All that is wrong with the world…

October 13, 2010

The best kebabs in the world

Filed under: Travel — Tags: , , , , — allthatiswrong @ 2:36 pm

My favorite food in the world were the donor kebabs I would buy when I was in Brisbane, Australia. I used to go to a particular shop that made them perfectly, and often when other stores tried the kebab would explode in an epic display of failure. Lamb or beef and chicken, tomato, lettuce, onion, pineapple, mushrooms, jalapeños and olives with hot chili sauce and sour cream wrapped in a thing stretchy kind of pita bread. Delicious. No tabbouleh though…that stuff is nasty.

That is more or less the style of kebabs in Australia, or at least Sydney and Brisbane. A lot of different toppings and sauces, wrapped in pita bread like a wrap. While traveling the world I often searched for a kebab that was similar and have always come up empty handed. All the kebabs across Europe seem to be just basic Turkish kebabs…, meat in a flap of bread, sometimes thin or thick and crunchy, with very basic toppings such as tomato and lettuces with the only sauces being chili or garlic. They just aren’t the same, and they can be a whole lot messier to eat. Even in NYC where you can find pretty much any food you could imagine, I was unable to find Australian style kebabs. I tried the kebabs in Germany, both in traditional and wrap style and while tasty, they still didn’t compare. Given the lack of variety in take away food, they can become downright bland after a while. I’ve tried Gyro’s a few times which can be tasty, but they are definitely a separate dish.

I never understood why it was so difficult to find a donor kebab in a wrap with the choice of more than two toppings or sauces. The delicious thin stretchy bread is nice, but not necessary. Just to have some pineapples and olives on my kebab and not have to take care to hold it would be ideal. I thought searching for such a thing was a lost cause, until recently. I arrived in Vancouver a few days ago, and was very pleased to hear that the kebabs here are similar to the ones in Australia. The kebabs here are definitely the closest I have found, but just not the same.

All the toppings I listed above are available but the sauces still seem limited to garlic and chili. At the one store I went to toppings come in at I think 75c per topping, and combining meats adds an extra dollar or two. The kebab I described above would end up at about $12 CAD, compared to just under $8 AUD. The other thing is the bread just isn’t the same. It’s a standard puffy pita pocket. It holds everything together well enough unlike the kebabs in Europe, but it seems a lot more squashed in. Like the kebabs in elsewhere, a significant portion of inside the pita seems to be lettuce. One of my favorite things about the kebabs in Australia was that it was mostly meat inside.

I haven’t had a kebab even close to my favorite in quite a few years, so this was definitely a nice thing to find out. I’ve only been to one kebab shop so far, so with a bit of exploring I might be able to find one more reasonably priced and with different bread and sauces. I’ll keep looking until I find someone who make a kebab like the best in the world – at least now it seems like I have a good chance.

October 11, 2010

Thoughts on the recent soft hyphen exploit

Filed under: Security — Tags: , , , , — allthatiswrong @ 3:00 am

Recently there has been discussion of crafting malicious URLs by making use of the soft hyphen character. The soft hyphen character is only meant to be rendered if and when the text breaks onto a new line, which is almost never the case with URLs. The problem is not so much a security risk on an individual level, rather by incorporating the ­ character in URLs, it allows some spam catching software to be bypassed.

I think the real problem this issue highlights is that it is still unsafe in 2010 to trust website links. This issue actually reminded me of the Unicode URL attack which came to light in 2005, where it was possible to register a domain that looked like a common domain using different characters. This soft hyphen attack could allow for some of these malicious Unicode domains to be treated as legitimate.

Perhaps the first step is to educate people about SSL certificates, and have them check. But it isn’t enough that people simply check that their domain is trusted, as it can be easy to get a domain automatically trusted by most browsers. Instead, we would have to educate and get users to examine the certificate details for every important site they visit. This is unlikely, and since it shifts responsibility to the user, not so great a solution.

An easy solution may be to have a very restrictive set of characters allowed for URLs. At present a domain with soft hyphens encoded within appears as a normal domain in Firefox 4.06b, Opera 10.62, IE 9 and Chrome 6.0.472.63. This could be easily solved by forcibly rendering the soft hyphen character or in some way indicating the URL contains special characters. Likewise there should be an indicator when a URL combines different character sets.

These types of simple exploits will continue because there is just so much to work with and security has not been considered until too late. Browsers (and any internet aware program) should be designed with security in mind from the ground up, in which case they would have implemented something like a restricted character set or warning, and both the soft hyphen exploit and Unicode attack would not have been possible.

October 10, 2010

Stargate Universe still trying too hard

Filed under: Entertainment — Tags: , , , , — allthatiswrong @ 8:09 pm

When SGU started I don’t think people knew what to expect. The premise of being stuck on a ship traveling the universe, with no control drew comparisons between the original series, Atlantis, BSG and Sliders, with the latter being the most accurate. From the first episode, the show has not been entertaining and there is something to be said for the acting.

The Stargate series was always cheesy and low budget, but it’s saving grace were the dynamics between the characters and the predictable yet entertaining writing. Most fans were probably happy to hear that Stargate was getting the serious treatment, allowing for a more realistic view into the universe. So far, it just isn’t working. Most of the cast can’t act, and the storylines are far from entertaining. The show seems to be trying far too hard to be taken seriously, with many episodes revolving around a need or dilemma. This is similar to the original series or Atlantis, except where in the previous serious we would have some comedy dialog or action, on SGU we have a lot of glaring and snippy bantering.

The recurring plot point of the civilians wanting to gain control of the ship is not entertaining at all. Colonel Young continually makes stupid decisions, and obviously ignoring the IOA is going to have negative consequences. The attempt for civilians to take over the ship was interesting, but resulted in nothing. The characters are aggravating as well. Eli is a kid who happened to solve a puzzle in a computer game and thus has equal status to Dr Rush, an established expert in his field? Sergeant Greer’s tough guy routine got old almost instantly, and there isn’t anything likeable about the character. His blind loyalty to Young makes me wonder if there is much of a man behind the uniform.

One of the most annoying things about the show is that the Stargates don’t seem to have much relevance to the plot of any of the episodes. The Stargates are simply the means to travel to whatever planet they happen to be in range of when they don’t need to take the shuttle. Stargates could be replaced by beaming technology or shuttles permanently for all the difference it would make. For the ship being filled with the random assortment of people and equipment in the room at the time the 9th chevron was activated there is also an awful lot of Earth equipment such as leather couches and pillows and sheets. Could the producers not think of any way to make these things alien, or was the Ancient culture coincidently similar to that of modern western society?

I’m kind of tired of every episode ending with a near 3 minute music video, once again showing everyone being depressed and feeling hopeless. These are the type of things that should be shown and developed on the show, not implied through sad faces and bad music. Even when the show seems like it could be interesting such as Young leaving Rush on a planet, the show never comes back to it’s just forgotten. It seems the show is trying far to hard to be serious and forgetting it’s roots. It has sacrifices the character dynamics and sense of adventure that contributed to the previous series successes and replaced them with failed attempts to be dramatic and suspenseful. It’s only in it’s second season so it may yet get better, but at present there is a good reason it only has half a million viewers while airing on Tuesdays.

Thoughts on It’s Always Sunny in Philadelphia

I recently watched all of It’s Always Sunny in Philadelphia, having heard a lot of good things about it. After watching the show…it seems funny enough, but it just doesn’t work. The gimmick of the show is meant to be the selfishness of the characters, but it is far to contrived. The selfishness is inconsistent, and often unbelievable such as the gangs indifference to Frank’s suicide attempt in S05E03. It’s a fairly smart show and I like the actors, I just don’t think it works most of the time.

It could be because I’m quite used to that sort of humor, and don’t find it shocking as it is intended to be. I think there are many dark comedies that do a much better job of making selfish characters funny. Most of the people I see who find the show funny are people who live pretty tame lives, have never met anyone like the characters in the gang and would be much less able to imagine some of the stuff that is on the show. That’s most people…for anyone who has actually met selfish people or hung out with them…the show just doesn’t work.

When the show does work, is when the gang’s ignorance is played up. Not knowing how the US was founded, not understanding the basic meanings of many commonly used words and similar. Or, just being dumb and showing the enormous gaps in their reasoning, and the resultant shit it gets them into. That only seems to be about half the show, if it were the focus I feel the show would be much funnier. Even so, aside from South Park there is no other show that does such a good job satirizing the ignorance and greed of many Americans. One of the great things about the show is the character Charlie. He is a very very strange character, and through the series the insights and justifications for his strangeness only add to the mystery of the character. He isn’t strange in a fun wacky Kramer way but rather in a creepy perhaps you should be scared sort of way, except that as no one takes him seriously he gets reduced to non threatening amusement.

One of the interesting things about this show was that it has been continually compared to Seinfeld. Unfortunately, it does not compare at all to Seinfeld. Then again, very few shows do – it’s a high standard to meet. While Seinfeld had 3 guys and a girl who were selfish and a token weird character…that is where the similarities end. To compare the female characters, Elaine was always considered part of the group, just one of the boys whereas Dee is almost always rejected or left out. The dynamic is completely different in the group, as where the selfishness on Seinfeld was believable and they were still there for each other, IASIP just takes it to far, and it doesn’t work. The show certainly doesn’t have the genius and wit of the Seinfeld nor do I recall a single episode which was more complicated than a simple scheme going wrong. It’s an entertaining enough show and it’s something to watch but it surely isn’t anything special.

October 6, 2010

Riding on buses and trains for free

Filed under: Travel — Tags: , , , , , , , , — allthatiswrong @ 10:31 pm

So, for the last few years whenever I have gone to the UK, I have traveled around for free. This is started in 2005 when I was going back between Edinburgh and Glasgow, and realized the bus companies MegaBus and CityLink allowed to to show a code for your ride. This code was basically the date and time, and perhaps one or two random letters. The drivers only ever seemed to check the date and time, and so anytime you wanted to catch a bus, all you needed was a pen and paper. Citylink
may have been a bit stricter by requiring a printout. However, HTML is easy to change, and since the printout itself was the only authorization needed, it was hardly a problem.

A very lax system, with many benefits. Now, this is fairly immoral, but I just couldn’t feel bad about it. The buses will go their route regardless, and when backpacking around Europe on limited savings, I’d rather rob a national company then not eat for a few days.

Now, the code system above only works for short distances, although as far as I know in 2010 the same systems are in place, and it is still just as easy to do. Of course, this does not work for longer trips such as Glasgow to London, where codes and names are actually checked against a list. I found this out the hard way in 2007. I had a flight leaving from London, and thought I had booked a Megabus from Scotland overnight to arrive the morning of my flight. Alas, while in line to board and looking at my receipt, I realized I had stupidly booked my Megabus for that morning, so it had long since left.

Now….what was I to do? I was not prepared to miss my flight, and at that time I had not considered a train a possibility due to the crazy expense. So. I managed to covertly copy the code of someone else behind me in line, and make sure I wormed my way a few people in front of him. I managed to board the bus, no problems. Although by doing so, the bus was heldup for about an extra 20 minutes. See, when the guy whose code I had stolen tried to board, he was marked off. I felt bad…, but still wasn’t about to miss my flight. It worked out well, as he was still let on, and everyone got to go to their destination, and Megabus even got their money.

When I was catching a train with a friend in Glasgow around 2007, I was informed I could buy my tickets on the train, and it was not a worry. I happened to test this with a debit card I had that I knew had no money on it…and it worked, perfectly. It seems much like planes, the trains in the UK have no way to verify funds in real-time. Jackpot! Being the broke traveler I was…am, this was an enormous boon. This was even better than free bus rides…it was certain I could always get a fare, and in substantially more comfort!

Traveling between London and Edinburgh? No worry, just hop on the train, first class if I like and pay the fare, perhaps an open return. A canceled or out of money debit or credit card is accepted without a problem. Indeed, London Victoria stations had guys going around with portable ticket printers that also did not verify in real time, so you even had a ticket to get on the train. As immoral as this was, it was often a lifesaver for me.

Being at the end of a trip and having a flight back home, but not even enough money to catch the train to the airport? I don’t tend to have people I can ask to help out in these situations, and so knowing I can do this is a lifesaver. When I used to catch the Gatwick express the same trick worked for Citylink, simply modifying a ticket. Of course since you can simply pay with a card, there is absolutely nothing to worry about, a guaranteed trip if need be.

However, I certainly didn’t use this only when needed. After realizing how easy it is to get away with, I ended up using it for all my travel in the UK. It was especially nice to use on planes. I upgraded to a seat with more legroom on my flight a few months ago from Miami to Vegas. I don’t think I was ever charged for this, but it certainly helped out the extremely packed row I was in, and didn’t hurt anyone sense it wasn’t being used. Really, on a super packed flight it makes sense to distribute random people into the unused seats.

I have also used it as a weapon at times. As people familiar with Ryanair know, they are complete assholes, who break the law on a regular basis. They do not refund money for canceled flights, they charge you several pounds a minute and put you on hold for ages before you can even speak to someone, they charge made up taxes and fees and treat everyone like shit. Well, it’s always nice on a Ryanair flight to purchase quite a bit of food and merchandise to balance out these injustices.

I tried in March or so to catch the Amtrak from Orlando to Miami, and to try and buy my ticket on the train, however I was unable to see if this worked. The Amtrak site states that you can purchase tickets on the train, however I was unable to get on the train at all without a ticket. I would assume it is setup in a similar way to the trains in the UK, but it would be interesting to know for sure.

Now, is this fraud? Obviously writing a fake code to take a bus trip is, but really, what kind of security can be expecting when having the date and time as the code? I am surprised abuse of that system is not rampant. What about buying tickets on a train or things on a plane? Well, that depends. Using your own card, even knowing it is low on funds is not fraud, and most of the time the charges may not even appear due to the laxness of the system. Using a cancelled card on the other hand most certainly is. The point is that it is a flawed system that can be exploited in several different ways, not all of which are illegal. Indeed, using a card low on funds simply raises a debt, which is certainly not illegal.

It seems like this is mainly a problem in the UK, with trains not verifying in real-time at all and buses using the time of the trip as authentication. Certainly most inner-city public transport systems in the world don’t seem as easy to exploit, as they actually check people on a list or don’t allow you to buy tickets unless payment is guaranteed. That is the only way to ensure payment, with real time verification of funds, or making people pay at the next station. Until then the problem will be continue to be inevitably exploited.

I should also note that this post should not be taken as advocating fraud or any illegal activity.

Update 1 – October 10th 2010

I recently took an Amtrak train bound to Seattle, and can say that nothing described above that works on trains in the UK will work on Amtrak trains. It was impossible to board the train without a ticket of some kind. Well, of course not impossible, but more difficult than I had time for. I purchased a ticket just for the next stop, and while on the train I tried first of all to make a small purchase from the dining cart on a card that had fewer funds than was necessary, and saw the card reader actually makes a connection and verifies in real time. Fail. I then tried to extend my journey on to my final destination by purchasing a ticket with the same card. Fail. So, Amtrak can afford to do real time verification(at least on some trains, perhaps not all?) on credit cards, which prevents the abuse described above. What is keeping the UK behind?

Having said that, the ride was very pleasant and the staff were very friendly. The only thing I found annoying is that Amtrak is Pepsi only, so no Dr. Pepper for the ride. One curiosity I noticed was that had I purchased my fare on the internet, the total cost would have likely been $42, with the lowest I saw being $35. However by purchasing the second half of my trip onboard, the total came to $29. My guess for why this is is that on the train the price is fixed, and is not based on demand like internet fares possibly are. Either way it provides an advantage to purchase on the train where possible.

The other thing I noticed is that the QuikTrak self service kiosks offer no security at all. The idea is that if you buy a ticket on the internet, you must have the card the ticket was bought with in order to pick up the ticket. The QuikTrak kiosk only allows you to scan a barcode or swipe a card, however I found that swiping any card will work. You can swipe a cancelled or expired card and put in reservation number to collect the ticket. At no point was I asked for ID or to show my card. It seems that this would make it incredibly easy to buy train tickets with anyone else’s card in a fake name, and not encounter any issues.

One final point I should mention is that quite often taxis don’t use real time verification either. Approximately 25% of the taxis in Berlin did not seem to have it, and it was quite possible to pay with a card that would not be accepted otherwise. This certainly was not the case in NYC and I don’t recall trying it anywhere else. It seems crazy that taxis would not do this, as they are not subject to the same limitations as trains or planes.

Update 2 – December 16th 2010

Via Rail in Canada does not have any kind of electronic card processing on their trains, at all. They take an old style imprint much like on planes and process it at the end of a trip. I took the train from Vancouver to Toronto and found out that they do card processing in Winnipeg which can be a bit annoying…but otherwise if you were to go to Winnipeg or from Winnipeg to Toronoto then they have no way to check.

I also thought I would mention airport carts. In some airports you have to pay something like $5 for a trolley, not a deposit but a fee. This is ridiculous…using any card with funds or not will be accepted and release the trolley to use.