Energy Australia social engineering attack

In the middle of a power outage at the moment, so I called Energy Australia to see what was going on.

Me: Hi, I’m in Ryde and have no power.
EA: Sure we are having a problem in that area. What’s your address?
Me: 54 Blah St.
EA: Thats under the name of Ferlito?
Me: Yes.

So if you need to find out who lives somewhere really easily just call Energy Australia and claim your having a power outage. Probably won’t work every time but it will some of the time.

Oh yeah no power till this afternoon. Bummer!

Google Reader Subscribers

I love Google Reader and have been using it for about 4 months to manage the 189 RSS feeds I currently care about. (Here are my shared items for anyone that is interested.)

While browsing the Google Reader FAQ looking for how to get vquences embedded properly I came across the following.


Does Google Reader report subscriber counts?

Yes, Google Reader reports subscriber counts when we crawl feeds (within the “User-Agent:” header in HTTP). Currently, these counts include users of both Reader and Google; over time they’ll also include subscriptions from other Google properties.

Here is an example from my logs

209.85.238.4 – – [26/Jul/2007:07:31:54 +1000] “GET /blog/feed/atom/ HTTP/1.1” 304 0 “-” “Feedfetcher-Google; (+http://www.google.com/feedfetcher.html; 5 subscribers; feed-id=15287401989222975041)”

This is something I’ve always wanted to know. The stats aren’t particularly interesting but does point out an optimisation Google could make.

  • /blog/feed/atom/ – 5 subscribers
  • /blog/feed – 2 subscribers
  • /blog/feed/ – 1 subscriber

ie the last 2 are identical (note the difference is the trailing slash) and they are all pointing at the same blog. It would be cool if Google worked out the above are all exactly the same and only probed once.

Even more interestingly Google is probing these URLs at different frequencies.

  • /blog/feed/atom/ – Every hour
  • /blog/feed – Every hour
  • /blog/feed/ – Every 3 hours

Looks like it might be related to the number of subscribers, would be interesting to see other peoples data here.

linux.conf.au brings about another change

Being Technical Guru for linux.conf.au 2007 was one of the most amazing experiences I’ve had in recent years. It was a lot of hard work but it was totally worth it. Having a room burst into applause at the penguin dinner when you say your the network guy is pretty unbelievable.

I went up to the Hunter for a week to recover from the conference and as usual after linux.conf.au I did a lot of thinking as to whether it was time to try something new. This time change won out at the end of the day and after 6 years at Bulletproof I decided it was time to move on.

At the beginning of March I started as Director of Engineering at Vquence. Since we are a video company it was decided that we each needed to have our own video on the web.

The past three weeks have been so hectic that Bulletproof already seems a lifetime ago. I’ve been involved in everything from setting up the new office and the corporate infrastructure to product development.

Joining a startup right at the beginning is always an amazing experience. With just a few people on the ground you always get pulled in a few million directions and there is always a new challenge just another five minutes away. I definitely recommend anyone else to jump at the opportunity if it ever presents itself.

linux.conf.au payment gateway

Some of you may have noticed that we have been having a few problems with the linux.conf.au payment gateway. These have ranged from timeouts due to email and DNS issues to 500 server errors due to one or two bugs.

For those of you worried about duplicate payments, don’t đŸ™‚ We were just sending duplicate receipts for a while. You see Commsecure as well as redirecting the user back to the payment_received page, also does a GET on the page themselves. Which means we effectively receive duplicate transactions for everything and this meant we were sending two receipts.

Other than that the Commsecure setup is actually quite nice and does its best not to let users pay twice. It also seems to be written in python.

I had always tried to avoid python, being a long time perl hacker. In the last few months I’ve been dragged into it kicking and screaming. Scarily I’ve actually come to like it. Its nice having real exceptions! Pylons, Myghty and SQLAlchemy are also pretty cool frameworks and have meant I’ve come up to speed on the website code pretty quickly.

Anyway back to LCA, we are a handful of rego’s away from having 500! Don’t forget you’ve got till the 8th December to pay if you registered early enough to get earlybird rates.

just blame Pia!

At a couple of linux.conf.au meetings we kept coming across the same recurring theme, everything just seemed to be Pia’s fault đŸ™‚

So one dark and rainy night justblamepia.com was born.

We even get to blame Pia for this post because the site isn’t even ready yet, it is supposed to get a spruce up (I have no artistic skills you see), but she seems to have stumbled over it overnight.

Just blame Pia!