Chuggnutt!

Blog

  • Leap Day

    This is only the third Leap Day we’ve had since I’ve started this blog, and this is the first time I’ve made a point of noting it. Aside from being the one extra day every four years (and, technically, only every 400 years on the century marks), the only other notable thing I can think of about the day is that there is a folk tradition wherein a woman asks a man to marry on this day rather than the other way around.

    Leap Year itself is more interesting to me in large part because of that “400 years” observation I made above: a quirk in the calculation in the Gregorian calendar which we use. However even that pales to some of the other leap year calculations made in different calendars: in particular the Chinese, Hebrew, and Iranian ones seem especially difficult. I know the algorithm for computing a leap year in the Gregorian calendar, but the mind boggles at the ones for these others.

    If you’re lucky enough to have a birthday today, happy birthday! I’ll buy you a drink on your next one, four years from now…

    Postscript: Apparently I forgot to push “Publish” on the day itself!

  • Anatomy of a blog hack

    So, last weekend I found out that my blogs had been hacked.

    Actually, it wasn’t just my blogs, nothing personal involved or anything like that: the shared server space my sites were hosted on was compromised, and a good number of other sites and files were hacked as well. Based on what I can piece together, here’s what happened:

    There were a number of sites on this hosting space that were running out-of-date versions of WordPress, and some that also had various other PHP code installed (NetOffice, Gallery 2, a few others). Any software that is outdated is potentially at risk to known exploits, but more worryingly, I found an old bit of PHP code on the server that was set up to run arbitrary PHP code for (I presume) some back-end admin processing, and ultimately I think this was what had been exploited.

    And until I had found and killed this code, the exploit happened at least 3 times even as I was cleaning up the server.

    The exploit itself, once I knew what to look for, was fairly simple:

    • In PHP files that were writable to the Apache webserver process, the code was altered so that any line containing an opening PHP tag (which tells the server to start executing the code after it as dynamic PHP until the closing tag is reached) looked something like this:
      From <?php .....
      To: <?php     eval(base64_decode('malicious code encoded here')); .........
    • When I copied this code to a sandboxed PHP environment and decoded it, it contained fairly simple instructions:
      • If the visitor to the site was coming from a Referrer—in other words, if they had clicked on a link from another site like Google search results, Facebook, someone else’s blog—they were redirected instead to a completely different site that presumably contained spam, or malware, or whatever.
      • If the visitor was coming to the site directly—they had typed the URL directly into the browser’s Location bar, or clicked on a bookmark—then they were passed on through to the site.
    Because I normally type in URLs to my blogs directly, or click the “recently visited” link in Chrome’s list, I didn’t see the exploit at first. But as I was writing a blog post on The Brew Site on Friday the 20th, I was searching out a link to a previous blog post (gotta love Google for that) and when I clicked that link to pull up the earlier post, I was redirected to some site in Poland (or at least, with a Polish country code for the top-level domain).

    Fortunately, I don’t believe this hack was in place for long, since I often search out links in this manner and would have noticed sooner: Sometime in the wee hours of the morning of January 19th was when the files were first modified is the earliest I can determine.

    It took me a bit of time to figure out the exploit (at first I was thinking it was the Google 302 hijacking exploit), but once I did I was cleaning up files on my blogs by Saturday morning. I hadn’t yet had the chance to address the (many) other files and old sites on the server hosting space, so unfortunately my blogs got re-infected at least once more before I was able to kill the old files and update others. Most of my weekend (and part of the following week) was spent updating, fixing permissions, cleaning, and deleting files and sites.

    For reference, a handy pattern for detecting this code in grep is:

    grep -R -l 'eval(base64_decode(' *

    (This should always work because you should never have similar PHP running in your legitimate code…)

    Now, I keep my WordPress blog software (and installed plugins) up-to-date pretty religiously, and I try to keep permissions set appropriately. But a good number of files in each blog were infected even so—how? It turns out, even though a fair number of the core files that were originally installed (manually) had the correct Unix group (“<account>:users”) and permissions of 644 (rw- r– r–) and were untouched, I was also making liberal use of WordPress’s built-in auto-updating feature, along with automatic plugin installation, and at some point the files that WordPress were updating got set to the “nobody:users” group—the Apache webserver process. It was these files that were exploitable to the “nobody” Apache process that was being exploited by the other code on the server. (Along with the few files I had set to group-writeable as well.)

    So, lesson learned. I’ve battened down the hatches, fixed the permissions on all the files in my sites, and have decided to forgo WordPress’s auto-installing and update features for now for good measure. And, I’ve finished up a (long overdue) move of my blogs to a new webhost with none of the legacy code possibilities that were extant on the original server. (Nothing against the original web hosting provider, I just needed a clean break with an affordable price.)

    Of course, you all let me know if you still run into any problems, okay?

  • Merry Christmas!

    I hope everyone’s having a great Christmas this year! I know I am so far, and since it was just my birthday two days ago as well, I’ll soon write up the usual post of my haul. And we saw the Tintin movie on my birthday, which was awesome, so I’ll have more to say about that as well.

    Merry Christmas!

  • November wrap-up

    Much of November was uneventful—it mostly consisted of the usual routine for the first few weeks minus a kid’s birthday—but for the week of Thanksgiving we visited Burbank to spend the holiday with my brother and his family.

    That trip started out slightly awry, as we tried to leave town on Friday the 18th, right after work, and only managed to travel all of 50 miles or so to Crescent before being stopped for several hours only to learn that the road (Highway 97) was closed entirely. See, that was the night of the big statewide winter storm that dumped snow and ice everywhere. So instead of getting to Redding that Friday night we ended up turning around and coming back home (after about 5 hours on the road) and left again the next morning. That was more successful; there was still snow on the roads but it was daylight and the road was open, and once we crossed over into California the roads were pretty much cleared up.

    So we drove all the way through to Burbank (north of Los Angeles) in the one day. Which isn’t as bad as all the way to San Diego in one day (we’ve done that one too) but still makes for a long drive all in one sitting.

    The rest of the holiday week was good; we drank a lot of good beer, toured the Warner Brothers Studios lot, checked out Burbank and the area a bit, and had a nice Thanksgiving.

    Coming back was easy in some respects—as far as the drive went as we split it out over two days—and hard in others (whaddya mean I gotta go back to work?). We got back Sunday relatively early which left time for unpacking and cleaning and such but not a lot of decompression time before going right back into the routine.

    Let’s see, what else went on in November… read a good book that I’d recommend, Ready Player One, which has its flaws but is a fun, clever, engaging read. It’s essentially a caper novel masquerading as a near-future/video game/pop-culture/MMO sci-fi adventure, set some 30 years in the future and mostly taking place in an online game/virtual world. And it heavily mines the pop culture of the 80s (and 70s to a lesser extent), particularly that of music, movies, and videogames, which makes it catnip to the contemporary Gen X geek who spent a lot of time playing with computers and videogames during the 80s.

    Hmm… is it bad when that’s all I have for the highlights for the month? The rest has been filled with work, and the family stuff—a school concert and other school functions, birthday parties, the usual kind of things.

    But! We’re going into the Christmas season, which is one of my favorite times of the year. That always livens things up!

  • The best thing I’ve seen lately

    Just in time for Halloween!

  • Top 10 books lost to time

    Just ran across this Smithsonian.com article: The Top 10 Books Lost to Time. Neat read, rife with possibilities; every link I’ve seen pulls a quote from the #4 selection, Inventio Fortunata, which does have a bit of a Piri Reis-sounding mystery to it; but the “lost” Shakespeare work of Cardenio interests me more:

    Cardenio has been called the Holy Grail of Shakespeare enthusiasts. There is evidence that Shakespeare’s company, the King’s Men, performed the play for King James I in May 1613—and that Shakespeare and John Fletcher, his collaborator for Henry VIII and Two Noble Kinsmen, wrote it. But the play itself is nowhere to be found.

    And what a shame! From the title, scholars infer that the plot had something to do with a scene in Miguel de Cervantes’ Don Quixote involving a character named Cardenio. (A translation of Don Quixote was published in 1612 and would have been available to Shakespeare.)

    Kind of sounds like the ultimate Elizabethan-era crossover.

  • Ignite Bend 7

    We attended Ignite Bend 7 the other night (merely watching this time, rather than as a presenter) and it continues to amaze me how good and fun an event this is; I’d venture to say this was the best one yet.

    (Though I might need to watch the previous ones again to be sure.)

    Since presenting at Ignite is such a fast-paced, nerve-wracking, and often first-time experience for people, there’s usually at least one presenter who’s visibly nervous, or stumbles a bit over their slides or their timing, and this faltering can take some of the steam out of their presentation; at IB7, though, everyone was engaging and maintained a really good energy level (even Becky Zagursky who had trouble keeping up with her Aqueous Humor slides rolled with it and kept the crowd laughing).

    All in all a great event, as always. If you’ve never been to an Ignite, you should make the time for one. (The next Ignite Bend is going to be February 23.)

  • Cascadia, State of Jefferson and other secessionist movements

    Being in Portland several times over the past several weeks for beer happenings got me thinking about the (mostly inconsequential) debate about “Cascadian Dark Ales” (versus the other names of “Black IPA”, “American Black Ale” and so on) and about the “Cascadia” part of that name. See, here in the Pacific Northwest “Cascadia” can refer to the Cascadia independence movement, which according to Wikipedia:

    Cascadia is the proposed name for an independent nation located within the Cascadian bioregion of the Pacific Northwest region of North America. Proposed boundaries differ, with some drawn along existing political state and provincial lines, and others drawn along larger ecological, cultural and economic boundaries.

    The nation would be created by secession of British Columbia from Canada, along with Oregon, Washington and portions of other states from the United States. At its maximum extent Cascadia would extend from the coastal Alaskan Panhandle to the north, extending into Northern California in the south, and inland to include parts of Alberta, the Yukon, Idaho and Western Montana.

    This also made me think about the State of Jefferson—another proposed secessionist movement that would combine part of southern Oregon with Northern California:

    The State of Jefferson was a proposed U.S. state that would span the contiguous, mostly rural area of southern Oregon and northern California, where several attempts to secede from Oregon and California, respectively, have taken place in order to gain own statehood.

    I find these sorts of movements (ideas? memes?) fascinating on all sorts of levels, partially because they seem so wildly improbable and partially because it’s sort of a glimpse into an alternate reality (which piques my science fiction interest). And yet both Cascadia and Jefferson State are fairly recent phenomenons, which give them an air of plausibility for something that could be accomplished in my lifetime. Wildly improbable plausibility, as I noted, but still.

    For these and other historical U.S. alternate realities, Wikipedia’s list of secession proposals is a fun read.

  • Oregon Brewers Festival

    This year, for the first time since 2007, I was able to make it up to Portland for the Oregon Brewers Festival—the biggest beer festival in Oregon, if not the Pacific Northwest. (They bill it at “North America’s largest gathering of independent brewers” which I’m not so sure about considering the Great American Beer Festival, but anyway.)

    You can read all the various related blogging bits about the OBF over on The Brew Site, my beer blog; beer reviews, vignettes, pictures (soon), that sort of thing. It was a really good trip, and a good festival; the amount it has grown even in the past four years since I was last there is amazing—used to be, you could hit the Fest on the first or second day early, right after they opened, and you’d have the run of the park and the beers, sure there were people there but there were no real crowds and no real lines anywhere.

    That seems to have changed; even Thursday (the opening day) within the first couple of hours the crowd was bigger than I remember and there were lines to beers—in fact, the Maui Brewing CoCoNuT Porter apparently ran completely out by 12:30 (gates open at noon) on the first day—which if you ask me is just insane.

    Because of my beer blog, I was able to get into the special blogger preview early on Thursday, tasting 15 beers to write about (which had to be done by the next day), plus I got a “media” badge and a mug as part of the package. I always feel a little conspicuous and slightly sneaky wandering around wearing the media badge, like I need something more to show for it than just carrying a notebook and a small camera along with me. (Okay, to be fair I had a backpack with those items in it plus the netbook computer, extra water, tokens, and Brew Site business-type cards.)

    I also got the opportunity to meet and hang out with some bloggers and industry folks, which was a nice bonus to the weekend (of course). And hit up a couple of breweries: the Tugboat Brewery which I absolutely love but hadn’t been too in many years, and the new Burnside Brewery which I’ve been reading great things about (and who have some of the more unusual beers that I’ve seen).

    Altogether, a really good weekend.

  • Bandon

    My wife and I just spent an anniversary weekend over on the Oregon Coast, in the southern town of Bandon. I think I’ve written before about how I really like this town; we’ve been three times previous but the last time was some nine years ago, which is too long.

    Bandon is small (about 3300 people) and relatively touristy; it has a mix of the cutesy tourist shops (used books, candy stores, ocean art, antiques and gifts), a small but decent selection of restaurants, and mostly-nice lodging combined with the working-class presence of an Oregon coast fishing town. Add in several good state parks and fantastic beaches, and very decent weather (by Oregon Coast standards), and I do think it’s one of the coast’s gems.

    Without going into full travelogue mode, I will say both Edgewaters and The Loft (both right downtown in the Old Town Bandon area) are fantastic restaurants, and the two candy stores of Cranberry Sweets and Coastal Mist are must-visits.

    One thing I do notice however, is a distinct lack of beer. Not to say there’s no beer there—there is—but ironically the best selection of craft beers that we found on this trip was at the Mill Casino up north in Coos Bay/North Bend. In fact the entire southern stretch of coast below Florence is completely devoid of breweries, probably making it the most under-served area of Oregon in that regard.

    To that end I have to say I think Bandon would be a natural location for someone to open up a brewpub; I suspect it’s got the tourist traffic that would support at least a small one, plus you have a population of at least 25,000 some 20 miles to the north from “Oregon’s Bay Area” (which, no joke, we saw on a sign entering Coos Bay). So naturally, I’ve already started formulating beer ideas in my head and wondering how the numbers might pencil. (You’d ideally need to be located in Old Town Bandon, I think, where you’d get the majority of foot traffic and tourists.)

    So, who’d want to go in on such a venture…?