John Hasson

If you use twitter you know it has high PR and bots/spammers have been trying different things lately.

I noticed on twitter that the links on my current is a dofollow link, while anything in the status column is nofollow.

interesting...

I checked the spammer’s pages and couldnt see any dofollow links but maybe there is some hidden page I don’t know about that shows dofollow.  One has to wonder, why every outgoing link on twitter is nofollow but one. Did they just miss it or is it intentional?  Are people exploiting it?-probably.

This is just a heads up, it will probably eventually become nofollow unless the twitter folk did it intentionally.

Edit: As far as I can tell you only see this dofollow link if you are logged in, but I am not 100% certain on that.

Tags: Tech, Twitter by John Hasson
4 Comments »

Looks like I have finally found a solution to my Macbook Pro always crashing on suspend/standby.  Before my solution was to have it auto hibernate via setting permanent hibernate via the console.  That solution stopped working a few days ago.  (Probably some new patch from Apple that screwed it up — Note: I almost typed Microsoft…)  So I did some research.  Turns out that if you unplug the Macbook from power and *any* perhipherals (usb, firewire, anything) first (and you get rid of the hibernat settings you had) then it goes into standby very happily and wakes up in about a sec when you open the lid.  Looks like I won’t be permabooting in XP on this puppy for now.

Summary: Unplug EVERYTHING, including power from the laptop before you close the lid and you should be fine.

Tags: Advice, Apple, Tech by John Hasson
No Comments »

I have been using Sprint EVDO for almost a year now and I am very, very happy with the speed and coverage.  I would love an iPhone.  Infact I waited for the iPhone 3G to come out.  Sadly it *still* does not do as much as my Sanyo M1 does.  (but it is close)…  then I read about battery life and other issues.. blah blah.. more or less the consensus is that the iPhone 3G is close but not there yet.

My solution?  Get an iPod Touch and a battery powered personal evdo hotspot. Yep.  If things go right I’ll be walking around with a nearly permanent hotspot in my pocket.  I wonder if they have an affiliate program.  If so I need to change my link :).

So.. iPod Touch for $400 ish + $180ish for the evdo hotspot device.  $500-$600 range.  The biggest win is that I DONT HAVE TO SWITCH TO AT&T.  I will have faster internet speeds then any 3G iPhone and it may save on battery life.  (Not sure about that yet… off to do some research…)  Turns out the router lasts about 2 hours but there are tricks (not very sophisticated) to extend it.  The iPod Touch’s wifi usage battery life is only 3 hours anyways.  So… hmmm… $550ish for a good 2 hours a day of highspeed on an iPod touch.  The claim for the iphone 3g is 6 hours on wifi.  I am not sure I believe that.  Looks like I am still in a holding pattern on the whole iphone/internet tablet thing…. More to come I am sure.

Tags: Advice, Personal, Tech by John Hasson
No Comments »

I wrote this thing over 7 years ago. Here are a few vids explainaing.

Short Version: It still works but is free and you can get the source code too if you want to play around with it. Download it here http://johnyTech.com

AND… here is the source code

Code Review (sort of) video

Part 1/2

Part 2/2

You can download the main program here
Source Code is here

Tags: Tech by John Hasson
No Comments »

Tags: Tech by John Hasson
No Comments »

http://wired.com/wired/archive/14.08/howtosecurity.html (Near the middle of the page – color and bold added)

“»IM on the DL
With an admin password, you can download an encrypted service like PSST (psst.sourceforge.net) or a program like Encrypted Messenger (www.johnytech.com), which encodes most IM clients. The quick and dirty way: open an AOL IM account and use the Web-based chat service (aimexpress.aol.com). With all the Web activity at work, the chance that anyone will notice your texting is small.”

It is also in the WIRED print version August 2006 (with Steve Colbert on the front page) page 26 of the 44 page pullout)

–Looks like I’ll be adding a small update to my website this weekend

Tags: Tech by John Hasson
No Comments »

Original Letter

Page 1

Page 2

Most of us know about the whole Net Neutrality issues. I like many others wrote to my congressman asking them to support Net Neutrality. He wrote back. It wasn’t a truly personalized letter (and there are some obvious grammatical errors worthy of a B- in high school English), but the signature looks pretty real.

Here are the key reasons he gives for killing Net Neutrality.

[It took me a while to find them buried in all the text]

• “Providers have repeatedly said they have no intention of slowing access“
  “Because consumers would not continue with a provider if they were faced with any such blocked access.“
  What he fails to realize is that many consumers in America only have one choice for broadband access and you can not trust businesses on just a verbal promise.
  If they have no intention, then why do they care if it is a law?
• Net neutrality will “slow the Internet for us all“
  This is NOT a joke. Read the letter. He clearly has no clue how the Internet works and is just saying what they want him to say.

He has drunk the kool-aid. Put simply, net neutrality doesn’t allow the providers to filter the Internet access for consumers. So, AT&T (or whoever) can not charge large sites (google, amazon, ebay, etc.) a large amount of money to give their traffic a priority. This is blackmail.

I run a hosting company. This will affect me as well. There is no way I could afford to pay for higher priority traffic–there is no way I would. I would move my hosting offshore before I would pay the blackmail fees.

I don’t know what party he is in and I don’t care [Edit: He is Republican]. But he won’t be getting my vote.

Full Text Of The Letter Here:
Dear John: Thank you for your recent letter regarding your concerns as Congress begins to address issues facing the telecommunications industry. I appreciate you taking the time to contact me. The last major telecom legislation was passed in 1996. Since then we have become much more dependent on technology and as the demand for more access and quicker speeds has grown, the telecomm industry has been able to provide it for us. The 1996 legislation was focused on service- specific networks that did not compete with one another and removed unnecessary regulatory barriers to open up markets to competition. Today, we are faced with a changing market—the industry once characterized by specific networks now is characterized by more digital technologies, allowing for increased competition. The 1996 legislation is already out of date, and how to regulate the telecommunication industry has once again become a debate in Congress. Any legislation we address in today’s Congress should continue to foster a competitive environment where the telecom industry can grow and provide consumers what they demand. The 1996 telecom bill no longer addresses the major issues in today’s market. The latest proposal to address the changing needs of the telecommunication industry is the Communications Opportunity, Promotion and Enhancement (COPE) Act of 2006, introduced by my colleague, Representative Joe Barton (R-TX). This bill includes provisions that allow ample competition for cable and telephone companies. Promoting competition means lower prices for consumers and increased incentive for innovation. An increased number of cable television providers in the market leads to more choice and more control for consumers, and the COPE Act allows this by preventing over regulation of the industry. The debate over network neutrality has been brought to the forefront with the renewed energy to update the telecomm laws. Proponents of net neutrality argue that any new telecom legislation must include extensive net neutrality regulations in order to provide all equal access to the Internet and to prevent providers from controlling access or using power to slow specific services. These proponents fail to realize a couple of main points. First, providers have repeatedly said they have no intention of slowing access, especially because consumers would not continue with a provider if they were faced with any such blocked access. Rather, in an environment without excessive regulation, providers are able to get the best product to consumers. Proponents also fail to realize that over-regulation through net neutrality provisions will not provide a ‘level playing field’ as they suggest, but rather slow the Internet for us all. Unwarranted net neutrality provisions being discussed in accord with the COPE Act are solutions in search of a problem. Over regulation will end up hurting competition and innovation instead of encouraging it. Again, thank you for taking the time to contact me. As Congress continues to discuss updated policies regarding the telecomm industry, rest assured that I will keep your views in mind. I hope you will continue to inform me of the issues that concern you. In the meantime, I encourage you to visit my Internet website at http://www.house.ov/tancredo where you can sign up for the Capitol Update, my weekly E-mail newsletter.

Tags: Tech by John Hasson
No Comments »

The book starts out by purporting not to be a reference book. I suppose that is accurate, thus the title “Cookbook” and not C# Reference book. However the more you see of the book, the more you can’t help but see it as anything but a reference book.

It is a different sort of reference book. If you need to look something up quickly, the index will be a better resource then the table of contents. It is really the best of both worlds. If you are looking for something to “sharpen your saw,” just open the book to a subject using the table of contents. If you need an answer fast, then jump to the back and follow standard procedure.

As usual, the text and code examples are top notch (it is an O’REILLY book after all — what would you expect?). There are times when you have 20+pages of code in the book giving you the feeling that they are padding the book (be glad you can download the code samples from the website). There is also the appeal it has for just sitting down and picking a few subjects on C#/.NET and reading over their sample problems and suggested solutions.

The big question you have is, “Is this book for me?” That depends. If your office doesn’t have Internet access or you just prefer a book over a simple google search (this it not an uncommon thing) then this book is definitely for you. If you usually do everything on-line (code snippets, examples and such) then you can survive without this cookbook. I’ll be returning my copy in hope that someone else at the Denver User Group will have more use for it.

I can’t help but shake that this is essentially a reference book (despite what the introduction says). A good reference book, but still a reference book.

Tags: Tech by John Hasson
No Comments »

The Forum Exploit has been fixed. They still pass the session in the URL but they redirect you to a different page before they link to external images so they have essentially solved the problem.

Great job (there was one person at SOE who took care of this and grats to you )

Lithium hasn’t responded.

Tags: Tech by John Hasson
No Comments »

Few have much nice to say about Sony Online Entertainment. I will say that they try to give a decent product to their clients. Sometimes they succeed. Sometimes the excel (and then ruin it by changing it).

However this is about Sony Online Entertainment not protecting user privacy. You need to know how to protect yourself since they have chosen not to.

I sent a detailed email to SOE explaining how users can (and some were) log on to the Sony Online Matrix Online forums as other users and even administrators. It should be noted that I also sent this same information via the Sony Online Matrix Online Forum system as a Private Message to Walrus (He is essentially the head honcho for the gaming community relating to The Matrix Online). I never received a response so I sent an email to Bruce Economy since he seems to be the highest up email address I could find.

Here is the content of the email:

---

From: John Hasson [mailto:john@unigrep.com]
Sent: Monday, December 05, 2005 10:49 AM
To: Economy, Bruce
Subject: Found big exploit on forums (by accident even) — Matrix Online — can log in as admin or other user

Here is how it goes.

On my sig… I track the referring URL.
The recent list can be seen at http://mxoHouston.com

When someone is replying to a post with my sig the system passes their sessionId in the URL.– (If they are logging in to reply to the message)

You will see something like this… the sessionServerID is what gets ya.
……action=view_main&id=11711&t=inbox&sessionServerID=JpVq3Ykr7cAfd%3FC0

If you click on that link with the SessionID around the same time period they have logged in then you are logged in as if you are them.

I noticed it by accident when I accidentally posted a reply as Harpalos

http://mxoboards.station.sony.com/matrix/board/message?board.id=mission&message.id=2076#M2080

I quickly edited it of course…

And tracked down what happened.

Suggestion:
Have the board set a cookie without passing the sessionId along the URL. That way it can’t be taken advantage of.

If this is not fixed.. someone could log in as an Admin or a Moderator

If you cant fix it… I suggest making sure that the Admins or Mods make sure they log in first using the standard log in link on the main page before they start replying to messages. But players will still be able to take over each other’s forum accounts.

John Hasson
john@unigrep.com

---

To his credit, he replied very quickly telling me it would get sent to the right group. See his quick response.

---

From: Economy, Bruce [mailto:beconomy@soe.sony.com]
Sent: Monday, December 05, 2005 11:58 AM
To: John Hasson
Subject: RE: Found big exploit on forums (by accident even) — Matrix Online — can log in as admin or other user

Hello,

Thanks for sending this to me. I’ll get it passed on to the right group.

Sincerely,

Bruce W Economy
Senior CS Supervisor
Star Wars Galaxies - Planetside - Matrix Online
Sony Online Entertainment
beconomy@soe.sony.com

http://www.station.sony.com/

---

I thought ok great. They will tell lithium (who makes the forum software) and they will get it fixed.

Well between then and now, I was banned. A few weeks later I got permission to come back. The game just wasn’t the same anymore and eventually left the game again.

For those wondering if this is why I got banned. It isn’t. It may have caused them to put a “watch” on my account, but I was banned for something else (that will go in a future post).

Well five months later it STILL isn’t fixed. So I figure I’ll send one more email to Bruce to see if he can light a fire to protect people’s privacy.

Here it that message that I sent today.

---

From: John Hasson
Sent: Thursday, May 18, 2006 3:50 PM
To: ‘Economy, Bruce’
Subject: RE: Found big exploit on forums (by accident even) — Matrix Online — can log in as admin or other user

Hi Bruce, I no longer play any SOE games (for the moment) but this is something that you should know about.

5 months ago I emailed you about this exploit. It is still not fixed and people can still log in as other people. Even worse I have been contacted by others who also knew of this and used it for their own gain so I know it has caused issues in the past.

This concerns me because you claim to protect user privacy.

http://www.esrb.org/confirm/soe-confirmation.jsp

This is simply not the case. I’ll have to go public with this shortly so users can know how to protect themselves.

John

Hi Bruce, I no longer play any SOE games (for the moment) but this is something that you should know about.

5 months ago I emailed you about this exploit. It is still not fixed and people can still log in as other people. Even worse I have been contacted by others who also knew of this and used it for their own gain so I know it has caused issues in the past.

This concerns me because you claim to protect user privacy.

http://www.esrb.org/confirm/soe-confirmation.jsp

This is simply not the case. I’ll have to go public with this shortly so users can know how to protect themselves.

John

---

And here is the reply.. well not much of a reply

---

Economy, Bruce on 5/18/2006 3:49 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
…<beconomy@soe.sony.com>… User unknown>

---

This means two things. Either Bruce no longer works there or he changed his email address because too many customers players were emailing him.

To summarize:

SOE has known about this privacy breach for 5 months now. That is plenty of time for them to fix it. So I am posting here to tell the users of lithium forum software how to protect themselves.

NEVER LOG IN WHEN REPLYING TO A MESSAGE. EVER!

Only log in from the main page and then browse the forums and reply after you have logged in.

3 possible ways for Lithium or SOE to fix it.
1) Don’t pass the session in the URL before you set it as a cookie.
2) Don’t allow users to link to external images for their forum signatures
3) Don’t link to external images/links when processing a login

There may be other ways to fix it, but any of those will work.

Whats really sad is that this is not a really elaborate exploit.

Tags: Tech by John Hasson
No Comments »