Category Archives: curmudgeonry

The Joy of Reading (21st century style)

I decided to read a science fiction novel.  Not a unique occurrence, as I have thousands of them in boxes and storage and shelves.  And that’s the problem, really.  Hard drive space is already increasing faster than my reading pace, so I could store books electronically and add to them indefinitely and keep the same physical volume.

Now I’m already well practiced with using my original Nook reader.  After downloading the file, I would next import it into calibre, not just to keep track of it but to massage the data.  But first it tells me that my version is woefully out of date and I go download and install the latest, which offers many improvements and rearranges the controls.

The book’s file is a bit strange, it seems, as it was not importing right.  Easiest thing is just to load it in Sigil instead (though I suppose I could figure out the import options or use new features to edit the files and not need Sigil anymore for its use in later steps) and save it again.

A first look at the formatted ebook is fair; I’ve seen much worse from some publishers.  Why can’t they do as well as, say, Project Gutenberg, and just put the text in a file?  But I digress.  I fire up calibre’s “heuristic” processing to clean up all the junk, and use its formatting features to optimize the file for my device’s liking and my reading preferences.  Ah, but that’s set for Nook.  Well, a new software reader probably doesn’t have as many peculiar issues as an old dedicated reader, so I probably don’t need that anymore.  Generic output profile to start with, but still specify traditional print-style rendering where paragraphs are indented on the first line as opposed to having double vertical space between them.  Margins and other stuff should be taken care of by the reader software.

Normally this is where I then load the resulting file into Sigil and see if there are any bizzare features that can be fixed with a simple global search-and-replace on the HTML source, if that is still necessary.  At the least I’ll manually retouch the css file to delete stuff that ought to be unspecified so the reader doesn’t feel it’s being bossed around, and get rid of the text-align: justify line since that doesn’t work as well on the old low-resolution e-paper display.  It looks better if the horizontal spacing is optimized for letterform appearance and not also trying to get a specific length too.

On the Nook, I then plugged in the USB cable (which was charging anyway) and had calibre export to it.  But how do I read it on the Android tablet?  USB filesystem hasn’t worked for a few years now and it’s futile to try.  It doesn’t have SMB file networking built in, but there are apps for that.  I know I’ve tried a fancy file manager that includes network access, and it doesn’t work.  I use the network plug-in for the well-regarded Midnight Commander port, and it doesn’t work.  I tried a few more programs, and nothing could get past the names of the file shares, if it got that far at all.  Must be some “security” thing?

Next I try a couple features in calibre.  One is wireless device access, and I’m not sure what that does, but a couple readers and stand-alone programs allow the Android device to use it, it seems.  Well, I can’t get anything to do anything with that.  The other feature is better:  a web server interface.  It tells me the local IP address and port, so I make that into a URL and feed it to Firefox.  Success!  It lets me browse the book collection on the Android tablet, and download files via HTTP.  So, now I have the book file on the tablet.

Next question:  which reader software?  A Google search turns up a few reviews.  Mostly they don’t address the features I’m looking for, or any real features pertaining to the core function of reading stuff presented on the screen.  I don’t care which stores they are integrated with, or how pretty the book chooser screen looks and all the skeuomorphisms present.  A shame that “able to load files on local storage” is a feature that needs to be checked for!  The supplied Google Play Read for example, has its collection of things you bought from them, and no way to point to an actual file.

I end up trying two, and spend the rest of the afternoon figuring out how to make it dance with the song I sing for it.  I’m glad to say that I had success in setting font appearance and size, getting the line spacing to look right, having it show margins rather than printing all the way to the edge of the screen, and so on.

The page is looking quite presentable.  I do mean “looks”, since I haven’t actually read the first page yet.  That’s a chore for next weekend.  It does seem like a lot of effort for a book I’m not going to like anyway, but that’s why I wanted to save five bucks for a remaindered copy plus shipping.

How do Phishing scammers get your personal information?

Today I got email that pretended to come from Ebay, in the form of a fake invoice that is actually bait to get you to click on one of the links in the message.  This is known as “phishing”, as explained on Wikipedia.

Now this particular message was sent to the wrong email address.  I use a unique email address for each online merchant or other purpose such as forums and any other kind of sign-up.  The particular service I use, and have been happy with for many years, is https://www.sneakemail.com.  It is handy for me to keep track of order information and forum sign-up data too, for low-to-medium security purposes (I keep passwords for banking sites and such in a password vault).

So, when I got this scam email, I knew that it was not really sent from PayPal.  It was sent to the address I used for Things From Another World, “best online store to buy comics, graphic novels, manga, and pop-culture collectibles!” and apparently to have your customer information stolen, too.  I used this email address on an order made January 3, 2006, for the Serenity comics, in case you’re interested.  That’s just to point out how Sneakemail helps me track these things.

So now their customer database winds up in the hands of criminals.

This is not the first time it has happened.  Other companies have been caught at supplying email address and perhaps first/last name (and who knows what else?) to those who then send spam or phishing email.  Most of the time they totally ignore repeated inquiries to their customer service, support, help, or other email addresses.

But when I have gotten an answer (e.g. from dyndns), it usually turns out to be blamed on the company they use for their newsletters, and they promise that it only included non-sensitive information.  So, that’s another reason to be sure to un-check any kind of newsletter subscription that they usually have on the check-out page.

Now, with Sneakemail, I can activate greylisting on an individual address, set up filtering (which is handy for addresses used for mailing lists and forums) to only allow through the intended correspondent, and, when necessary, disable or delete that individual address.  Deleting the address I used to place orders with TFAW or Oratec, does not affect any other address so all my other correspondence is not bothered.

Update May 11

I received a reply from someone at TFAW.com dated Friday afternoon.  That’s about a 24-hour turn-around, which is remarkable in these cases.

She said, (bold mine)

Thank you for contacting us, and notifying us of this matter.  We definitely do not rent or sell out any customer information at all, and any information provided on our site is kept completely confidential.  We do list our privacy policy confirming this in our site’s help pages that you can review at the following location: http://www.tfaw.com/Help/Privacy-Policy___35   We had our technical team look into this matter and have confirmed that there have not been any compromises in security on our end.  We definitely understand your concern on this matter, but rest assured no personal information has been passed along or obtained from our site.  We here at TFAW.com take privacy concerns very seriously, and actively ensure that all information is kept safe and confidential.

And also invited me to forward the message with the headers, for them to keep on file (not to further analyze?)

If I read that correctly, they didn’t give information to anyone such as a mailing list company, and nobody ever accessed their data surreptitiously (meaning their detection would be flawless even if the access control isn’t).  So what’s left? Deliberate access by someone on the inside.  Somehow I don’t think that’s what she meant.  Maybe email was gathered in-flight from their outgoing confirmation mail (the only time that address ever appeared in an email before the spam) only to be held for a couple years before being used for spam.

If some third party is listening in on email transit, I think there would be worse effects than just use of the address much later: such a person would have the receipt, invoice, and whatnot, containing order numbers and account information and could immediately spoof that person at that store, read the mail sent for a password reset, and go nuts.  However, the current state of security on email sent between parties on normal ISPs is far from tight.

July 28, 2014 — The Sock Company

I got another PayPal phishing message, this one sent to the email address I used with Thorlos socks.  I like their socks very much, and my notes indicate that it’s cheaper to order from them directly because of free shipping, unless the order is more than $55 in which case it’s better to by from The Sock Company.  I’m sure prices have changed since I first ordered from them in 2005, but that is an illustration of the kind of records I keep and why I’m confidant that nobody else would know of the email address to which I’m receiving these messages.

September 4, 2014 — Kingwin

Another occurrence, this time from Kingwin.  I emailed their tech support two years ago with questions about their USB SATA Dock products.  At least this time there’s no customer information with them, but only my name and a (unique) email address.

June 18, 2014 — LightRocket

I got an ad promoting something called LightRocket, sent to my historical original email address.  What I mean by that is once upon a time the Web was a nicer place and my email address was published on my web pages and various publications.  I still maintain it, but it’s only used by “cold calls”.

When I wrote back asking how I got on their mailing list, I got a real reply from someone in short order.  That’s nice, and hopefully I’ll find out something.  I’ll revise this report as I learn more.

January 4, 2015 — OEM PC World

I’ve ordered flash media from time to time from OEM PC World, most recently in July 2013.  Now I’m getting dozens of emails for mail order brides.  I’m sure that’s not really in their catalog, so how did these purported women get my contact info from them?  Interesting that a company that’s been “the world’s memory value leader” for over 15 years doesn’t have an email address itself, but can only be reached via a web form.

I received a real reply from someone later that same day.

Ongoing…

 June 2015— Paradigm Speakers tech support

I wrote Paradigm Speakers support email on 23 June 2014, and one year later I started getting PayPal and Apple ID Phishing email.  It wasn’t until November that I noticed some leaking through my normal spam filter, but I see it goes back at least to June 3.

In December 2016, I’m still getting junk from them (56 over the last 30 days), with nothing resolved.

December 4, 2016 — IcyDock

I got a PayPal Phishing email that slipped through my filters, that was sent to an email address used for product registration for Icy Dock, on November 21 2011.  Is this just the first to slip past the filters?  I checked the sneakemail stats and it was the only email to that address in the last 30 days.  So, the security breach of customer info is recent perhaps.

I contacted Icy Dock Sales, and quickly got a serious reply from a representative.  It’s refreshing to see that a company not only reads and responds to their own email, but gives a serious reply rather than some canned blather or blanket denials.  So, Kudos to them!

It would be great to discover if some particular 3rd party service were responsible for many of these incidents.  It would be possible if companies took it seriously and noted who was given customer information and when.  A culprit would show up as being common to many of them.