fred @ Veröffentlicht am (Update: )

This week I noticed a bunch of Google calendar spam events added to my diary which read “Your iPhone XsMax is ready for PickUp” and contained a link to some external website.

Ok. Somebody added events to my calendar which I did not create. Was I hacked? Obviously I first checked who had access to my Google Account and was relieved there hadn’t been any security breach of sorts (phew!).

However adding a calendar event into my diary is definitely something I would consider a very intrusive move considering that this is a feature I heavily use every single day. My calendar is sync’ed up with my phone – hence every event added to it goes right on my screen. Congratulations! You got my attention!

How this Google Calendar Spam Works

Since I am working in the monetisation space this thing caught my interest right way. How can somebody pull this off without having access to my account? I found this thread on reddit where people seemed to have the same problem.

After reading through it I realised that the concept is strikingly simple. It’s just calendar invites. And apparently this is not even a new thing.

Google Calendar Spam in action: This is what the invites in my spam folder look like.
Event invite emails in my spam folder.

All you need is to send an invite to somebody’s inbox and hope that their client (Google, Office 365, etc.) will hoist the event with on rsvp into the calendar. In case of gmail Google doesn’t seem to differentiate between spam and ham. That’s why even though that email is correctly bucketed into the spam folder it won’t keep it from interacting with your diary. Urgh.

Still I think the idea behind that Google Calendar spam is genius!

The Idea Behind the Exploit isn’t all Bad.

If you think of it your calendar is somewhat of a sacred space. It’s mostly controlled by you and people you interact with. It’s definitely not real estate for advertising – at least not that you would naturally thinking of it being one.

At the same time most people are used to significant events automatically being added to their calendars: Flights, hotel stays, car pickup.. The list of capabilities is long and users know and trust the content parsed from their emails. You would normally not object to hotel check-in or flight departure times displayed in your calendar. For many users this is a clear feature and a very welcome reminder that would otherwise have to be created manually.

For those trust reasons – even though I don’t have access to numbers – I would assume that this spam scheme receives a good amount of clicks. Also the amount of work that needs to be done to invade such great screen estate is very low. So: Chapeau for that idea!

How to Protect your Calendar Against Unwanted Invites

One way of making sure these things do not make it into you calendar would be to disable events being added automatically completely. However I would advise against that: You might miss some important updates. A better way is adding only those event’s to which you have responded.

In order to achieve that, head over to your calendar’s settings. You’ll get there by clicking on the three dots when hovering over your calendar in the list on the left side. This will get you into the settings screen below.

Display only events which I have responded to
Show only events to which you have already responded.

Navigate to event settings and pick choose to view only those events to which you have already responded. Just hit the go back arrow on the top left of your screen to return and apply those settings.

Let’s hope that Google will get smarter when it comes to these quirks. Given how easy it was to invade my calendar it really made me wonder why this hasn’t been disabled yet.

Veröffentlicht am (Update: )
fred @ Veröffentlicht am

Have you ever worked in an environment where making decisions took forever because Manager A had to involve his Super B who in turn involved Stakeholders C, D and E so that your project never took off? Well – then this post is for you.

I’ve had the pleasure to work in a multitude of different work environments over the past 12 years ranging from small single-person businesses (including my own one as well), individual clients over research facilities to Microsoft as one of the biggest global software companies. Right now I’m working for a startup which – ever since I joined three years ago – has impressed me with a tremendous growth.

Over time not only employee numbers skyrocketed but also the organisational direction changed a lot. Things we easily settled by shooting out a single e-mail two years ago were replaced by long discussions and thorough stakeholder meetings. Pespectively the company is changing from a conventional, centralised startup towards a culture that fosters autonomy and self-driven decisions in order to be able to move away from micro-management. „About Communication: Why not Making Tough Decisions is Actually Really Expensive“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am

It’s one of the most annoying states your dear OneNote can run into: The infamous “OneNote needs a password to sync this notebook” error. Apparently this is a real issue as you can see here, here and here. It renders your OneNote application essentially useless and drove me almost crazy – especially since it happened to me on my Windows Phone which added another level of complexity to the whole scenario. Nevertheless, I managed to solve it.

„How To Fix: OneNote Needs A Password To Sync This Notebook“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am

When running a Docker container in some isolated environment (e.g. for testing purposes), one thing you often want to do is to call a service located in some other container running on your host system.

Without some sort of service discovery these are invisible to the container itself. What you need in this case is the IP address of the host system so that it can be reached from within the container. I myself recently had that problem when I locally needed to test how two services directly interact with one another.

Googling the issue I found out that it is highly sought after although the solution is stunningly simple. Get a list of your network interfaces in the shell of your choice:

ipconfig // on windows
iwconfig // linux
ifconfig // linux

The output should be somewhat similar to what you’re seeing in the picture above. Try to track down the docker network interdace et voila: here’s the IP you were looking for.

That being said: On Windows it’s most probably always

Veröffentlicht am
fred @ Veröffentlicht am

In a normal production environment monitoring your application’s output inside a running container should be very straightforward. Logs are usually collected from stdout and made visible in Kibana and your metrics are safely pushed to some time-based storage  (such as Graphite) and then accessible via tools like Grafana.

So far goes the theory – and then there is real life. Remember this one dynamic machine you’re qa’ing on or a shadow instance that you quickly set up a week ago? And all over sudden you find yourself in the situation where you have to debug running code. „In Situ Debugging in k8s & docker Environments“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am (Update: )

Setting up minikube on a Windows 10 computer is (in theory) the most easy thing to do since Hyper-V already does the virtualization and there is no additional software to be installed. Yay.

Where it really gets hairy are a few things that might not run out of the box right away and I’ll try to give you the shortest guide possible here to get minikube up and running on your machine.

„Run k8s minikube on Windows 10 with Hyper-V“ weiterlesen

Veröffentlicht am (Update: )
fred @ Veröffentlicht am (Update: )

Gestern habe ich mir ein neues MIDI-Piano gekauft und wollte heute Effekte von der beiliegenden CD auf meinen Laptop kopieren. Seltsamerweise ließen sich einige Dateien einfach nicht übertragen. Windows beklagte sich immer über:

Nicht genug Arbeitsspeicher..

Na gut. Kein Problem. Gelegentlich übertreibe ich es mit der Anzahl meiner offenen Tools ein wenig und mein PC läuft, was das angeht, immer etwas auf Kante. Also den Arbeitsspeicher ein wenig aufgeräumt.

„Nicht genug Arbeitsspeicher?“ weiterlesen

Veröffentlicht am (Update: )