Category Archives: technology

micro$not, mshtml, and activex

back in the dark ages, when i was working at STLabs, before we moved to factoria (i.e. STLabs… so, what? maybe 1995? 1996? somewhere in there), i was testing Internet Explorer version 3.0, which meant, basically, that i was testing micro$not’s browser engine, which is called MSHTML.dll. at the time, a very good friend of mine from college, saint fred (now, sadly, passed on) was mucking about with the innards of micro$not’s operating system, and discovered a problem which had existed for several years prior to this, which micro$not had “made disappear” by changing the technology’s name from OLE — which was, itself, a “renamed” technology, originally called Visual Basic for Applications, or “VB-A” — to “ActiveX”, and, in the process of making it “disappear”, actually made it more prevalent and insidious, by making it work seamlessly with even more micro$not technology.

and, saint fred being who he was, took advantage of this by writing the “Exploder Control”, which could be embedded in a web page, or a microsoft document, and would, when “activated”, perform a clean shutdown of the computer on which it was being viewed… whether you wanted to shut down your computer, or not.

you hit this web page, and, within seconds, your computer shuts down, with no further input from you. 😏

or…

you open this microsoft word document, and, within seconds, your computer shuts down, with no further input from you. 🤣

i watched it happen as it first came out, before anybody realised what it was. it was hillarious! i gave the URI for the exploder control to my boss, and then went back to my workstation and listened, as she suddenly whined “it shut down my computer!” 🤣🤣🤣

and, of course, micro$not’s response to this was to threaten saint fred with lawsuits for doing stuff he shouldn’t have been doing, and when that didn’t work (because fred made sure that the exploder did everything strictly “by the book”, including getting micro$not’s signature on the control), they made the exploder control something that was detected by their anti-virus software (even though it was very clearly NOT a virus, and, actually, did everything totally “by the book”, something to which micro$not never admitted), and, once they figured out that they had caused all of this, they pulled their signature on the control, so that it raised even more red flags before actually activating it…

and, basically, did everything EXCEPT fix the problem, which, after a few months of frantic ass-covering by micro$not’s marketing department, while the tech industry had a good laugh, got swept under the rug, anyway, by more current micro$not fiascos.

but the technology remained, and every version of windows has support for activex, every version of MSHTML.dll has support for activex (which is one of the reasons micro$not got rid of MSHTML.dll a couple years ago, and current versions of Internet Exploder… um… what’s their browser called again? EDGE, that’s it… uses google’s “chrome” browser engine, instead. the browser wars are over! micro$not LOST!) and you can, literally, do ANYTHING with activex, that you could do from the normal user interface of windows, and there is, literally, NOTHING stopping you from doing this — or other, more nefarious things — given A LITTLE knowledge of the technology.

which is why, when i saw this headline: Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft the FIRST THING i thought was “Exploder Control strikes again!”

this is one of the VERY BIG reasons i do not use micro$not on my computers. i don’t even have my microsoft 5-button mouse any longer!

i wonder if they’ll ever learn. 🙄

Continue reading micro$not, mshtml, and activex

umph!

i’ve come to a decision.

there are over 150,000 separate files, which takes up 4.5GB, in the .jpg directory alone, of the recovered data.

it took my computer half an hour of doing nothing but loading the directory, before it was completely loaded. every time i opened a file, it took 10 minutes to reload the directory.

i would have to open every one of them to determine if it’s corrupt or not, and if not (about ⅔ of the time), i would then have to determine what it is, and where to put it.

if it takes me (conservatively) 30 seconds per document to make those determinations, i will be doing this for the next 4,500,000 seconds, or more than 7 months of doing NOTHING but opening files to determine whether or not they’re corrupt… no eating, sleeping, shitting, busking or anything else, just slogging away in front of the computer.

factoring in those other things, i’m looking at a couple years, minimum. 😒

i may have been willing to do it at one time… who am i kidding, i’ve NEVER been willing to do that, for that long, for as little payment as i would get. 😒

it’s sad, but there it is: the last 6 years of my life, in pictures, and they’re all going down the toilet, along with a significant portion of my business, my music and artwork, and monique’s photos from the past 6 years.

now, do i keep the data on my new cloud drive, or do i delete it. i’ve also got it on the 1TB external drive that the data recovery folks sent me, so it wouldn’t be entirely deleted… but… 😭

this is one of the times the computer has won the battle. 😒

ETA: interesting, but extremely BIZARRE development is that, upon further investigation, there is a “.jpg” directory, and a “photos” directory, in the recovered data. the documents that are in the .jpg directory are about ⅔ usable files, but their names are gibberish, and there are more than 150,000 of them, all in one directory. however, for some strange reason, the files that are in the “photos” directory are in subdirectories that indicate the manufacturer of the camera, scanner or printer (of which there are about 50), and further subdirectories that indicate the make and model of the camera, scanner or printer (there are A LOT of them), and the files themselves, for the most part, contain the date they were taken in the filename… and, let me tell you, i have A LOT easier time figuring out what a photo is if it is named something like IMG_20061129_133315 (49EA1400).jpg than i do if it is named 80AB2B00.jpg… A LOT!

oh, alright… 😒

this is an update. what i’ve been doing:

busking. this has been a long time coming. it’s really good to get out and play music for people, and, so far, we’ve been averaging between $15 and $25 apiece for an hour or so of busking. now, instead of howlin’ hobbit and his ukulele, it’s thaddeus and his banjitar — an interesting hybrid, that looks like a banjo, but has six strings and is tuned like a guitar. as i’ve always said, the money is an extra, added bonus, for me, and it’s still true, even after a year and a half… but it’s always nice, and we’ve actually already got one “paying” gig as a result: the pike place market is putting on a “sunset supper”, and is hiring market buskers at $100 apiece for an hour of busking while rich people eat food… that is, most likely, NOT offered to the buskers, but they’re paying $100 apiece, so it’s sort of okay… the BSSB has started rehearsals again, too, which is another bonus. 😉

ripping CDs back into my music collection. i have only gotten the barest of starts sorting the recovery data, in spite of the fact that, in the small print, the data recovery people say that their “free” recovery media (a 1TB hard disk, in my case) only has a warranty of five DAYS — which, to me, says “if you don’t get your data off our recovery media post haste, we’re not going to guarantee that you’ll have ANYTHING, regardless of how much you may have paid us.” nevertheless, at this point, i’ve got all of the data that really made a difference (the panchamukhi ganesha from my car, the spreadsheet containing the data for the Incense of the Month Club, and the spreadsheet of blocked-for-spamming IP addresses), and, basically, if i had anything else i need, i don’t remember it, and probably won’t until i need that data again, which will mean that i’m probably going to have to keep going back to the recovery data on occasion, for the rest of my life… however, if i already have freshly ripped .flac files, then, when i finally get around to slogging through the 1TB MESS of recovered data, it will be slightly less of a concern if the archives i got are incomplete or corrupt. this is an ongoing project that is probably going to take several weeks to finish, and while it’s going on, i may not post here, as much.

hiding from the smoke and heat. it hasn’t been as bad as it was a couple years ago, but it’s definitely smoke season. i look out my office window and see orange skys and translucent air, and the AQI is 63, which is firmly in the “yellow” range. busking, yesterday, was an extra bonus, because it was around 10°F cooler at the market than it was at home… it’s 20° cooler than it was in june(!!), but it’s still in the high-90°s, which is extremely rare around here, in my experience. the government climate change investigatory committee just released the first part of their study, a few days ago, and it says what climat change activists have been saying for 30+ years, now, which is, basically, climate change is real, it’s happening, and it was definitely caused by humans… and then, two days later, 7 democrats switched positions, and voted with ALL the republicans, to pass a law making it illegal for the government to EVER ban fracking. 🤬 so, i guess that means that, ultimately, climate change will kill us all, but the rich people are going to die last. 🤬🤬 i have never wanted to, but it’s my impression that, soon, i will have to apologise to ezra for bringing him into a world where he may never reach his full potential, because of the thoughtlessness and carelessness of my immediate ancestors.

hiding from the virus. the delta variant is 1000 times more contagious than the original strain, and they’re saying that recipients of the pfizer vaccine, at least, will have to get a “booster” shot, but they’re not saying when it will be available, or how long we have to wait before getting one. in the mean time, schools have been making masks optional, and reopening, and then closing down again, when 40% of the students get COVID, while the right wing, q-anon devotee, anti-mask, anti-vax, trump morons are dying by the thousands, and STILL ranting their nonsense about it affecting pregnancies, or tracking microchips in the vaccine. there’s an image i saw on twitter that is, basically, a huge banner, strung between two cars, that says they’ll never get the vaccine, and that you’ll have to kill them… the ironic part is that, most likely, we won’t have to kill them, because the virus will do that for us, and we won’t have to do anything. hospitals are failing in missouri, texas, and florida, where the governors are particularly anti-mask and anti-vax, despite the surge in cases, and a vast majority of the fatalities have been people who refused the vaccine. at this rate, we’re going to be dealing with this pandemic for A LOT longer than the 1918 “spanish flu” pandemic, primarily because of STUPID people who won’t get the vaccine or wear masks, on account of their “freedom”. 🤬

hope? — dashed?

sorting through the mess of recovered data is heartbreaking.

i’m finding all sorts of stuff that, once i actually see (or hear) a bit of it, i know exactly what it is, and i’m starting to get things organised enough that, some of the time, i even have a place to put it, once i’ve discovered what it is…

but, then… everything doesn’t come crashing down, but…

i haveHAD a CDR album called “We Bore 2“, which was one of my favourites. it was produced in 2003 by Toast & Jam Records, which has, since, gone out of business, and their web site is now a japanese porn site… it was a “various artists” compilation of electronic, experimental, glitch music, and it was AWESOME!

i found a .RAR archive with the .mp3s for “We Bore 2”, and i was, like, “COOL!”… i expanded the archive, and put it in the place it had been taken from in my collection, and went on to the next archive.

today, for the first time, i actually LISTENED to “We Bore 2″…

yeah, all the tracks are there, but track 1 is NOT what was there the last time i listened to “We Bore 2″… and track 2 is also the same way, to a lesser extent… and track 3 is pretty messed up… and track four is mostly there, except for a patch in the middle which is totally missing… and track 5… and track 7… and track 8… and track 9… 😭

pretty much all of the tracks have something wrong with them…

and i can’t get another copy of the CD, because i originally downloaded it as a .rar file…

and, i’m pretty sure (given the huge quantity of .rar and .zip files that got recovered) that more than a few of them are going to have exactly the same problem. 😭

ETA: all is not lost… well, for “We Bore 2” anyway… it turns out i actually have the original CDR for this album… but i’m fairly sure that is NOT going to be the case with a majority of the .rar and .zip archives i have…

gress

why is the opposite of “progress” not “congress” rather than “regress”?

i got in contact with the vehicle-wrap artist that did the actual artwork for the previous car, and he, also, sent me an .eps file containing the original artwork, so i’m sure i have backed it up, now… although i haven’t backed it up to the cloud drive, yet, because i can still only access it through a web browser on my linux box, and not at all on my mac laptop… and i am worried that they’re not going to be able to make it work on my mac laptop, because i did the steps to auto-mount a network drive, at startup, and it took my password and chewed on it for 30 seconds or so, and then rejected it… i THINK it’s because the cloud drive wants me to login to /cgi-bin/ but the ancient mac will only let me login to the base server URI. and on the linux box, it allows me to specify the login directory, and accepts my password, but never gets beyond that, to actually logging me in — it just repeats its request for a username and password, over, and over, and over, and over… 😕 hopefully, when the guy comes over this evening to give me the keys, he will be able to conclusively address these issues.

ETA: he addressed those issues like a boss, and had BOTH the ancient mac and my linux box wrapped around the NAS’s little finger in about 10 minutes… the old mac, apparently, doesn’t like the domain name, and REALLY doesn’t like the fact that my username has an @ symbol in it, but it eats up the intranet IP address like it’s going out of style, and, because of the fact that it’s ONLY addressing the NAS from the intranet, i just gave it the administrator username instead of my username… and the linux box was, basically, the same, once we figured out how to do it… and connecting monique’s computer was easiest of all: just gave it the intranet IP address and everything was kosher. 😎

there’s A LOT of music in .zip or .rar archives in my recovered data, so, once i get to the point of actually expanding those archives, i will have a significant part of my music collection back… for that matter, i’m pretty sure i “backed up” my music collection to CD, around 10 years ago or so, which means that, once i find where i’ve put it, there’s a good chance that my music collection will be back to 75% to 80% of what it was prior to the crack.

the western digital support personnel that i talked to on 210724, who said that someone would be calling me “monday or tuesday” lied, because it is now wednesday, and i HAVE NOT received a call from them… which only strengthens my suspicion that they are NOT going to try to contact me until after 210731, which is their deadline for making a claim through their data recovery program. 😒

the process of categorising partially corrupt files is both time-consuming, and ultimately frustrating, because, once i have rough-categorised the files, i have to go back through, re-open every file again to determine what it is, re-name the file, and then categorise it AGAIN… and A LOT of the file names started with the date that they were last looked at, which, frequently, is a complete mystery from inside the document, so even when i have them renamed, and categorised, i still can’t complete a time-line for stuff that was modified more than once… which will, very likely, cause major headaches in the future, particularly with documens created for other peoples’ printing. 😒

seriously, whatever anonymous skript-kiddie did this to me — who has never even met them before — just for “lulz” — better hope that i don’t run into them late at night in a dark alley, because, if that ever happens, the result will NOT be positive for anyone. 🤬

on a lighter note, i got my physical copies of questionable content, the electronic copies of which were lost… i’m slowly getting everything put back together.

but i still have to rewrite the IOTM blurb about patchouli for next month, because it’s coming up really soon, and it’s the only IOTM blurb that i didn’t get back… which is a real shame, because the old one was really amusing, and i don’t know if i can remember all of what i said.

new nas

lord buckley would love this…

but, unfortunately, lord buckley was part of the data that either wasn’t recovered, is corrupted, or i haven’t found it yet because i’m dealing with sixty gazillion files that are named something like 0SVP8382U794.mp3 or 3O1458DNLWO.jpg, because all of their meta-data has been deleted. 😒

anyway, the new NAS is up and running, although not completely configured yet. i have an “app” on my phone and tablet that gives me access to the cloud drive, and i can access it through a web browser on my antique mac and my linux box.

ETA: and accessing it through a web browser is an entirely new experience for me, because, despite the fact that it’s in a web browser, the “pages” are things like the file center, which allows me to “drag-and-drop” files from my local computer, to upload them. basically it acts like a window, even though it’s technically a web page. will wonders never cease?

although i’m fairly sure linux has a more direct way of accessing the cloud drive, the guy who came by to set it up wasn’t a linux geek, and, apparently, has never met a linux geek in the general public. he was astounded when i told him that i had been running linux for 20 years… 😉

but the new NAS is WAY cooler than the old cloud drive, primarily because it is, apparently, possible to edit files while they are still in the cloud, rather than having to download them, edit them locally, and then over-write the old file on the cloud. if what i have already experienced with audio files is true, the likelyhood of my losing any MORE music is practically eliminated. also, it appears to be possible to install executable code on the NAS, and run it locally, which would make things EXTRA SUPER COOL, but i’m not 100% sure of it, yet. 😉

ETA: the NAS has, apparently, either configured itself, or something has been installed remotely that allows it to communicate with my linux system via a number of different protocols, including SMB, MTP (whatever that is — Media Transfer Protocol… who knew?), HTTPS, and bluetooth… which is really odd, because my computer doesn’t even have a bluetooth reciever, so i kinda wonder where the “Bluetooth” icon in the remote network directory came from… unfortunately, i have been unable to connect with anything other than HTTPS, even though the SMB instance takes my password and doesn’t say it’s wrong, it just won’t log me in… which is something to take up with the configurators tomorrow.

the “twisted pair” who are whipping my computers into shape doing my configuration are going to be finished up tomorrow, at which point i hope to have the more direct method of connecting on at least the linux box (if they aren’t able to figure out the antique mac, i understand). i’ve already got a lot of stuff sorted out of the recovered data, including a whole bunch of music, embeded in .zip archives, which appears to be uncorrupted, so, initially, it appears that i may not have lost everything. oh, i also discovered a bunch of CDs that have the date 4/20/13 on them, that appear to be raw .wav files of my first three cassettes, originally produced in the 1980s. if they are as pristine as they appear, then i MIGHT NOT have lost all my old music.

AND western digital FINALLY got back to me — i originally reported the loss on 210624, and, since then, i have sent the drive to texas, waited two weeks, and had the people in texas deliver the drive back to me, which arrived ONE WEEK BEFORE the western digital team (which “values your data”) got around to contacting me… 😒 they said they couldn’t help me unless i uploaded the system logs, but when i plugged in the drive, it wouldn’t even mount on mac, which means that they couldn’t even talk me through the process of recovering the system logs, at which point the issue was “escalated”, and they are, alledgedly, going to call me back monday or tuesday. at this point, i would estimate that it’s NOT particularly likely that western digital is going to call me back before 210731, which is when their web site says i have to have contacted them regarding a data loss from CVE-2018-18472… because after 210731, they don’t have to do anything about it. 😒

mrgmf!

so, according to the latest theory, a script kiddie found out about, and took advantage of CVE-2018-18472, but the bug doesn’t just allow anyone with the IP address to login as admin…

the bug allows anyone with the IP address to login as admin AND DO A FACTORY RESET!! 🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬

what this means is that the files weren’t just deleted, they were OVERWRITTEN… a factory reset reformats the drive and re-installs the operating system.

which means that the files that are gone, are gone for good. there’s no getting them back, at this point… 🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢🤬😢

i have resurrected ganesha the graphic

140215 Panchamukhi Ganesha The Car
140215 Panchamukhi Ganesha The Car
last night at about 10:30, i found a couple of .eps files of the graphic for my car.

vector renditions, i.e. infinitely expandable and contractable, keeping the same line quality.

today, i confirmed that they are the original, and my modified versions of the graphic, which is excellent, because, otherwise, i wouldn’t have artwork for my NEW car…

whee? 😕

oh, definitely whee… the new car is a hybrid that gets almost 50MPG, and is only slightly smaller than the current car, although it’s white, and not black…

such is life.

i got the data

good news: i got back (most of, as far as i’ve been able to tell, so far) my IOTM club records, including, most importantly the records of who paid when, and what they have received.

bad news: i’ve checked the largest adobe illustrator documents i can find, and they’re all corrupt, which means, very likely, that the artwork for my car is no longer, and when i get a new car (which might be a lot sooner than i expected), i will have to come up with new artwork for it.

i still have A LOT of files to evaluate… like more than a week, of solid 8-hour days, doing NOTHING but evaluating files… possibly as much as a month of 8-hour days. 😒

and that’s NOT listening to music and watching videos… that’s opening files, to make sure that they’re not totally corrupt, and listening to no more than 5 or 10 seconds of the music or video, to make sure that they’re not TOTALLY corrupt, and then rough-classifying the file based on the contents i’ve seen… and then going to the next file in the list.

which, of course, is leaving me with files where all but the last 5 or 10 seconds of music or video is corrupt, but the rest of it is fine, which is almost more frustratingly irritating than if the entire file was corrupt. 🤬🤬

also, more bad news: there were NO .ogg, .flac, .aif or .aup files recovered AT ALL, which means that NONE of the music that i have recorded since 1983 made it. 😢

i MAY still have the cassettes on to which they were originally mixed down, but they haven’t been played for at least 20 years, and i don’t hold out much hope. ken may have some of my stuff, because he is a music hoarder, and i have played music with him since 1985 or thereabouts, but he lives in bellingham. and i can download .flac files from bandcamp for all of the CDs i have made, except for the one that was made right after my brain injury, which isn’t all there on bandcamp… 😒

but, at this point, it doesn’t look particularly encouraging, and i strongly suspect that i’m going to have to re-rip ALL of the physical media i own, which is another couple of months of solid 8-hour days, at least. 😒

and that doesn’t even begin to address the HUGE quantities of music of which i have purchased and downloaded ONLY electronic copies, like the 40+ albums from ergo phizmiz which i have been collecting for AT LEAST 20 years.

it feels good to have created a way out of this mess, but it’s heartbreaking to think of how much quality work i have done that has been lost. 😢

ETA: i don’t know whether this is as good news as it could be, but i got a zip file full of business logos from my web designer, and there are a couple of high res graphics that are, basically, what i used on my car… and i actually found a couple of .eps files (which, i believe, are vector, and native to illustrator) of the graphic on my car… i haven’t checked, yet, because it’s late, and i really should be in bed, but, well… 😒 AND i am, officially, buying a new car (a hybrid, hyundai ioniq), which means that i’ve got to move my graphic, anyway.

updated answer

the answer costs $600, not $800. 👍

the answer is two 4TB disks in a RAID1 array, not 2TB disks, in a RAID1 array. 👍👍

i know that the cause of all this was the (potential) loss of all my data, but, at this point, i like where it’s all going A LOT more than i did two weeks ago… for that matter, i like where it’s all going a lot more than i did a month ago, before this all started happening. 😉

the answer

the answer is a 4TB NAS, two bays of 2TB each, in a RAID1 array.

this serves a dual purpose: the NAS is my “cloud drive”, and the RAID1 array is my backup.

i can “backup” the backup, to “the cloud” or to an external 2TB device (like a flash drive) on a regular basis if i want, at that point, for extra security.

the answer costs around $800, for them to come in, set it up, get all my devices talking to it, from the antique mac to the bleeding edge kubuntu box, and hand me the keys.

i can afford the answer, without having to get “household funds” involved.

why?

because someone send me almost $1,200 for one of my huge boxes of incense, that’s why. 👍

in other news, i paid them $600 and they’re mailing me back the remains of the old NAS, and a disk full of either data, or not-data. 😒 whee.

aarrgh… (which is a²r²gh for those of you keeping track)

i want to make a bootable kubuntu 20.04 USB flash drive, but i don’t know how (never done it before) to install from a USB flash drive… and “installing from a CD” is no longer an option.

and, apparently, cheapbytes.com is no longer in business… 😒

so, i go to https://averagelinuxuser.com/make-a-bootable-usb-drive-in-linux/ which contains step-by-step instructions for how to do it.

after spending half an hour figuring out which is the USB flash drive i want to put it on to (/dev/sdc — which i found out by removing all the other USB disk from my system, and typing “sudo fdisk -l”), i try to wipe /dev/sdc and reformat it (because it is formatted for mac), but when i type

sudo wipefs --all /dev/sdc

it says

wipefs: error: /dev/sdc: probing initialisation failed: Device or resource busy

so, i try

umount /dev/sdc

but it throws the same error…

i DO NOT UNDERSTAND!! the device is NOT “busy”, you dumb machine!! 🤬 but then i realise that the machine isn’t the dumb one here, and if it’s giving me an incomprehensible error, it must be because it has been given incomprehensible commands… by me… 🤬

so, i type:

sudo dd bs=4M if=/home/salamandir/Documents/Install/kubuntu-20.04.2.0-desktop-amd64.iso of=/dev/sdc status=progress && sync

and, eventually, it gives me

2643034112 bytes (2.6 GB, 2.5 GiB) copied, 163 s, 16.2 MB/s
630+1 records in
630+1 records out
2643034112 bytes (2.6 GB, 2.5 GiB) copied, 163.442 s, 16.2 MB/s

but after that, it hangs up. when i press "enter", after a LONG delay, it gives me

^C

and, after that... nothing.

i don't have the patience to learn all this again... i just want it to work... 😒

after another HOUR of futzing about, i figured it out... but it's REALLY frustrating, and i really don't have the patience to figure it all out without significant stress.

and, when i booted with the new system, it was UGLY, and i know FOR A FACT that i'm going to have to spend as much time tweaking the system to my preferences as i am going through endless stacks of numbered files, and re-filing them in more-or-less the right place, for about the next 3 years.

just another reason to give up computers all together and become a hermit. 😒

news

i heard from the data recovery people. they said:

There’s ~4 billion sectors on the 2TB drive. Head 0 died with ~55 million sectors left to read (very small percentage). It’s at the end of the drive so it was probably zeroes anyway. The main issue is that the metadata has been overwritten and the directory structure and file names are gone. This means that the files will have the correct extension but no names and no parent folders.

so, what they recover will be, essentially, files with their proper extensions — .ai, .otd, .doc, .otf, .txt, .mp3, .mp4, .html, .pdf, .eps, .jpg, .flac, .gif, .etc… — but with numbers, instead of file names… and if, as with the files from audacity, the project file uses ancillary files in the same directory, then the project files won’t open until ALL the ancillary files have the correct names, and are in the correct directory… 😒 they said, because of the way i was attacked, actual file recovery is not guaranteed, and recovered but corrupt files are billable, which means that i MIGHT end up with no readable data at all, and STILL have to pay for it. they said their “standard” service costs $600 and takes 5+ days, whereas their “expedited” service costs $1,000 (like moe said, everything costs $1,000 😒) and takes half that amount of time.

i contacted the place that built my last computer, InfoTech, when they opened, at 10:00 this morning. i gave them the specifications for a new computer (pentium G6400 4GHz, 16GB DDR4, Intel UHD 630, 2TB SATA HD, with the 1TB SATA SSD i’ve had since 2018 installed), and they said that they were going to send me an invoice, but, as of 3:00 this afternoon, i haven’t seen an invoice from them. once i’ve got the actual computer taken care of, i’ll ask them about a replacement for my WD cloud drive… although, i think i may avoid further western digital products, at this point. 😒

miraculously, i seem to have all the parts for this month’s incense of the month to be sent out with a minimum of hassle. i suppose that’s a good thing.

more computer headaches

so, i still haven’t heard from ace data recovery, because of the holiday weekend, but i decided to get my computer ready to take the new old data (if it still exists), by installing the 1TB SATA drive i’ve had sitting on my desk since 2018, which is the first time i thought i was going to need it…

however, it turns out that, because i got the “low profile” case, the last time i bought a computer (which, according to the label on the back, was 2015), there isn’t enough room to install the SATA drive, despite the fact that it’s ⅓ the size of the “normal” IDE drive.

i have two options. i can either buy a not-low-profile case, and pay someone to transfer all the internal shit (because i’m not skilled enough to do it, any longer), OR, for about $200 more, i can just buy an entirely new computer. 😒

it would cost around $700, give or take, to get a new computer, and have the 2018 SATA drive installed (thus making it a 2 HD system right off the top), and, at that point, i could hook up the hard disk from the old computer, via USB or something, and probably have enough space…

and moe sez it’s okay for me to spend that amount…

so, i guess i’m getting a new computer, as well. i remember when i would have been really excited at the prospect of a new computer, but, at this point, it’s JUST ANOTHER HEADACHE! 😠

let’s get on it, then! 😒

today, i got the following message from western digital:

Western Digital is working on a Data Recovery recovery program and allow us some time for the program to be put in place. I understand you sent the drive to a Data Recovery Center. If he (sic) would like Western Digital to assist with the recovery cost, we recommend to wait for the program to be active.

Some My Book Live devices connected to the Internet are being compromised by attackers and in some cases, the attackers have triggered a factory reset that appears to erase all data on the device.
We are here to help. Although this product family is no longer sold or supported by Western Digital, we know some of our customers have been impacted and we want to help.

If you have lost your data because of these attacks, we will provide data recovery services which will be available beginning in July.

We know how important your data is to you and are committed to helping you protect it.

We will provide details about how to take advantage of this program in a separate email.

For more detailed information and updates, please refer to the Security Bulletin listed below.

WDC-21008 Recommended Security Measures for WD My Book Live and WD My Book Live Duo
https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo

the problem is, i NEED that data. it was driven home to me how much i need that data when i realised (this morning) that all of my federal tax records are on that drive… and they’re due soon… 😒 i DO NOT have the time to wait around for a “Data Recovery recovery program” that hasn’t been developed yet. 😒

“If he (sic) would like Western Digital to assist with the recovery cost, we recommend to wait for the program to be active.”… if “who” would like WD to assist…? I would, very definitely, like WD to assist with the recovery cost. unfortunately, i NEED that data NOW (actually, yesterday would have been better 😠), also, well, this IS july, now, and i haven’t received any indication that this recovery program is much more than a pipe dream.

my plan is to continue at the rate that i’m already going with the “recovery plan”, and if WD has any problems with my plan, they can shove it up their ass, and pay anyway! 😠

i JUST got email from the data recovery place, which says:

Thank you for choosing ACE Data Recovery. We have received your device in our lab.

We will be contacting you soon after the diagnostic’s results will be ready. Usually it takes one to two business days.

my impression, at this point, is that WD is GOING to “assist with the recovery cost”, whether or not they think they are now. it’s just a matter of how hard we (the class of people who lost data because of this negligence) are going to have to try to convince them. 😠

so…

the cloud drive is on its way to dallas, to the temple of the computer wizards, who seem to think that they can actually retrieve data from a drive that has been wiped. whether they can, or not, remains to be seen, and if they can, actually, retrieve data, there’s no telling how much, but the expense increases with every file they retrieve, and i’ve got A LOT of files on that drive.

the current conjecture is that an anonymous, malicious, mindless, skript-kiddie found out about the bug that they’ve known about since 2018, but haven’t done anything about it because it’s a “legacy” device that hasn’t been upgraded since 2015 (despite the fact that MANY WD cloud drives are still in use all over the world), and wrote a script to search out all the IP addresses of MyBook drives it could find, and wipe them…

because they can… 😒

L0L! 🤬🖕🤬🖕🤬🖕🤬🖕🤬🖕

but, according to the latest theory, they didn’t overwrite the data, they just removed the allocation tables… they did a “quick” erase, not a “complete” erase… so the data is, probably, still there, as long as something hasn’t overwritten it, and, since the first thing i did when i couldn’t login was to shut it down, the chance that it’s still there is relatively high. it’s up to the experts, and whether or not i have enough money, to determine whether or not i see any of that data again.

and, as far as remediation goes, i think i’ve learned enough to install the 1TB drive (which is not big enough to store 2TB of data) that i’ve had sitting on my desk since 2018, but i haven’t done it yet, and i haven’t even started to search for a replacement cloud drive, or a backup system, because i’ve been going through an existential crisis, AND temperatures that have been an average of 35°F hotter than they have ever been, which has, essentially, shut down any hope of doing anything other than hiding and hoping it’s all going to be over soon. 😟

but climate change is a myth, created by china! 😒

it’s 25°F cooler than it was yesterday, but it’s still 10°F warmer than normal, for this time of year, and it doesn’t look like it’s going to be getting better any time soon.

oh, just wonderful! 🤬

so, my Western Digital MyCloud Live bit the dust the other day. i spent most of yesterday stressing, and figuring out what was wrong, and beginning to figure out how to fix it (and not getting very far, because of the stress).

then, this morning, i wake up to this: CVE-2018-18472

Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands…

and Action Required on My Book Live and My Book Live Duo

Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device.

the only hope i have is EITHER that the MyCloud IP address was unknown, unknowable, or “small potatoes”, OR that this is for My”BOOK” Live, and what i’m dealing with is a My”CLOUD” Live, and that CVE-2018-18472 applies to the My”BOOK” and not the My”CLOUD”…

but what is the probability of those things happening? 🤬

(actually, now that i think about it, the probability is fairly low: i BOUGHT the MyCloud device in 2014, and i’m pretty sure that i received firmware updates well after the 2015 date that they mentioned here, but… it’s still worrying.)

actually, i couldn’t POSSIBLY be that lucky… i was looking at the back of the device, and it very clearly says “MyBook Live”… 🤬🤬🤬🤬🤬

word now is that western digital has known about this since 2018. 🤬

some good news, for a change… i’ve written for a quote from Ace Data Recovery, which is a partner with western digital. i’m as confident as i can be (which isn’t much) that they have a MUCH better chance of actually recovering my data than anything i could do. of course, because of the fact that it is currently after business hours on friday, central time, and the fact that they don’t work on weekends, i’m probably not going to hear anything until monday, at the earliest. however, this gives me some time to work on the problem of where to put it once it has, actually, been retrieved.

zoinks

my cloud device is not a cloud device.

it was working fine two days ago. by the time i discovered it wasn’t working, yesterday, it was too late to get tech support on the line, so i got them on the line today.

what they said is that my WD MyCloud Live is old enough that it’s considered a “legacy device” and they don’t offer service for it any longer.

so ALL of my hybrid elephant records, ALL of my “Incense of the Month” records, ALL of my appointments, ALL of my digital artwork, ALL of my pictures, ALL of my music… EVERYTHING is gone.

😟

ETA: i talked to the folks at western digital this morning, and what i learned was encouraging and discouraging at the same time.

i bought it, and had it configured by 140127, so it has only been six years, not the eight that i was complaining about originally… doesn’t make me feel any better about losing access to that data. 😟

the device is a WD MyCloud Live device, which is a “legacy” device which is no longer serviced.

the fact that i had the drive partitioned four ways, and primarily used it on linux, means that, even if it were able to be serviced, they wouldn’t do it. they support windows and mac, but not linux.

despite the fact that western digital disks are used on linux systems ALL THE TIME… 😒

it MIGHT be accessible directly, by plugging it directly into the computer, instead of a router. i plugged it into my mac laptop, and a new icon appeared on the desktop called “MyCloud Live”. it contained four “public” folders (documents, pictures, music, and another that i don’t remember), but they were all empty. also, it said i was logged in as “guest” and my disk doesn’t have a “guest” login, so my guess is that mac logged me into a new, blank partition.

which means that i MIGHT be able to access it from linux, if i can get it to log me in as something other than “guest”…

when in trouble, when in doubt, run in circles…

ask if anybody has a clue on kubuntu forums dot net

the guy there said that, in all likelyhood, it is running an embeded linux OS, and, if nothing else, i could take it out of its enclosure and add it as a new hard disk on my computer, as long as it works.

however… 😒

at this point, i’m going to HAVE TO get a new cloud server to replace the old one (more goddamn money spent on this damn technology… 😠), and i don’t want to do ANYTHING with the old one until i have a new place, however temporary, to store all <900MB of shit. AND i just happen to have a samsung 1TB SATA disk — had it new, in the box, since 2018 — but because i don’t actually know how to install a new hard disk on a linux machine, i haven’t done so.

so, MAYBE everything isn’t gone, but it’s going to be a few stress filled days until i get it all figured out and get everything settled down to what passes for “normal” these days. 😟

twit-turd

so, i made this tweet yesterday:

210621 killing people is "dispensing freedom"? - what the fuck is wrong with you?
210621 killing people is “dispensing freedom”? – what the fuck is wrong with you?

this afternoon, approximately 24 hours later, this is the kind of reaction it’s having:

210622 more than 300 likes... 🤯
210622 more than 300 likes… 🤯

if there were only some way to get #NationalStrike #GeneralStrike #TaxStrike #LaborStrike #BankStrike #RentStrike #DebtStrike #MortgageStrike #MinimumWageStrike #CreditCardStrike #PeoplesStrike #PeoplePower #EatTheRich #RaiseTheWage #GuillotinesNeeded #WeAreClosed the same kind of response… 🤯

i might have known…

so, the weird weirdness with my web site was ENTIRELY caused by the osCommerce web site…

which i haven’t even thought about since 2016, because the previous web designer was supposed to have deleted it, once i had successfully migrated to wordpress…

but which wasn’t deleted (despite the fact that it was one of the things i paid her to do 😠), and continued to “function”, without a “head”, for FIVE YEARS

if nothing else, i suppose, it says something about osCommerce’s resiliancy and ability to continue to function despite being headless and updateless for the past 5 years. i wonder if i could treat wordpress the same way, and expect the same result. i suspect, probably, not.

it’s still there, physically, but it has had it’s hooks into the system removed, so it is no longer functioning. the next step is to figure out which parts are wordpress parts and which parts are osCommerce parts, and delete the osCommerce parts.

in other news, ezra has come up with an idea that needs internet and a web host to work, and, well… i’m the next best thing to a web host, these days… apart from the FUMTU with osCommerce… 😉