Category Archives: clients

security for the paranoid

You have been poking around where you shouldn't have been, and are now BANNED from Hybrid Elephant!i’ve been reading all about the hacks that are common on wordpress and OSC software recently and getting paranoid again. a while ago – after i was hacked the first time – i did some basic things to help me deter hackers: i renamed the OSC administration folder to something less obvious, and i wholesale deleted my file manager (which i never used anyway), but that did little to asuage my raving paranoia, so, along with more standard and practical approaches, like .htaccess, i have also installed a number of things to dissuade unfettered poking around my server, including (but not limited to) exploit scanner, NoSpamNX, and Simple Trackback Validation on my wordpress installation, and IPTrap, OSCSec, SiteMonitor and SecurityPro on my OSC installation.

i’m particularly proud of the “Banned” page, which you can find if you go poking around my server looking for links that you probably shouldn’t have… 👿

but despite all of this experience-based prophylactic action, i’m still paranoid, and it doesn’t help that my more sophisticated clients are expressing their paranoia as well.

update

i didn’t have a rehearsal yesterday, because it’s the “sousa-torium” (i.e. the break between sousa’s birthday and march or so, when we start rehearsing for next year. also, i don’t have a rehearsal tonight, because kiki’s going to the memorial for george shangrow, and anyway, they’re changing the whole story around (big surprise) so they don’t need the band, which is good because i could use the time off. it will also give me time to design a xmas postcard for the BSSB, which we are going to try to do again this year.

i went to help out my brain-injured client again yesterday. he had somehow added a wiget that he didn’t want to his panel. he said he didn’t, but i certainly didn’t put it there, and he’s the only other person to have access to the hardware, so i tend to believe that he did it in spite of what he says. after talking with tamzin, who also has aged, brain-injured clients, i bit the bullet and locked the panel, so that he can’t do it again. it’s obvious that he doesn’t really know what he’s doing about half of the time, and to leave “secret” methods of modifying the interface does more harm than good. also, he apparently has a preference for the “kickoff” style menu, rather than the “classic” windows-style menu, which is a good thing to remember.

something went wrong with one of the stylesheets and suddenly the login page for my blog looked all wonky. the last time this happened was a couple of years ago, when my blog was hacked, so i was pretty worried. i checked, and the blog didn’t appear to be hacked in the same way it was before, but still: the error i was getting was “Failed to load login.css” and i could see that login.css was there, and i looked at it and it looked the way it was supposed to… so i went to the wordpress “support” site, which is probably good for some people, but i have never gotten a usable solution when i have gone there with problems with my wordpress installation. nevertheless, it’s a place to start, so i did. i waited two days and nobody responded to my query… 😐 so i then logged into IRC, went to #wordpress and asked there. the guy who (finally) responded asked if i had tried uploading the file from a backup.

d’oh!

once i had uploaded and replaced the stylesheet, everything went back to the way it’s supposed to be.

getting things done

today i went to somebody’s house in kent to drop off some coaxial cable, then i went to firwood, a suburb to the south of tacoma, to get parrot food, then i went through puyallup to milton, where i picked up an order for busines cards from a client, then i went into federal way to go to costco for groceries and gas before completing the grand circut home. once home, i prepared the artwork for the business card, and placed the order at the printers, did the laundry, and took out the trash.

i’ve got to take photos, and paste up a new page of printing examples for the Hybrid Elephant web site. i’ve got to figure out how to make, and then implement an updateable calendar for the BSSB web site.

i’ve mentioned my aged, brain-injured client in the past. this time he had me come over because, he admitted when i got there, he “got mad” at his computer, recently, and started randomly right- and left-clicking his mouse in an attempt to get it to do something (he never did tell me exactly what). the big result, which i’m still not exactly sure how he pulled it off, was that instead of kubuntu 9.whatever that i had installed for him, he now has a fresh, clean installation of kubuntu 10.04… and a whole bunch of “panels”, which are the linux equivalent of what, on windows, is called the “task bar”, and of which you can make as many as you want, that all do different things if you’re so inclined.

my client knows nothing about how all of the panels got there, he said that he was trying to get a popup window to go away. he did have “knotes” running, which makes popup “sticky notes” on the screen, and he had several dozen notes containing nothing but a date, that were all minimised.

i was a little taken aback that he had apparently successfully upgraded the system, but if nothing else, it’s a testament to how easy linux is to upgrade. once i got him back to a reasonable number (which, in his case, is one) of panels, deleted and removed the “popup” notes, and the KDE “desktop sharing” application, which had apparently been installed with the upgrade, and had him up and running again in about 20 minutes. i didn’t actually lock the panel – which would prevent him from “getting mad at the computer” and randomly changing things, and which i could have done fairly easily – because i don’t want to limit his exploration of the computer. if he’s aware of the fact that “getting mad” at the computer doesn’t automatically ruin the computer, my guess is that he’ll be a lot more willing to “poke around” the computer without getting mad…