OneDrive scam

Time to continue describing different types of scams. Since scammers are showing more and more ingenuity, I feel that I must share these topics with you.

Today I got a Microsoft OneDrive notification about a shared file which looked like a legit email. What makes it nasty, is that the letter begins with a suggestion to add sender to “safe list” so you’d never miss out a scam email.

The Other trick, as described in the previous post, was that all the links point to scammers web page but this time the link destination is hidden using bit.ly (shortlink) (look at the red exclamation mark in the bottom of the picture)

There’s no way of knowing what is behind a shortlink. So always be super-careful when encountering a shortlink! Only click the ones you trust, because it can be a link to a virus!

As always, do not click any links in the email, nor open any attachments. Only delete! Stay safe!

The “There are new messages” scam

I’m continuing on scam e-mail topics. This time it’s Facebook (but I have seen other site styling as well) notification that I have new messages.

While the styling is very Facebook-like, there’s many hints that this e-mail originates from a scammer:

• While the sender name is “Accounts” the e-mail address is from a scammer domain
• The subject contained my e-mail address as user name while it should have been my Facebook name
• If you hover over the link with a cursor, you’ll see that they all point to scammer web page, not Facebook

What’s *really* evil in this case, is that the unsubscribe link also points to a scammers page (which, I can assure you, will not unsubscribe you from anything).

All the links are pointing to scammers domain!

So, please, always check where are the links pointing, when clicking links in e-mails. Even when they seem to be legit!

The “order cancelled” scam

The background

I usually dismiss scam emails without much hesitation. Since recently the scams are quite elegant, so I decided to share those with you with a small analysis of the email.

“Order cancelled” scam

I get *a lot* of emails from “Amazon” claiming that my order has been cancelled. The e-mail it self looks legit: It has been sent from Amazons email domain and does not have any icons in it’s header or text. It really looks like something you would receive from Amazon.

Only thing in the email is the link behind the order ID. This supposedly takes you to your cancelled order. Since this is a scam, it will take you to scammer-controlled site which can harm you. If you long press (with Android) or hover over the link with your mouse (Windows), then you will see, where the link actually takes you (it *should* be an address, starting with amazon.com)

The bold title shows the actual link- a scammer-controlled site. Never-ever-ever follow these links.

The idea behind this kind of emails is to get you to follow the link and either download some malware or on a bad day this will give the access to your computer to the hacker!

Conclusion

Analyze emails with links or attachments: did you cancel an order, or have you even ordered anything? Are you waiting a contract or invoice from a random person or not? Is the email actually from your friend, or is it written with mistakes and in a foreign language? If so then delete the email, do not even be curious what is in the attachment.

If you do not go blindly following links in emails or opening attachments you should be fine. Fortunately, if the sender is not actually Amazon (like this case), then most likely will this email end up in your junk!

 

Safe browsing!

 

Get new GMail address after name change

Motivation

Since me and my wife just got married, she was faced with a difficult problem: how to change her GMail address so that her digital identity would not be lost (contacts, mails, other accounts related with google account etc).

So I surfed around the internet to find an easy solution and to my surprise, I did not find any! So if you want to replace your firstname.maidenname@gmail.com with firstname.newname@gmail.com, then keep reading!

Goal

First of all the main goal was to keep everything intact while using a new GMail address from now on. Since Google doesn’t support this out-of-the-box, we’ll need to put together a small workaround.

Solution

During these steps, GMail sends few confirmation e-mails, I did not describe them in the following steps hoping that confirming accounts is not that hard!

• Step 1: Create a new GMail account firstname.newname@gmail.com. You’ll need a new account if you want to change the actual e-mail address!
• Step 2: Open your new inbox and find the cog icon on the top-right corner of the inbox, click it and find Settings 
  • Find and click on the tab labelled Forwarding and POP/IMAP. This will configure how received e-mails are forwarded to another address.
  • Click on Add a forwarding address and type in firstname.maidenname@gmail.com. This will forward all e-mails sent to your new account to your old account 
• Step 3: Log in to your old GMail account
• Step 4: Open your inbox and find the cog icon on the top-right corner of the inbox, click it and find Settings 
  • Find and click on the tab labelled Accounts and import. This will configure accounts that you manage. Find the section labelled Send mail as and click on Add another email address you own 
  • Enter your new e-mail address firstname.newname@gmail.com to the box with your new name!
• Step 5: The Send mail as section now has 2 entries, one is your old account, the other is the new account. Click on Set as default behind your new e-mail address.

All done! You will keep using your old GMail account as you did before with the exception that all composed e-mails are sent from firstname.newname@gmail.com account and all emails sent to firstname.newname@gmail.com are forwarded to your old account!

HTH

Artificial Neural Networks: The first contact!

In the beginning, there was motivation

This was my first contact ever! Armed with a will to learn and inspiration gained from Tambet Matiisens presentation at Helmes Hack Day, I was ready to take on the black magic of artificial neural networks!

Before You proceed, take a look at Deep Mind learning to play Atari Breakout

The first contact

Since I had no idea whatsoever how does a Artificial Neural Network (ANN) operate or what do I even need to have one, I had to do some background studying. Also, I searched for “ready to use” networks such as Caffe or Project Oxford but stumbled on something called Fast Artificial Neural Network (FANN). It had a long history and latest commits in GitHub were few days old. I decided to use FANN and started to read more about it on FANN homepage.

ANNs are basically systems that take some input data, take also the desired result and using this knowledge, it can reason about some new piece of data, whether it is probable or not. Read more about ANNs at Wikipedia.

Installing the Skynet

After initial research I was ready to install my very first very own ANN! This was a process containing the following procedures:

# apt-get install libfann-dev

By this point the core system was ready to go! Since my potential implementing systems were written in PHP, i needed a language binding. This process was as heavy as the previous one:

# pecl install fann

The PHP binding GitHub page contained an XOR switch example I could use to test if my system was set up successfully. It was!

Training the AI to suggest, not to kill

All I needed now was to train the ANN according to my requirements. For this I had the perfect guinea pig: DrinkPlanet. This is a site somewhat similar to RateBeer but it has taste patterns for each drink. I used those to generate a training file for each user. This data is then used to suggest drinks that user has not tried yet! In order to do so, I had to divide all my values by 100, to make the input between -1 and 1. When my ANN reasons about drinks, I filter out everything that has a probability greater than 0.9!

Conclusion

In conclusion I’d like to emphasize that this is all quite easy to get started, the next steps are harder. I have to figure out the optimal number of cycles to train, the optimal number of layers, hidden neurons etc. But until then I have 10+ beers to taste, so I can be sure whether my current parameters are good or not!

More reading

• Neural Networks Made Simple
• Implementation of a Fast Artificial Neural Network Library (FANN)
• Training an ANN

About reinventing the wheel, a.k.a. the NIH syndrome

Software development has been around for 70 years and a lot has been done ever since, starting from algorithms and programming practices to frameworks and other abstractions. How can it be then, that time after time we try to reinvent the wheel? Recently I stumbled upon (can’t recall the source, sorry) an interesting term for this: the Not invented here (NIH) syndrome.

I have been there too, of course. About a year ago I thought that all the Object-relational mappings (ORM) for PHP are bloated and full of unnecessary features (a statement I have heard multiple times in past and present by different people). So for my mini-project, I wrote my own extra lightweight ORM that required one to use the same name for entity and table, also entity property names had to be the same as the table column names. The core of my ORM translated populated entitys to SQL and vice-versa. Nothing new here.

Nothing new here

Everything was well while delivering the minimum viable product. I was happy that I could use something of my own making for persisting the entities. As I started my second iteration, I felt that I needed more from my system than I could develop at the moment. I foresaw more required functionality in near future, such as lazy loading and generating database structure from my entities. The NIH-hangover arrived.

As I started my second iteration, I felt that I needed more from my system than I could develop at the moment

I accepted my bad design decision, got rid of my make-shift ORM and implemented Doctrine, that’s still in use today. Fortunately the switch was really easy, since my ORM was easily detachable. This might not be so easy all the time!

My most recent encounter with NIH-syndrome was with a larger Spring project where localization (i18n) strings were stored in the database. The developer implemented the i18n functionality from scratch instead of extending Spring MVC Internationalization feature for database. Justification being that “it was not that hard to implement”. As was my own ORM. This, however, will affect the maintainability of the code. We’d also have to keep improving our own implementation when necessary.

So why do we reinvent the wheel?

So why do we reinvent the wheel? As stated in the Wikipedia article about the NIH: the belief that in-house developments are inherently better suited, more secure, more controlled, shorter development time, or lower overall cost (including maintenance cost) than using existing implementations. Moreover, we tend to think that we can, in some way, reinvent it more elegant, more  lightweight and more faster. When in reality the existing implementation has been in development for years by skilled software developers. We should leave the implementation to this team and focus on our business rules!

Moreover, we tend to think that we can, in some way, reinvent it more elegant, more  lightweight and more faster

On the other side, we might need to develop something by ourselves, e.g. the existing component doesn’t cover our required functionality and we’d have to implement the missing functionality by ourselves. In this case it is probably for the best if we do not introduce an external component to our system to reduce the complexity. There might also be a licencing issue. But this is rarely the case.

The verdict- NIH is “the ugly”.

TDD this is Markus, Markus this is TDD

Due to a recent conversation I had about Test-Driven Development (TDD), I decided that it’s finally time for me to try it out for myself. For this assignment I decided to find a simple-enough kata.

To guarantee, that my first time would be special, I decided to do some design up front and so I came up with the following concept (I will not debate over my design decisions as this is not the topic of this entry):

Initial concept

This had to ensure that I am going in the right direction while writing my tests. So I created the above-mentioned interfaces and the implementing classes with no method body, but now what?

This seemed to be the time to start writing unit-tests that should validate my upcoming functionality. With a bit of uncertainty, I started generating the test stubs for Set (In tennis, a set consists of a sequence of games played with alternating service and return roles) class. The easiest place to start was to check whether getServer method returns the first player who should start the set. I created the appropriate test and, of course, it failed. I went back to my implementation, created the method body and tweaked the start method as this is the one that initiates the server (tennis terms again). The test turned green and I felt a strange uncommon satisfaction. At this point I could stop my coding on these methods as it was no longer required- the required functionality was all there!

The test turned green and I felt a strange uncommon satisfaction

The next thing to do was to check whether a Set, that was already started, couldn’t be started again. I started to write a condition in the start method to check the status of the current Set. After few lines of code I realized that I was coding “the old way” and had to throw away everything I had just written. I then updated my tests, that now failed, went back to my class and implemented this check which turned all my tests green. And again I felt the above-mentioned satisfaction. Nothing more for me to do here, next functionality please!

After few lines of code I realized that I was coding “the old way” and had to throw away everything I had just written

Soon I discovered that I can extract an abstract class from Set and Game, so I wrote the appropriate tests in Game test class, did the refactoring and appropriate method implementations. Tests were green and I was sure that my code worked as expected without having a single line of System.out, debug breakpoints or UI for testing.

Few hours in, I had most of the functionality of tennis scoring system with exceptional test coverage. Usually this would be the place I would start to think of some unit-tests to write that I now already had!

In conclusion I would like to say that it worked out for me. For this time. I’d like to try this on a more complex system and then do a follow-up. I think that my success was based on a basic design-up-front which helped me a lot while writing tests and the simplicity of the whole assignment.

Until further notice my verdict is that TDD is “the good” of IT!