January 2006

A lot of people have noticed that Monad Beta 3 was released. I have zero experience with Monad but I’ve wanted to take a closer look at Monad for a long time though that has always been postponed. When it got dropped from Longhorn my interest dropped too.

However when I read about the Beta 3 release and something about it being feature complete I figured I’d give it a go and I’m glad I did.

My first stop was the Scripting with Microsoft Monad Shell, on Script Center. From that page I downloaded the two part webcast; Next Generation Command Line Scripting with Monad.

When I started using Linux the first thing I fell in love with was the shell capabilities, they were fantastic compared to what was offered in Windows. After seeing the webcasts all I can say is WOW. Monad looks very promising!

I haven’t done much at this stage, just some goofing around:

MSH C:\> dir | sort length
MSH C:\> Get-WMIObject Win32_ComputerSystem
MSH C:\> “Do you like msh?”[3,10,13]

Now it’s time to start reading the documentation.

Ps.
It was nice to see that James wasn’t fired for part 2 of the webcast after the Winamp fiasco

In 2004 a group of people were handing out free chocolate to anyone who would give them their passwords. It turned out that 70 % would reveal their password for a candy bar or perhaps that people are willing to lie to strangers in order to get free chocolate. Though this was some interesting statistics, it wasn’t very useful to me. What I wanted was a username to go with the password and the name of the company where the person was working. However, I didn’t want to stand alone in the subway handing out Snicker bars to people who didn’t deserve them. I’ll keep my candy treats for myself, thank you very much! Besides I wanted a something which was a tad more discreet.

Mambo server to the rescue! Well I’ve switched to Joomla after the split. Joomla is an excellent CMS system which I’ve used to create my site laugh-and-a-half.com. It’s a site where people go for a laugh; it’s crammed with funny stories, silly pictures and videos with crappy quality. Out of the goodness of my heart I provide all these services free of charge as long as people register. Some teasers are available without logging in, but most of the site members come from recommendations by their friends (at least that’s what the polls tell me) and they don’t mind registering. I don’t ask for much; Alias/Username, Real Name, Email, Password, Gender, Age and Occupation.

Some people just enter gibberish, and that’s fine, (that’s what I would do), others are proud of their titles and neatly enters the correct information in every field; “Sales Executive”, “Purchase Manager”, “Corporate Slave”. I’d like to ask for a phone number too, but I don’t feel that bold. The information would be great to have in social engineering terms, but I don’t want to make people too suspicious, plus I want valid information. Most members provide exactly that, and password reuse is practiced by most people who login to the site. It’s not really their fault, they haven’t been taught better.

When the users login I also keep records of their connecting IP addresses, from nine to five this usually can be translated to companies.

During the time when I was starting up the site there was a lot of work involved with collecting jokes and wrestling myself up in the search engines. But I can tell you the ROI has been substantial; nowadays the site has grown and more or less has a life of its own. 95 % of the content is now submitted by users. Everyone likes sharing a joke right?

No one knows that I run the site. That is, no one on irc knows, they probably haven’t even heard of the site and I’m sure as hell not going to tell them. Why should I? The site is registered to some bloke name Peter. Yep that’s me IRL. The people I do business with only know about tr0y and it would be most unfortunate if anyone connected tr0y to Peter.

While Peter runs an innocent site called laugh-and-a-half, tr0y is in it for the information. There is some work involved with sorting out bad data from good, but overtime my Perl scripts have gotten quite refined.

I get a thrill when a new company finds the site. It starts with one user, then he or she sends an email to his or her colleagues which they in turn forward. Some days I’ve gotten 20 users from the same company!

So what do I do with this information? Most of the time I trade it, if it’s from an interesting company I might be able to sell it. Otherwise I have great fun using it myself. Some times I’m able to just VPN in to a company based on the information I’ve been given from my members. To some extent I guess I just like the mining.

Lately I’ve added some more features to laugh-and-a-half. First I’ve got the face recognition software, the idea is that people upload their pictures and I tell them who they look like. Boy do people love to look like celebrities;
“Susan you look like Madonna, please tell your friends.”
Of course the software itself isn’t working very well but the upload module works excellent.

Then there’s the horoscope where the members enter more information about themselves. This is a mix of “worthless stuff” and things I wanted to know but didn’t dare ask during their registration. Members fill out a form; where they live, interests, favorite food, what they earn, what their boss is called, favorite animal etc. Based on their input I provide them with a randomized horoscope.

Another popular feature of laugh-and-a-half.com is the weekly newsletter. Every Monday the site sends out a newsletter with the jokes which have received the best votes during the previous week. Mind you it’s easy to unsubscribe. Heavens I don’t want to get accused of spamming! The newsletter is a good way to remind people of the site. But then there’s a little something called out of office replies.

“Hi this is Brent, I’m out of the office visiting customers this week…”
“Laura is on vacation this week; if you need anything call Mark at this number…”
“Hi this is Jonathan I am on vacation until 13/7…”
“Hello, Sarah will be back on Wednesday…”
“Neil is on vacation…”

These can be good to have for a bunch of reasons, but today I think I’ll ping devin…

- tr0y – you there?
- devin – hey buddy long time no see, sup?
- tr0y – know anyone in kent?
- devin – why?
- tr0y – business
- devin, business business?
- tr0y – yep business business
- devin – shoot
- tr0y – a guy named jonathan will be on vacation in Greece
- devin – the deal?
- tr0y – 6 %
- devin – I’ll get back to you
- troy – I’ll send you what you need when you do
- devin – how do you know about this anyway?
- tr0y – I ask politely

Please note this is a purely fictional story any name found here are made up. I’ve written this because I like writing, if someone reads it and enjoys it great. If they get more conscious about security, that’s a bonus too.

Related Links:

Passwords revealed by sweet deal
- http://news.bbc.co.uk/1/hi/technology/3639679.stm

Would you trade your password for chocolate?
- http://www.theregister.co.uk/2004/05/28/password_advice/

Urban Legends Reference Pages: Crime (Grand Theft Auto Reply)
- http://www.snopes.com/crime/intent/reply.htm

Passwordsafe - is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows.
- http://passwordsafe.sourceforge.net/

Simple Formula for Strong Passwords (SFSP) Tutorial
- http://www.sans.org/rr/whitepapers/authentication/1636.php

Hello World!

Hello World has a special meaning for all programmers / scripters, and I guess for bloggers too. This is the first entry to my blog and I hope there will be many more. My plan is to write about scripting and security, if I stick to the plan remains to be seen.

Cheers
Patrick