When I was first learning Linux and personal system administration a dozen years ago, I was taught the importance of security. However, at the time it seemed something like the importance of knowing a fire drill. We all agreed that the threat was real, but at the same time it had the air of a bogey-man story: nebulous and unlikely. And so for a long time I ran my public servers -- jmac.org and its related interests -- without thinking about any of that stuff too hard. I always use solid passwords just like I always lock my front door behind me, and I left it at that.

I think the world's changed since then. As far as I can tell, it's the case now that all computers visible to the public internet are under constant attack. If your machine has a public IP address, then I can guarantee you that throughout the day, it's getting continually peppered with network traffic from across the globe whose only purpose is probing it for security flaws. Imagine that every time you approach your home or your car, you have to elbow your way through a thin but inevitable crowd of characters tapping at the doors and windows, looking for a crack they can jimmy open and slip through. As far as I can tell, that's how it is now with every computer on the internet. Every single one, at all times.

This traffic is entirely malicious, though it probably doesn't give a shit about you or your data; it just wants to steal your computing resources to further its own ends. It might be the stereotypical maladjusted nerd-boy building a botnet to vanquish his foes in Black Ops by crushing their Xboxes under a network-traffic firehose. My understanding, though, is that it's increasingly likely to be the undertaking of organized criminals, tending to the always-lucrative SEO spam-generation market. Or, geez, at this point I fully expect that several governments and NGOs are playing, too, creating weaponized networks of 0wned personal computers for god knows what, heedless of what country they actually reside in.

I write all this because I've been having some frustrating issues with my own server over the last couple of months. There's a particular, very popular web technology I'd like to use[1], but literally within minutes of my installing the software in question I find my machine enthralled, running scripts by some teenager to knock over a rival's IRC server, or by some 21st-century entrepreneur to smear viagra ads all over someone else's blog. Removing the software would make this stop; re-installing it would re-zombify the server, but in an entirely new way and from a wholly different aggressor. Only today did I start making inroads on why this was happening[2], and I knock on wood that I have actually fixed it for now.

The machine has already been fully compromised once, just last summer; I had to move everything to a new server. It took a long time and I lost stuff in the process, as one always loses things during a move. With the help of friends wiser than I about such things, I set up the new server to be harder to attack than the last one. And still the orcs come, and still I worry that they might have breached the walls yet again.

I don't know what I'll do if they did. I don't want to have to set aside two weekends or more every year to rebuild the machine for the Nth time, just so it can be swamped by agents of the pharmaceutical-selling mafiosos du jour.

Maybe running a personal Linux server just isn't a good idea any more. If so, I literally don't know what I ought to do instead. I expect that there is an answer, and I expect that it would involve giving up a lot of the freedom that I enjoy from running my own Linux server with my own root account. And that would make me awfully sad.

[1] Wordpress, and hence PHP.

[2] The default php.ini file that Debian installs is surprisingly insecure, to the point that it even states at the top of the file that it's too insecure to run in a production environment. Yes, I am deserving of your penguin-waving scorn for installing software without total awareness of every effect it would have on my machine's security, sure. I'm still surprised and disappointed that Debian, of all organizations, would take this stance.

Hi everyone

Wednesday, 7 July 2010 21:37
prog: (coffee)
Yeah so I've totally let LJ slide. This is my first post in like five weeks, after over eight years of nigh-daily use (though my posting frequency started nosediving early this year). I may be done with it. If nothing else, I am almost certainly not going to re-up my paid account when it comes time, later this year.

Everything I've been writing lately has been either on the Gameshelf (which I refaced and relaunched last month) or Twitter. I am also on Facebook, but only nominally: all my status updates there are actually just cross-posted tweets. (I kind of hate Facebook now, and wish I'd never joined. But deleting my FB account at this point is not an option. That's how they getcha.)

I've also basically stopped reading LJ, which sucks, and deserves reversing. (EDIT: I have begun to eat through N pages of backlogged flist posts. RIGHT NOW.) I have a Perl script that lets me subscribe to all posts - even locked ones - but its formatting was off, and I am incredibly lazy, so rather than fix it I just shut it off. I would manually visit my friends page just often enough to keep up with y'all, but when LJ lowered the default friends-page size to 10, I stopped bothering, because: incredibly lazy.

So, I would like a place to write longer-form, non-Gameshelfy blog posts. Perhaps I shall join the exodus to DreamWidth, which seems to be well and truly underway among my long-standing LJ flist. Or perhaps I will set up a Tumblr. Or maybe I will try hosting a damn blog myself... or maybe I will just listen my to my incredible laziness and continue using this damn thing. I don't know yet.

How're you?
When an automated software test says "Result: FAIL", my first reaction is to dismiss it as cheap sarcasm.
Planbeast has a twitter feed now, where it jabbers about every new public game event that someone schedules. Sometimes it babbles about other stuff too. I like this.

(FWIW, I've been a lot more active on Twitter lately, myself, though you aren't missing much if you already read my status updates on Facebook; I mirror most of em via ping.fm.)

(Icon because it just occurred to me that my Planbeast critter and Zarf's classic Werewolf doodle appear to be cousins.)
I kind of don't know why I'm bothering to look at Craigslist "computer gigs" posts. Ninety-five percent of them fall into these formats:

• I'm looking for an "intern" to work 20 hours a week on this project. I have many shiny bottlecaps I can pay you with. Great for college students!

• Here is a somewhat reasonable request for a piece of custom software. Please submit your bid. Not looking to spend more than $50.

• MY COMPUTER BREOK I PUT THE CABLE IN AND THE MAN SAID IT WORK OK BUT IT IS BLANK HOW LONG TO FIX

Anyway, this is why I launched a Google Adwords campaign for Appleseed yesterday...
[Crossposted from Appleseed Blog]

My friend Noah, a sysadmin at MIT, reports that on October 1 he switched off the info-mac hyperarchive (hyperarchive.lcs.mit.edu), one of the oldest websites on the internet. It was a web-accessible version of the info-mac archive, an online repository of Mac freeware and shareware, which before then was mainly browsable via FTP. I have fond memories of spending evenings trolling through the hyperarchive's directory structure, looking for neat stuff to fill my Mac LC's 40 GB hard drive, circa 1994.

Several years ago, when I was writing the Nutshell book, I discussed the possibility of being the hyperarchive's volunteer maintainer. Nothing came of it, though, and the server was allowed to coast into electronic senescence. I see from that Wikipedia article that there exists an info-mac website that claims lineage from the original archive and mailing list, but it's now just one more computer-news website in a vast sea. It does sport a mirror of the info-mac archive, where it's quickly apparent how little traffic it got since the turn of the decade; viewing some categories by date shows you software from the 1990s on the first page.

Though the hyperarchive's role was supplanted by better-organized websites years ago (hello, versiontracker), I won't forget its important role in the early history of Macintosh software, the web, and myself as a computer dood. Goodbye, old friend!
Because of a new project, I shall endeavor to spend more time haunting Facebook. Feel free to friend me there (if I know who you are).

I visited FB for the first time in a long while the other day, and was surprised at how many people I know have taken to hitting it regularly, generating new status updates crawling up my wall. I think the disconnect I feel comes from relatively few people in my local social circles relying on Facebook as a social focal point, at least compared to Livejournal.

A lot of the folks on my LJ flist now are people who got accounts expressly so they could keep up with friends' conversations as they become increasingly filled with verbal pointers to LJ posts. Through conversation with a remote friend (who recently deleted their LJ), I see that FB holds that same role in other small social communities. I imagine it's quite possible that more people use Facebook for things like event-organizing and other social announcements than LJ, now.
Some young punks have apparently been freely harassing Davis Square residents for some time now. That thread begins with someone describing how he was assaulted and slapped around by them, apparently in broad daylight and with people all around. The many comments that follow form a story about how this same group has been making trouble in the square for a while now, apparently trying to intimidate people into giving them money or valuables through insults, threats, and even chasing, shoving or hitting them. It sounds like the police frequently get involved (as they did during the OP's altercation) but so far they haven't been able to proactively do much about their presence.

Their anarchic behavior reminds me of how the PCs get through life in the Grand Theft Auto games. If nothing more interesting is going on, you can just wander around thumping people for the lulz, and if your star rating gets too high and a cop nabs you, you suffer a minor inconvenience for a minute before getting back into the action. (One comment seems to confirm that the kids were back to messing with people about 30 minutes after the OP's incident.) Meanwhile, everyone else in the game just sort of mills around. This makes me sad.

The online response is more heartening. Among the "hey I saw those guys too" comments are some pretty good suggestions about what to do next. (And a few eye-rolling blusters, but at least they're on the right side.) It makes me think more of the world described in Clay Shirky's recent opus, which opens with the tale of how, a couple of years ago, a spontaneous online community formed around the fact that a woman in New York had her lost cell phone found by a kid who, after being identified by their subsequent use of it, refused to give it back. Eventually the NYC cops capitulated under the insistent weight of the community and charged the kid with theft.

It would be nice to see that power turned on something that's actually a criminal threat to an entire local population. I hope that something like this is indeed ramping up. I see that the OP, initially not wanting to file a report for fear of reprisal from the hoodlums, has changed his mind and spoken with a detective after reading some 100 sympathetic and action-seeking comments. This is good.

Pandora

Friday, 18 July 2008 11:17
I finally got into Pandora Radio because of its free iPhone version. The application isn't flawless - unexpected events make it have a temporary seizure that makes even the phone's hardware controls unresponsive until it times out - but its normal mode is very impressive. You can start listening to music via WiFi, and then wander off into 3G territory, and it doesn't skip a beat. (Literally.) This is the first implementation of portable internet radio I've seen, something I've wanted since using my first iPod for the first time.

(That said, pulling in continuous data via 3G drains the battery like nothing else. But that's just the price of admission, right now.)

And, yes, Pandora itself is rather excellent. I love the idea of musical-classification "genes". Who knew that I was into extensive vamping? I'm using my jmac@jmac.org email address there, if people wish to connect. (Why, of course it has social-network features.)

Lively

Wednesday, 9 July 2008 10:51
Google's launched a 3d social chatty thingy. The avatars in the trailer movie all appear to be either Bratz-esque homunculettes or chubby little squirrelly critters, which tells me that Google is narrowly targeting the service towards the dual core virtual-world markets of
  1. Image-conscious youths, primarily teenage girls and young women, eager to spend real money on virtual goods with designer names, and

  2. Furries.
I still wanted to try it out because clearly I need to make an Appleseed Room to show how "with it" and "hep" I am but my Boot Camp partition is in a melted-down state, and the thing is Windows-only right now. (Very happy that Project X is backed up off-site... yeesh.)
Timewaster du jour: http://www.omnomnomnom.com You may need to reload once or twice to see what's going on.

As with any such project, some iterations are tasteless, so activate mental filter before browsing. But otherwise there is much cleverness. I have been chuckling.
Blurb to put into your conference ad if you don't want me to come:

There was so much energy in the room - with everyone taking pictures, blogging, podcasting, and twittering - it was reminiscent of SXSW.

Why yes, I have set up a twitter thing, though I update it maybe twice a week currently (I'm "jasonmcintosh"). And I might go anyway - eh, it's $50, and I could stand to punch up my local network a little. But that description just makes me blanch, still.
prog: (khan)
An interesting analysis of the "FAIL!" meme, showing up just as it was starting to make me a little cranky.

Google Books

Sunday, 27 May 2007 13:21
Dunno how long this has been going on, but I just noticed that Google's main search results page now has a prominent "Books" tab-style link above the first result. When I do an ego-search there I get hundreds of hits because I've managed to get into the colophon of many O'Reilly books, thanks to the Framemaker-to-XML conversion thing I worked on years ago. I didn't realize this until quite recently.

Doctor Fun

Thursday, 5 April 2007 16:42
I randomly noticed today that Doctor Fun, one of the world's oldest webcomics - and one that I don't think I've heard anyone mention since 1995 or so - quietly ended its quiet 13-year run last year.

Old habits

Tuesday, 13 March 2007 17:40
To this day when I see two friends log out of IM at the same moment, my first thought is "Oh shit, they're alts?!"
I finally read that NYMag feature that postulates that youngsters' views on privacy, and specifically on self-documentation, is one side of the most significant generation gap since Elvis was on Ed Sullivan. It's an interesting read.

I said "Hey, me and most of my 30-n-older friends do that" at a couple of specific examples, but really this is because we've been online for 15+ years and therefore are unusually savvy for our demographic. The whole mainstream lifestyle described here was never ours, though, and a lot of it does seem pretty damn alien.

It's really hard to say how my own childhood and teenage years would have been different if I was online from the crib onwards. I want to say "Probably just as miserable" but really I'm not so sure. My own personal turnaround came when I got my first modem at the start of 12th grade, and just through local BBSes my life improved immensely through my ability to connect with kids like me in other schools who I would have never met otherwise.
Can you help me come up with a list of Maximally Average Comments from various high-traffic websites?

Here are a few to get you started:

Slashdot
It's only a flesh wound! +5 Funny

BoardGameGeek
My wife doesn't like this one either. :(

Wikipedia
Please read WP:CIVIL.

Your turn!
Nice comments from the BGG crowd about [livejournal.com profile] cthulhia's Carcacookies. (Scroll to bottom.) And I actually just noticed the tags people have given it: Girls! Food! Wow! Indeed.

Stupid comment about Jmac's Arcade (which I can't see how to link to without linking to the video player, too). Also he gave me one star. Oh well, at least he liked the game...

(Actually I think the comment is pretty funny.)
Man, having a good laugh about something on Boardgamegeek until someone brings up Fluxx and everyone starts bashing it... it's like when you're having a grand time at a family gathering until suddenly everyone else starts having a farting contest or joking about dirty Mexicans or something. Who are these people.

Fluxx is to BGG as Zardoz is to the Thon message board. "Fluxx, now, there's a game!" Except that I guess the metaphor only stretches so far, since the Thon people wouldn't say that Zardoz is the movie you watch to make your wife or girlfriend happy before moving on to a real movie. The idea makes me giggle, though.

I need to learn Photoshop.

May 2015

M T W T F S S
    123
45678910
11121314151617
1819202122 2324
25262728293031

Expand Cut Tags

No cut tags