Three more Flickr goodies

Flickr – the best tool for sharing and managing photos ever – has recently announced three more goodies.

First of all, they introduced a simple and easy way to share private pictures with people who don’t have Flickr account. There is this thing called Guest Pass.

Secondly, they introduced mobile-friendly version of Flickr. You can read more about it here.

And, thirdly, they created Camera Finder, which is a tool that one can use to compare and learn more about cameras that Flickr members use.

All in all, great stuff and much wanted. I myself am particularly glad about the private photos sharing with non-Flickr members feature. Mobile version is nice to have, but with GPRS prices in Cyprus, it’s almost useless to me. Camera Finder will come handy when I’ll be looking for an update to my aging Canon 300D Digital Rebel.

How not to visit a dantist

This is a quick and simple guide for all those people who don’t hate visiting a dental office. If you don’t want to go to the dantist… simply don’t. That’s it. As simple as that.

That’s exactly what I was doing for the last 15 years or so. I had a few really bad experiences in the childhood (they almost killed me a couple of times), so my enthusiasm in this area is pretty obvious.

Today, though, I decided that I should go. Yesterday I broke one of my front teeth. No pain, as the tooth is dead for a long time now. But the looks of my mouth and instantly acquired speech defects suggested that that I should get this fixed.

Luckily I managed to find a good dantist quickly. She came recommended, and her office is not far from my place…

It took her about an hour and me about 70 CYP and loads of not so pleasant memories to get my smile back to normal. The new teeth is as good as, well, new.

I was suggested to come back for tonnes of work that would improve my smile and health even, and lessen my finanical wealth even further. I said I’ll think about it. And I will. Some time…

Disagreeing with Sharon Housley on Google

It’s been a while since I jumped on someone here. That’s because I don’t like jumping on people. And because I don’t care that much about what people who I don’t know personally say. But sometimes I just get in the mood and do it non-the-less.

Today I am in such a mood, and the person in focus is Sharon Hously with the article “Free Website Content – My Google Wish List“.

Yes, we’ll be talking about Google again. I’m not a big fan of theirs, but I like what they do. That was my disclaimer. And now we start…

Continue reading “Disagreeing with Sharon Housley on Google”

Typosquatting hack

I’ve been hearing a lot about typosquatting recently. Typosquattting is a method bad guys use to make money on the Internet. What they do is they get a list of popular domain names, like Google.com and Yahoo.com, then figure out which are the most common ways people mistype these addresses, and then they register those mistyped domain names and use them for making money by displaying advertising banners and redirecting to other web sites.

If you think about it for a second, there are a few types of typing mistakes which are easier to make. Missing a character, typing a couple of characters in the wrong order (‘teh’ instead of ‘the’), typing a sticky character (‘nn’ instead of ‘n’), or hitting a wrong key on the keyboard (‘u’ instead of ‘i’). All these mistakes are easy to predict and, thus, use for typosquatting.

While I was thinking about it, I decided to try it out – write a small script that will check how many mistyped domains are there and how many of them are already registered. It turned out, the script was extremely easy to write – I started with it with my morning coffee and finished it before the coffee got cold. It took about altogether about 8 minutes, so don’t jump too hard on it.

domain_finder.pl

Requirements

You won’t need a lot to try it out – perl interpreter, Net::Domain::ExpireDate module (get it from CPAN), and Internet connection.

How to use

In the simplest form you can just run the script like this:

./domain_finder.pl google

You’ll see a whole bunch of variations on how to mistype “google”, and the status of .com domain for each of these variations.

For more control, check the script’s source code. You can easily make it more silent or more verbose, check domains in other TLDs, and create your own rules for typing mistakes.

How does it work

The script takes a single parameter – the domain that you want to check, without the TLD part. It then creates all variations of this domain with the following mistakes:

  • Missing character. For each character in the domain, the script will generate a variant without it.
  • Swapped characters. For each character in the domain, the script will generate a variant with this character and next character changing positions.
  • Sticky character. For each character in the domain, the script will generate a variant with this character entered twice in a row.
  • Wrong keyboard key. For each character in the domain, the script will generate variants with all characters-neighbors on a QWERTY keyboard.

All these variants will be sorted and dups removed. After that, each variant will be checked with (pre-configured) TLD part appended to it. If the resulting domain is registered, than the expiration date will be printed out. If the domain is not registered, it will be indicated as such.

Conclusion

With this tool in my hands, I tried a whole bunch of domains – from “google” to “mamchenkov”. What can I say? I suspected that typosquatting is a big problem, but I could never imagine how big it was.

Here are some numbers to give you an idea (we all love stats, don’t we?):

  • “google” generates 48 variants. All registered.
  • “yahoo” generates 41 variants. All registered.
  • “microsoft” generates 78 variants. All registered.
  • “slashdot” generates 68 variants. 42 registered.
  • “digg” generates 33 variants. All registered.
  • “cnn” generates 17 variants. All registered.
  • “wikipedia” generates 80 variants. 78 registered.
  • “linux” generates 39 variants. 28 registered.
  • “blogging” generates 62 variants. 24 registered.
  • “cyprus” generates 51 variants. 18 registered.

NOTE: I’ve been checking these only in .com TLD and I used pretty simple typing mistakes. For example, hax0r-style typing is not included in my rules.

The tool turned out to be quite handy. I might even convert it into a web service, so that domain owners could easily check if they are victims of typesquatting or not (yet).

Feel free to use the script for good causes.

Killing the Apache load with KeepAlive

Over the weekend, Apache web server went nuts and bolts, pushing server load average to 10, 11, 12, 14, 15… I even got the notification from the hosting company that they see some abnormal behaviour on my node. Looking for a quick fix, I scrolled through default configuration looking for some way to instantly improve performance. Gladly, I found it. I had to uncomment three lines:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

What these lines do is they tell Apache to keep the connection for another 15 seconds after the request was served, waiting for more requests from the same client. And just for garbage collection reasons, the maximum number requests over the same connection is set 100.

It turned out that this does magic for my setup.