Why do some of my students avoid their NUS inbox? They are being spammed by NUS groups and NUS’ anti-spam software!

Students are told they need to check their NUS emails for critical messages from modules. Yesterday, my honours student was unaware of a briefing email to TAs sent a day before. I was surprised as she is very efficient on Gmail and LINE with me.

So she looked sheepish when we found it in her NUS student exchange inbox from the afternoon before. However, as I examined her inbox, I marvelled at the clutter present in there. No wonder she is hesitant about venturing into her student account.

So I showed her two things:

1) Unsubscribe from irrelevant NUS groups.
She was on 30+ lists (we had removed a few before I grabbed this screen shot). She purged herself of all but two. Not all were active, but a few certainly were, and enough to suffocate her inhibit efficient use.

All she had to do was to go to https://groups.nus.edu.sg/NUSgroups/, login (nusstu\userid or if staff, nusstf\userid) and enter her password.

2) Delete twice-daily spam digests from NoSpamMail@nus.edu.sg
All of us in NUS are subscribed to Proofpoint Protection Server, an anti-spam service. It delivers a spam-digest email into our inbox twice a day. This so you can check for false positives but these are rare, so I was essentially being exposed to junk mail subject lines twice a day. This delivery cannot be customised so I am ironically getting spammed by my own anti-spam protection!

An example of the spam-digest email. No, I don’t want to see this twice a day.

NUS IT Care will talk to the vendor. In the meantime, I told my students they could archive the emails from NoSpamMail@nus.edu.sg to a separate folder, and keep their inboxes clutter free – and now read the emails from their professors instead.

In my account, I set a rule which deletes the spam digests so I never ever have to see them. I can check for false positives at the server directly perhaps once a month. Or perhaps not at all – I can barely keep up with regular emails.

We barely have time to think. And inboxes are a stressful necessity in our fast-paced lives. So any method to relieve us of unwanted messages is a boon. Or maybe like my student, stop reading inboxes altogether.

Spam is quarantined efficiently in my account,
with no genuine emails labelled as spam and none getting through even without SpamSieve

Remove that “App of the Day is a feature of Pet Match” spam – check web extensions

I began seeing spam at the bottom of webpages yesterday on Safari, including my WordPress blog:

A quick search of the phrase “App of the Day is a feature of Pet Match” led me to forums and after jumping though a few links, I read this remark by erkme73 on adblockplus.org:

“Folks, it’s not [AdBlockPLus]. ABP is blocking a rogue extension from communicating with superfish.com – and you’re seeing the text alternative. “

George Garside on apple.stackexchange.com elaborated,

“Apparently This is spam, introduced by an extension, through superfish.com. AdBlock is not the cause! AdBlock blocks the injected ad, so the extension inserts the text equivalent.

Disabling AdBlock will remove the text, because it allows the original injection to take place, and will decrease page load time as the secondary text injection is no longer required.

Enable AdBlock so that the text is shown, then disable other extensions that you have enabled, until the text is no longer inserted.”

So I searched my very few extensions and found a superfish.com link on Awesome Screenshot.

I turned that off and, peace reigned again, once more. And thanks AdBlock for blocking that spam code!

Users are fingering a variety of extensions which cause this effect for them, in the links above. It must have been inserted during auto-updates of trusted extensions, which now carry the code. It’s an epidemic!

My photo processing protocol

I share photo albums to Flickr and save copies to hard disk backup.

Photo Processing Protocol (01 Jan 2014)

Flightradar24 to identify that plane overhead and in and out of Changi

Having blogged about Ship Finder, I must mention FlightRadar24, which I first learnt about. It locates and tracks planes the way Ship Finder does for ships.

Here I was observing a flight from Beijing make landfall after crossing the South China Sea a couple of days ago.

On this midday screen grab from today, notice the wide arc taken by the Tiger Airways flight TGW2104 to Bangkok. Helpful when you plan to take air photo of our coastline and islands and are wondering about the typical trajectory of a particular flight.

The URL for a flight you might track follow the flight number, e.g. for this flight it is flightradar24.com/TGW2104.

Since we are in a travel hot spot, there is plenty to see when cycling between Punggol – Pasir Ris – Changi – ECP and Marina Bay. Spotting ships and planes with Ship Finder and FlightRadar24 is fun and informative. Both are iPhone apps as well and you can point to planes to identify their types with location settings on!

Flight Radar is also a $5 desktop app for Mac OS X with a tweaks such as airline and altitude filters. There is also the less sophisticated $6 BoatWatch app. All helpful in illuminating some details about the intense air and sea traffic around Singapore.

Welcome to Singapore, Sultan of Brunei! Via Flightradar24

Boat Watch

Cargo ship Bold Endurance manoeuvres near Pulau Hantu’s reefs, followed by Debby Ng’s onsite tweets and Ship Finder

This morning, Debby Ng of the The Hantu Bloggers tweeted from Pualu Hantu with a photo, “This ship seems anchored scarily close to the reefs at Pulau Hantu…”

I looked up Ship Finder on my iPhone to identify the ship and learnt it is Bold Endurance, a Barbados-registered cargo ship/cable layer:

You can track its position with this Ship Finder link http://shipfinder.co/ship/314112000. Once you know the ship’s name, you can look up more information via sites like MarineTraffic.

As I “watched” via Ship Finder, Bold Endurance carefully manoeuvered in the deep waters off Pulau Hantu, clear of the reefs, under Debby’s concerned watch, to a position further away. Hearts in mouth while she watched, I am sure.

Map with fringing reef (orange) and patch reef (green) from
the Coral Reefs of Singapore webpage.

We have a phenomenal amount of ship traffic in Singapore waters. I only realised how much when sailing in from the South China Sea on the Götheborg in 2006. After many nights in the open sea from Hong Kong, the ship officers had furrowed brows as we neared Singapore.

On watch from midnight to dawn, we were spotting ships in every position around us as we approached Singapore! It was certainly impressive. The two Singapore Navy officers on board were glad to lend a hand in familiar territory as we navigated to Marina Bay.

With Ship Finder (also an iPhone app), landlubbers in Singapore can identify and track ships to get a feel of the bustling marine traffic which led to Singapore’s existence. For the environment community, it is a useful tool to understand the activity in our straits, which affect the marine life which has persisted in these waters.

Bold Endurance is an interesting ship Canadian, Filipino, Ukranian and English crew and can stay out at sea for two months. In ?2004, they laid a cable between Manila and Singapore:

“On the job between Manila and Singapore, the crew laid cable out into the South China Sea from Manila to the halfway point. There they marked the location and dropped the cable end to the ocean floor. The ship then went to Singapore and laid cable out from that end. When they arrived back at the halfway point, they recovered the other end of the cable and spliced the two sections together to complete the job.”

Read more at “[Bold Endurance] From heavy lifting to deep-sea plowing,” by Alan Haig-Brown. Ocean Navigator, 19 Jan 2004.

Off you go…

Heartbleed need not kill your trust in internet security – but it’s time to change passwords for Facebook, GMail, YahooMail, Dropbox

So yesterday I paid for pesto with cash instead of my credit card, because of Heartbleed. I started the morning with an urgent message from my friend Thomas O’Dell, who was especially concerned about alerting our friends in the cvil service. Not about pizza orders to sure, but internet security. A quick check was enough to make me turn to cash.

Reputable sites were describing Heartbleed as “one of the biggest, most widespread vulnerabilities in the history of the modern web.” Holy cow!

“OpenSSL [which provides security protocols] runs on 66% of the web. … [and] chances are, you interact with it several times a day. That interaction can be as simple as entering in a password for an email account or as complex as sending a private message or photo or even filing your taxes.

…this vulnerability has actually been around since December 2011. Lots of software packages started using the vulnerable version of OpenSSL in May 2012. So for two years, any app, website, bank or private messaging app that uses OpenSSL has been vulnerable to this bug.”

To learn more, Google “Heartbleed”, search twitter or read Heartbleed.com for the bad news:

So this morning I checked my restaurant site using the LastPass Heartbleed checker and was informed that:

“The SSL certificate [for the restaurant] was valid 1 year ago at Dec 3 00:28:51 2012 GMT. This is before the heartbleed bug was published, it may need to be regenerated.”

Well, I do hope small businesses in Singapore are getting help from IDA or their ISP or webpage vendor to sort this out immediately. [Update from CNA (10 Apr 2014): “IDA is urging all website owners in Singapore to heed the advisory issued by SingCERT]

CNET consulted experts and suggests we do not log into accounts from afflicted sites until we are sure the problem has been patched. So wait until notification (48 hours?), then change your password!

This recent Mashable article lists sites which have initiated a fix already. But they have yet to inform users. Knowing this, though, it is time to change your password, in case a compromise was experienced, even if theft of data has not been detected:

• Facebook
• Tumblr
• Google, GMail (has two factor authentication)
• Yahoo
• Dropbox (has two factor authentication)

Regular changes of secure passwords can be tiring and difficult and all the more so with multiple devices, unless you get help from a password manager. I am now making proper use of 1password by AgileBits who happily report that 1Password’s technology is not built on OpenSSL and so it’s encryption remains safe.

I do suggest to my students that they use the free LastPass and to study the basics in order to use it well. Mostly they ignore me(!) but they might be a little more interested now. Thus episodic problems like these are ultimately helpful.

Oh, if you already have a LastPass account, it is now time to change your password too! LastPass fixed the problem and integrated a check for Heartbleed vilnerabity.

Once you have a password manager app, generating new secure passwords are easy to frequently do, but it will require some dedication. Still, if that’s all we need to overcome Heartbleed, technology can recede once again into the background.

Update: See “Heartbleed bug: What you need to know,” by Jane Wakefield. BBC News Technology, 10 Apr 2014.

An important disctinction in Dropbox – allow others to read only OR edit/delete files`?

Dropbox is a wonderful file-sharing tool which I use with my students (they have no choice).

Mostly they share their project files with me, which ensure its backed up to the cloud, and sometimes I share papers with them from my collection. This had become easier last year with a simple control click to enable sharing.

However, sharing folders has no granularity in permissions – when I use the “Share This Folder” option in Dropbox, I am enabling full access sharing. and my students can edit, remove and even delete files! There is no middle ground.

They are a careful lot, I have backups and there is a 30-day revision history to correct errors so its pretty safe still. Still, best avoided by simply using the “Share Dropbox Link” option instead. This makes files read only.

Are you sharing files correctly?

Visiting students surf with EduRoam!

Gladys Chua, back for a couple of week from her Bachelors of Marine Science Programme at James Cook University, Townsville is online in NUS today, via EduRoam.

This service is available to staff and students from the international research and education community at participating institutions.

So Gladys, who is here to work on some matters for the International Coastal Cleanup Singapore logged in with her JCU account. So there was no need for me to set her up with a guest account through NUS’ Visitor Account Portal.

Pretty neat!

See http://www.eduroam.org for details.

Imagine Africa without lions

Go home, hug your cat you said?

100 Mbps at home, 300 Mbps at NUS – wired enough or lecture prep

Lecture slide preparation includes rapid exploration of webpages, pdfs, images and videos, and downloading suitable material for inclusion in lecture slides. A fast connection is extremely helpful and encourages exploration so I have always pursued this.

In 2004-2006, the Starhub 6.5mbps line I was on provided wireless connection speeds of less then 1 Mbps. That was okay then but Starhub choked as their consumer packages were very successful and the density of connections increased. That was the time unprotected wireless networks were appearing all over the neighbourhood.

It was slightly faster on the Singnet ADSL line I subscribed to in 2007 but that line would give me lots of problems.

In May 2009, I was very tired of hiccups and rebuffs by webpages due to the Singtel setup. M1 was offering a 100 Mbps line and I forked out $94.40/month for a six month trial – and loved it. I was experiencing 80+ Mbps on a wired connection.

So in November that year, I signed for two more years at $65/month.

Then came the Next Generation Nationwide Broadband Network in 2011 which saw M1 road show deals offering 100 Mbps at $39/month. It was important to wait for road shows and this is still true today. You are otherwise stuck for two years and every dollar more you paid amplifies your grief even as you see faster offerings in the newspaper!

Well, I was fascinated to see a 300 Mbps fibre broadband line going for $49/month at the Consumer Electronics Exhibition (or CEE) at Suntec. This is on until Sun 03 Nov 2013.

NUS’ ethernet ports are gigabit capable, which can theoretically support a maximum data rate of 1 gigabit per second or 1,000 Mbps.

To make use of this, I had to get a Thunderbolt-Gigabit adaptor for the MacBook Pro. And now I have, with the help of a flat Cat 6 ethernet cable, a speed bump of about 100-150 Mbps at my desk in NUS.

100 Mbps is sufficient for my needs. With an SSD hardisk and 16GB RAM that’s good enough for lecture preparations.