Registrar-Lock Gymnastics
[UPDATE: It was the person/company that was reselling for the registrar that caused the confusion. Apparently the domains that were on lock just took a day to reflect the change, or the person unlocked them and then lied to us. Some of the domains we were transferring we simply lost, because they had it in their name and ghosted us. There was nothing the registrar could even do.]
Discovered a registrar that apparently allows you to unlock a domain by initiating a transfer with an auth code that fails (because it’s on lock) and then waiting a few days, meaning you have to keep checking the domains status and then initiate the transfer a second time once unlocked. WTH?
And this was not explained to me properly. I had to figure it out. All I was told is that the code/key would unlock it. And it didn’t, at least right away. I wasn’t told it would HAVE TO fail instead of just unlock and transfer in one step, which if such a thing was legal by ICANN rules would at least make sense. I wasn’t told it would take days and wait until the lock was off — so subsequent attempts failed, confirming my belief it was BS and wouldn’t work. I was also misled by being told “force your registrar to except it because it’s unlocked on our system” (even though WHOIS said it wasn’t). Nope. Have to wait and check and then reinitiate. No problem! :/
Nonsensical extra steps and a week’s wait just because they weren’t unlocked like at any other registrar on the planet.
This is no way to run a business.
I’m about to become a porn star.
To everyone I know:
Be on the lookout for a cam video of me watching porn, sent right to your emails and Facebook messenger. I can’t guarantee there won’t be popcorn involved.
Seriously though, just got this [[sextortion]] scam email:
It seems that, aminor, is your password. You don’t know me and you’re probably thinking why you are getting this e-mail, correct?
Well, I placed a malware on the adult vids (porn) website and guess what, you visited this web site to experience fun (you know what I mean). While you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) that has a key logger which gave me access to your display as well as web camera. Just after that, my software program obtained every one of your contacts from your Messenger, FB, as well as email.
What exactly did I do?
I created a double-screen video. First part shows the video you were watching (you have a good taste haha . . .), and second part shows the recording of your web cam.
What should you do?
Well, in my opinion, $2900 is a reasonable price tag for our little secret. You will make the payment via Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).
BTC Address: 16PRz8816F5eEuc864YzCNDtBwbHPU
9CjQ
(It is cAsE sensitive, so copy and paste it)Note:
You now have one day to make the payment. (I’ve a specific pixel in this e-mail, and right now I know that you have read this email). If I don’t get the BitCoins, I will definitely send your video recording to all of your contacts including relatives, coworkers, etc. Having said that, if I receive the payment, I’ll destroy the video immidiately. If you need evidence, reply with “Yes!” and I will certainly send your video to your 6 friends. This is the non-negotiable offer, and so don’t waste my time and yours by responding to this e mail.
Yes, it’s fake, although it was a password I used MANY years ago …
https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/
https://www.techlicious.com/blog/is-the-porn-blackmail-scam-real/
Sorry, if they want video of me salivating over noods, THEY will have to pay ME.
Another Impossible WP Solution
I was trying to emulate the appearance of multiple subfolders of files in the installations root directory, but these folder names would conflict with pages that need to be the same name.
In other words, I wanted media files to appear as if they were in the same folder as the page as if it the page URL was a real folder.
Example:
http://example.com/courtcase/
would be the page for a court case and
http://example.com/courtcase/testimony.pdf would be a document referenced in it
I COULD change the upload directory to the install root and then subfolders using a plugin that allows organizing media files this way. HOWEVER, calling on the page slug will cause the server to open the file directory for the actual folder rather than the page in the WP database.
So I needed to have the media files in another directory than the install to eliminate conflicts, and then have slugs for files just start at the install directory path.
Example:
http://example.com/wp-content/uploads/courtcase/testimony.pdf
would become
http://example.com/courtcase/testimony.pdf
And of course I needed this done for all media files, not manually adding redirects for each one.
{NOTE: This was a client requirement. Yes, it’s crazy to be so concerned with URLS, but that’s the demand.}
After talking with my friend Bill Caffery, we agreed we needed slugs for the file URLS, but didn’t know how to automate it. I was thinking some wildcard redirects in the HTACCESS files of the upload directory and/or install directory, but that would only work one way, so to speak. He was thinking to hell with WordPress and use something else like Symphony. I wasn’t down with learning another platform as my model has always been to focus and excel at core competencies, and that means limiting the software I use for given tasks. I also didn’t want the client to have to add lines of redirects and what-not.
So I was counting on finding a way to get WordPress to create slugs for the media files. After all, it already odes this easily and seamlessly for posts and pages. So I needed two things:
(1) A media library management system that allowed sub-folders;
(2) A plugin (ideally, rather than hacking the PHP) to designate the ‘uploads’ folder.
Or at least that’s what I thought I would need, and after some experimentation found what actually worked.
First, the media library system had to NOT be independent of the media library like many of the plugins did — it needed all media to register with WordPress so it would place slugs for their URLs in the database. This was accomplished by using the Media Library Folders plugin.
Secondly, I got another plugin to move the location where media was uploaded, but then the plugin above wasn’t able to manage the files outside the usual default folder. So after many attempts and database table cleanings, I decided to leave the folders in the usual place and just change the URL to create correct slugs. It was trial and error that I realized the second plugin actually did this, WP Original Media Path.
I had to check a box saying I knew what I was doing (I lied) and it gave a second setting box. The main setting was the path for the media folders and files, which I tried to make the install root — successful but not solving the problem. I THOUGHT this was the location/pathname of the files, but it was not. It was the slug. The hidden setting was the actual folder. So I made the former the URL base I wanted and the latter the default folder.
I found I had to recreate the folders and upload the files manually, but otherwise, it worked!
Like my father always says, “The difficult you can do right away; the impossible takes a little time.”
Thumbtack Scam
I replied to a request for proposal on Thumbtack.Com and got this response:
Thank you. I have small scale business which i want to turn into large scale business. The company is based on importing and exporting of Agriculture products such as Kola Nut, Gacillia Nut and Cocoa so i need a best of the best layout design for it. i need you to check out this site but i need something more perfect than this if its possible .http://www.agroamerica.com.… the site would only be informational, so i need you to give me an estimate based on the site i gave you to check out, the estimate should include hosting and i want the same page as the site i gave you to check out and i have a private project consultant, he has the text content and the logos for the site. Note: 1. I want only 12 numbers of pages with the example site i gave you to check excluding videos and blogs. 2. I want only English language 3. I don’t have a domain yet but i want the domain name as kdFarmsproducts.net 4. you will be updating the site for me. 5. i will be proving the images, logos and content for the site. 6. i want the site up and running before ending of next month. 7. My Budget is $2000 to $4000 Kindly get back to me with: (1) an estimate (2) And will like to know if you are the owner ??
I went to report it but it was already redacted (or deleted). Why was I going to report it, you say? BEcause I’ve sen it before and have been down that path.
These scammers follow the following pattern (for now):
- They want you to check out the site and have a domain in mind (that may or may not be taken);
- They repeat their budget, $2K-$4K, which is a bit high for such a project;
- They want an estimate (after you already gave them one);
- They want to know if you are the owner.
This last one is important, because they want to be sure you can make the decisions necessary to be scammed by them. Once you’ve committed to giving them a proposal (twice), they will insist on paying you $4,000 even if you quoted less. Here’s the catch:
Their “graphic artist” needs to be paid RIGHT AWAY and doesn’t take PayPal and they can’t pay them any other way for some reason. They need YOU to pay them out of the money they give you — a check that clearly won’t be worth the paper it’s printed on.
This is not unlike the “you’ve won the lottery” or “you will get paid out of the money we need you to traffic for a Nigerian prince”, where the catch is paying out money before you get paid … and then that never happens.
Well, there it is. If you pay credits on Thumbtack to quote anyone with this MO, report it and request a refund for those credits if the gig isn’t already cancelled.
Managing Monumental Password Lists
I am a web developer. I hold the keys to countless sites on my own system, accounts with vendors, and all the usual ones the average person must deal with — email, banking, Amazon.Com, online payment systems — which by itself is too much for a mere mortal to bear.
On lamenting such tribulation, one friend solved the entire problem for all of us by suggesting we just use the same username and password for everything.
If only.
I find it barely manageable at best, frustrating as hell at worst. I’m not an idiot — my IQ says I’m supposedly at the opposite end of that spectrum — but I sometimes feel like one. So why is it do darn hard?
The requirements for a username vary, and no matter how obscure, sooner or later you’ll want to sign up for something where it’s taken. Some logins use your email address instead — and often won’t even tell you it’s asking for it so you try your usual user names over and over to no avail. And heaven forbid you’ve had more than one email address over the years and can’t remember which one you used for a particular site …
But passwords are the real problem. Some systems won’t let you use certain (or any) special characters; others demand it. The same for capital letters and numbers. And the same for length. In other words, it is practically impossible to only have one password for everything, and you’ll have to remember which one goes with what account.
So why not just remember them all, once and for all? Because some systems, like my bank, make me change it once or twice a year. And it can’t be anything like previously used passwords.
So how do I survive?
A System
Over time, my efforts evolved into a (somewhat) comprehensive system, in part because passwords have become necessarily stronger over the years. Below are the main elements. Mileage may vary based on your needs, but even using a few of these as hints will probably make your life a lot easier in the long run.
- I use certain usernames (and email addresses) for business and others for work.
- I have three primary passwords of varying complexity — simple ones for casual accounts, moderate ones for most things, and very strong ones for when security is paramount, such as my server and all my client accounts.
This means that for most logins, if I don’t remember at all, a handful of tried combinations will get me in.
I have another system for remembering client passwords — which I generally assign to ensure they are strong enough and I can give it back to them if they need it instead of resetting it. I won’t go into particulars, but I use a root series of letters, numbers, and characters, some of which correspond by telephone keypad number-letter cypher to certain character places in their primary domain name. This makes all of them unique and calculable — but only to me. THERE IS NO RECORD OF THEM, ANYWHERE. If I die, they will have to be reset by my successor if the client doesn’t know.
A Password List
I don’t recommend having a notepad or bunch of sticky notes stuck to your monitor, but I’ve actually seen those in workplaces, visible to anyone who walks by. If you have to have them recorded somewhere, there are phone apps — password protected, of course, but you only have to remember the one.
I avoided this arguably necessary evil, but only in part. Especially for accounts that have odd requirements or make me change the password regularly, I have a PARTIAL note of the password. Currently, for my bank account, it’s “rK0” and for PayPal, it’s “r..7”.
That’s right. I just gave you my passwords hints to my money. In fact, I have it on a Google-indexed page for reference. But you don’t know my username or email address, respectively, or what or how many characters are missing. But I know it’s a variation of a password starting with a certain letter and ending with a certain number. I remember how my passwords evolved and what I added to them to meet requirements over the years, so it’s actually on the easy side to fill in the blanks.
What Works for You
In the end, your passwords should be meaningful to you — so long as they aren’t related to your birthday, last four of your social, or even words in the English language if you can help it. Mix up capitals and add numbers, but do it consistently and it will make remembering a LOT easier.
If you keep them somewhere, be safe. Maybe an app or online isn’t best for you and going old-school with paper and pen makes sense. Maybe it absolutely doesn’t.
But whatever you do, do it purposefully. The alternative is being locked out constantly — rather than just often enough to scream and rant about it.
A Battle Outside the Box
{An article I found in my archives by Tim Chitwood, published back in 2005, but nowhere to be found online.}
The idea’s so outside the box it’s hard to believe anyone thought of it.
But thinking “outside the box” is what the local civic club “Outside The Box” does, and that’s what members did when they thought about this weekend’s re-enactments of the 1865 Battle of Columbus at the Port Columbus National Civil War Naval Museum, online at www.portcolumbus.org.
“We thought about how meticulous those Civil War re-enactors are about having historically accurate uniforms and equipment,” says OTB President Hugh Lessjo. “Then we thought, ‘Who else
is so obsessive about having the right props and costumes?’ ”
The answer: Star Trek fans.
“We have Star Trek fan clubs in our area, and Sunday’s battle re-enactment already includes a
‘what-if’ scenario featuring a Confederate counterattack,” says Lessjo. “So we started thinking
outside the box, and we thought, ‘Why not have Trekkies join the battle?’ They already have the
equipment.”
OTBs, or “Outside The Boxers,” as they call themselves, are unconventional thinkers who believe
“there are no stupid ideas,” Lessjo says. “We really just wanted to know what would happen if Civil
War soldiers fought the crew from ‘Star Trek.’ You never see that in the movies or TV reruns.”
So the OTBs asked battle organizers: Why not attract a wider audience by staging a second “whatif”
battle sequence in which a starship crew joins the conflict?
Unwilling to openly ridicule the idea, organizers set up a meeting for Lessjo, Confederate reenactors
and a local Star Trek club — the latter two in full regalia.
Then the trouble began.
First the Confederates said they wouldn’t associate with “Trekkies,” and the Star Trek fans said
they preferred “Trekkers.” The Confederates all laughed, and “that right there got things off on the
wrong foot,” Lessjo says.
Other missteps followed.
“One of the Trekkers said Starfleet’s prime directive wouldn’t let the crew introduce superior
technology to a primitive culture,” Lessjo says. “Then a rebel yelled, ‘Don’t call us primitive, geek!’
And the Trekker said Starfleet wouldn’t defend a society based on slavery, either.”
That riled the Confederates, provoking one to shout: “Y’all just go fight for the Yankees then!
You’re all living in a fantasy world anyway!”
“Yeah, like you’re not!” a Trekker retorted.
Both sides abruptly drew their weapons, and Lessjo ducked under a table as the firing commenced,
he says. He did not crawl back out until the smoke cleared, and by then the Trekkers had
withdrawn from the field.
“It turns out replica Civil War guns use real gunpowder, whereas ‘Star Trek’ phasers have only a
battery-powered bulb that lights up,” says Lessjo. “You don’t go up against a guy with a firearm if
all you’ve got is a flashlight.”
So thinking outside the box yielded an unexpected answer to OTB’s hypothetical question: “We
proved Civil War soldiers would win a battle against the crew from ‘Star Trek,’ ” Lessjo says,
chuckling. “You never would have figured that, would you?”
Related articles
INSTALLING LOVE
{From an old email, source unknown}
Customer: I’m having some problems, can you help?
Customer Service Rep: Yes, I can help. Can you install
LOVE?
Customer: I can do that. I’m not very technical, but I
think I am ready to install now. What do I
do first?
CS Rep: The first step is to open your HEART. Have you
located your HEART ma’am?
Customer: Yes I have, but there are several programs
running right now. Is it okay to install while
they are running?
CS Rep: What programs are running ma’am?
Customer: Let me see …. I have PASTHURT.EXE,
LOWESTEEM.EXE, GRUDGE.EXE, and
RESENTMENT.COM running right now.
CS Rep: No problem. LOVE will automatically erase
PASTHURT.EXE from your current operating
system. It may remain in your permanent
memory, but it will no longer disrupt other
programs. LOVE will eventually overwrite
LOWESTEEM.EXE with a module of its own
called HIGHESTEEM.EXE. However, you have
to completely turn off GRUDGE.EXE and
RESENTMENT.COM. Those programs prevent
LOVE from being properly installed. Can you
turn those off ma’am?
Customer: I don’t know how to turn them off. Can
you tell me how?
CS Rep: Sure. Go to your Start menu and invoke
FORGIVENESS.EXE. Do this as many times
as necessary until GRUDGE.EXE and
RESENTMENT.COM have been completely
erased.
Customer: Okay, I’m done. LOVE has started installing
itself automatically. Is that normal?
CS Rep: Yes it is. You should receive a message that
says it will reinstall for the life of your HEART.
Do you see that message?
Customer: Yes I do. Is it completely installed?
CS Rep: Yes, but remember that you have only the
base program. You need to begin connecting
to other HEARTS in order to get the upgrades.
Customer: Oh no, I have an error message already.
What should I do?
CS Rep: What does the message say?
Customer: It says “ERROR 412 – PROGRAM HAS NOT
BEEN RUN ON INTERNAL COMPONENTS.”
What does that mean?
CS Rep: Don’t worry ma’am, that’s a common problem.
It means that the LOVE program is set up to
run on external HEARTS, but has not yet been
run on your HEART. It is one of those
complicated programming things, but In non
technical terms it means you have to “LOVE”
your own machine before it can “LOVE” others.
Customer: So what should I do?
CS Rep: Can you find the directory called “SELF
ACCEPTANCE”?
Customer: Yes, I have it.
CS Rep: Click on the following files and then copy them
to the “MYHEART” directory:
FORGIVESELF.DOC, SELFESTEEM.TXT,
REALIZEWORTH.TXT, and GOODNESS.DOC.
The system will overwrite any conflicting files
and begin patching any faulty programming.
Also, you need to delete SELFCRITIC.EXE from
all directories, and then empty your recycle bin
afterwards to make sure it is completely gone
and never comes back.
Customer: Got it. Hey! My HEART is filling up with
really neat files.
SMILE.MPG is playing on my monitor right
now and it shows that WARMTH.COM,
PEACE.EXE, and CONTENTMENT.COM are
copying themselves all over my HEART!
CS Rep: Then LOVE is installed and running. You
should be able to handle it from here. One
more thing before I go…
Customer: Yes?
CS Rep: LOVE is freeware. Be sure to give it and its
various modules to everybody you meet. They
will in turn share it with other people and
they will return some really neat modules back
to you.
You might want to copypasta this for use in Social Media …
Dear:
[_] Clueless n00b
[_] Lamer
[_] Flamer
[_] Pervert
[_] Sexist
[_] Spammer
[_] Racist
[_] Dumbass
[X] Waste of Life
[_] Other: __________________
You are being flamed because:
[X] You obviously don´t know anything about the topic at hand.
[X] You started a pointless thread.
[_] You bumped a pointless thread.
[_] Your post contained nothing but crap.
[_] You can´t spell more than 3 words right.
[_] Your awful markup made the post unreadable.
[X] You made a useless assumption.
[_] You posted IN ALL CAPS FOR NO APPARENT REASON.
[_] YoU tYpEd SoMeThInG lAmE lIkE tHiS.
[_] You say you´re “1337”.
[_] You posted a topic that´s been posted 50 times already.
As punishment, you must:
[X] Refrain from posting until you have a vague idea of what you´re doing.
[_] Stab yourself in the eye with a pen.
[_] Give up your internet account.
[_] Eat paint chips for the next 6 months.
[X] Make goatse.cx your home page.
[_] Jump into a bathtub with a toaster.
Top 10 Most Embarrassing Website Mistakes
First, I’m being kind in calling these mistakes. You don’t just do these “by mistake” — it requires a willful action to do something that to most people is a blaring faux pas. As the web matures, I see these less and less often, but new, enthusiastic web designers who are primarily technical people aren’t always wired in to what users expect when they visit a site.
So here they are: the top 10 things that will wreck the credibility of your site. Please note I am not ranking them by how ridiculous they are because any of them should get you fired if the website project is paid work, and possibly are in violation of the Geneva Convention.
#1 Visitor Counters
These went on life support at the end of the last century and died with kiddies using MySpace finally becoming adults. Almost anything a counter says is a potential embarrassment: either the number is really low and tells you no one cares about the site; it’s moderate, meaning one or more people keep hitting refresh to jack the number up; or high, meaning you started the counter at an inflated, fake number. Nothing screams liar like being visitor number 10004.
It’s more modern cousin is less puerile, but still awkward — the “click here for stats” link. Sure the data is more interesting — to you, maybe. But unless you are selling ad space, keep it under the hood. It still evokes the question to the average user, “Why is this here”?
#2 “Best Viewed With {Firefox, IE, Chrome, etc.}”
The browser wars are not your concern. Stop telling people what browser you decided they need to use based on your design. Making a site functional and looking reasonably good in all modern browsers is your job.
#3 Monitor Contrast Test
Seriously? The job of your website is for people to make sure their monitor is calibrated? I haven’t seen this one in over a decade for a reason, so enough said.
#4 “Best Viewed in {some WxH screen resolution}”
Really? Okay, this is forgivable, given you live in a TARDIS stuck between 1984 and 2005. From the start, HTML was designed to be flexible enough to accommodate multiple resolutions, and life was good considering monitor sizes were limited and slowly got larger. But in a world where most web viewers are mobile devices of any number of sizes, you can’t target any one slice of the range. The solution is to optimize for a moderate screen size (fixed width being less than average monitor resolution on laptops and tablets), or better yet use responsive design. Whatever. The point is you can’t expect people to put down their phone and find a PC at the local library to look at your site. Which brings us to:
#5 Oversized Web Pages
I can always tell when someone made a website using a monitor that doubles as a screen for a drive-in theater. I’m sure it looks normal to them, and every other page on the Net was obviously made too small. Sorry, no soup for you. If people using the typical screen resolution du jour and have to scroll sideways to see it all, you did something wrong, not them. It could be layout or oversized images, usually both. Fix it and test on your grandmother’s PC.
#6 Huge File Sizes (images)
Like the oversized monitor warning sign, I can tell when people either have a screaming-fast connection or only test the copy of their website on their computer. Today’s almost ubiquitous broadband made download times almost a non-issue, but increasingly insane and uncalled-for camera photo resolutions have brought back the headache. The most important thing that people get wrong is that IMAGE SIZE IS NOT FILE SIZE. What you see on the screen is surprisingly irrelevant to how much space the file takes up on your computer, and more importantly, how long it takes to load.
There are two reasons for this. The first is that you can “resize” how an image is on a webpage without changing the dimensions of the file itself. People who do not understand that a “thumbnail” is a separate, SMALLER VERSION of the original need to learn this pronto. The second is that two photos (or other graphics even) that are the same dimensions in pixels can be different file sized by a scale of 100 timers or more. Seriously. It’s too much to get into here, but file type and compression make all the difference in the world, and done right will show no difference in quality. Usually resizing the (non-thumbnail) image to be no wider than a typical screen and re-saving as a JPEG with even slight compression will do the job.
#7 Background Music
If you are making a site for a movie or band, feel free to push a video or audio clip in the visitor’s face. Better yet, allow them to choose whether or not to play it and not alert their co-workers you’re surfing on company time. Otherwise, don’t think about it. I’ve broken this rule a couple times over the years at the client’s insistence and threatened to take my company name off the credits. And if you use MIDI music, ever, anywhere, I will hunt you down. I will find you. And I will kill you.
#8 Painful Text-Background Color Combinations
Either you are color-blind in this respect or you are not. If someone says “it’s kinda hard to read”, and the font set and size is typical, they’re probably being nice by not requesting you be a ward of the state so someone can dress you at taxpayer expense before you go outside. So listen carefully when people say this. Test trial it out with people you don’t know. Do it. For the children.
#9 Animated GIFs
No one objects to a waving flag once in a while. On a page for a personal hobby or organization not expected to have a budget to do things right, it doesn’t look so dumb. Now add in more waving flags, hands popping in and out of mailboxes, starbursts announcing “NEW!” and “UPDATE!”, flashing horizontal bar separators, and congratulate yourself. You’ve just created an ADHD circus. Which when combined so often with MIDI music, the 1990s truly was the Dark Ages of the Web. That, and the fact that people who made such web sites worked from their parent’s basements. For the love of all that is wholesome, it’s time to get out of the basement.
#10 Excessive Stock Graphics
This is a grey area. First, let’s be clear we’re not talking about official logos, but generic images that either accent or distract from content. Secondly, let’s distinguish between CLIP ART and STOCK PHOTOGRAPHY, the former a definite step below the latter in terms of professionalism. They can be used sparingly — as in one or two images per page. But any more than that and it’s obvious filler, or someone still recovering from changing times not allowing them to use a bombardment of animated GIFs.
Iconic images directly related to the topic can be exceptions to this rule, especially if it’s artwork emblematic of the subject. Again, sparingly. Heck, you can even get away with a line-drawn hot dog if it’s on a post announcing a picnic. Just remember, the website is not a street sale flier. Unless it’s for a street sale, in which case professionalism isn’t expected. But again, less is more, and sometimes none is better than one.