Saturday, January 27, 2007

The Quintessential MIPS Assembly Language Script

This small program demonstrates what you need to get started developing assembly language scripts for the MIPS architecture. You only need two tools: a SPIM simulator (e.g. PCSpim v2.03) and a text editor (notepad).

This script demonstrates:
  1. How to declare integer and string variables, and arrays.
  2. How to manipulate arrays.
  3. Using the la (load address), lw (load word), sw (save word), add (addition), addi (add immediate), sub (subtract) instructions.
  4. How to print string and integers to the console.
  5. How to organize a basic assembly language script.
  6. How to exit the program.
When you load the script into PCSpim, the .data section is executed. The data segment is an area in memory where data for the program is stored. In the script, I declare a variable called 'num' of type .word and assign it the value 7. An array is declared by providing a sequence of values, and a string by using the .asciiz type and providing a message in double quotes. PCSpim shows the data segment for our program as such:
[0x10010000]
0x00000007 0x00000002 0x00000004 0x00000006
[0x10010010]
0x00000008 0x0000000a 0x75736552 0x203a746c
These numbers are in hex. The first one ([0x10010000]) is the address in memory where the data is. On a 32-bit computer (like most we have these days), it means data is stored in 32-bit words (thirty two 1's and 0's). But we know that 8 bits = 1 byte, so 32 bits (1 word) = 4 bytes. This is the basis for showing the data as "0x00000007 0x00000002 0x00000004 0x00000006".
The first byte (0x00000007) is the number 7, the value of the variable 'num' in the script. The second byte (0x00000002) is the number 2, which is the first value of the variable named 'array', and so on. The second word is "[0x10010010] 0x00000008 0x0000000a 0x75736552 0x203a746c": it's at address 0x10010010 and contains 8 (0x00000008), 10 (0x0000000a), 'Resu' (0x75736552), and 'lt: ' (0x203a746c). If you notice, all data is loaded sequentially into data blocks the way it was written in the script.

Other observations:
  • la of a variable loads the address of the first element. If you lw a variable such as 'array', it'll load the value of the first element into the register.
  • Array values are dereferenced using 4 byte increments (4 bytes = 32 bits = 1 word). So if array address is loaded in register $s0, the first element's value is 0($s0), second is 4($s0), and third is 8($s0), etc.
  • In the above example, the address of array element #1 (2) is 0x10010000 + 4 bytes = 0x10010004. That's basic address arithmetic for you.
  • Each character is stored as 8 bits. So a word (32 bits) can only contain 4 characters (e.g 'Results' would have to be split into 'Resu' and 'lts', and stored in two bytes (even if 'lts' doesn't quite fill a byte).
Why the heck would anyone learn assembly language? If you are a serious programmer, you want to know that assembly is the final stage your Java or C code is translated to before being ported to machine language (binary). Learning efficiencies that can be acheived at this stage may help with better compiler design and debugging. I like it for my endeavors in reverse engineering - this is where you learn what a program really does when you don't have it's source code or know the language it was written in.

Thursday, January 18, 2007

How to Create Your Own Wiki

I'm sure you've heard of Wikipedia. But what if you could run your own such site? For me, I need a wiki for documentation of my projects internally, but I can see small companies or business units using such a solution to share information or document various policies and procedures. If you have a lot of static documents sitting around your network, a wiki might be a good idea.

The technology behind Wikipedia is Wikimedia, an open-source wiki engine. Wiki engines were originally built for Linux platforms running Apache webservers, open-source or free databases such as MySQL, and easy-to-use scripting languages such as PHP (and thus the acronym LAMP). As such, the most popular implementations of wikis require good knowledge of these 4 technologies. Fortunately, anyone can install and run their own wiki without knowing too much about them.


Prepare Your System
These steps demonstrate how to install Wikimedia on a Windows-based machine using the Saint AMP suite. I do not delve into issues involving having other web servers (such as IIS or application server containers) or databases already running on the system.


Download Software Required
(1)
The Saint AMP Suite (3.4.0): package that includes Apache webserver, MySQL database, and PHP - all designed to work together. Because it is installed as a single application (called a stack), you'll get running much sooner, and do not have to learn PHP or MySQL.
(2) Wikimedia (1.9.0): the wiki engine itself.

Install The Saint WAMP (TSW)
  • Run the TSW executable. Language=English [OK]. Review the welcome message and accept the licence.
    Choose Components: Full WAMP, everything selected. [Next].
  • Choose Install Location: Minimum space required is 160MB. Consider that the database will grow as users create pages and upload files. [Next].
  • Apache global options: provide an email, change the HTTP port for the webserver to use (81, for example, if you have another webserver listening on 80). Leave server name as 127.0.0.1 for portability. [Next].
  • Module Activation: Choose only mod_dav2, mod_gzip, and mod_status. We don't care about the others since we won't be using SSL or integrating with Python engines or IIS/ASP. [Next]
  • Database Options: mysqld-nt.exe. This is the service that'll run the database and listen on port 3306, the default MySQL port. [Next].
  • FileZilla FTP: defaults to listen on port 14147. Leave defaults and click [Next].
  • Start Menu Folder: cleanup the name as how it should appear in Start > Programs. [Install].
  • During installation, a "Connect to Server" dialog will popup. This is the FileZilla service request. Select Always connect to this server and click [OK]. You can close the window.
  • When installation finishes, ensure that the Do you want to start Apachemon now? checkbox is selected and click [Finish].
  • In the taskbar, double-click the Apache Monitor, highlight the TSW-Contentserver and click [Start]. Click [OK] to close the monitor dialog.
  • Ensure MySQL is started (Start > Programs > The Saint WAMP > DB > MySQL > Mysqld-start
  • Open your web browser and go to http://localhost:81/ (if you used port 81). A page should inform you on the success of the installation.

Configure Apache2

Configure the Apache webserver admin account:

  • Open the DOS console (Start > Run ... and type 'cmd').
  • Browse to $tsw$\Apache2\bin. ($tsw$ is the folder where you installed TSW above).
  • Run "htpasswd -cmd .htpasswd ". Replace with the username of the admin account. You are prompted to assign and confirm a password.
  • Run "copy .htpasswd ..\conf". Confirm a file replace. This replaces the default Apache admin account with one you just created.

Change the Apache DocumentRoot - where web documents are stored.

  • Open Windows Explorer and browse to $tsw$\Apache2\conf. Open the httpd.conf file.
  • Find 'DocumentRoot' and assign it an alternative directory, perhaps on a drive with more space or simply outside the folder context of the web server (security measure, maintenance ease).
  • Also change htdocs inside '' to the full name of the sirectory specified above.
    Stop and restart the TSW-Contentserver in the Apache Monitor for changes to take effect.
  • Open http://localhost:3000/ using the admin account iinfo you created above to view various aspects of the server. This is your system's administration console pretty much.

Install Wikimedia

  • Open the Wikimedia package with Winzip, and extract the included compressed file to the DocumentRoot folder of the Apache2 webserver (make sure you use folder structure while extracting).
  • Rename the extracted directory to wiki. (Called $wiki$).
  • Open http://localhost:81/wiki/ to configure the wiki engine for the first time.
    Site Config: provide a wiki name.
    Site Config: provide the admin username and password (for a new wiki account).
    Database Config: provide DB username/password (for a new MySQL account).
    Database Config: check the 'Use superuser account' option - used to create the above account.
    MySQL Options: provide a table prefix for all tables created in MySql for the wiki.
    Click [Install Wikimedia].
  • Move the $wiki$\config\LocalSettings.php to the $wiki$ folder.
  • The wiki can be accessed at http://localhost:81/wiki/.

At this point, your wiki works just like Wikipedia. If you are new to wikis, you should peruse the Wiki User Guide to learn how to add content.

Friday, January 12, 2007

IE Friendly HTTP Error Messages Not Useful for Debugging


I do a lot of my browser testing (client side for web applications) using Firefox. Whenever I experience an unexpected result in Firefox is when I check with IE. Internet Explorer has a feature that intercepts error-encoded messages and displays a user-friendly error page that hides the raw text of the error - useless when you want to debug with the browser. It'd be helpful if the "More Information" option actually showed the error, but it simply restates what is already mentioned elsewhere on the page. Dumb.

To disable this feature, open Internet Options -> Advanced Tab and uncheck the "Show friendly HTTP error messages" option. If you troubleshoot page display errors across a network, it might help to have this option cleared in group policy so it's distributed to all organization browsers. Or you could use the IEAK.

I've had to do this multiple times when users say they can't access pages and an error page is what appears.

Saturday, January 06, 2007

To Catch a Scammer: Roommate Scam - Part VII

Sent: Wednesday, January 3, 2007 1:59:34 AM
Subject: pls mail asap
[Me],
Thanks for the mail i do really appreciate that.I will like to notify you that my stay here is due.I will really appreciate it if you could contact you bank for fast clearance.Thanks
[xxxxxx]

[xxxxxx],
I am told that clearance on checks of this nature can take up to 5 weeks! Although the money registers in my account, the check will need to be validated, so I have been advised against using any of that money until validation is complete. In fact, the money will be "held" in my account but unavailable for use.
I do not know whether you are aware of it, but there is a "roommate scam" working its way around the Internet. The bank just wants to be sure that we are not being swung that way, which is why the funds will be held until the check is verified. I shall let you know when that happens.
What is your itinerary look like? Good luck. I might advise that you begin to find alternative funding for the short term, something you can pay back when your check is verified - to enable you to travel here. This is where your sponsor might be helpful - since he knows the money will be refunded.
= [Me]

Sent: Wednesday, January 3, 2007 8:57:54 AM
Subject: hello
Hi [Me],
Thanks for the mail and i quite understand you.I will like to notify that im a lady of great dignity and respect,i will never and ever venture in any act of fruadunlancy,the reason why i asked for fast clearance is just because my stay here is due and i will be taking care of bill now not the company i work for and i dont have much with me.I wish you understand what im taking about and i will be very greatfull if you can help me out.
I will provide you my flight details as soon as i confirm it from the travelling agency.
Thanks and i cant wait to meet you.............[xxxxxx]
  • The check was received and deposited. At the same time, the bank was notified of the circumstances of the check, and they agreed that it could be a scam.
  • There's a new character in the plot - John Williams, the issuer of the check. I wonder who this one is ...
  • The check looks authentic enough - watermarks are intact and routing numbers check out. I'm told it takes about 2 weeks for fraudulent checked to be identified. But the amount is credited to the account within 2 days and can actually be used.
  • There may be a charge to the account when the check bounces, something in the neighborhood of $30. Victims of this scam end up paying for that as well (in addition to repaying the bank the amount of the fradulent check).
  • Normally, the victim would have sent the Western Union money transfer at this point. Everything still looks good from my end - nothing abnormal.
Now the focus shifts to travel arrangements. We'll let the bank thing sort itself out and focus on getting travel details. Here's our response:

Not a problem. I suppose that since you have already made your travel arrangements, I should expect to see you soon then. When you arrive, we will figure out financial arrangments to sustain you while we wait for your check to be verified. This is the bank's prerogative - the money is simply not available to withdraw at this time.
I am not disputing your integrity - I just felt it my duty to inform you of the scam. You should make sure that you do not become a victim of it.
If I may ask, would you provide me with a copy of your unconfirmed flight itinerary? What are you waiting to get confirmed about the flights? I need to know flight numbers and such so that I can coordinate.
= [Me]

To Catch a Scammer: Roommate Scam - Part VI


Sent: Saturday, December 30, 2006 2:59:31 AM
Subject: hello
Hello [Me],
Thanks so much for the email,i will provide you my flight details just for you to know when and what time i will be arriving,here is my office phone number 2348029516793...call me 3 o clock your time.I will sign the lease myself when i arrive.[xxxxxx]
  • As you can see, the package did arrive. Problem is the shipper on the packing slip is a Mary Thena (not well legible because it is a carbon copy) of 829 Nevada Ave, San Jose, CA 95125.
    • We have a new character in the plot - Mary Thena. Let's assume she's the sponsor/client's assistant.
    • The tracking number from Fedex's own website shows it originated from FL. It's suspicious that the packing slip should show a CA address.
    • View the Google map of the place - it looks like a residential place. So the address does check out. Here's where my good friend Adrian would have come in handy - he lives in San Jose, but he hasn't replied my email asking him to check out the address.
  • We now know that no one will be coming to check out the apartment at this point.
  • I didn't bother calling the number provided - long distance international calls to Nigeria (country code 234) run about 5¢/minute.
Our response:

Hi [xxxxxx],
I received your package and check via Fedex. I shall deposit it in one of my bank accounts and wait until it clears. After clearing, I shall withdraw the money as you requested in a previous email and send it by Western Union.
Noted: Please allow up to 2 weeks to ensure that this check clears. As soon as it clears, you shall hear from me. Otherwise, the apartment is still available, with two people on the waiting list. Good luck with your travels.
[Me]

To Catch a Scammer: Roommate Scam - Part V

Continued from Part IV ...

Sent: Friday, December 29, 2006 5:37:30 AM
Subject: PAYMENT ON THE WAY AND SHIPPERS WESTRN UNION INFO
Hello [Me],
I am so much sorry for the late response,My client just informed me that he the payment is on the way and you will be receiving today via UPS,here is the tracking number..8592 9053 2647.As soon as you receive it, i will want you to deposite it and have $2950 sent to my shipper via western union money transfer...
Here is the info you are to use....
Name:Tony Jones
Address: 10 Camp david street,
Ikeja,Lagos,Nigeria,23401
Test question: ?Customer Name
Answer:[full names]
You will get back to me with the payment information details from western union as soon as you have the payment sent.Please understand with me that I cant leave my things here behind.I have to make sure they are shipped prior to my departure.I will send you my flight intiney as soon as i have it done.
Regards
[xxxxxx]
  • There's a new character in the plot - Tony Jones.
  • Who doesn't know that Camp David is a presidential residence in the US? Just a matter of interest that made me chuckle a little.
  • Continued emphasis around the hook - as soon as you get the money, wire me the balance in liquid cash (Western Union).
  • By this time, her contract is completed so she should be in full swing to travel out here.

I actually did check out the tracking number, except that it was a Fedex number rather than UPS as suggested. Here's how it looked:
Tracking number 859290532647
Ship date Dec 28, 2006
Service type Priority Envelope
Tracking results as of Jan 1, 2007 12:36 PM CST
Date/Time Location/Activity
Dec 29, 2006 10:00 AM COLORADO SPRINGS, CO/At local FedEx facility
9:59 AM COLORADO SPRINGS, CO/Delivery exception
8:44 AM COLORADO SPRINGS, CO/At local FedEx facility
5:37 AM COLORADO SPRINGS, CO/At dest sort facility
4:04 AM MEMPHIS, TN/Departed FedEx location
12:06 AM MEMPHIS, TN/Arrived at FedEx location
Dec 28, 2006 7:01 PM OCALA, FL/Left origin
5:09 PM OCALA, FL/Picked up
Notice that the package comes from Florida. Assumptions = the sponsor/client is located in Ocala, FL.
Our response:

Thank you very much. I shall await your package, and will notify you when it arrives. Is there a phone number you can be reached at?
I have taken note of your Western Union particulars and will act on them reasonably. When do you anticipate on arriving in the US from Nigeria?
And who have you designated to come sign your lease papers?
= [Me]

To Catch a Scammer: Roommate Scam - Part IV

Continued from Part III ...

Sent: Sunday, December 24, 2006 9:22:25 AM
Subject: UPDATE AND SHIPMENT DETAILS
Hello,
Good morning and how are you doing?I hope you're having a wonderful time.I'm so glad to inform you that i got a shipper that will be moving my things down but unfortunately he insisted on advance payment before proceeding with the shipment.However, i would love to ensure that my properties were safely set on deck before coming down.Please be also informed that you'll be receiving the payment soon and as soon as you received the payment,kindly take it to your BANK to cash and deduct the fee for my room.So, after the deduction,i'll need your assistance in sending part of the balance through WESTERN UNION office to my shipper asap so that he can proceed with the shipment on time.I'll provide the information that you'll be needing to send the money and the exact amount to send later.Please i'll like to know the nearest airport to the house and if you will be available to come and pick me up at the airport or i should make alternative arrangement.Hope to hear from you soon.
Thanks a bunch and have a good time.
Respectfully,
[xxxxxx]

  1. The main hook of the scam is introduced now.
  2. The content of the email looks template generated, with the keywords consicuously emphasized in capital letters - almost as if the scammer only needed to change two words and forgot that his caps lock was on.
  3. Total ignorance of what I asked for or suggested in previous emails. If he were smarter, he'd have provided some answers.
  4. The feel at this point is that of 'auto-pilot' - its direction already seems well programmed, no matter what I try to do.
At this point, a couple of friends are in on the scam and we are working together to see how far this goes. Here's our response:
Airport is Colorado Springs (COS). Sure, I can pick you up when you arrive. Who did you say would be coming to see the apartment? I do not want you to make monetary arrangements until you are sure this is where you shall be moving. Over this week, you can have them come and take a look.
I shall then need to receive your Jan-2007 payment before Jan-31 if you intend to move in. We pay for the month ahead here. We shall deal in cash (or Western Union ). Someone will also need to come sign lease papers.

Friday, January 05, 2007

To Catch a Scammer: Roommate Scam - Part III

Continued from Part II ...

Sent: Tuesday, December 19, 2006 10:21:55 AM
Subject: PAYMENT DETAILS
Hi [Me],
Thanks for the mail.I'm so glad to hear from you.However, i'll be out to get a shipper who will be moving my properties in before my moving in date.In the mean time, i'll be needing your full name,mailing address and your phone number so as to prepare the payment as my client will be sending a cheque of payment (about $4500 being money due to me) from which i'll like you to deduct the fee for my room and help me keep the balance with you as i'll be needing some money to pay the shipper that will move my things down. I will keep you posted of when you are likely to receive the payment.Hope to hear from you soon. Have a nice time and i also hope i am going to have a lovely stay with you over there.
Thanks
[xxxxxx]

The picture in this post is supposedly a picture of the potential roommate. Hott, I must say, but flags continue to arise:
  1. The picture arrives as a hyperlink to http://www.modelmayhem.com/pic.php?pid=1890061. The site is an [adult] modeling site and the actual owner of the picture on the site is a 'Jessica'. While we can't verify all this, it's a huge departure from the persona presented in the previous email.
  2. The questions I've asked in previous emails have not been answered.
  3. The potential renter completely ignores my suggested plan of action, expressing interest particularly in payment proceedings. She does not seem to take my other clues as well ...
  4. The sponsor who was supposed to come see my place is now termed 'client', and he/she will be sending the money. It's beginning to look like no one will actually come to see the apartment.
  5. Notice the huge amount of money ($4500), way more than what is needed. This is the hook!
In response, I provide my real address and a general purpose Skype phone number I set up. I mention that $4500 is a huge amount of money, but that I can hold it for her and write her a check once she's moved in. I remind her that the place has not been cleaned yet, but that I expect it to be done in the next few days so that her sponsors will come check it out.

To Catch a Scammer: Roommate Scam - Part II

Placed an ad for a roommate on Dec-09 in various media, including free newspapers, some rental websites, at my school (UCCS) and at a couple of area churches where I attend. The following is an actual email from a potential roommate who turned out to be a scammer, responding to my confirmation that I had a room to rent. (read about the scam here):

Date: Dec-19, 2006

Hi [Me],

Thanks so much for responding to my mail.Please i'll like to have the breakdown details,the total move in cost of the room as well as the picture of the house as i'll not be able to check out the place until my arrival,so that i can make arrangement for payment prior to my arrival since i'll be coming down from West Africa as soon as i'm able to secure a comfortable room.I'll also like to know abit about yourself.I'm looking forward to hearing from you soon.
Regards
[xxxxxx]

Names have been omitted for confidentiality. The first problem with this email is that the respondent is a girl, when my ad stated that I was seeking a male roommate. So unless they didn't see that item, there's nothing we should be discussing at this point.

Secondly, I received about 8 emails that sounded just about the same as the one above, so in my mind, I had already flagged what's going on as suspicious. [See another such posting here]. I decided I'd find out more.
In any case, I responded with the breakdown (total costs and how we splits them amongst roommates). I also described the apartment and what amenities it has, stated what I do for work, what I'm going to school for, and what else I like to do. I did not send any pictures.
In the response, I asked what (s)he is doing in West Africa and what country she is in. Here's the response I got back:

Date: Dec-19, 2006
Hi [Me],

Thanks so much for the mail.I really do appreciate the breakdown details of the house.I'll be so glad if you can reserve the room for me and remove the advert from
[omitted] as i'll love to rent the place. And please tell me if i can ever consider the room as mine.I'm Australian, a quiet and easy going person to live with. I'm 5"7' straight. I dont drink and smoke but i'm cool living with people that do.I always love to go on date but seldomly party.I swim for fun and sometimes play tennis. My families lives in Australia,i am currently working on contract for my company [omitted] here in West Africa.I had professional certification in CCNA(cisco certified network association)also a Bachelor's Degree in Computer Information Systems, plus another in Business Administration.I hope to end my current assignment by the 28th of Dec 2006 and will love to come down as soon as possible to explore my talent and hope to have a more profitable job. I do not have a pic presently on my system but will try to attach one to my next mail. I had like to make the payment for the first month ahead of my arrival, and then i will make subsequent payment thereafter as i plan to stay for more than Eight months. So i'll send my client to see you,you will get the payment prior to my arriving date.
The things i will be moving in are as follow;
my Mercedes (C-class 2004 model) metalic green.
suite case containing my books
my 26' DELL PLASMA TV and DVD Home theatre
my clothes in three luggages
my desk top computer (COMPAQ) and pieces of
furnitures.
Hope to hear from you soon
Regards
[xxxxxx]

Mind you this is only the second email from this person, and if you are paying attention, you can already tell there are problems with this picture:
  1. The language use is terrible. While this itself is not a big flag, Australians (especially those that are highly skilled as this person purports to be or have travelled) are proficient at English.
  2. The person is already interested in my place based on the simplistic descriptions I gave them in one email, and she'd like me to reserve the place for her and stop advertising it - she really needs it.
  3. The person offers to pay for the first month. This is overcommitment as far as I can see, but because they might leave within 10 days to come over, I ignore it to allow for hasty planning or urgency on her end.
  4. The company mentioned does not align with her skills. For kicks, I called a couple of companies with the name provided and asked if they had operations in West Africa. None did, but I let this slip because jobs can be that fluid - no biggie - though i did take note.
To clear any misunderstandings, I offer a link to my MySpace profile in response, hoping she'd pick up on the idea that I am male. In fact, I also have the text of my ad right on the profile page, emphasizing that I need a male roommate.
Also in the response, I affirm her profession as admirable (since I happen to have those same interests, I wonder whether the mail is doctored to appeal to me that way ...). Most importantly, I suggest a plan of action: that I shall have cleaners touch up the apartment and then her sponsors can come check it out. If they like it, they can pay a deposit, and the room would be reserved for her. I'm additionally nice in the response that I offer to check for her on any job postings with my company, since she'd be a good fit.

At this point, I'm playing ... I know fully well that this is the well-known roommate scam. I've made up my mind to play along and see where things like this end up (without being scammed).

[To be continued ...]

java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String

Very simply, you get the exception
java.lang.ClassCastException: [Ljava.lang.String; cannot be cast to java.lang.String
when you try to cast an array kind of a class to the linear type. In this case, attempting to cast String -> String[] or vice versa will cause the JVM to throw this particular exception at runtime. Compilers cannot catch this oversight.
As an example, consider an attempt to read all parameters passed to a servlet using the request object. The parameter map can be obtained with:
Map parameters = request.getParameterMap();

From HTML basics, we know that parameters are passed as key/value pairs of Strings to the web server, so the temptation is to assume that the generics mapping for parameters is <String, String>. In fact, compilers will allow you to use this generic:
Map<String,String> parameters = request.getParameterMap();
for(String key: parameters.keySet()) {
String value = parameters.get(key); // error happens here
System.out.println(key + "=" + value);
}

This code snippet will compile and run fine, producing results that look like:
firstName=[Ljava.lang.String;@1fe49b5
lastName=[Ljava.lang.String;@1993b4f
This is assuming parameters passed to the servlet (or JSP) include ones named 'firstName' and 'lastName', of course.

As it turns out, the value side of the parameter map is actually a String[] type. So the proper generic for this map is
<String, String[]>. When you call request.getParameter("firstName");, it simply returns the equivalent of parameters.get(key)[0];, which reads the first value associated with the key. This happens even if your form might have sent single-dimension parameters for processing.
So, just remembering the map's generics mapping may save you a lot of headaches down the road. This is simple Java internals - but a look at forums on the web shows how much of a problem this is for programmers out there. You's get the same kind of exception if you attempted to cast Date to Date[] (which would throw java.lang.ClassCastException: java.util.Date cannot be cast to [Ljava.util.Date;).

Tuesday, January 02, 2007

To Catch a Scammer: Roommate Scam - Part I

I always knew about this scam, but during my recent search for a roommate, it fell in my lap. Not two, but 8 people contacted me with basically the same offer: that they are interested in my room, and will send a check in overpayment for the first month, and that I should send them back the remainder via Western Union. A number of websites warn about this kind of scam, including Scam Victims United forums, Credit Suit, Craig's List, blogs like Pradeep U.K.'s, and DigsBoards postings. You are advised to report any such activities to the FTC at 1-877-FTC-HELP.
Here's the plot of the scam, courtesy of roommates.com:

Fraud Warning:
It has come to our attention that a scam is being perpetrated on many rental websites, most commonly directed towards those with a room available for rent. The scammers are typically foreign (many state they are from Nigeria or the UK). They will send an overpayment for a rent deposit in the form of a cashier's check. The scammer will then ask for a partial refund (their overpayment minus the deposit). After the money has been refunded, the victim finds that the cashier's check was counterfeit.
Victims have lost thousands of dollars as a result of this scam. Please be cautious when receiving deposits. If someone writes you a check and later asks for a refund, call your bank to make sure the funds are securely in your account before returning payment.

Being the weird guy I am, I decided I'd play along and see how it unfolds. In the process however, I provided enough clues that I was aware of the scam to see how many would drop out. At this writing, only 2 remain. I sent the same message to everyone, but will post messages from any of them to demonstrate the progress of how it happens - the key milestones to watch out for.
And for the record, I was NOT scammed; only thing I may have lost is time and a couple of dollars (to scan the check). Well, maybe time on hold alerting my bank, and a few minutes when this person tried to call me by 'IP voice relay services' ....
In all my emails, I always included a link to this blog, so one of those guys will certainly read this story. I hope he laughs about it as much as I am! This is the oldest wire fraud scheme on the books, but amazingly people fall for it all the time ... it churns my guts.

Monday, January 01, 2007

How to Find the Right Codecs for Your Media Files

I recently had a nightmare trying to play some AVI files as part of a presentation, and after some research realized that just because a media player claims to play AVI files, it may not necessarily have the correct codec to play it. In few words, a media file can be encoded any way you like (information in the file's header itself), which is where codecs come into the picture.
For these particular AVI files, none of the programs I tried (including Windows Media Player, Real, WinDVD, Winamp) could play the files on two machines I tried, yet they play on my machines back home. At best, these media players played only the audio of the files.

Finally, I discovered a small tool called GSpot (
Download) which allows you to view the actual encoding on a media file and tells you which codecs you need to view the file, in addition to checking the integrity of the file. Although my files were AVI files and the programs I tried claimed to support them, none had the xvid codec with which it was encoded. In GSpot, after you read in the file, under the video section is a 'codec' field that reports this information.
Then you can google for the particular codec you need. I found my xvid codec at xvid.org, and after downloading and installing it, all my media programs are now able to play the AVI files on these computers. If you download a lot of media files, this is actually a good codec to have installed. Most programs that create the most popular video clips on the web or torrents use this encoding because of its efficiency in compressing videos, in addition to being cross-platform (works on Windows as well as Linux variants and Mac).