6 Sep 2003 (updated 6 Sep 2003 at 23:39 UTC)
»
A Tale of Digressions
So, I have this code at work that talks to a secure web server pretending to be a browser. For various reasons, we'd like to make the code use HTTP/1.1 and persistent connections. The current code is in perl and invokes a subprocess for each request.
I say, "I know, I'll rewrite it in java, and use
The Jakarta Commons HttpClient!". That gives me a chance to get more up-to-speed in java (another work requirement) and use what looks to be a featureful and dependable http client library. There are also more java people than perl people around there to look after the code.
This is kinda hot, so I'm working on it at home over the weekend. First I decide I need to set up SSL on my testing webserver to have something to test against. That way I can also learn something about setting up SSL on Apache 2.x -- what I have installed here on my Debian box -- and that's not exactly a waste of time.
So, to figure out this SSL stuff, I go to the manual, I have apache2-doc installed, so there's a link on my main webpage which takes me to http://localhost/manual, where I see
URI: index.html.de
Content-Language: de
Content-type: text/html; charset=ISO-8859-1
URI: index.html.en
Content-Language: en
Content-type: text/html; charset=ISO-8859-1
URI: index.html.fr
Content-Language: fr
Content-type: text/html; charset=ISO-8859-1
URI: index.html.ja.jis
Content-Language: ja
Content-type: text/html; charset=ISO-2022-JP
URI: index.html.ko.euc-kr
Content-Language: ko
Content-type: text/html; charset=EUC-KR
... at least with "view source" thats what I see. Rendered as html, it's all run together.
Hmm, it appears that there's some problem with the language negotiation. I should have done then what I did just now: found the existing bug report and let it go, but instead I poked around in my configuration files and read up on mod_negotiation trying to figure out what's up.
Then I decide I should try this from a different browser to see if that has anything to do with it, so I go over to my wife's win2k box (which I normally dread to touch) and point it my apache 2 manual. Same result. I decide to check the manual on the official apache website to see how that behaves and make a wrong guess at the URL ...
My God! Some evil slimeware program has hijacked the 404s to take IE to their scummy advertising "search engine"!!! Now, my wife's not as paranoid as I am, but she is definitely an intelligent and aware computer user, so there's no way she installed anything "cute" or something. This scumware had to come totally stealthily, just as a side-effect of browsing. I am totally amazed that people can even use Windows, when evil marketing assholes compromising your computer is a typical everyday occurance.
I'm sure it must cause many non-technical people to give up on the internet altogther.
Now, I know I can just run AdAware and get rid of this crap, but I was so amazed by this evil attack on my wife's computer that I expended some energy (fruitlessly) trying to figure out what happened.
... then the next day I had to post on advogato about all that. Ok, about that http client program I need to write ...
Addendum: A bold scam e-mail
Ok, I really should get back to work, but I got a scam e-mail pretending to be from eBay, and attempting to get me to fill in my personal information at http://211.217.224.102:4901/stats/.
Internet criminals are getting bolder and bolder these days!
I've seen some of these for e-gold before, but no one uses e-gold, so that doesn't matter. Everyone uses eBay. I guess I'd better report this to the FTC -- I'm sure someone else will, but what if everyone just said that?