu 9.04 to 9.10 upgrade and nvidia problems, etc

So since it is very easy to upgrade to 9.10 from 9.04, I downloaded Kubuntu 9.10 in the kubuntu-9.10-alternate-amd64.iso format for a Intel Core2 64-bit system and ran the install.

Predictably, ran into problems after the install, here are the issues, and their fixes.

Started with 9.04 install, more details in this entry: Ubuntu Install. One problem existed in 9.04 - there was no audio for the HDA Nvidia device, even after trying many installs/uninstalls and different drivers. Magically, the audio problem was fixed with the 9.10 upgrade! So, it was all worth it.

Here are the rough steps for the upgrade and fixing issues:

Run apt-get update and upgrade to bring all packages to latest version on current version of Ubuntu. Shut down all applications, including any kvm virtual machines running on the host.

Download kubuntu-9.10-alternate-amd64.iso. Mount it locally and the run the installer from a shell:
sudo mount -o loop .../path-to/kubuntu-9.10-alternate-i386.iso /media/cdrom0
kdesudo "sh /media/cdrom0/cdromupgrade"

Upgrade was smooth, selected option to remove unused packages, and in around 15 minutes, it was done. Even kvm virtual machines started up with no problems.

Since the upgrade was done from a locally mounted CD image that won't be available later, edited the /etc/apt/sources.list file, and commented out the cdrom line.

On reboot - the first problem - no kdm - no graphical login prompt, no X server. The nvidia drivers did not install, and manually trying to install nvidiia-glx-173, 180, failed.
With some searching, found that medibuntu was disabled, so ran the command to add it to apt's source list:

Gmail spam filter is very poor

It is surprising to read some web articles about how good the Google gmail spam filter is - in my experience, it is really poor at stopping simple spam, and also has too many false positives (email that it marks as spam but it is not spam).

There are some articles, though, about how gmail does not stop much email with "VIAGRA" in it.
On a daily basis, I have 5-10 emails with Viagra in the subject line in my gmail inbox. I don't use gmail much because of this problem - it is strange that my local spamassassin setup can easily mark this as spam, but gmail does not. I did spend a few days reporting these emails as Spam in Gmail, but to no avail - gmail will not recognize these as spam - which suggests that the Report Spam feature in gmail is also pretty much useless.

Gmail even says the message is "signed" - whatever that means. here's the gmail header:

  from	Approved VIAGRA Store 
     to	avinash@aczoom.com 
 date	Fri, Dec 18, 2009 at 12:55 PM
subject	Member avinash@aczoom.com get 80% 0FF on ALL Pfizer.
mailed-by	aczoom.com
signed-by	aczoom.com

The same message in my local spamassassin filter is in the spam folder, and has these spam tags:

X-Spam-Status: Yes, score=13.8 required=5.0 tests=BAYES_99,HTML_IMAGE_ONLY_24,
        HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,MISSING_MID,
        PYZOR_CHECK,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_SORBS_WEB,RDNS_NONE,
        SPF_NEUTRAL autolearn=no version=3.2.5
Envelope-to: avinash@aczoom.com
Delivery-date: Fri, 18 Dec 2009 10:55:56 -0700
...
Received: from [189.83.171.41] (helo=18983230136.user.veloxzone.com.br)
....

Article module and recently updated block

Article Module for Drupal is an useful module, and is pretty easy to configure.

The Views module in Drupal does similar stuff, but it does take a lot of learning new terms, and likely even more CPU/Database usage. More importantly, it is a hugely complex module which brings with it risks of breakage when updating either just the Views module or updating the core Drupal release. So, it is worth keeping the simple Article module around.

One of the key missing things in the Article module is a way to make a block of "Recently Changed Articles" - it only provides for "Recently Created Articles". But this is an easy hack - edit the article/article.module file, and replace all n.created to n.changed.
That is it! Of course, the trouble is that updating the Article module now becomes tricky - but all this is probably still easier than dealing with updating the large Views module and core Drupal.

ToDo: add an user option to have article module support both n.created and n.changed as required for a specific block.

NRPE easier than check_by_ssh for Nagios on Ubuntu

Trying to setup SSH for Nagios on Ubuntu is quite maddening. So, for those thinking that since they have familiarity with ssh, ssh-keygen, that using check_by_ssh would be a breeze, don't! Use NRPE instead.

These plugins are needed to monitor things like load, procs, on remote machines such as might exist in a small home network.

Assuming a localhost that is running the Nagios monitoring server, and a remotehost that we need to monitor load, procs, here are the simple steps to get NRPE up and running on Ubuntu or Fedora:
This assumes that a base Nagios server is up and running on localhost, and remotehost does not have Nagios installed.


On remotehost, run:
sudo apt-get install nagios-nrpe-server (Ubuntu)
su -c "yum install nrpe.i386 nagios-plugins-procs.i386" (Fedora FC7)

To find appropriate names of packages to install, use:

On remotehost, run:
apt-cache search nagios (Ubuntu)
yum search nagios (Fedora)

Make sure all required plugins are installed on the remotehost also - things like check_load, check_procs, etc in /usr/lib/nagios/plugins/ or appropriate folder on remotehost.

Next, edit the config file /etc/nagios/nrpe.cfg - replace .. with the IP address of localhost that is running the Nagios monitoring server:

/etc/nagios/nrpe.cfg:
allowed_hosts=127.0.0.1, ...

In the same file, check the hardcode commands, such as check_load and check_total_procs, those might be sufficient for many uses.

Finally, restart nrpe on remote host:

sudo /etc/init.d/nagios-nrpe-server restart (Ubuntu)
su -c "service nrpe restart" (Fedora)

Now, back to localhost. Install the nrpe-plugin here:

sudo apt-get install nagios-nrpe-plugin (Ubuntu)

Test it - from locahost, run:
/usr/lib/nagios/plugins/check_nrpe -H remotehost (this should output remote NRPE version)