Atomic I/O letters column #140Originally published 2012, in Atomic: Maximum Power Computing
Reprinted here April 4, 2013 Last modified 16-Jan-2015.
I think my Google Apps account may have been hacked. All I use it for is my email, so I can have email@example.com as my address (my name is not actually John Doe, please don't publish my real name). Suddenly now I'm getting lots of "could not deliver" errors for weird addresses all over the world that all say I tried to send them spam in Japanese which, according to Google Translate, is about some kind of satellite TV decoder card.
Since I only hear about the spams that bounced, and I got 78 of them just today, I presume the spammer's sent a lot more than that. How do I (a) prove that this is not my fault and I am not actually a spammer, and (b) stop the spammers from sending mail from my account!?
Relax. You haven't been hacked, and you're not going to be punished for someone else's crime.
What's actually happening is that some spammer or other is sending their spam in the usual way - botnet-infected home PCs are a common source these days. The spam messages have a "From:" field just like any other e-mail, and this spammer happens to have decided to put your address in that field. They could pretend their spam comes from firstname.lastname@example.org or email@example.com, but for ritualistic reasons having to do with what might have worked against certain spam-blockers long ago, they tend to prefer real but non-famous addresses. Or, at least, apparently-real addresses at non-famous domains. They're probably sending tons of messages "from" various names @johndoe.com.au.
When these messages are sent to a nonexistent address, as many of them are, a modern mail server should recognise that they're obvious spam and just drop them silently on the floor. An old-fashioned or incompetently set up mail server, however, will treat them as legitimate mail, and bounce an error back to the alleged "from" address. Those bounces, known as "backscatter", are what you're receiving.
Backscatter is only a nuisance, though. You didn't send the spam, and no system administrator, certainly not anyone at Google, would think you had. Anybody with the power to actually block legitimate mail from you or suspend your Google account is unlikely to be so technically clueless that they think you're really a spammer.
(The malicious variant of this is the "joe job", where someone sends spam messages with a fake "from" address with the intention of making that apparent sender look like a spammer. Actual professional spammers, in so far as these highly incompetent individuals can be described as professional at all, do not do this.)
Note that you may actually really be sending spam, if you own a computer that's been infected by botnet malware. That spam will have the same random from address as any other spam, though; only by enormous coincidence is it likely to have your real address on it.
Sometimes when I install Windows updates (Windows 7 Home Premium, 64 bit), it asks to restart to finish installing the updates, then reboots, chugs away for a while loading Windows and "configuring updates", then reboots AGAIN before finishing. I think it might even have rebooted one MORE time on one occasion, but I'm not sure.
Is this symptomatic of anything bad? I'm wondering whether it's going back to a restore point or if there's some crafty malware hiding itself under each new update. I'm finding it hard to believe that any update really needs to reboot the system more than once.
I can't rule out the multiple restarts happening because of some terrible disease, but an extra reboot definitely is something that Windows sometimes has to do to install a standard update.
I don't know how many actual individual updates, if any, require multiple reboots. I think it's usually that one update requires a reboot and has to be fully installed before another update, which also requires a reboot, can be installed. A fresh Windows install from an old unpatched disc can require several reboots during its lengthy initial update process.
This may be something worth complaining about, but it's not anything abnormal.
I've got a Windows 7 PC, a Windows 7 laptop, an old Windows 2000 machine in the laundry as a better than nothing backup box and an iPhone 3GS, all connected to my nameless 802.11b/g/n Wi-Fi access point. Seriously, this thing doesn't have a brand on it anywhere - the sticker just says "150Mbps Wireless Broadband Router". It was $21 delivered on eBay, but I am now thinking it might not have been such a bargain.
When my friends come over, it's always a huge mess. They can't connect a laptop or a phone or anything else to the access point, or they CAN connect, but one of the other machines disappears. If I turn off the laundry computer, one visitor can connect. If the laptop and the laundry machine are off, two new machines can connect. And so on.
I've tried turning off all encryption (even WEP), setting the password to "password" to make sure they're typing it right, resetting the access point, nothing helps. What am I missing?
Jac's Access Point Of Mystery has Ethernet sockets on the back, so I had her try disabling the Wi-Fi adapter on her laptop and hook up via cable. This worked, and now one more wireless client could connect. So now Jac got to grovel through the Chinglish setup interface for the access point, until she found the "Max Clients" setting, which was set to "4". Cranking it up to 50 solved the problem.
(The problem could also have been DHCP on the access point being told that it can only hand out four addresses.)
Not every access point or wireless router has this feature, because it's not actually very useful. It provides some sort of half-arsed security, but that's about it for most users.
Setting a client limit can actually be a good idea if you're having to deal with more than twenty simultaneously active clients and seeing problems, because you're running out of radio bandwidth and access-point processing capacity. In that case, limiting clients to, say, 16, and then adding another access point using a different channel that the rest of the clients can connect to can be helpful. Even cheesy no-name access points should be fine with more than ten clients, though; it remains a mystery which this AP was limited to only four.
A more sophisticated version of the client-limit-for-security idea, which most routers and access points support, is to tell the access point to only allow particular MAC addresses to connect. Every network adapter has its own unique MAC address; it's possible to spoof the address of a wireless network adapter, but this is beyond the abilities of the average teenager next door who wants to download porn using your bandwidth.
(The somewhat-elegant attack solution in that case is, of course, to wait until one of the authorised clients isn't connected to the network, then spoof your address to match that one, then see if you can log into the access point's admin interface using the default password for that device, and then add your own client to the allowed list.)
I've got a 1Tb USB 2 external drive, and I want to make it accessible to Windows, Linux and Mac.
How should I format it?
There's no perfect solution to this problem.
The best option for most purposes is probably the old FAT32 filesystem, because FAT32 is legible on all three platforms. FAT32 disks can't have any files larger than 4Gb, though. Windows also doesn't want to let you format a disk bigger than 32 gigabytes as FAT32, but you can do it with a partition management utility, or a standalone utility like fat32format.
NTFS is the modern standard Windows filesystem. You can read NTFS on all three platforms, but Macs can't write to NTFS disks without one or another not-perfectly-reliable hack.
If you format the drive on the Mac as non-journaled HFS+ then you'll be able to use it natively on Mac (of course) and Linux, but not on Windows unless you install MacDrive (which costs $US50) or some other Mac-filesystem software.
You could also cheat by converting the drive into a Network-Attached Storage (NAS) device, with either a cheap ($40 or less on eBay) USB-to-NAT adapter of some sort, or by removing the physical drive from the USB enclosure and putting it in a NAS box.
After this column ran in the magazine a reader gently reminded me about the existence of exFAT as well; that's a good option if everything you connect is running a recent operating system. WinXP and later work with exFAT, as does Mac OS from Snow Leopard onward, and so does Linux via "Filesystem in Userspace", FUSE.
How do you move an invisible window?
I was reconfiguring my two-monitor computer (Windows 7) and... to be honest I don't know what I did, that was two martinis ago, but now my "main" monitor is monitor number 2 and my second monitor is black and when I try to bring the display properties thing up to fix it it's off the monitor somewhere.
(Yes, this is another one of those "I'm emailing you from my laptop, because..." letters.)
If I could only bring the damn display properties thing over onto the monitor I can see then I could probably unfuck myself and maybe even shit Sergeant Hartman some Tiffany cufflinks, but I'm reduced to just fishing over there blind with the mouse pointer and it's just not going to happen.
An oldie, but a goodie.
Open Screen Resolution, or whatever other properties window it is that you need. You can't see that window, but it's now open, and because you just opened it, it's the active window.
Press Alt, to go to the menus for the window, then press Space, to open the first, top-left-corner, menu, then press M, to select "Move" on that menu.
Now when you press an arrow key, you'll move that window, wherever it is, in the direction the arrow points. More usefully, after you've pressed any arrow key once, the window will be attached to your mouse cursor, and you can move it around by just waving the mouse without pressing any buttons. Not very much waving should be necessary to bring the window back to visibility.
This technique will work with any window, provided it's a "normal" window with a standard top-left menu (so it won't work with, for instance, Winamp).
Now drop and give me 50, maggot!