It appears you can now also get Linux versions of this tiny energy saving desktop machine, but the pricing is most curious. Originally Asus announced an 80 GB Linux version for $269, $30 less than the similarly equipped XP version. This would presumably pay for the Windows XP license fee that Microsoft collects from every Windows OEM. Linux, which is free software licensed under GPL, comes without any such fees.

However, the actual pricing is now quite different. For example, Amazon.com sells the 1 GB RAM / 80 GB hard disk Windows XP Home version (in black) for $298 while the 1 GB RAM / 160 GB hard disk Linux version (in black) is available for $321 (prices may vary by the time you read this). The picture is similar at Newegg.com, which offers the 1 GB RAM / 80 GB hard Windows XP Home version for $299 and the 1 GB RAM / 160 GB hard disk Linux version for $319. That’s $20-$23 more for a bigger hard disk, but a cheaper operating system. Retail prices of the 80 and 160 GB Seagate Momentus 5400 RPM SATA drives used in the two versions differ by only $10 (about $50 vs. $60, at Egghead.com).

Adjusting for the hard drive cost, the Windows version is now $10 cheaper instead of $30 more expensive than the Linux version, money which we can assume came out of Microsoft’s revised OEM pricing. Asus is making at least $10 more per machine that ships with Linux than with Windows, even if Microsoft was giving away XP for free to Asus, which is probably not far from the truth.

Let’s put it this way: At this stage, Microsoft must have been pretty desperate to keep Linux off as many high volume, low end machines as possible. It had made a blunder by heavily betting on the success of Vista, which requires fairly high end hardware, but the market decided otherwise. To its surprize it found that customers wanted to stick with less resource-hungry XP. Then the boom in low end machines triggered by the One Laptop per Child initiative and the Asus Eee PC took Microsoft completely by surprize.

You see, Microsoft makes money on Windows by licensing it to OEMs like HP and Dell. In a mature market where almost everyone already owns a PC these OEMs were supposed to be able to sell more machines (and bundled Windows licenses) only if a new Windows version made the old machines obsolete. The actual needs of users played almost no role in this.

Microsoft had bet on selling ever more powerful machines, thinking that if old machines were not powerful enough to run Vista, owners of XP machines would dump their hardware and buy new machines from Microsoft’s OEM customers. Instead both retail and corporate customers revolted, as Vista offered them few real benefits but a number of potential problems. Instead of triggering a rush to Vista, Microsoft motivated customers to look at other alternatives such as Mac OS X, Ubuntu and other Unix or Linux flavours or simply to sit it out and stick with XP as long as possible.

This of course is a mortal threat to Microsoft’s business. Once millions of customers get used to no longer owning the latest and greatest Windows software or even start surfing the net, doing email, watching YouTube and running OpenOffice on non-Windows machines, where is that going to leave Microsoft in 2010, when Windows 7 and perhaps Office 2010 come out?

Right now Microsoft’s business model is still generating large cash flows from selling operating systems and application software to OEMs and retail customers. This is the classic model the microcomputer software industry has used since the 1970s, even before “microcomputers” where renamed to personal computers (yes, I was around then). It’s not how the mainframe business operated before and it’s not how new Internet businesses work now.

Witness successful companies such as Google and eBay, which are making money by acting as go-betweens between buyers and sellers (ads in the case of Google, merchandise in the case of eBay). Canonical and other Linux companies get their revenue from support contracts while giving away the software. Many new business models rely on advertising or shared sales revenue. Google makes billions of dollars and has hundreds of millions of daily users without in most cases selling directly to the people who use its services. The world as Microsoft knew it is changing and it will have to change with it. That will be extremely painful for them.

Microsoft is well aware of the need to move to a new net-centric business model. For evidence look no further than its recent desperate attempt to acquire Yahoo’s user base by buying out the whole company, after having spent years and pouring billions of dollars into largely unsuccessful efforts to match Yahoo with its own MSN/Hotmail/OfficeLive offerings. The problem is, Yahoo is only up for sale because it has not managed to compete terribly well against Google either. If Microsoft and Yahoo merge, it will be a case of the blind leading the blind.

Without a working alternative, Microsoft is finding it very difficult to move away from its classic business model, which depends on its ability to get customers to buy new copies of Windows and Office every couple of years at fairly hefty prices, whether users are keen on these new versions or not.

Microsoft is going to find this ever more challenging as new low-cost mobile devices come along, especially in the sub-$500 bracket. These new gadgets will bridge the gap between mobile phones, consumer devices and PCs, offering adequate performance and convenience at low prices. Think about it: How many people are still going to pay $499.95 for a copy of Microsoft Office Professional 2007 when the mini notebook or nettop they will be running it on only cost $300-$400? That pricing model only worked while Microsoft had a de-facto monopoly on desktop operating systems and office suite applications and especially when hardware was still expensive.

Microsoft’s pricing is really a relic of the 1980s, when a 6 MHz PC AT with half a MB of RAM and a 20 MB hard drive cost as much as $6,700. Then it still made sense to spend an extra 10-30% of that amount on software to make the machine useful, but today’s numbers look very different.

The recent announcement by Canonical to port Ubuntu to ARM-based low-power devices further illustrate the danger for Microsoft from the market moving to a low-cost, low-power, net-centric model. Most mobile phones use ARM-based chipsets. So do many consumer broadband routers. It’s the de-facto standard in those markets. Both the Apple iPhone and the Google Android-based G1 run variants of Unix or Linux on ARM CPUs. So do many $50-$150 broadband routers. Meanwhile Intel is working on integrating its Atom CPU core with the graphics chip in its upcoming “Pineview” chips, going head to head with ARM for low-cost “PC on a chip” designs. Competition in this segment will result in a plethora of interesting products available to consumers.

While there will always be a demand for high end PCs for gaming (where Microsoft competes with Sony’s PlayStation and other dedicated games machines), the low end mobile market will be the real growth market, especially in emerging markets such as Asia, Africa and Latin America.

What Microsoft is effectively doing in the netbook / nettop market today is giving away Windows XP just to keep a foot in the door for a remote chance of profits a few years from now. That’s only about as smart as selling mortgages to people who can’t really afford to buy a house. Sure, you get customers that way to keep the market growing, but what is going to happen a year or two later? As the sub-prime mortgage crisis has taught us, you can’t fudge revenue numbers forever. In the short term, giving away Windows may prop up market share numbers, but the result is no more than window dressing. The Vista debacle seriously damaged Microsoft’s value as a brand amongst consumers. Don’t count on their brand loyalty too much. Microsoft has lost its ability to steer the market that it used to control, just as big old IBM did before it.

Microsoft’s Windows and Office sales are the equivalent of a subprime crisis waiting to happen. Microsoft’s revenue model is being hollowed out. The software giant is now too big to quickly move to a model that will still fit the market a few years down the road.

When the big crunch comes, expect things to get nasty. Microsoft employs 4 1/2 times more people than Google which already makes more money than Microsoft does. This ratio is not going to stay that way.

UPDATE (2008-11-20):

I mentioned that the XP version went from initially being $30 more expensive to $10 cheaper than the Linux version and credited this to Microsoft deciding to essentially give XP away in order to hang on to market share.

A review of the Dell Inspiron mini 9 sub-notebook mentions that Dell charges $40 extra for XP compared to the Linux version. That’s exactly the margin by which the price of the Eee Box XP version dropped relative to its Linux sibling between the announcement and the start of shipments, so it would back up my reasoning.

Yes, sometimes less is more. I took this philosophy to heart when I bought a Toyota Prius, which has only a modest 1.5 litre engine, drawing on electric motors and a battery for peak loads. I also recently purchased a sub-$70 motherboard with a 1.5 GHz VIA CPU that typical desktop CPUs will run circles around when running under full load, but at a cost in electricity and money. This board will take over the workload of multiple, more energy-hungry machines that have been sitting mostly idle doing what they’re doing every day. It’s powerful enough and economical, drawing a maximum of about 20W. Typical desktop chips have a maximum power draw of 45 W, 65W or more.

(Click here to see a full set of pictures of the upgrade)

Five months ago the largest and most important hard disk on my LAN died after only 15 months. Even though I could still rescue the most crucial data off it before the drive finally went offline forever, it was a very close shave and I lost some data. I realized I needed to move my data to a RAID, a “Redundant Array of Inexpensive Drives”. It’s a system in which data is transparently written to multiple drives for reliability. If any one drive dies you can still read your data and recover gracefully from the failure after swapping the dead drive for a replacement drive. This is relatively easy to do in Linux, in fact the server that hosts this website uses RAID too.

Last weekend I set up a machine for about $350 in total as a network attached storage server (NAS) under Linux with adequate processing power for other tasks. I equipped it with 2 GB of RAM and twin 1 TB mirrored hard disk drives. The main expense were the two drives (WD10EADS “GreenPower”, 5400 rpm, $110 each), whose cost made up about 2/3 of the total investment. The other parts were the Micro-ATX VIA MM3500 motherboard ($70), two 1 GB DDR2 PC5300 memory modules ($25 each), SATA cables (one comes with the motherboard) and Molex to SATA power adapter cables, as my older ATX SFX power supply (PSU) did not have the right connectors yet. Also, the motherboard uses a 24-pin power connector while the PSU only had a 20-pin plug, but the four extra pins are not required for this board and the plug is keyed to only fit in the proper place.

The case that was to house these components used to be an eMachine 366i, a cheap minitower I had bought in 1999 for about $450 and which had served me well for many years. I once had to replace the power supply for $25 with a FSP180-50NIV-H (dead PSUs are the most common problem in eMachines) and otherwise only upgraded the hard disks, the last one being a 60 GB IBM DeskStar that failed in 2007. By now the 366i’s Celeron 366 MHz CPU was slow, it’s 256 MB (the maximum supported by the board) inadequate for modern operating systems and it neither supported SATA drives nor any drives greater than 128 GB. It also didn’t have any USB2 ports. Still, the replacement power supply was relatively recent and the case big enough for this project.

Since the RAID drives had to be online 24/7 for my spam processing I was looking for a motherboard that used as little power as possible while being adequate for running the file server and spam filter. After considering various Intel and AMD desktop boards (including the Intel Atom processor 230 Intel 945GC Mini ITX desktop board) I finally came across the VIA MM3500. As mentioned above, this board includes a VIA C7-D CPU running at 1.5 GHz.

While that VIA CPU is even slower than an Intel Atom (which is not exactly known for its speed) its price of under 7000 Japanese yen (less than US$70) was attractive and both the CPU and the chipset draw little power. While the CPU on the Intel Atom board only sips power, its chipset is fairly inefficient (which is why the cooling fan sits on the Northbridge heatsink, not the passively cooled Atom heatsink). Like the Atom board the MM3500 has two SATA ports, enough for handling RAID1. 8 USB2 ports provide plenty of expansion capabilities, as does a PCI-E slot for video cards (not available on the Atom). Two DDR2 slots will accept up to 4 GB of RAM, twice the limit of the Atom board which only has one slot and can only reach its maximum of 2 GB by using a 2 GB SIMM. Both boards offer one PCI slot.

The main complication with the VIA board turned out to be video driver support for the onboard graphics (CN986 Northbridge / Chrome9 HC IGP). As soon as Ubuntu switches into graphics mode, the screen becomes unreadable. I got around this only by plugging an old Jaton Video-198PCI-64 Twin video card into the PCI slot (any Ubuntu-supported PCI or PCI-E card will do). I am hoping to find a proper work-around to be able to remove this card again and minimize power usage [done, see UPDATE below!]. I could do away with it by running the server only in text mode (with ssh access) and never using its GUI. That wouldn’t matter for a file server.

I first tried installing Ubuntu 8.04 LTS (desktop edition), but after the video problems I switched to a torrent of the Ubuntu 8.10 beta. Ubuntu 8.10 (Intrepid Ibex) is due for release on October 30, 2008. The 8.10 beta includes a fix for booting off a RAID1 system with one dead drive, which I may need in the future. 8.04 doesn’t handle this yet.

After installing the PCI video card, the operating system installation (including configuring the two mirrored drives as RAID1 following these very helpful instructions) went very smoothly.

It is a pity VIA doesn’t provide better video driver support for up-to-date Linux versions, otherwise this would be a nice little board that I would find easy to recommend to people who want to build a low-power usage system on a small budget.

UPDATE (2008-10-14):

I now have the motherboard video working in VESA mode and it’s very usable.

Following some pointers in various forums, I tried adding the xforcevesa option to the kernel loader line in /boot/grub/menu.lst, but that didn’t seem to have any effect in Ubuntu 8.10 beta (Intrepid Ibex).

Then I renamed /etc/X11/xorg.conf to a backup and copied xorg.conf.failsafe to xorg.conf (in folder /etc/X11/). I shut down the machine, connected the monitor cable to the motherboard VGA and removed the add-on VGA from the PCI slot. When I powered up the machine again, it booted fine. I get a 1280×1024 screen, the maximum for the Dell 1905FP monitor I used.

I am still hoping that the Ubuntu developers will manage to get an updated Chrome9 HC IGP driver into the upcoming release, but for now I have a workable solution and am happy with this setup.

UPDATE (2008-11-10):

I got rid of the VESA driver and am using the default OpenChrome driver for the motherboard video after specifying two options to disable features on the driver that cause problems in the current build:

Section “Device”
Identifier “Configured Video Device”
# Driver “vesa”
Option “XaaNoImageWriteRect”
Option “SWCursor” “True”
EndSection

Also, a couple of days ago VIA uploaded a beta test version of their driver for Ubuntu 8.10 to their Linux support site (a month after 8.10 was released), but I haven’t tested it yet.

Sehr geehrter Nutzer,

heute möchten wir Sie zu unserem Aktuellen Betatest des neuen Kaspersky© 9.5.710 einladen.
Unser neues Produkt besticht durch seine überarbeitete Scanroutine sowie die schnelle und effektive
Aufspürung von Viren, Trojaner und anderer böswilliger Maleware.

Für ihren persönlichen Zugang haben wir ihnen ein Beta Account eingerichtet welchen Sie bei der
Installation angeben müssen, um den Webinstaller sowie das Programm an sich nutzen zu können.

Benutzername: kis_aX9535
Passwort: c3VF5gg8

Diese Daten werden bei der Installation abgefragt. Notieren Sie sich diese Daten bitte genau,
da diese auch für ihren Zugang auf unserer Seite erforderlich sind.

Zum Ende des Betatests bekommen Sie eine Volllizenz und können somit Kaspersky© ein
Jahr kostenlos für ihre Sicherheit nutzen.

Sollten Sie Fragen oder Probleme haben, so schreiben Sie und eine Mail an: beta-team@kaspersky.de

Wir wünschen Ihnen nun viel Spass mit unserem neuem Produkt und hoffen auf eine Positive Wertung
von ihnen auf unserer Website.

Mit freundlichen Grüßen
Ihr Kaspersky Beta Team

Copyright © 1997 - 2008 Kaspersky Lab

Industry Leading Antivirus Software

Message headers:

Received: from mo-p05-ob.rzone.de (mo-p05-ob.rzone.de [81.169.146.182])
by mail.joewein.net (Ogose Mail Daemon) with ESMTP id 818CC10DCC78
for <419@419scam.org>; Sun, 21 Sep 2008 21:43:45 +0000 (UTC)
X-RZG-CLASS-ID: mo05
X-RZG-AUTH: :L2MKYUGrb9+s7Ys+/C6cdNboKaxR22vZQHQdVrAeYnDdBsCFdpW1J0sdHw==
Received: from [77.21.44.13] ([62.159.230.93])
by post.webmailer.de (fruni mo40) (RZmta 17.4)
with ESMTP id L03273k8LKd8yb for <419@419scam.org>;
Sun, 21 Sep 2008 23:43:17 +0200 (MEST)
(envelope-from: )
Date: Sun, 21 Sep 2008 23:40:54 +0200
Mime-version: 1.0
Subject: [PR] Kaspersky Betatester Programm
From: Matthias Franken
To: <419@419scam.org>
Message-Id: <9212340.EDWNJLIN@kaspersky.de>
Original-recipient: rfc822;419@419scam.org
Content-Type: multipart/mixed; Boundary=”–=BOUNDARY_9212340_SIIK_IDLO_OFNM_KSKB”


At the time of writing this blog posting, Kasperksy’s online malware scanner did not yet recognize the Trojan Kaspersky.9.5.7.1.exe in archive file Kaspersky.9.5.7.1.rar.

As I already stated in my posting about the fake Google Chrome installer, do not install software attached to or linked from emails you didn’t request.

The real Kaspersky software is highly regarded and trial versions are available on the Kasperky website.

I remembered this piece of advice when my wife’s computer started to sound more and more like there was a hairdryer inside. The CPU fan kept running at full speed, even when it was just sitting there with the Windows desktop, not just running any CPU-hungry applications. It hadn’t always been so.

What is it about computer fans and dust? As processors got faster, they consumed more and more power and consequently, produced more heat. Thus the need for fans, which draw in not only air for cooling, but also the dust that comes with it and which tends to build up. As the dust obstructs the airflow, the fan keeps having to work harder and the less effectively cooled parts get hotter, which can shorten their lifespan.

My wife’s machine is a Dell Dimension 3100C, a low-budget machine based on the Intel Celeron D 330. This CPU is a low-end version of the Pentium 4, whose power-guzzling technology has since been abandoned by Intel in favour of the more energy-efficient Centrino / Core architecture that was derived from the older Pentium III.

Even the lowly Celeron D 330 has a Thermal Design Power (TDP) of 73 W. To cope with this heat output, it has a massive heat sink through which a fan blows air from outside the chassis. When I opened the box I found that the metal grill in front of the air intake of the CPU fan was clogged with a 5 millimeter layer of dusty fluff.

After undoing two screws that hold down the heatsink cover I could flip the hinged heatsink by 90 degrees and remove it, allowing me full access to the inside of the fan, so I could blow air against the dust with a plastic straw from inside. I vacuumed the entire motherboard and both sides of the fan air intake, while brushing and blowing the dust loose. An old toothbrush and a plastic straw or a can of compressed air for blowing away dust can be helpful. Also, put a narrow plastic tip on the vacuum cleaner, for use in tight corners.

When all was done and I put the heatsink back, closed the box, reconnected the power cord and switched the computer on again, it ran nicely quiet - almost like new!

I definitely recommend vacuuming your PC at least once a year, more if you live in a dusty environment or if the fan blows a lot because you like to use CPU-intensive applications such as games.

• the base model running Linux version with 1 GB of RAM and a 80 GB hard disk for $269,
• a Windows XP Home version with the same 1 GB of RAM and 80 GB of disk for $299 and
• a Linux version with 2 GB of RAM and 160 GB of disk for $299

Four months later only one of these three versions is available and it’s neither the cheapest nor the best equipped of the three anounced configurations: Only the Windows version hit the stores, at $50 more than previously announced (it’s around $350).

Meanwhile the Linux versions are nowhere to be be found, though rumour has it that they will become available later this year.

Considering that ASUS shipped it trailblazing Eee PC notebook with Linux first, before following it with a Windows version, this turn of events with their desktop is somewhat surprizing. Low prices are a major reason why their machines are attractive, but every Windows machine shipped means royalty payments to Microsoft, which is why the XP version was going to be $30 more expensive than the base model (Linux is royalty-free). By opting for only shipping XP, ASUS is also preventing its customers from buying a 160 GB version, as Microsoft refuses to let OEMs ship XP with machines with more than 80 GB of disk space.

To get a 160 GB Eee Box with 2 GB of RAM and Linux (the configuration I was interested in) you would have to buy an 80 GB model with 1 GB of RAM and XP, only to discard the 80 GB drive, the 1 GB SIMM and Windows XP (which you’ve all paid for) and then install a separately purchased 160 GB drive and 2 GB SIMM and a (free) copy of Linux.

When the Eee PC was launched, I was very excited by the prospect of low-energy, low cost computing, but wanted to wait for the desktop as I would use them mostly as unattended servers and had no need for an LCD screen. Like many other potential ASUS customers, I will keep on waiting now.

I currently use a set of four machines to process external spam feeds for the SURBL Multi JP blacklist. Since these machines are on 24 hours a day, seven days a week I would like to minimize power usage and Intel’s Atom processors with a TDP of less than 5W sounded like a very attractive upgrade path for me. I use some older machines with sub-1 GHz clock speeds that draw relatively little power, but these old motherboards have some drawbacks. First of all they are limited to a maximum of between 256 and 512 MB of RAM, while Atom boards support up to 2 GB. Secondly, their motherboards are 7 to 10 years old and they won’t work forever.

I had a look at Intel’s Atom 230-based Mini-ITX desktop board, which can be found for under $70 and fits existing ATX-based machines like my ancient eMachine eTowers. At first glance that looked attractive. However, even though the CPU is efficient, the Northbridge support chip of the Intel 945GC Express Chipset on that board burns about five times more power than the Atom CPU itself. The Eee Box sounds like a much better choice in the long term, as it uses an Atom 270 with the much more efficient Mobile Intel 945GSE Express Chipset. The catch is, you can’t currently buy an Eee Box without paying the “Microsoft tax”, i.e. a Windows XP license that you pay for whether you have a use for it or not.

The decision by ASUS to push back on the Linux version makes no sense to me. I suspect Microsoft made ASUS an offer they found hard to refuse, in order to establish the Eee Box as a Windows-only machine. It will cost ASUS sales and it won’t make Microsoft any more popular. It’s not good for the planet either if people buy power-hungry desktop hardware instead of one of the more economical computers available.

From: “Steffen Neukirch” <beta-team@google.de>
To: spamtrap-email-address
Sent: Friday, September 05, 2008 09:26
Subject: [PR] Neuter Webbrowser Chrome erhältlich

Sie benötigen einen JavaScript-fähigen Browser, um diese Software herunterzuladen. Klicken Sie hier, um Anleitungen zum Aktivieren von JavaScript in Ihrem Browser zu erhalten.

Google Chrome (BETA) für Windows
Google Chrome ist ein Browser, durch den die Nutzung des Internets beschleunigt, vereinfacht und sicherer gestaltet werden soll. Dabei bietet der Browser eine hohe Nutzerfreundlichkeit.

Für Windows Vista/XP

Ein Eingabefeld für alles
Bei Eingabe von Text in die Adressleiste erhalten Sie Vorschläge zu Such- und Webseiten.

Miniaturansichten Ihrer am häufigsten besuchten Websites
Rufen Sie Ihre Lieblingsseiten von jedem neuen Tab aus blitzschnell auf.

Verknüpfungen für Ihre Anwendungen
Starten Sie Ihre am häufigsten verwendeten Webanwendungen über Desktop-Verknüpfungen.

Zögern Sie nicht den neuen Webbrower zu testen, im Anhang finden Sie die neuste Version des Chrome
einfach installieren und sofort loslegen.

©2008 Google - Startseite - Über Google - Datenschutzbestimmungen - Hilfe

I checked the attached 705 KB ChromeSetup.rar file with Kasperky’s online virus scanner:

Scanned file: ChromeSetup.rar - Infected
ChromeSetup.rar/ChromeSetup.exe - infected by Trojan-Dropper.Win32.VB.efh

Do not install software attached to or linked from emails you didn’t request. The real Google Chrome (Beta) browser is available at http://www.google.com/chrome

Months ago a friend had recommended OpenWRT, another open source solution for low cost broadband routers, but following the old “don’t try to fix it if it ain’t broken” mantra, I had stuck with my standard NEC Aterm WR6650S WarpStar router (firmware revision 8.72) .

A few weeks ago I started having random problems connecting to the internet. When I clicked on links in the browser, either it was very slow or it returned an error or timed out on me. When I investigated I noticed that the internal log of the NEC WarpStar was full of error messages like these:

2008/08/24 18:09:29 NAT TX-ERROR List Create Error : UDP 192.168.1.102 : 31320 > 201.29.227.157 : 7701 (IP-PORT=1)
2008/08/24 18:09:29 NAT TX-ERROR List Create Error : UDP 192.168.1.102 : 31320 > 99.227.142.5 : 9205 (IP-PORT=1)

A router reset (briefly pulling the power cord) would cure it for a few hours to two days at most, but then the problem always came back. The router firmware obviously had trouble tracking which entries in its Network Address Translation (NAT) table could be discarded and the table would overflow, making connections to the outside world hit and miss, as NAT entries are essential for replies to requests sent to servers out there to get back into the LAN.

Of the 8 PCs and Macs in my home and office that are sharing a cable internet connection, at least four are on all the time, crunching spam data received from around the world day and night. So you can imagine that whatever router I’m using is always getting a good workout. I can’t afford it to be unreliable.

So I started doing a bit of research on OpenWRT and its cousin DD-WRT and what sort of routers that are compatible with them I could get locally here in Yokohama, Japan.

The Linksys WRT54G was the first router fitted with open source firmware, but Yamada Denki, the biggest electronics store in my part of town, does not sell any Linksys products. They were selling mostly NEC and Buffalo, but none of the models I found on the shelves appeared on the list of supported hardware.

I searched Google for the WHR-HP-G54, a supported Buffalo router, for pages in Japanese and found it on kakaku.com, a price search website. It was available for 6,500 yen from Mr. Direct, a company based in Hiroshima. Less than 48 hours later the router arrived at my doorstep by takkyubin (parcel service), for about $70 including tax and shipping.

Installing DD-WRT on the router turned out to be so easy, it actually took less time to do it than to get my Windows Vista notebook working with the new wireless security keys afterwards!

Here’s what I did:

1. First I downloaded the firmware (v24-sp1 / Consumer / Buffalo / WHR-HP-G54 / dd-wrt.v24_mini_generic.bin) and saved it on my local hard disk.
2. Next I verified the router was working with its default firmware. I hooked my notbook to one of the LAN ports by ethernet cable and accessed 192.168.11.1 with the browser. The Japanese factory firmware came up (user: root, blank password).
3. I added the tftp program in the Windows Vista control panel (Programs and Features / Turn Windows features on or off)
4. I opened two command prompt windows. In the first I executed
   ping -t 192.168.11.1

5. In the second command prompt window I went into the folder where I had saved the downloaded DD-WRT firmware and then typed the following, without hitting Enter:
   tftp -i 192.168.11.1 PUT dd-wrt.v24_mini_generic.bin

6. Unplug the power cable from the back of the router, then reconnect it.
7. As soon as you see the router responding to the PING command in the first window, hit enter on the second window (tftp command). The diag LED will flash for a number of seconds and tftp will report that the file was transferred.
8. When the LEDs on the router are quiet, the update will have finished. Renew your IP (or reboot your PC), because the router will now be at 192.168.1.1. Access it with the browser and you’re ready to configure your new DD-WRT router!

From: “Fernanda” <fernandinha@globo.com.br>
To: <joewein@pobox.com>
Sent: Thursday, September 04, 2008 06:29
Subject: Por favor veja isso!!!

Você acredita que essas coisas ainda acontecem no Brasil?

Eu não posso acreditar…

Se você quiser, assine e repassse!

Tratamentos Desumanos.wmv (153,0 KB)

Google translation:

Subject: Please see that!!!

Do you believe that these things still happen in Brazil?

I can not believe …

If you want to, sign and pass on!

Inhumane Treatment.wmv (153.0 KB)

The link to what looks like a Windows movie file will try to run a malware installer.

The link in one of the emails goes to http://ceubba.org.ar/chat/data/web/~/anexo/video.wmv, which is actually a directory created by the malware senders on a hacked website. For any directory, the browser resends the request with index.html, index.htm and a few other typical default document names. The criminals named their Windows malwale index.html and placed it into that folder. Because the file starts with an executable program header, Windows will try to run it, rather than using the Windows media player to play it as a video.

Be very careful when clicking on links or attachments in unexpected mail sent to you. Use common sense or a good anti-malware program, ideally both!

I collect a lot of spam for building my spam blacklists and would have liked to use my Gmail accounts for that, so this sounded useful. By using a filter rule I could ensure that the spam emails I wanted to analyze would either end up in the Inbox, from where my spamfilter can extract them via POP, or would be forwarded to another email address for retrieval.

However when I tried it, the new option wasn’t there. I found many blogs talking about the feature, but none of the Gmails accounts I tried gave me that option. What was I missing?

The mystery seems to be related to the browser I use: When I use Internet Explorer 7 on a Vista machine, the new option was indeed available. However, with Internet Explorer 6.0 on two XP machines it wasn’t there. When I installed and ran FireFox 3 in parallel on one of those XP machines, the option appeared too.

Therefore, if like me you use IE 6 and don’t want to switch browsers just yet, set up the Gmail filter from another machine running IE 7 or install FireFox as an additional browser (not the default) on your IE 6 machine. Unlike IE 7, FireFox will coexist happily with IE 6 and upgrading to it is not a one way street as it is with IE 7.

The same scam also uses domains

• mdanclub.com
• wayizer.com
• wayate.com
• coralnic.com
• grigga.com
• srcify.com
• azureclub.com
• flipality.com

and probably many others. The fact that they keep switching the domain of their website is already one giveaway that it’s a scam.

The four domains wayate.com, wayizer.com, mdanclub.com and flapstate.com are all hosted on the same server, at IP address 216.22.50.130. That IP address has been assigned the reverse DNS name “server1.bestunbeatableoffer.com”. Interestingly “bestunbeatableoffer.com” is not currently working, as it has been suspended by its registrant for spam or abuse. A Google search for the domain “bestunbeatableoffer.com” finds a blog entry that accuses the site owners of phishing, using a whole bunch of different domains that harvested personal details, including email addresses and passwords.

Do not enter your real name, email account or password on any of these websites. These sites are deceptive and harvest personal information which can (and probably will) be abused!

Here is what happens. If you access any of these websites it first gives you this message:

Our system indicates that a pic from your ip address has been uploaded to this site within the past 48 hours.

This is a blatant lie, because it will say that from whatever IP address you access from, as this is hard-coded into the website. It doesn’t even check what IP address you access from before it puts up this dialog.

Once you click OK it puts up another dialog:

Fill in to view your pics.

FULL Name of Friend
who referred you to this page:

Your FULL Name:

Your FULL Email:

It then asks for your password. This is highly dangerous. With your email address on Yahoo, Hotmail, Gmail and many other services and your password, the website could access your online address book and find all your online contacts. What’s more it can then contact everyone in your address book in your name, sending them an email that looks like it was sent by you! Thus the deception would snowball. It would allow massive address harvesting.

This is especially true because they also ask about which social networking site you come from (e.g. Myspace, Facebook). If people happen to use the same password there, it will allow the scammers to break into social networking accounts and their associated address books, “friends lists”, etc. They can then tell every one that “their pic has been uploaded” and repeat the game ad infinitum, until they have stolen millions of names, email addresses and passwords.

After filling in the previous forms with bogus data, I got this dialog:

FINAL STEP BEFORE RETRIEVING RESULTS

Our system indicates that your friend recently bookmarked and reserved this page just for you.

It said that after I made up a bogus name for the friend who supposedly sent me there. My email address was also one I made up and had never used before (on a domain that I own). After that I got an error message:

Link unavailable

Possible causes are:
Your geographic location is not allowed for this offer.
Duplicate IP Address.
A system error ocurred.
The offer has expired.
The AFID or CID is not valid or authorized.

For your information, the domain flapstate.com was registered with these details, which may or may not be correct:

Registrant [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US

Administrative Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Billing Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Technical Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Domain servers in listed order:

NS1.DOMAINSERVICE.COM 67.99.176.12
NS2.DOMAINSERVICE.COM 67.97.247.209
NS3.DOMAINSERVICE.COM 64.49.213.231
NS4.DOMAINSERVICE.COM 67.97.247.210

Record created on: 2008-08-03 19:18:56.0
Database last updated on: 2008-08-03 19:16:31.357
Domain Expires on: 2009-08-03 19:18:56.0

Any other domains that are part of this same scam are likely to use the same address details.

The street address and phone number listed above appear to belong to a nightclub called Spin Nightclub.

Toptieprofiles.com appears to have been part of the same scam, because its HTML code used to reference IP address 216.22.4.42, as does flapstate.com.

Also, the email address used in the domain registration (bulletinpics@gmail.com) suggests a link to domain BulletinPics.com which was also used for an email address and password harvesting scam (see here). Website www.bulletinpics.com looks identical to flapstate.com but is hosted on a different server, on IP address 159.25.17.50. This site loads an iframe that points at domain destination-server.com, which is hosted at IP address 216.22.50.130 like flapstate.com, wayate.com, wayizer.com and mdanclub.com. Here’s the registration record for bulletinpics.com:

Registrars.domain: bulletinpics.com
owner: - -
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: –
postal-code: NV
country: US
phone: +1.7029221911
admin-c: CCOM-1288874 bulletinpics@gmail.com
tech-c: CCOM-1288874 bulletinpics@gmail.com
billing-c: CCOM-1288874 bulletinpics@gmail.com
nserver: a.ns.joker.com 69.39.224.27
nserver: b.ns.joker.com 66.197.237.21
nserver: c.ns.joker.com 69.39.224.26
status: lock
created: 2008-05-13 12:14:33 UTC
modified: 2008-05-14 10:01:57 UTC
expires: 2009-05-13 12:14:33 UTC

contact-hdl: CCOM-1288874
person: - -
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: –
postal-code: NV
country: US
phone: +1.7029221911

The name “Spin Promotions” suggests a possible connection to Spin Nightclub, whose street address was used for the other domain registrations.

ProfileMirrors.com is another domain that loads a page off destination-server.com. This job offer on GetAFreelancer.com for people doing captcha entry mentions both destination-server.com and bulletinpics. This is very interesting because CAPTCHAs are commonly used to defeat spammers who automatically set up or log in to email accounts at free email providers or BBSes or social networking sites. Here’s a copy of the posting, just in case it gets removed:

searching for good and reliable Teams for desntination captcha entry project . we can pay good rate . PM for more details

when you will PM , please include in your PM

* how many entries you will do everyday
* how many peoples you have to work on this project

********************************************************************

Before bidding work for 15 mins then give us feedback

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

When I tried the URL given I got this message:

TOO MANY AGENTS LOGGED IN AT ONCE:

PLEASE TAKE A 30 MINUTE REST.

After 30 minutes CLICK HERE to continue work.

Project Manager: Scott Shaw
bulletinpics at gmail dot com

The reason this error page continues to appear is
because agents NEED to take a 30 minute break.
Do not keep attempting to open page.
PLEASE WAIT 30 MINUTES or this
error will continue to appear.

When I tried it again, I got a CAPTCHA to solve. It turned out to be from MySpace:

Could it be that these people use software to log into MySpace accounts using passwords obtained via the scam and then use job seekers in Bangla Desh, India and other low-wage countries to defeat the CAPTCHA test thrown at them by MySpace, so they can get at the data in the account afterwards?

With bulk CAPTCHA tests they can also invite anyone on MySpace to become “friends” of the phished accounts, so they can potentially reach every active MySpace user.

Here’s another job offer (a Google search finds many more offers like this):

we need captcha entry team for destination capthca project . we need teams who can deliver minimum 15,000 captcha entries to 50,000 captcha entries daily

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

please go to the link and work for 15 mins , then give us feedback how many entries you can handle daily.interested team can PM us . but u should check the given link before PM us

Rate is negotiable

happy bidding

The following offer that mentions “bulletinpics” even talks of millions of CAPTCHAs to be solved:

Status: Open
Budget: $30-250
Created: 06/15/2008 at 5:07 EDT
Bidding Ends: 08/14/2008 at 5:07 EDT (2 days, 2 h left)
Project Creator: bulletinpics
Buyer Rating:
(2 reviews)
Description: As many people know, the BulletinPics CAPTCHA project has been very succesful, solving over 250,000 captcha entries per day for several teams earning very good money. We are looking to expand to over one million captchas per day but in order to do this, we need to rotate new domain names to host our images.

We are now looking for people/companies who own unused .COM domain names. We need to point these domains to our main image server for two weeks per domain.

For example, if you own 10 unused domains, we would need you to change the DNS so the A record of each domain would point to our captcha server’s IP address. We are willing to pay $1USD (or best lowest bid) to use up to 1000 domains for 2 weeks each. Please let us know if you can provide this type of service.

More related domains (see also):

• tellafriendrewards.com
• stolenprofiles.com
• profilemirrors.com
• ownyourfriendarchive.com
• tradepeopleprofiles.com
• friendownership.com
• mirrorsocialsites.com
• bulletinpics.com
• peepatpeeps.com
• buddyspots.com
• saveyour profile.com
• seepeopleprofiles.com
• socialprofilemirror.com
• discussprofiles.com

UPDATE 2008-10-21:

The server at 216.22.50.130 (http://www.destination-server.com/bulletinpics/entry.cgi) now displays this message, suggests the scam has ended:

This website has been discontinued

All team leaders will be paid in full this week.

UPDATE (2008-11-06):

Spin nightclub happened to be where infamous spammer Sanford “Spamford” Wallace aka “DJ Masterweb” worked (see here). According to the WikiPedia article on Wallace he has been targeting MySpace users before:

On 2008-01-26 the UK Register reported that the Federal Trade Commission has asked the Judge overseeing the 2006 settlement to find Wallace and partner Walter Rines in civil contempt of court for their use of malware and social engineering on MySpace to promote porn and gambling sites.[8] In May 2008 Wallace and Rines were found guilty and ordered to pay $230 million to MySpace by the L.A. District Court when they failed to appear for trial.

What a remarkable coincidence!