Peter Schiff on Gold vs. Bitcoins Misses the Point


Posted by Cynic | Posted in Awake, Logic, Money, Philosophy, Security | Posted on 22-11-2013


Peter Schiff is absolutely one of the smartest guys out there, and I have a lot of respect for him. However, he’s still missing the point about bitcoins and how they have intrinsic value. But first, here’s his most recent video on the topic:

bitcoinPeter is stuck on how gold has intrinsic value through physical usage where bitcoins have no physical usage and therefore no intrinsic value. He is quite correct if he means that bitcoins have no physical intrinsic value. However, this is not what he means. He means that they have no intrinsic value whatsoever. This is where he misses the point. Read the rest of this entry »

SecureWP4Me – Locking Down WordPress


Posted by Cynic | Posted in Security | Posted on 01-08-2013


Being swamped with work and personal life can take a toll on one’s blog. Fortunately I happened across SecureWP4Me.

What would have taken me a sick amount of time was solved very quickly. The proprietor, April, did a fantastic job.

Not only did April fix up security holes for me, she helped set up a far more sane backup strategy.

For anyone that doesn’t want to spend a truckload of time farting around with WordPress and PHP issues, and that would rather just get things done, do take a look at April’s services at It is unlikely that you’ll find a better deal out there, and highly likely that you’ll end up a happy camper.

In any event, I’m finally caught up with security issues, and can now get back to doing some writing!



A Quick Phishing Tutorial


Posted by Cynic | Posted in Security, Solutions to Problems | Posted on 14-06-2012


Phishing is when someone sends you spam that looks like it’s from someone else. The goal is to get you to click a link or open a file. This is what a phishing link in an email looks like (click to zoom):

Phishing Email

The link there doesn’t go to the right site. All you need to do is hover over the link and look at the little bubble, or look in the lower-left corner of your browser to see if the domain name matches the site. If not, it’s phishing. Don’t click it.



How You Are Being Indoctrinated for NFC


Posted by Cynic | Posted in Awake, Logic, Money, Philosophy, Security, Uncategorized | Posted on 10-05-2012

Every time you turn on the TV, read a newspaper, listen to the radio, or watch a movie, you are being psychologically conditioned to accept planned changes for society.

This is effectively stealing your free will.

It’s called “predictive programming” and is an extremely widely used technique is virtually all mainstream media.

In the following video I show you how you are being conditioned to accept Near Field Communications, or NFC. Below that I explain exactly what NFC is, and the implications behind it.

Read the rest of this entry »

Getting Around Internet Censorship: Internet Freedom


Posted by Cynic | Posted in Internet, Police, Politics, Security, Solutions to Problems | Posted on 06-10-2011

Tags: , , , , ,

There is no better way to set me off into a mindless fury of profanity and obscenity than to censor me. I loathe censorship. It sets me off. So, here’s how to get around censorship in repressive police states like Belgium…

The Belgian Anti-Piracy Federation (BAF) has urged all Belgian ISPs to block Swedish freetard site The Pirate Bay after a higher Antwerp court ordered Belgian cable company Telenet and telco Belgacom to make the site inaccessible to their subscribers. (Source)

It is not the job of a supposedly free government to ban or block access to information. That is the job of the police state. The subject matter does not matter. Whether it’s about how to knit patterned sweaters, or how to build and deploy improvised explosive devices (IEDs), blocking access is blocking access. Censorship is censorship.

I previously posted about getting around censorship where I mentioned iPredator. I’d also posted this graphic: iPredator That still holds true. You can also use One benefit to is that you can still send email via port 25, which is blocked with iPredator. Other than that, iPredator and are about the same. I should note that I have tried both, and have found that seems to be faster than iPredator. I could be wrong, but that’s what I’ve perceived anyways.

So, the difference between iPredator and is pretty much nothing as far as censorship goes. Only the name changes. Here’s that same diagram from above adjusted for and censorship

But I’d like to add one thing to the above method for getting around Internet Censorship though: DNS servers. Here’s an illustration of how you could still encounter problems if your ISP filters some sites via DNS filtering, and how you can solve that problem for a complete solution: and DNS Server Solution to Censorship

So, you can also change your DNS servers to something else other than your ISP’s DNS servers. By doing this, and using a VPN, they won’t have the faintest clue what you are doing. You can surf the web freely and anonymously.

Some DNS services include Google’s free DNS resolution services or any other DNS service. Keep in mind though, that whoever is doing your DNS resolution knows what sites you are requesting DNS resolution for… So you might want to investigate that further, and look for a DNS resolution service that has a solid privacy policy and one that doesn’t keep logs.

Here’s how DNS filtering works…

You want to visit a site, like the Pirate Bay. But “” doesn’t mean anything to your computer. Only special numbers work. Those numbers are called “IP addresses”. DNS servers match human-friendly names, like “” to those numbers, IP addresses. When your computer sends a request to your ISP’s DNS servers, your ISP can look at your request and say, “Oh… he wants to visit a site that we don’t want him to… Let’s give him a fake DNS record (IP address) or nothing at all for that site so that he can’t visit it.”

So there you have it. How to get around censorship on the Internet.

And if your ISP blocks you before you can even make a connection to iPredator or, there are more VPN services out there that you can connect to. They can’t block them all.

Cheers, and happy FREEDOM surfing!


How to Get Around ISP Filtering/Censorship


Posted by Cynic | Posted in Australia, Philosophy, Politics, Security, Software, Solutions to Problems | Posted on 25-06-2011

Tags: ,

Well, it’s finally here. Australia is forcing censorship down people’s throats. They’re doing it by getting some Australian ISPs to voluntarily filter some web sites. You can read more about it at the EFF article here. I’m not going to comment on the idiocy of Internet censorship, but instead I’ll tell you how to get around censorship.

Name & Shame

Telus, Optus, itExtreme and Webshield. Those are the Australian ISPs that will be censoring the Internet in Australia.

Now, if you’re not with them, you don’t need to worry, but Telus and Optus are the 2 of the largest, so there’s a good chance that if you’re in Australia, you may need a way to get around their censorship. Here’s how…

How to Circumvent ISP Internet Censorship

There are a lot of web proxies out there, and you can use those. However, if the ISPs are filtering content, and not just URLs, then you have a problem if the web proxy isn’t using SSL, which is more than likely for most of them.

A better way to get around Internet censorship is to use a VPN, or Virtual Private Network. A VPN creates an encrypted tunnel through the Internet and hides your IP. Also, if the VPN is outside of Australia, then everything you do is completely hidden from your Australian ISP, and any other prying eyes in Australia.

There are many different VPNs out there. The important thing for you to do is to find one that does not keep logs. Without logs, nothing can be traced back to you. Some do keep logs, while others don’t.

The folks over at The Pirate Bay have setup a VPN like that at It’s not free, but you can do anything you want through it without fear of being eavesdropped on or being filtered/censored. Here’s a diagram that illustrates the basics. Click to zoom on it.


It’s €15 for 3 months, so it’s very affordable. From the site:

You’ll exchange the IP-number you get from your ISP to an anonymous IP-number .
You get a safe/encrypted connection between your computer and the Internet.

Further, from their FAQ:

Ipredator VPN service enjoys the strongest legal protection possible under Swedish Law because of the service type (pre-paid flat-rate service). This means that Ipredator do not have to keep an ordinary customer database (to be able handle transactions etc.). This is of importance if forced to hand over information.

But even if they handed over any subscriber information, there isn’t any evidence about what you did because they don’t keep logs.

Since iPredator is run by the same people as The Pirate Bay, you can rest assured that they’re not out to cooperate with any law enforcement, which makes them ideal for dissidents, human rights activists, and people living in police states.

So, if you’re using an ISP that filters the Internet, you can effectively tell them to go get stuffed by using something like iPredator.

Happy uncensored surfing!


Code Signing and User Trust


Posted by Cynic | Posted in Security, Software, Solutions to Problems | Posted on 24-06-2011


It’s just about time to release the next version of the Super Simple Photo Resizer, and one of the things that means is Code Signing. However, code signing isn’t a simple process. Well, it’s rather simple, but not all that simple. There’s a lot of overhead for it. The actual process of doing the signing is near trivial, at least how I do it anyways.

Being the eternally lazy one that I am, I always search for new, better, faster ways to do things. Computers are there to help you get things done, and not there for you to “learn how to do things”. At the end of the day, who cares about all that “learning” crap? It’s all about getting things done. Computers are tools, and should do work for you rather than you doing work for them.

So, for code signing, I’ve done 2 simple things.

  1. Buy a certificate from Mitchell Vincent at KSoftware
  2. Use Kent Brigg’s SignGUI utility to do the code signing

The process of purchasing a certificate to sign software isn’t trivial. It’s rather complex. You need to provide documentation and all sorts of goodies that prove who you are and prove that you can be located and tracked down and dragged out into the streets and flogged publicly. Or something like that anyways…

This helps with security process because it delivers a level of accountability. Now, you can go out and pay a truckload of money through Verisign or some other company, or you can get the best price possible through Mitchell Vincent as he sells code signing certificates here. I wouldn’t hesitate for a second to personally vouch for Mitch. Check out his site there if you’re looking to do code signing because he’s got everything you need to know down there.

KSoftware Code Signing

Now, one of the little tidbits Mitch has laid out is a super-cool, easy utility written by Kent Briggs called “SignGUI“. You don’t have to have it, but it will certainly cure a lot of pain for you. I’d certainly recommend using it.

SignGUI gives you a nice, easy front-end for the Microsoft “signtool.exe” program. So, instead of farting around with command line silliness, you can use SignGUI to make the process much easier and faster. You can also save configurations so that later on you can simply open them up and sign your software with minimal fuss, i.e. 1 click.SignGUI

Or, you can succumb to your dark, inner masochist…


But why would you want to go out and pay money for all that and incur that additional step? Simple. User trust. By signing your software, you don’t get the nasty “Unknown Publisher” warnings that can scare off some users. This is particularly more important for the less techno-savvy users out there, as they are more prone to seeing a warning, getting scared, and not installing your software. Not good. You just lost a potential customer.

Here are a couple examples…

Expresso is a wonderful utility for developing and testing regular expressions (regex), and I would highly recommend it to anyone that needs to work with regular expressions. However, it isn’t code signed, so when you go to install it, this is what you see:

Expresso is not code signedNow, for a developer audience that is already knowledgeable in the area, and familiar with the many recommendations for Expresso, this isn’t a problem. Developers know what all that mumbo-jumbo is.

However, many people out there see the yellow/orange warning and panic. ACK~! It’s a virus~! It’s out to steal my passwords and credit cards and maybe even my dog! RUN AWAY~!

You’d be surprised. That’s exactly how some people react. My neighbor was telling me about an “incident” he had, and that’s all it was: an average piece of software that wasn’t signed. He didn’t install it. He got scared.

Conversely, if you sign your programs, then the user is presented with a question rather than a warning:Photo Resizer is code signed

It’s not threatening, and much more inviting for the user to proceed. It has a note there about where the file is from, “Downloaded from the Internet”, but there’s not much you can do about that. You need to “unblock” the file by right-clicking on it, choosing Properties, then clicking the “Unblock” button. That results in something like this when the setup file is run:

Photo Resizer is code signed unblocked

So the message then reads, “Hard drive on this computer”, which isn’t much of a change.

There are other reasons as well for code signing, but that’s probably at the top of the list for a lot of developers.



Opening Up OpenCandy


Posted by Cynic | Posted in Internet, Logic, OpenCandy, Security, Software, Uncategorized | Posted on 03-04-2011

Tags: ,

open candy logoI’ve been involved in a discussion about OpenCandy over at DonationCoder. It’s kind of got a fair bit of fight in it as the topic is hot and the opposing sides are passionate about the issue. What’s the issue? Spyware.

A few people have accused OpenCandy of being spyware. In the above post I briefly outline the smoking guns that show that OpenCandy is NOT spyware. Here I’m going to show that again, but I’m also going to open it up for non-technical people with some additional explanation. There are technical details in here, but I explain them all in simple, straight forward English. Later on I won’t explain the same things again as there’s no sense in repeating myself too much.

First, I’m not going to cite a trillion different definitions of spyware because more often than not they include wishy-washy garbage and contradictions that make them pretty useless as definitions. Instead, here’s a simple definition of spyware that is clear and succinct.

Spyware: Software that sends personal or unique information about a computer or user to a third part over a communications connection such as a network connection, e.g. the Internet or a mobile phone connection.

There’s nothing controversial in there. It could be made better, but it’s good enough.

OpenCandy does not do that. What it does is to download a list of possible offers, then choose one of the offers and present it to a person during a software installation.

Using WireShark, I pulled this information out from the OpenCandy powered installer for Photo Resizer, my own software:


That’s a query string sent to the OpenCandy offer server. I’ll break it down and explain each part. Please note that in some places I am making educated guesses based on a good amount of experience with networking and software.

If you aren’t familiar with what a query string is, it’s just a list of key/value pairs that contain some information for a server on the Internet to process. You can see this in the address bar when you visit different Internet sites. The part to the left of the equals sign (=) is the key, and the part to the right is the value. They are separated by an ampersand (&) in the query string as you can see above.


This key/value pair looks like an identifier for the OpenCandy version to use. It’s a necessary value in case OpenCandy decided to upgrade their software. By identifying the version, they can keep things working. This is exactly the same principle as you use every day in Microsoft Office with new file types being named differently. That tells Windows and Office what version of the file format they are looking at. e.g. DOC vs. DOCX.


This key/value pair looks like “client zone”, which would lead me to believe that it is identifying the country. While I’m not certain, it looks about right. That information could also be gotten from the IP address though, so I could be mistaken. However, 3 characters, “600”, is not enough space to send back any kind of personally identifying information. It’s just too small, so this could not possibly be used to justify an accusation of OpenCandy being spyware.


This is obviously the language, which is obviously not any kind of a basis to accuse someone of distributing software. This value is present in all browser communications and is fundamental for proper communications. Some web sites use this value properly, although most do not. e.g. Google does not use this value properly, and instead of serving you the proper content in the language that you request, they send you information in the language based on your IP address.


This is an instruction for the OpenCandy offer server to send a list of offers. It may have other values. This is not a basis to accuse a piece of software of being spyware. The string “get_offers” is obviously not personally identifying.


This looks like a kind of time stamp. My guess is that it is the time since the installer was run or the startup time for the installer or the OpenCandy DLL. That would be useful for diagnostics, but would not serve any other purpose. The field is too small to contain any sort of personal information.


This is obviously the OS version of my computer, Windows 7 x64. Again, this is not a unique value. All browsers supply this information and more, so it’s only repeating information.


This is the unique product key for Photo Resizer. There’s nothing secret about it. You can decompile the installer or get this value during installation through WireShark. It identifies the program being installed, and not the computer or user.


I believe that this is the version of the Photo Resizer installer that has been submitted to OpenCandy for inspection and certification. But no matter, again 3 characters isn’t enough to send information about you or your computer.


The signature value looks like an authentication parameter to check to see that it is indeed Photo Resizer and not some rogue software. That is, it looks like a security measure to protect the integrity of the OpenCandy network from malicious users or attacks. Now, if I’m wrong, which I kind of doubt, the length of that value is still too small to contain any kind of personal information.

None of the fields are long enough to contain any information.

Now, for the XML itself… I’m not going to explain it all as that would simply take too long. Instead, I’m going to run my FL Studio update and find the OC information in there, post it, and the resultant XML from that.

So, when installing the OpenCandy powered installer for FL Studio 10, this is the OpenCandy GET request:


Again, it looks pretty much the same, with nothing alarming in there.

The FL Studio installer EULA contains this:

Recommendation software
This installer uses the OpenCandy network (or similar) to recommend other software you may find valuable during installation of this software. OpenCandy (or similar) may collect and use *NON personally identifiable* information about THIS installation and the recommendation process. Collection of this information by OpenCandy ONLY occurs during this installation and the recommendation process; in accordance OpenCandy’s Privacy Policy, available at <>.

OpenCandy downloaded some XML. I’m not going to explain it in depth as it’s simply very long. However, here’s the short explanation…

XML is a container format that lets you easily transfer arbitrary information. The nice thing about XML is that you get to define everything yourself, unlike HTML which is already predefined.

Now, the XML for OpenCandy contains offer listings. Those include things like some text to display, the name of the program for an offer, the download location, the downloader that takes care of it all, a graphic to make things look nice, etc. etc. In short, it’s very similar to what you might see on a web site. There are some additional directives and parameters for the offers, but they aren’t related to the computer or user; they are related to the offer. Again, it’s got nothing to do with the user or computer and isn’t in any way, shape, or form personally identifying. It’s been downloaded from the server. It’s information FROM the server, and not from the user or computer.

For the XML, click here. If you examine it, you will see that there is nothing remotely like spyware.

I declined the offer from Uniblue as  I don’t need it.

Next, after I declined the offer, this request was sent:


Breaking that down gives this (a bit more readable):


Most are the same, but there are some new ones. What happens there is that the OpenCandy DLL simply tells the server that the offer was declined. Again, there is nothing personal or identifying in there.

In fact, if you look at the 2 from Photo Resizer and from FL Studio and compare values, you’ll see that they are different. If they were the same, then there might be some reason to suspect that my computer were uniquely identified. But there are no similarities. They are clearly not related.

I also found this in the packet analysis:


Which along with the 1 immediately above just finishes the FL Studio installation and alerts the OpenCandy server that the FL Studio installation completed. Again, nothing to worry about.

The long times there are because I was writing this as I was installing my FL Studio upgrade, and farting around with other things as well.

I hope that the above has sufficiently demonstrated that there is nothing at all in OpenCandy to remotely suggest that it is spyware.

Ad supported? Yes. OpenCandy enables software authors like me to support software by presenting people with offers to install other reputable, vetted software titles. So both Photo Resizer and FL Studio are supported by ads. That doesn’t make them spyware though. That’s an entirely false accusation that I’ve just gone on at length to prove isn’t true. You can replicate the experiment yourself with WireShark.

In related news, Eset, the makers of NOD32, have still not gotten back to me about this.

Man… I think those guys at OpenCandy should hire ME as an evangelist~! =D



Disappointed in NOD32


Posted by Cynic | Posted in Business, Security, Software, Super Simple | Posted on 29-03-2011

Tags: , ,

Security is an important issue, but at some point you need to just stop trying to defend against imaginary foes. I’m disappointed in ESET NOD32 as it is giving a false positive for OpenCandy as spyware.

NOD32 False Positive

I’ve looked into OpenCandy extensively. VERY extensively. I’ve examined the SDK. I’ve examined OpenCandy installers. I’ve not only spoken with representatives at OpenCandy, I’ve also spoken with their CEO, Darrius Thompson.

I came to know about this as I submitted my new software, Photo Resizer, to Softpedia. It was rejected because of the alert you see above.

Now, I don’t blame Softpedia. They were kind enough to promptly let me know that my software had been rejected. This is not their fault. They need to keep a “clean” download site, and they can’t have software that triggers alerts like that. The problem is that it’s a false positive.

This is the email I received (minus the Softpedia staff member’s name and email address and all that jazz):

Your product, Photo Resizer, has been recently proposed for submission to our software database.

Unfortunately, the application does not offer users the possibility to accept the OpenCandy service or not, which is considered a spyware behavior. Also our antivirus solution detected this as a potential threat as you can see from the attached screenshot.

Please take the appropriate measures to fix this issue and resubmit the software with us. If our staff will not encounter any problems during its installation or testing, it will be published on Softpedia as soon as possible.

Thank you for your understanding,
The Softpedia Support Team

They were nothing but polite. I was quite happy with their response. They’re in a tough position. But they are at the mercy of the AV and security companies.

I responded and included a screenshot of the installer that showed that users must make an explicit choice to accept or decline the OpenCandy offer (click the image for a larger version):

OpenCandy Optional Offers

So you can see there that there is nothing nefarious going on. You can either say yes or no.

I’ve been vocal in the past about “scareware” and how I really don’t like the predatory nature of scaring people into giving you money, and this really on reinforces my negative opinion of security in general. I think the security companies owe it to everyone to stop throwing so many babies out with the bath water because that’s just laziness. I know it’s a hard job to do, but that’s not an excuse.

I am firmly committed to quality software. While I fantasize about the many legal black-hat opportunities out there, I just don’t do them. I just can’t bring myself to do that. There are lots of legal sleazy things that I could do, but just because they’re legal doesn’t make them not sleazy.

I would greatly appreciate it if anyone out there would help voice some support for me and other developers out there that are trying to bring good software to your desktop and trying to make a living out of it with options like OpenCandy. Email ESET (the makers of NOD32) through their false positive page here.

You will be doing me and everyone else a favor. Thank you in advance for your support!


WOW! Those guys at Softpedia are BLISTERING FAST! I just received a response:

Hello Ryan,

Giving users the option to install or not a component is the right way to do it and is not considered spyware, just Ad-Supported. Also the antivirus alert must be solved to, as NOD32 has many users that might signal it as a threat. We are looking forward hearing from you after this issue has been resolved.



This is terribly funny. Many download sites use anti-virus scanning to verify downloads. It’s common. But I just received this:

We would like to inform you that your program Photo Resizer 2.0 has successfully passed antivirus and antispyware tests and were so impressed that we decided to give you our 100% CLEAN award! We use for scanning now four of the best antivirus engines available on the market.

Four of the best doesn’t include NOD32. Sigh… I feel sorry for the poor buggers at ESET.

America’s Homeland Paranoia Committee


Posted by Cynic | Posted in Politics, Security, States | Posted on 03-02-2011


palpatine liebermanI fail to understand American paranoia. While reading yet another news story about “security”, it occurred to me just how deeply rooted fear is in American culture and how completely moronic their reactionary paranoia is. The Ottawa Citizen reported this story: Canada rejects U.S. senator’s visa idea: Lieberman calls report on border security ‘alarming’.

In the story, an American senator, Joe Lieberman, the chairman of the U.S. Senate’s Homeland Security committee, gets all upset about Canada-US border security.

It’s 6,400 km long.

The U.S. Customs and Border Protection agency provides an “acceptable level of security” along less than one per cent of America’s 6,400-kilometre border with Canada.

And then the topic of visas comes up…

Just how stupid do you have to be to suggest that? If it’s a matter of illegal activity, it’s much easier to cross the border somewhere in the middle of Saskatchewan or Lake Huron. There is simply no way to stop that. You cannot “adequately” defend 6,400 km of wilderness. It’s insane.

The cost to patrol and maintain that long of a border is simply immense. Who’s going to pay for it? Is it worth it?

Fact is that Canada poses no significant threat to the US. A few rogue elements here and there do not justify the cost that it would take to stop them.

I have a difficult time imagining that there’s not some kind of agenda there. Why would anyone consider such an insane undertaking otherwise? It would certainly be lucrative for whoever provided the border security or whoever supplied the border security with equipment and services.

Here’s an idea, instead of wasting money on “security”, why not waste money on education? I really can’t remember the last time I heard about some disenfranchised, well-educated, doctor of physics living in a million dollar home with 4 cars that decided to go out and start bombing people. Pretty much educated people don’t cause problems… Unless you count voicing an educated opinion as a problem… Which appears to be the case in some places that we shall not name.