Claiming my blog in technorati

Now that I’ve moved to this new blog I want to claim it with technorati. My previous blog was claimed relatively easily as I recall. However this time there is a new “Quick Claim” feature. I don’t want to use the “Quick Claim” feature because it requires that I tell technorati my blog’s user name and password and quite frankly I don’t care about their assurances in their privacy policy I’m not handing over that information.

If companies start asking for usernames and passwords to other services a person uses it will desensitise them to the practice and make social engineering easier for the fraudsters. There was a study done about a year ago that showed that many people will hand over passwords for a bar of chocolate. So, perhaps the damage is already done.

Curiously, when I go to make my claim it asks me to chose between different methods of making a claim. Sounds okay. But it only offers me one option. And that is “Quick Claim”.

Any which way you want to look at it. I ain’t handing over that information for what ever reason. Not even for a bar of chocolate.

Tags:

DDD4 and Grok Talk

Well, I’m back from DDD4 (Developer Day 4) in Reading. It was a fabulous day with some very intersting speakers. I particularly enjoyed Daniel Fisher’s presentation on Data Access Layers and Ben Lamb’s session on “How to write crap C# code”. Joanna Carter also gave a very interesting presentation on reflection performance – her solution was curious and I’ll have to follow it up although I would probably put it into the unorthodox category as I would never have thought of using lightweight code generation to generate some IL then execute it in order to compensate for some speed problems with creating an object through reflection.

I also did a 10 minute Grok Talk on the subject of Mock Objects. I’m in the process of putting this up on my website and it will be available at some point in the next few hours.

I’m also in the process of putting together some photos of the event. You can see them here. More photos will get added shortly.

NOTE: This post was rescued from the Google Cache. The original date was Monday, 4th December, 2006.

Additional note: The Grok Talk presentation on Mock Objects is available.

Tags:

Here's something you don't see every day

Here is something you don’t see every day: An error for a program running on a PC that was written in Fortran.

Visual Fortran RunTime Error

And here was me thinking that Fortran was limited to mainframes and engineering systems running on Unix varients.

NOTE: This post was rescued from the Google Cache. The original date was Friday, 22nd December, 2006.

Spam Scams

Today I received an email apparently purporting to be from the “The UK. Natioal Lottery” (I think they meant “National”). However, I didn’t pick up that it was a scam immediately from the subject and name (I didn’t spot the obvious spelling error immediately). Normally that sort of thing would have raised my suspicions immediately. However, not today. Today is the last EuroMillions lottery before Christmas. Normally I don’t normally enter the lottery at all. I pay a pound a week to the office syndicate and that is it. But I do enter the lottery at Christmas time for a bit of a laugh. I know the odds are stacked heavily against me which is why I only enter once per year.

Back to the scam. There are a number of things that you can look out for in a scam email. Bad spelling is just one of those things. But there are cultural markers too.

However, there are some things that make it seem genuine. The address is given as “The U.K. National Lottery, Online Lottery Promo Dept., Customer Service., PO Box 1010, Liverpool, L70 1NL United Kingdom.” and if you look on the internet you’ll see that this is, more or less, the real address.

The date of notification is one the date of a lottery draw. It talks about an online lotto draw. And Friday’s draw is indeed an internet draw.

It gave some results numbers, presumably to make it appear genuine.

Luckily there are pointers to show that it is a fake.

For a start the email arrived before the actual draw took place.

Next it talked about “online lotto draw” – but Friday’s draw is the “EuroMillions” draw.

It also said the draw was “conducted from an exclusive list of 50,000 e-mail addresses of individual and corporate bodies picked by an advanced automated random computer search from the internet.” Why would it pick email addresses from the internet? You have to pay to enter a lottery draw. You don’t just get entered randomly.

It goes on to tell you your prize – and if you read the National Lottery’s real guide they will tell you that they will never tell you that you’ve won in an email, let alone the actual prize amount.

When it talks about money it says “Great British Pounds” but it isn’t a term I’ve ever heard used. There is of course the standard abbreviation “GBP” that is used in text only financial systems but if you were to say the name of the currency in full in a formal document you’d give it the proper title. (“Pounds Sterling” – if you didn’t already know)

Then there is some fluff about the history of the prizes giving various fake names such as the “Big Game Mega Millions”. Curiously the amounts it gives as highest and lowest historical winnings are wildly out. Obviously the person putting together the scam didn’t do enough research.

They then tell you that “For security reasons, be advised to keep your winning information from public notice until your claims is processed and your prize money remitted to you as required in this grand category “B’ terms and conditions of claims. This is a part of our precautionar y measure to avoid double claiming and unwarranted abuse of this program by non winners.”. So more bad spelling, punctuation and even American spelling to show this one up. The more interesting thing here is that “for security reasons” don’t tell anyone about this until we’ve scammed you. Nice!

Then it goes on to tell you how to contact “Phil Smith” to process your claim. E-mail: ph_smith@post.com

For more information about how to spot fraudulent emails purporting to be from the UK National Lottery look at this guide to spotting a fake from the National Lottery website. They also tell you in the FAQ on the site what the actual procedure for making a claim is.

Bottom line is, if you didn’t enter a lottery, then you can’t win it. As the advert for the real National Lottery goes “You’ve got to be in it to win it!”

For your delight and reading pleasure here is the full text of the email:

The U.K. National Lottery
Online Lottery Promo Dept.
Customer Service.
PO Box 1010
Liverpool
L70 1NL United Kingdom.

Date of Notification: 22-12-2006

Ref N0: KPL/09-002/JA.

Attn: Winner.

We happily bring to your notice the results of the
U.K. National Lottery annual draw held on the 20th
December 2006 in London. The online lotto draws was
conducted from an exclusive list of 50,000 e-mail
addresses of individual and corporate bodies picked
by an advanced automated random computer search from
the internet.

Congratulations!

Your e-mail address attached to the Batch N0:P2/0056
with Serial number: 06/1055 drew 20th of December 06
[5] [11] [13] [17] [14] [48] [25], which subsequently
won you a prize in the category "B". You have
therefore been approved to claim a total sum of
?1,500,000.00 (One Million , Five Hundred Thousand
Great British Pounds) in cash credited to file Ref N0:
KPL/09-002/JA.

This prize is from a total cash prize of
?4,500,000.00 (Four Million, Five Hundred Thousand
Great British Pounds) shared amongst the first Three
(3) lucky winners in this grand category 'B'. This
year Lottery program Jackpot is the largest ever for
the UK National Lottery. The estimated ?35,000,000.00
(Thirty Five Million Great British Pounds) jackpot
would be the sixth-biggest in the U.K. history next
year (2007).

The Lowest was the ?4,000,000.00 (Four Million Great
British Pounds) jackpot that was shared between Four
(4) lucky winners in January 2005 draw of the Big
Game Mega Millions' predecessor.

For security reasons, be advised to keep your winning
information from public notice until your claims is
processed and your prize money remitted to you as
required in this grand category "B' terms and
conditions of claims. This is a part of our
precautionar y measure to avoid double claiming and
unwarranted abuse of this program by non winners.

Please note that, your lucky winning number: [5] [11]
[13] [17] [14] [48] [25] falls within our European
Booklet representative office in London as indicated
in our play Coupon. In view of this, your
?1,500,000.00 (One Million, Five Hundred Thousand
Great British Pounds) would be released to you by our
affiliate bank.

Our approved agent, Mr. Phil Smith will immediately
commence on the processing of your claims, to
facilitate the release of your Winnings to you as
soon as you make contact with him.

Please be advised as follows: To file for your claim,
kindly contact our certified and accredited claims
agent with the information below:

***********************************************
Name: Phil Smith
E-mail: ph_smith@post.com
Claims processing agent
For: The U.K National Lottery.
***********************************************
You are advised to provide him with the following
information:
Names:
Telephone/Fax number:
Nationality:
Age:
Occupation:

Note that, all claims processes and clearance
procedures must be duly completed early to avoid
impersonation and or double claiming.

To avoid unnecessary delays and complications, please
quote your Reference and Batch numbers in any
correspondences with our designated agent.

Congratulations once more from all members and staff
of the UK National Lottery Promo.

Yours Faithfully,

Mrs. Patricia Spencer.
Online Co-ordinator
UK National Lottery Promo

NOTE: This entry was rescued from the Google Cache. The original date was Saturday, 23rd December, 2006

Here are the original comments for this entry:

i just got that e-mail, i had mixed views on it i thought it was to good to be true but also thought that maybe it was the real thing, so i went searching anyway this information was easy to find now i know its a fake, any1 out there plzz don’t get involved in it.

12/27/2006 4:05 PM | sukhy

That guys thinks that everyone is a fool. I receive the same letter today. Thanks God we can search to find information like these.

We have to be carefully on these days of such frauds.

Queen fron El Salvador

3/20/2007 9:28 PM | Delcy

I got too.
what is this e.mail?
it,s a fake?
plz tell me more.
thanks a lot.

5/8/2007 1:25 PM | A

Additional: I was actually surprised that people commented thanking me for telling them it was a fake. I would have thought it was obvious. But I guess not, which is why many people still get taken in by this kind of thing.

Just remember the golden rule: If it sounds too good to be true it most probably is.

Tags:

Not the Way to Complain About a Bank

I recently read a blog post from a guy that was irritated with the customer service from his bank. And that is a fair thing to blog about. If you don’t think you are getting a good service from a company, blog about it, let the world know. Others with a similar experience will probably comment and share their experience. This publicity can often be the start of a very bright and uncomfortable light shining on the organisation in question which can lead to improved customer service.

However, if you are going to post such a thing, or comment on someone else’s blog post then please do not post copies of letters you sent to the bank containing all your financial details. That way madness (and identity fraud) lies.

If you think I’m making this up then go and read this: http://www.arjunprabhu.com/blog/archives/2005/04/27/icici-bank-a-bad-experience-for-many/

If that is their attitude to their own financial safety and security then I just hope none of these people are responsibly for any of my off-shored financial information.

NOTE: This post was rescued from the Google Cache. The original date was Wednesday, 27th December, 2007.

Trying to improve a Tarnished Reputation

A few days ago I blogged about the comments a person had received on their blog when they complained about a particular bank. I was shocked by the indiscriminate nature of the information these people were publishing about themselves and I posted a comment to express my incredulity at the situation.

The comment I left was this:

I was shocked when I read some of the replies to this post. You people are crazy! There are many posts here where people have posted chunks of their financial history complete with addresses, account numbers, dates and so on. Such a lax and cavilier attitude to your own personal financial information makes me very worried for any financial information my bank has offshored.

Various people commented after I added my comment and for 10 days no-one picked up the issue that I raised. Then eventually this comment was added:

Ref: 482. Colin | December 21st, 2006

Hi Colin,

I completely agree with your observation. If somebody doesn’t have sense to protect his/her own information, how do you expect them to protect others’?

Friends,

This a space where you post your opinion to make your issue public, but that doesn’t mean you will publish your vital information e.g. account number/card number/telephone mumber/fax number. This way you are inviting trouble from the identity thieves. Here we are breakling our head to secure information and you are giving it out willingly ???

If you ever have noticed posts from ICICI bank, they always ask you to write them with details to a certain email address. Have you ever pondered why they just don’t pick that up from your post and do the needful? So ICICI will not take your information from the post, then think who could get benifit from your personal financial information?

Friends, please make use of your common sense and be alert. I understad we all are fraustrated over ICICI bank but it not going to help you by publicizing your personal information. Please take care to safeguard yourself.

Colin is correct and if everybody starts thinking likewise, just imagine how many people in the offshoring industry will loose their job. Not only that, we will loose our reputation and all avenues for new business will be closed.

Friends, Please be alert.

At least someone has a sensible head on their shoulders. Now, just to try and get that message into the head of the 400+ other people that responded to that blog post. I hate to think of what is happening to my personal information that has been off-shored.

NOTE: This post was rescued from the Google Cache. The original date was Monday, 1st January, 2007.

PayPal Sucks (in my opinion)

I just got a friendly reminder from Flickr that my account is up for renewal. Okay, I’ll just do that now, while I remember. So it takes me to PayPal for payment. I’ve not used my PayPal account for about a couple of years so I couldn’t remember my log in details. No matter what I tried for the password recovery it wouldn’t give me the information. I tried just about every email address I’ve ever had and it just sits there and says that its sent an email to that account – no it hasn’t!

So then I try a different tactic and just pretend I don’t have a paypal account and just pay with my credit card. No can do! My credit card is tied to a paypal account I can’t access and it won’t let me pay until I log in.

So, unless Flikr accept any other form of payment then my account will expire in two weeks and I’ll be looking for somewhere else to post my photographs.

Looking at this from an optimistic point of view, I should be thankful that the security should deter any would-be phisherman. It’s so secure even the account owner can’t access it!

NOTE: This entry was rescued from the Google Cache. The original date was Tuesday, 6th February, 2007.

The Conditional attribute in .NET

One of the odd thoughts that shoot across my brain today was how does Debug.Assert() work? I mean there are not separate debug and release builds of the .NET Framework so how does it know what sort of build it is?

A quick look in reflector revealed that Debug.Assert is defined as:

[Conditional("DEBUG")]
public static void Assert(bool condition, string message)
{
    TraceInternal.Assert(condition, message);
}

Interesting… I don’t recall having ever come across the Conditional attribute before.

What this actually does is tell the compiler to only call the method when the supplied preprocessor symbol is defined. The method will still be compiled and will still exist in the assembly. So, in a debug build a program that looks like this:

static void Main(string[] args)
{
    Debug.Assert(true, "This condition must be true");
}

will still look like that, but when compiled in release mode, will look like this:

private static void Main(string[] args)
{
}

But what about more complex code. What happens if the method call includes calls to other methods. Like this:

static void Main(string[] args)
{
    Debug.Assert(GetTheCondition(), GetTheMessage());
}

So be careful – If the calls made as parameters into a method such as Assert modify the state of the object then that won’t happen in release mode. For example, if the whole program looks like this:

class Program
{
    static int someState = 0;
    static string someOtherState = "123";

    static void Main(string[] args)
    {
        Debug.Assert(GetTheCondition(), GetTheMessage());
        Console.WriteLine("SomeState = {0}", someState);
        Console.WriteLine("SomeOtherState = {0}", someOtherState);
        Console.ReadLine();
    }

    private static string GetTheMessage()
    {
        someOtherState += "abc";
        return someOtherState;
    }

    private static bool GetTheCondition()
    {
        someState++;
        return (someState!=0);
    }
}

Then the output from a release build will be different from a debug build.

This is the debug output:

SomeState = 1
SomeOtherState = 123abc

And this is the release output:

SomeState = 0
SomeOtherState = 123

Tags:

Sorry for the Inconvenience

If you have already picked up the feed to my new blog and are getting tons of entries, most of which are currently “rescued from the Google Cache”, but are not interested in rereading what I said before then please just ping me an email and let me know and I’ll send you a message to tell you when I’m done. After that point all entries will be brand-spanking-new! And you’ll be able to resubscribe happy in the knowledge that you won’t get yesterday’s news.

However, you might miss something as I will be creating new entries as I go.

Object Initialisers III

It seems that now I’ve got Lutz Roeder’s Reflector on the case with Orcas the way object initialisers work slightly different to how I expected.

As it was described to me as instantiating the object followed by the property calls. However, the compiler has taken some extra steps in there – no doubt on the grounds of safety.

First consider the following code:

// Create Robert Burns, DoB 25/Jan/1759
Person robertBurns = new Person { FirstName = "Robert", Surname = "Burns", 
                                  DateOfBirth = new DateTime(1759, 1, 25) };
Console.WriteLine("{0}", robertBurns);

As I understood the feature, the compiler should have generated code that looked like this:

Person robertBurns = new Person();
robertBurns.FirstName = "Robert";
robertBurns.Surname = "Burns";
robertBurns.DateOfBirth = new DateTime(1759, 1, 25);

However, Reflector reveals that what is actually being produced is this:

    Person <>g__initLocal0 = new Person();
    <>g__initLocal0.FirstName = "Robert";
    <>g__initLocal0.Surname = "Burns";
    <>g__initLocal0.DateOfBirth = new DateTime(0x6df, 1, 0x19);
    Person robertBurns = <>g__initLocal0;
    Console.WriteLine("{0}", robertBurns);

This actually makes some sense. For example, if my new Person object was assigned to a property of something else, or passed in as a parameter to a method it wouldn’t have the opportunity to assign values to the properties on the new object. So, it constructs it all in the background then assigns it to whatever needs it, whether that is a local variable, a property on some object a parameter in a method.

For example, if the above program is reduced to just one line of code:

// Create Robert Burns, DoB 25/Jan/1759
Console.WriteLine("{0}", new Person { FirstName = "Robert", Surname = "Burns",
                                      DateOfBirth = new DateTime(1759, 1, 25) });

The compiled result will be:

    Person <>g__initLocal0 = new Person();
    <>g__initLocal0.FirstName = "Robert";
    <>g__initLocal0.Surname = "Burns";
    <>g__initLocal0.DateOfBirth = new DateTime(0x6df, 1, 0x19);
    Console.WriteLine("{0}", <>g__initLocal0);

Related Posts: Object Intialisers I and II

NOTE: This page was rescued from the Google Cache. The original date was Tuesday, 13th March, 2007