Sunbeams illuminating a coastal forest in Port Orford, Oregon

Chuggnutt!

Category: Computers

  • BittyWiki revisited

    A long time ago I wrote about BittyWiki, detailing my efforts to write a simple PHP wiki engine based on the Shortest Wiki Contest, which asks the question:

    What’s the shortest piece of source you can write that will implement a fully-featured wiki?

    Looking over that old code I’d posted, it’s pretty basic, and doesn’t adhere to the general Wiki Principles posited by the SWC. Basically, that early version simply took hand-coded HTML entered into the form, stripped all but a few of the basic tags, and called it good.

    It’s not, though, and over the years I’ve actually updated the code to actually adhere to (many of) the Principles as well as working to reduce the size within that constraint. And I recently realized I’d never revisited this topic to share the better code!

    (more…)
  • Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird. Most of the time we don’t even realize we are. We forget because it’s become so mundane, but we live in a highly connected online society largely influenced by giant corporations, and not for the better.

    Cyberpunk is a subgenre of science fiction in a dystopian futuristic setting that tends to focus on a “combination of lowlife and high tech”, featuring futuristic technological and scientific achievements, such as artificial intelligence and cybernetics, juxtaposed with societal collapse, dystopia or decay.

    Cyberpunk plots often center on conflict among artificial intelligences, hackers, and megacorporations, and tend to be set in a near-future Earth, rather than in the far-future settings or galactic vistas found in novels such as Isaac Asimov’s Foundation or Frank Herbert’s Dune. The settings are usually post-industrial dystopias but tend to feature extraordinary cultural ferment and the use of technology in ways never anticipated by its original inventors (“the street finds its own uses for things”).

    Wikipedia: Cyberpunk

    It’s important to understand that “cyberpunk” as a genre and a concept got its start generally in the late 1970s/early 1980s, and enjoyed a popular heyday through the ’80s and early ’90s. Many—most—stories were written before much of the internet and everything that spun out of that even existed (things like wifi, webpages, smartphones, social media, and so on). William Gibson wrote Neuromancer without ever having used a computer; cellphones weren’t even invented yet.

    Go back and read some of those early works. Stylistically they are terrific, conceptually brilliant when done right, but much of the technology, extrapolated and imagined, well, it can be quaint.

    The point being, the online, near-future, “cyberspace” technologies imagined in most of those defining cyberpunk stories were for all intents and purposes surpassed in the mid-aughts. The cyberpunk “near future” is our “now future.” We’re living it.

    With that in mind, scroll back up and re-read that description again. We can pretty much tick every box. Artificial intelligence? Check. Hackers? Check. Megacorporations? Check. Extraordinary cultural ferment? Check.

    These don’t all look exactly like what was described in the books, of course. Instead of cyberdecks we have tablets and laptops; in lieu of cybernetic brain jacks, we have smartphones and wifi. But let’s face it: we’re living in a science fiction genre.

    And yes—dystopia? Check. Our day to day experience may not seem particularly dystopic, but taking a step back and looking over the big picture, there are definitely elements of a slow motion dystopia in action that come into view. Consider climate disaster, the creeping rise of fascism, the influence wielded over society by billionaires and corporations, the erosion and active suppression of individual freedoms, privacy, and education… Small pieces that we just live with, rather than the overarching dystopian societies of the genre, but still present.

    It’s a strange time, and just to top off this post and emphasize how weird it all really is, I asked ChatGPT to write a paragraph on this very subject:

    As we enter the year 2023, it’s becoming increasingly clear that the real world we live in is starting to resemble the dystopian cyberpunk futures that once only existed in fiction. From ubiquitous surveillance and the erosion of privacy, to the increasing influence of mega-corporations and the ever-widening gap between the rich and the poor, the signs are all around us. The world feels both familiar and alien at the same time, with strange new technologies and societal norms emerging faster than we can keep up. It’s a world where people are more connected than ever, yet more isolated and disconnected from each other. The pace of change and uncertainty is dizzying, and it’s hard to know what the future will hold. It’s a strange and surreal feeling to be living in a world that seems so out of step with the one we once imagined.

    There you have it.

  • Not a Leap Year

    We saw the new Die Hard movie last Friday, “A Good Day to Die Hard.” It wasn’t terrible—the action sequences were good and the concept was there—but compared to the last movie it was disappointing, largely because (for me) the dialogue was very stilted and cliché, focusing more on the one-liners than advancing the plot or anything. Plus it didn’t really give John McClane the “nobody else is here to do this” kind of role that the character is really known for… I ended up thinking the movie is begging for a fan fiction rewrite that could really tighten things up and make it 100% better. Or a Phantom Edit-style recut.

    Of course, you always have to wonder about (yet another) sequel…

    Earlier this month I set up my old Commodore 64 computer system for the kids to see, just for grins. Basically their computer desk in the office has been empty since the (older) Sony Vaio all-in-one system started dying (the integrated LCD monitor light was starting to burn out, which is a huge pain) so I figured, why not? I have to say, it is amusing as hell to see that old system set up again—but other than that first day we were playing around with it, it hasn’t been turned on.

    Lots of beer things are happening, too: we’re planning this second year of Central Oregon Beer Week and that has been taking up a lot of time. Maybe I’ll do some “behind the scenes” type posts for that at some point. Suffice to say, there are a lot of good ideas floating around but trying to nail down details like sponsorship packages is a chore. Hopefully we’ll have that dialed in very, very soon and can get down to the fun stuff of drinking beer! Or at least planning out events where we get to drink beer.

    Incidentally, Central Oregon Beer Week is taking place from May 20 through 27 this year—the week leading into Memorial Day Weekend. It’s going to be awesome.

  • Anatomy of a blog hack

    So, last weekend I found out that my blogs had been hacked.

    Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

    There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

    And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

    The exploit itself, once I knew what to look for, was fairly simple:

    • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
      From <?php .....
      To: <?php     eval(base64_decode('malicious code encoded here')); .........
    • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
      • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
      • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
    Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

    Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

    It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

    For reference, a handy pattern for detecting this code in grep is:

    grep -R -l 'eval(base64_decode(' *

    (This should always work because you should never have similar PHP running in your legitimate code…)

    Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

    So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

    Of course, you all let me know if you still run into any problems, okay?

  • Items of recent awesomeness

    Some of these links aren’t as shiny-new as they were when I started this post, but even so:

    The CDC’s zombie apocalypse preparedness plan: Yes, the CDC is all over the possibility of a zombie apocalypse. For real.

    If zombies did start roaming the streets, CDC would conduct an investigation much like any other disease outbreak. CDC would provide technical assistance to cities, states, or international partners dealing with a zombie infestation. This assistance might include consultation, lab testing and analysis, patient management and care, tracking of contacts, and infection control (including isolation and quarantine).

    Tintin: The Secret of the Unicorn move trailer: I knew Steven Spielberg and Peter Jackson were making a Tintin movie, but I didn’t realize just how OMGAWESOME it was going to be until I saw the trailer:

    The Javascript PC emulator: pure amazing geekery. This is an x86 processor being emulated in Javascript inside a browser. And it’s running Linux. To be clear: what is essentially a full computer is running independently inside the browser. Which theoretically means you could run, well, anything inside of it.

  • EPIC WIN

    I’ve been enjoying Once Upon a Win lately (the cousin to FAIL Blog) and the one thing that’s lacking so far is the Commodore 64. Tonight, though, I came across something even more epic: the Commodore Christmas Demo. Dave writes:

    Commodore wrote their famous Christmas Demo in 1982 to demonstrate the capabilities of their new Commodore 64 computer and the upcoming Executive 64 (SX-64) portable. It was included with the test/demo disk that shipped with every SX-64 so dealers could introduce customers to the machines’ advanced (for the time) sound and graphics. Though its character graphics and SID sound seem quaint by today’s standards, the Christmas Demo reminds many Commodore fans of the morning they woke to find a computer under their tree.

    1982. I never knew of this before. Click through and watch it.

    Best thing I’ve seen online all week. Hands down.

  • Coming to you from a new computer

    I’m writing this blog post on our new computer. Yep, finally; we order a Dell from a really good online Black Friday deal and it arrived yesterday. Replacing the six-year-old eMachine.

    This new computer is running Microsoft Vista, which I was really leery about, but so far there’ve been none of the problem with Vista I’d been fearing from past experience. Some other observations though…

    • "Windows Easy Transfer" isn’t. In fact, it rather sucks. I tried it twice, each time it failed. but not before copying over some data. The problem? It copied over stuff and simply re-created the folder structure as on the old computer, which really is not what I wanted. So I ended up scrapping that and copying over stuff myself.
    • This computer is quiet. Really, really quiet. It actually bothers me a little that it’s so quiet.
    • Browsing the internet in general seems quite a bit faster.
    • This Vista is the 64-bit version of the OS, which apparently our Canon scanner refuses to work with. That’s a bit frustrating, and makes me wonder what else isn’t going to run because of 64-bit issues?

    In other computer news, I’m being sorely tempted by the Acer Aspire One netbook they have at Costco. Only $350. It’s tiny! But seems like a good price for what you get, and it’s more powerful than the other comparable netbooks out there right now.

  • CNN-64

    This article is all kinds of awesome. I never thought I’d see the day.

    The Commodore 64 is 25 years old this year. Kind of shocking, really.

  • Storm front

    So apparently the Storm Worm—an email-propagating trojan that’s creating an unknowingly-large botnet—has learned how to figure out when security researchers are probing it and is retaliating (Via Boing Boing via Slashdot):

    The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday.

    The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days….

    As researchers test their versions of Storm by connecting to Storm command-and-control servers, the servers seem to recognize these attempts as threatening. Then either the worm itself or the people behind it seem to knock them off the Internet by flooding them with traffic from Storm’s botnet….

    Now, if I were approaching this news from a science fiction (writing) or a conspiracy theoretical angle, I’d be seriously wondering if this isn’t the rise of a distributed sentient AI.

    (*cough* Skynet *cough*)

    This isn’t a new idea. William Gibson back in ’98 wrote a script for "The X-Files" based on the same premise: a computer virus (several, actually) was loosed upon the internet to spread and evolve and bootstrap itself into a networked emergent AI.

    Then, of course, it tried to kill everybody who tried to stop it.

  • Simulated reality

    This article from the NY Times (link is good at the moment, though I’m not sure it won’t disappear behind some paywall at some point and be inaccessible) covers the sufficiently weird theory/philosophy proposed by Nick Bostrom that we are likely (actually, almost mathematically certainly) living inside a computer simulation.

    (“Living” wouldn’t quite be the correct term, of course.)

    It’s a theory I’ve encountered before, though the NY Times does a good job of simplifying it and squirting it out into the public consciousness:

    You couldn’t, as in “The Matrix,” unplug your brain and escape from your vat to see the physical world. You couldn’t see through the illusion except by using the sort of logic employed by Dr. Bostrom, the director of the Future of Humanity Institute at Oxford.

    Dr. Bostrom assumes that technological advances could produce a computer with more processing power than all the brains in the world, and that advanced humans, or “posthumans,” could run “ancestor simulations” of their evolutionary history by creating virtual worlds inhabited by virtual people with fully developed virtual nervous systems.

    Some computer experts have projected, based on trends in processing power, that we will have such a computer by the middle of this century, but it doesn’t matter for Dr. Bostrom’s argument whether it takes 50 years or 5 million years. If civilization survived long enough to reach that stage, and if the posthumans were to run lots of simulations for research purposes or entertainment, then the number of virtual ancestors they created would be vastly greater than the number of real ancestors.

    There would be no way for any of these ancestors to know for sure whether they were virtual or real, because the sights and feelings they’d experience would be indistinguishable. But since there would be so many more virtual ancestors, any individual could figure that the odds made it nearly certain that he or she was living in a virtual world.

    I don’t know about this “virtual ancestors” scenario necessarily—I mean, why not just run a simulation for the heck of it, a là The Sims or something? The author considers that:

    And if owners of the computers were anything like the millions of people immersed in virtual worlds like Second Life, SimCity and World of Warcraft, they’d be running simulations just to get a chance to control history — or maybe give themselves virtual roles as Cleopatra or Napoleon.

    Anyway. I followed this up by finding Simulated reality on Wikipedia, which contains a rundown of Bostrom’s theory as well as broad coverage of others. Interesting stuff, and it got me thinking as to how one would go about determining whether one lives in a computer simulation.

    (As a start, consider how one might determine whether or not one is dreaming. After all, dreams are a type of simulated reality, no?)

    Of course, it all hinges on whether or not consciousness itself is a computable phenomenon. I’m a little torn on that question; I certainly think the brain is a computational entity of some sort—Steven Pinker’s How the Mind Works is an excellent book, by the way—but does that make consciousness computable as well, or something more? Or is it merely an illusory side-effect of some process? Or is it ultimately indeterminable?

    From a science fictional standpoint, I like the idea of the brain being an advanced quantum computer of some sort, with whatever wackiness extending from that. That’s probably neither here nor there, but I just wanted to throw that out there.

    Hmmm… I guess it doesn’t all hinge on the computability of consciousness.

    Would the simulations (ie, us) becoming aware that they are a simulation qualify as becoming “self aware” in the “real world”? I mean, we have a term for it when a computer program does: Strong Artificial Intelligence. (Okay, that’s theoretical too, since we don’t currently have Terminators or a Data running around.) Does “self awareness” count if it’s only theoretical and there’s no way to prove it?

    Good thoughts. Random, but good.