Wikipedia:Reference desk/Archives/Computing/2015 August 22

Computing desk
< August 21	<< Jul | August | Sep >>	August 23 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

August 22

is it possible to spoof someone on Ashley Madison

Given that you know someone's email address, is it possible to spoof someone on Ashley Madison? Using a pre paid debit card and their email address? 220.239.43.253 (talk) 06:14, 22 August 2015 (UTC)[reply]

It depends on how much effort they put into validating the email address. 75.139.70.50 (talk) 15:47, 22 August 2015 (UTC)[reply]

Somehow I doubt if that web site will be around for long. The one thing most important to their clients was secrecy, and they have failed to provide that. Maybe other, better protected, sites for adulterers will pop up to replace it. StuRat (talk) 17:51, 22 August 2015 (UTC)[reply]

I don't know about that particular website, but the usual procedure is that you have to reply to an email sent to the email address you give the website. If you used your main email address, you are hosed. --Guy Macon (talk) 19:59, 22 August 2015 (UTC)[reply]

There are reports that addresses purporting to be various high officials, such as Tony Blair, were found. However, anyone can create a web mail profile that uses the name of a real person, provided that that particular person has not registered that particular form of their name on that particular web site. The person who has created the false account can then register the Ashley Madison profile, and will receive the email requesting the confirmation, and will confirm it. Payment will be required, but verification is only of the card used to pay the fee, not to verify that the name on the card (whether prepaid debit or good-standing credit card) is that of the profile being created. If a good-standing credit card in the true name of the registrant claiming to be a famous person is used, their name will be on file and will be billed. However, at this point, whether someone used their true name on a credit card and then claimed to be Tony Blair seeking a girlfriend, is not high on Scotland Yard's To Do list. So: You do have to reply to the email. But the email account can be one that was created for the purpose. You almost certainly can't spoof someone by knowing their true email address, but you can spoof someone by creating an email address that looks like them. Robert McClenon (talk) 20:11, 22 August 2015 (UTC)[reply]

Of note: It is even easier to get a list of email addresses and names and tell everyone that it is a list of users for some website. Then, I could also use it as a political statement by putting politicians that I don't like on the list. 75.139.70.50 (talk) 17:28, 23 August 2015 (UTC)[reply]

Ashley Madison did not verify email addresses [1], so you could register with any address you wished, even one you didn't have access to. According to a reddit thread I saw last week, there are several emails from government domains which don't host email (@whitehouse.gov), or entirely fictional government agencies (@XCOM.gov) MChesterMC (talk) 08:17, 24 August 2015 (UTC)[reply]

There are also court cases and interviews with past employees (who I would define as "disgruntled") who claim that they created thousands of fake accounts on Ashley Madison. Overall, we have people claiming that accounts on the site are fake. We have evidence that anyone could use anyone else's email address. And the only proof we have that the account dump is real and not generated by an email address harvester is that the person behind the "hack" says it is real. The public wants it to be real. The public wants famous people to get hurt by it. So, there isn't even an ounce of critical thinking taking place. Then, in a month, nobody will have a clue what Ashley Madison was because something else will fill the void. 209.149.113.150 (talk) 11:41, 24 August 2015 (UTC)[reply]

Wow. I had never really looked into Ashley Madison other than seeing mentions of them in the press. I just did, and was aghast. The site allows anyone to register any name with zero verification (not even the usual conformation email) then charges money to delete accounts. That sounds like fraud and extortion to me. I suppose that I should check to see if my name is listed. Is there an easy way to do that without downloading gigabytes of data from the slow web dark web? --Guy Macon (talk) 15:32, 24 August 2015 (UTC)[reply]

Worse than that actually, they charged money to delete accounts - and then didn't actually delete them. SteveBaker (talk) 18:52, 24 August 2015 (UTC)[reply]

See my comment below.

Note in particular that we already have real people who have appeared in the list who have publicly admitted they really did use the site. It's possible these people aren't telling the truth for some reason, or may be whoever faked it could get lucky, but some of these people aren't really that well known so it would seem to be lucky indeed. Sadly there have also been reports of suicides linked to the release.

Then there are the CEO's emails. I imagine some senders will confirm that they did indeed send those emails to the CEO. Plus generating fake accounts is one thing (although fake accounts with matching birthdates and the like is probably not easy), generating a whole bunch of emails which make sense is another.

The credit card records are another, while they only have the last 4 (and first 6?) numbers that are allowed to be stored, they also have the name and billing address, so if you find this matches the person's credit card, it would at least imply it was stolen from some database, if not the Ashley Madison one. And if the transactions match bank records, well that's terrible suspicious. (I don't know what the transactions show up as in bank records, but even if there are non descript names I suspect once the person has good reason to suspect it's Ashley Madison, finding some evidence it was wouldn't be impossible.)

Perhaps the best evidence is that competent people who have looked in to it believe it appears to be at least partially genuine (i.e. it was really at least in part from the Ashley Madison database). [2] [3] [4] [5]

As I said below, this doesn't mean all the data is genuine. And even if the data is really from the Ashley Madison database, in some cases it could be someone else made the profile and it may not always be clear when the profile was created, what it was used for, and whether the person was in a committed relationship in the time. Still, depending on what is there, it may be enough to give a spouse/partner reason to ask difficult questions.

Nil Einne (talk) 15:05, 25 August 2015 (UTC)[reply]

Font coverage

I use BabelMap for such things, but is there a site where I could check fonts if they have some particular symbol(s)? Pay attention, I mean not Unicode ranges (it could be easily found at the Microsoft Typography page), but exact symbols. Especially I want to check font versions. For example, even basic Windows fonts like Times New Roman are beeing expanded with new symbols each new version, but I do not know what exact characters were added in which version.--Lüboslóv Yęzýkin (talk) 06:28, 22 August 2015 (UTC)[reply]

I have a little Python program which uses FontTools to read a font file (the docs says "TrueType, OpenType, AFM and to an extent Type 1" - I've only tried it with a TTF) and displays the contents of the CMAP table, so it shows the individual external code points (usually Unicode code points) supported. Its ouput (e.g. for the Ubuntu-B font) has a bunch of stuff like this:

   U+1fb3 : uni1FB3 : GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI
   U+1fb4 : uni1FB4 : GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
   U+2039 : guilsinglleft : SINGLE LEFT-POINTING ANGLE QUOTATION MARK
   U+1fb6 : uni1FB6 : GREEK SMALL LETTER ALPHA WITH PERISPOMENI
   U+1fb7 : uni1FB7 : GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI
   U+1fb8 : uni1FB8 : GREEK CAPITAL LETTER ALPHA WITH VRACHY

If that's what you're after, I can post the source somewhere. To compare two different versions of a font, you'll need to get two local copies of the TTF, run this script on both, and diff the result. -- Finlay McWalterᚠTalk 10:57, 22 August 2015 (UTC)[reply]

The problem is this would work if I had a font file. But if I had a font file I could use BabelMap. I don't have such files. But I have, for example, only one font file of Times New Roman version 6.80 and I have no idea what was in that font before and if there is any new additions (seems it's the last version by now). The site, I'm looking for, ideally should do this: I want to know in what fonts, that I don't have in my computer, there are ӻ ӽ ӿ (just examples), in what versions these symbols were added (they already are in TNR 6.80).--Lüboslóv Yęzýkin (talk) 12:34, 22 August 2015 (UTC)[reply]

While I was finishing writing my previous answer I found this site that partially does what I want, but still it cannot compare font versions.--Lüboslóv Yęzýkin (talk) 12:39, 22 August 2015 (UTC)[reply]

Using python interactively, show output on another window

How can I use Python interactively, and for example show the result of:

>>> 2 + 2
4

on a separate window? Right now, it outputs 4 immediately below the expression, as shown above. I am thinking on the R Studio system, where you input the expressions on one window, and it show the output in text form on another. If you plot something in R studio, it will also show the plot on a different window. Is this possible for python?--YX-1000A (talk) 21:12, 22 August 2015 (UTC)[reply]

This should help. →Σσς. (Sigma) 08:16, 23 August 2015 (UTC)[reply]