Sunbeams illuminating a coastal forest in Port Orford, Oregon

Chuggnutt!

Category: Computers

  • BittyWiki revisited

    A long time ago I wrote about BittyWiki, detailing my efforts to write a simple PHP wiki engine based on the Shortest Wiki Contest, which asks the question:

    What’s the shortest piece of source you can write that will implement a fully-featured wiki?

    Looking over that old code I’d posted, it’s pretty basic, and doesn’t adhere to the general Wiki Principles posited by the SWC. Basically, that early version simply took hand-coded HTML entered into the form, stripped all but a few of the basic tags, and called it good.

    It’s not, though, and over the years I’ve actually updated the code to actually adhere to (many of) the Principles as well as working to reduce the size within that constraint. And I recently realized I’d never revisited this topic to share the better code!

    (more…)
  • Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird

    Living in a cyberpunk dystopia is weird. Most of the time we don’t even realize we are. We forget because it’s become so mundane, but we live in a highly connected online society largely influenced by giant corporations, and not for the better.

    Cyberpunk is a subgenre of science fiction in a dystopian futuristic setting that tends to focus on a “combination of lowlife and high tech”, featuring futuristic technological and scientific achievements, such as artificial intelligence and cybernetics, juxtaposed with societal collapse, dystopia or decay.

    Cyberpunk plots often center on conflict among artificial intelligences, hackers, and megacorporations, and tend to be set in a near-future Earth, rather than in the far-future settings or galactic vistas found in novels such as Isaac Asimov’s Foundation or Frank Herbert’s Dune. The settings are usually post-industrial dystopias but tend to feature extraordinary cultural ferment and the use of technology in ways never anticipated by its original inventors (“the street finds its own uses for things”).

    Wikipedia: Cyberpunk

    It’s important to understand that “cyberpunk” as a genre and a concept got its start generally in the late 1970s/early 1980s, and enjoyed a popular heyday through the ’80s and early ’90s. Many—most—stories were written before much of the internet and everything that spun out of that even existed (things like wifi, webpages, smartphones, social media, and so on). William Gibson wrote Neuromancer without ever having used a computer; cellphones weren’t even invented yet.

    Go back and read some of those early works. Stylistically they are terrific, conceptually brilliant when done right, but much of the technology, extrapolated and imagined, well, it can be quaint.

    The point being, the online, near-future, “cyberspace” technologies imagined in most of those defining cyberpunk stories were for all intents and purposes surpassed in the mid-aughts. The cyberpunk “near future” is our “now future.” We’re living it.

    With that in mind, scroll back up and re-read that description again. We can pretty much tick every box. Artificial intelligence? Check. Hackers? Check. Megacorporations? Check. Extraordinary cultural ferment? Check.

    These don’t all look exactly like what was described in the books, of course. Instead of cyberdecks we have tablets and laptops; in lieu of cybernetic brain jacks, we have smartphones and wifi. But let’s face it: we’re living in a science fiction genre.

    And yes—dystopia? Check. Our day to day experience may not seem particularly dystopic, but taking a step back and looking over the big picture, there are definitely elements of a slow motion dystopia in action that come into view. Consider climate disaster, the creeping rise of fascism, the influence wielded over society by billionaires and corporations, the erosion and active suppression of individual freedoms, privacy, and education… Small pieces that we just live with, rather than the overarching dystopian societies of the genre, but still present.

    It’s a strange time, and just to top off this post and emphasize how weird it all really is, I asked ChatGPT to write a paragraph on this very subject:

    As we enter the year 2023, it’s becoming increasingly clear that the real world we live in is starting to resemble the dystopian cyberpunk futures that once only existed in fiction. From ubiquitous surveillance and the erosion of privacy, to the increasing influence of mega-corporations and the ever-widening gap between the rich and the poor, the signs are all around us. The world feels both familiar and alien at the same time, with strange new technologies and societal norms emerging faster than we can keep up. It’s a world where people are more connected than ever, yet more isolated and disconnected from each other. The pace of change and uncertainty is dizzying, and it’s hard to know what the future will hold. It’s a strange and surreal feeling to be living in a world that seems so out of step with the one we once imagined.

    There you have it.

  • Not a Leap Year

    We saw the new Die Hard movie last Friday, “A Good Day to Die Hard.” It wasn’t terrible—the action sequences were good and the concept was there—but compared to the last movie it was disappointing, largely because (for me) the dialogue was very stilted and cliché, focusing more on the one-liners than advancing the plot or anything. Plus it didn’t really give John McClane the “nobody else is here to do this” kind of role that the character is really known for… I ended up thinking the movie is begging for a fan fiction rewrite that could really tighten things up and make it 100% better. Or a Phantom Edit-style recut.

    Of course, you always have to wonder about (yet another) sequel…

    Earlier this month I set up my old Commodore 64 computer system for the kids to see, just for grins. Basically their computer desk in the office has been empty since the (older) Sony Vaio all-in-one system started dying (the integrated LCD monitor light was starting to burn out, which is a huge pain) so I figured, why not? I have to say, it is amusing as hell to see that old system set up again—but other than that first day we were playing around with it, it hasn’t been turned on.

    Lots of beer things are happening, too: we’re planning this second year of Central Oregon Beer Week and that has been taking up a lot of time. Maybe I’ll do some “behind the scenes” type posts for that at some point. Suffice to say, there are a lot of good ideas floating around but trying to nail down details like sponsorship packages is a chore. Hopefully we’ll have that dialed in very, very soon and can get down to the fun stuff of drinking beer! Or at least planning out events where we get to drink beer.

    Incidentally, Central Oregon Beer Week is taking place from May 20 through 27 this year—the week leading into Memorial Day Weekend. It’s going to be awesome.

  • Anatomy of a blog hack

    So, last weekend I found out that my blogs had been hacked.

    Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

    There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

    And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

    The exploit itself, once I knew what to look for, was fairly simple:

    • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
      From <?php .....
      To: <?php     eval(base64_decode('malicious code encoded here')); .........
    • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
      • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
      • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
    Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

    Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

    It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

    For reference, a handy pattern for detecting this code in grep is:

    grep -R -l 'eval(base64_decode(' *

    (This should always work because you should never have similar PHP running in your legitimate code…)

    Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

    So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

    Of course, you all let me know if you still run into any problems, okay?

  • Items of recent awesomeness

    Some of these links aren’t as shiny-new as they were when I started this post, but even so:

    The CDC’s zombie apocalypse preparedness plan: Yes, the CDC is all over the possibility of a zombie apocalypse. For real.

    If zombies did start roaming the streets, CDC would conduct an investigation much like any other disease outbreak. CDC would provide technical assistance to cities, states, or international partners dealing with a zombie infestation. This assistance might include consultation, lab testing and analysis, patient management and care, tracking of contacts, and infection control (including isolation and quarantine).

    Tintin: The Secret of the Unicorn move trailer: I knew Steven Spielberg and Peter Jackson were making a Tintin movie, but I didn’t realize just how OMGAWESOME it was going to be until I saw the trailer:

    The Javascript PC emulator: pure amazing geekery. This is an x86 processor being emulated in Javascript inside a browser. And it’s running Linux. To be clear: what is essentially a full computer is running independently inside the browser. Which theoretically means you could run, well, anything inside of it.

  • jawdropping

    (Pure geek post.)

    This is sick (not in the gross sense): 6502 compatible compiler and emulator in javascript.

    In JavaScript.

    If you don’t know what any of this means, that’s okay. I can’t hardly get my head around it either.

    Via JWZ.

  • Akismet

    I’ve started using the spam-killing service Akismet to handle comment spam on my three blogs. That, and instituted a basic moderation system for comments. I can’t say as I’ve been dealing with as much comment spam as some people, but I just got sick and tired of dealing with the problem myself and decided to offload the work.

    So far Akismet is pretty slick, though I’d guesstimate that it has only caught 50% or so of the spam comments I’ve received since activating it today. I’m hoping it gets better.

    It took a little bit of work to integrate it into my custom software, but I was able to crib a PHP class someone else had written and get it all integrated fairly smoothly. If you’re running one of the standard platforms like Movable Type or WordPress, though, there already exist handy plugins that you should just be able to drop into your blog directory.

    So if there’s any comment weirdness over the next few days as I monitor the activity and work out the kinks, bear with me. If you post a legitimate comment, it should show up right away, unless it was incorrectly flagged as spam. That’s where the moderation comes in; I’ll make sure to approve legit comments ASAP.

  • Commodore 64 emulator… in Flash

    Okay, geek levels are off the charts on this one: FC64, a Commodore C64 emulator for Flash. And it’s open source. This is just mind boggling…

    …because, among other things, what this means is that I could embed a Commodore 64 emulator, games and all, right here on my blog. Because it’s in Flash. And Flash in installed on nearly every browser these days.

    So not only could you play C-64 games here… if you know BASIC, you could write and run your own programs for it. So then I wonder if those are saveable? I bet that would be easy to hack… Talk about a community project: everybody writing programs for everybody else to run without having to install software or trade files at all. Hmmmmmmmmmm…

  • Dell computer fun

    Simone noted the humor/frustration level I was having with Dell this week at work. Of course, anytime I mention “Dell” around her she shakes her head in disgust, so perhaps she’s not exactly the most objective observer. :)

    What happened was, at work this week one of the newish Dell PCs started making a high-pitched spinning/whining noise. At first I thought it was a fan, so I opened up the box, eliminated the fans as a source of noise, and quickly concluded it was the hard drive. Sounds emanating from the hard drive are, generally, a Bad Thing. And sure enough, when I tried to boot the machine up again in order to copy the data to the network (most of the user data is already on the network, except for a few things like email and some accounting data), I got the Windows blue screen and problems booting.

    So I got the person set up with a temporary PC (an older one), pulled the hard drive, and called Dell.

    (Let me disclaim in advance that in fact all the people I talked to at Dell were very professional and helpful, and the overall service they performed was very good. It just turned into a minor comedy of errors.)

    First of all, the machine’s out of warranty; it was purchased one year and one month ago. Of course! Even assuming I’d bought the one-year service plan warranty with it, it still wouldn’t matter.

    Nearly 45 minutes later, after talking to three different people (a woman from India; some fellow with an unidentifiable accent in Tech Support; and a woman from Roseburg, Oregon in Sales), I was finally able to get the order placed for a new hard drive that matched the specs of the machine and drive in question: 80GB Ultra ATA, IDE interface. Pay attention, that’s an important detail.

    They tell me that yes, even though I ordered the drive with Next Day delivery, it still may not even ship out until Friday the 14th. That’s fine, I say, just get it here ASAP. And guess what? They surprise me by delivering the hard drive the very next day! Woo-hoo!

    Open the package, mount the drive into the PC chassis, go to plug everything in… and it’s the wrong type of drive. They sent me an 80GB Serial ATA (SATA) hard drive, which is incompatible with the IDE interface in this computer.

    So there’s not much else to do but get on the phone with Dell again, spending exactly 31 minutes on the phone this time (our office telephones have a call timer). I spoke with the Customer Service department (again a woman from India, as near as I can figure), got the return processed (UPS would pick it up in the next three days), then transferred to Sales, where I made sure to order exactly the right type of hard drive. I hope. This was Thursday.

    The new drive hasn’t arrived yet, so the speedy Next Day delivery that accompanied the first hard drive hasn’t recurred. Hopefully Monday? But, the UPS guy did pick up the return Friday morning, so that’s something.

    Simone did warn me.

  • Bad PHP! Bad!

    If you’re familiar with web programming and AJAX and PHP, check out this item about Client-side PHP on The Daily WTF. Go ahead, take a look. I’ll wait.

    Done? Good. Now, if you’re familiar with what’s happening in that code, I’ll wait while you convulse in horror. :)

    Holy expletive, that code makes me angry and want to laugh at the same time. I’ll just reiterate Deane’s headline: Someone please fire the person who wrote that.