Tag Archives: geek stuff

how secure is my password?

It would take a desktop PC About 408 thousand years to hack your password

i feel a little more secure, despite the fact that it also gave me two warnings about how easy my password was to crack (“Your password looks like it might just be a word and a few digits. This is a very common pattern and would be cracked very quickly.” and “Your password only contains numbers and letters. Adding a symbol can make your password more secure. Don’t forget you can often use spaces in passwords.”) but at 408 thousand years, it would still take a while.

i’m going to have to suggest this site to my elderly, disabled client whose password would take about five minutes to crack (if that)…

what i’m doing

i got a turntable off of freecycle, and i bought a behringer phono-to-USB pre-amp, and i am currently listening to the National Geographic recording “On Parade – The Music of John Philip Sousa” which has not been played in over 30 years. i am not only listening to music i haven’t heard since i got rid of my turntable (which was built by my father, out of spare parts from several other projects) in 1980 or thereabouts, but i am transforming them into the next generation of music files: ones which you can reproduce on your computer… will wonders never cease… i still have a huge crate of vinyl LPs (most of which are crap) that i’m going to dig out over the next few days and have fun (or not) turning all of them into ogg-vorbis files.

8)

SAAS

i had my first, tentative experiences with SAAS over the past couple of days, and i can say, without hesitation, that if this is the direction computing is headed, i’ll get off the train here, because SAAS SUCKS!!

i was using the RVSiteBuilder that comes with my cPanel-powered web-hosting package. while cPanel does a very good job of making sense of the arcane unix commands i would have to be using instead, rvsitebuilder makes the job of creating valid html templates for web sites almost impossible.

for example:

i wanted to put in my own header, so i uploaded the graphic, which automatically got placed in the template i was working on… however, i come to find out that the SAAS has automatically converted it, resized it, and buried it under three html layers, so that when i “right-click” and choose “view graphic”, instead of getting the graphic i want, i get a thing called “headergraphic.gif” that’s one of those transparent, 1×1 pixel monstrosities, that gets resized to whatever you need. when i finally gave up on the thing, and dug my graphic out from underneath all that other crap, i found out it was resized in the html, which causes it to load more slowly, because the browser has to load the whole thing, and then figure the dimensions and resize it on the fly.

i told it that i wanted a template that is 1000 pixels wide, but because of the fact that the header graphic was resized, i had to narrow the template to 800 pixels. then, when i tried to add sidebars, they were the wrong size…

the css was so confused… there were five different css files, three of which weren’t being used at all, but, because of the fact that the index had linked to them, they had to be loaded with the rest of the template. the remaining two were full of selectors that had transparent, 1×1 pixel graphics as background colours… not just one or two, but ten or twelve different selectors and classes. there were a fuck-TON of javascripts (read “security vulnerabilities that advertise a site willing to be exploited”) that weren’t being used, as well as a huge pile of “stock” graphics which weren’t being used at all.

to make matters worse, it was just assumed that one (in my case, me) simply knows how the software works… that is, when it works… 😐 i actually had to start my “project” three times because the SAAS “froze up” and i had to quit the browser and re-start in order to go forward… if you have an application running on one server, that’s sending instructions to a machine that’s connected to another server over open internet, you’re GOING to run into problems when the server on which the application is running QUITS RESPONDING… πŸ˜›

and when the software was working, it gave cryptic and/or ungrammatical clues about what needed to be done next… several of the workspaces that i worked through had “Save” buttons that were different sizes and colours, and were located in inconsistent places.

if i were testing this SAAS, i would not give it a passing grade, however, unfortunately, i get the very strong impression that this isn’t going to go away. that impression is only accentuated by the fact that, when i was working as a tester of network-enabled software, i logged many, many, MANY bugs against such SAAS, and, for the most part, those bugs WERE NOT FIXED and the software was released to a population of users who didn’t care that the email software didn’t work because they were too busy playing angry birds (which does work).

by the way, i “rolled my own” template for the new neighborhood acupuncture clinic in ballard/fremont, and it works and validates (thank you very much), and it took me half as long as doing sort of, but not exactly the same thing with an application that is supposed to make it easier

completely random rant

i subscribe to a lot of news sources by RSS. usually, most feed-generators give the author one of three choices for their feed: post the entire article (which i do), post the first few sentences of the article and provide a link to the rest, or provide only the title and a link.

i really don’t understand why people would do anything other than the first option, although it likely has to do with cookies and hit counters and google-ratings and suchlike things, but what really irritates me is when i get a link – like this one – which links to an article which i find interesting, but it’s not the whole article… 😐 it’s only the first of three pages, and you don’t find that out until you’ve read to the bottom of page one, only to find that annoying little “1 | 2 | 3 | Next page »” link and the even-more-annoying “View as a single page” link, which usually results in the entire article re-loading from the beginning, which means that i have to figure out where i have read to already before i can continue reading. some places don’t even bother with the “View as a single page” link, which means that, in order to read the entire article, i have to search for the “Print” link, which, frequently, isn’t there… it gets REALLY annoying when (as in articles by The New York Times) where they don’t include the “view as a single page” or “print” links, and the article is 7 pages or more… and the most annoying thing of all is when the “print” link only prints the first of a multi-page article, and not the entire article… at that point, i generally give up and move on to less annoying material.

my impression is that the reason why they break articles into pages is to make them more like printed magazines, but they’re NOT PRINTED, and breaking them into smaller bites only adds extra “clicking” and encourages loss of interest (which is why i choose the “post the entire article” option). i’m sure that they think there is a logical reason for this, but it’s annoying and they shouldn’t do it.

woo hoo!

i finally got around to installing OS9 on the motorola G4 computer that has been hanging out in the workshop for the past few months.

it has the capability to connect to wireless networks (something i did not know when i got it) and the only reason i’m not posting this from my OS9 mac is because i can’t convince it to connect to our wireless network… it will connect to the neighbours’ unsecured wireless network without a problem, but since we got a new router, our network has been secured with a RIDICULOUSLY long password that i can’t get OS9 to handle… it may be that it only accesses the network from OSX, but i can handle that…

and i never thought i would be running OS9 again as recently as two years ago… 8)

that was “interesting”…

if, by “interesting” you mean “screaming in mind-wreaking terror”… 😐

i got cracked* this morning.

about 2:00 in the morning, someone compromised a “soft” password on one of my wordpress sites and defaced every PHP index page that they could find…111110 web site hack

when i started up my computer this morning, i was confronted by this, rather than the expected page on hybridelephant.com, przxqgl.hybridelephant.com and several other web sites that i host. it was a shock, let me tell you.

FORTUNATELY i have a backup… πŸ™‚ and a backup of a backup… 8) and i was able to put everything right within a few minutes of discovering that it was wrong, but finding out how was a little more tricky.

i logged into the administration sides of the web sites i manage, to determine if anything other than PHP pages had been tampered with, and i discovered that i couldn’t log in to one of them… so i clicked the “lost password” link and discovered that it didn’t know who i am… so i decided to get a bit more forceful: i logged into the database with MyPHPAdmin and discovered that the administrator account (which had a “soft” password that “could be remembered easily” by someone who has never had to do DBA stuff before) had been changed, and then deleted…😐

once i regained control of the database (and DELETED the admin account with the soft password) and removed the file that he sneakily uploaded to a plugin directory that i had deleted (which is why i knew it was there), i went to work to discover as much as i can about the cracker as possible. i learned that he uploaded files from 66.23.237.186, which is located in new york, but he also has close associations with 46.38.130.10, which is located outside of louisville, kentucky, but he’s apparently all for iran and down on saudis, so it could be that he’s using those IP addresses as proxys, at which point he could be anywhere… i also have a “DecodedBase64.bin” file i retrieved from the file he encrypted and uploaded to the deleted plugin directory, which potentially has a little more accurate indications of who he might be, but executing it on any of my computers is totally out of the question. that’s probably as close as i’m ever going to come to actually knowing who he is, but that’s a fair amount more than i could have expected.

and the client gets a STERN talking-to about the value of very strong passwords… i’m fairly sure that she won’t do it again.

Continue reading that was “interesting”…

grmph…

i rarely NEVER have problems with them, so when i do, it’s an emergency…

there have been some “issues” at spamcop.net, the origin of my regular email address. i’m not exactly sure what’s going on, because i don’t check their web site for months at a time, but apparently the email servers, and particularly their webmail servers had some sort of catastrophe that has meant that they had to restore from an old backup, or something like that. what that means, in my case, is that email that is addressed to my regular email address – salamandir at spamcop dot net – may or may not be received by me, at least until saturday and maybe longer or, alternately, it may not be received by me at all

there also appears to be a similar problem with my “business” email address – ganesha at hybridelephant dot com – as well, because that mail is also filtered by spamcop.

i don’t know whether or not recent mail for either address will be received at all. i tried sending a test message from one of my yahoo.com accounts to spamcop.net and it hasn’t arrived. other people have told me that when they try to send email to my spamcop.net address, it has bounced with a notice that my previous ISP no longer handles email for that address (which leads me to believe that it’s on spamcop’s end, because the mailhosts on my end are set up correctly)…

i am getting some email, but for the past two or three days, i have been getting significantly fewer messages than i am used to, which also makes me think that it’s something on spamcop’s end of things…

meanwhile, you can try to send me email at “me at salamandir dot info” or “rev underscore deluxe at yahoo dot com” – although i don’t check yahoo as often, and i’ve never actually received any email at salamandir dot info (because i just created the email address today)…

really meta…

i’ve been poking around behind the scenes again, because, recently, i’ve been getting a whole slew of spam comments on various media pages. i didn’t even know that each media file that was part of a post had its own, separate page until fairly recently, probably because i use flickr and don’t link too many media files from my own server, and when i do, i don’t put in the “link to the file” option that i am offered most of the time. apparently that doesn’t matter to the spam-bots that are out there, and they’ll link to, and comment on any page that looks like it may have comment form stuff on it…

anyway, i added the disable comments plugin, which made me look at my caching plugin and discover that it is HOPELESSLY out of date (when things work, i have a tendency not to mess with them, unless absolutely necessary), so i installed a new caching plugin, which required me to change my permalink method…

the end result is that, now, instead of linking to “?p=6651” (a rather ambiguous name that doesn’t really mean anything except to a computer), you can now link to “/2011/10/24/whatever…” which is an actual date, plus the title of the post: a much more “enlightened” way to do things, that makes the blog a lot more “human friendly”… and it makes it so that search engines could actually index my pages… if i would let them (which i won’t).

and, despite all of my griping about them, i am, actually a human being, after all, and even i have trouble remembering whether the information i wanted is in post 1864 or 1684…

brain damaged brain… 8/

i figured out why it wasn’t displaying like it should (a simple <p>…</p> took care of it) but i’ve been fighting with the code for this web page all day, and i haven’t gotten much of anywhere… and it seems as though things that are supposed to work, simply aren’t, for one reason or another… it actually seems as though what i want can’t be done using standard html and css — even though i KNOW it CAN be done, quite easily…

blah… πŸ˜›

GRR!!

okay, so i’m working on some new web pages for the fremont players. i’ve got a REEEEAALY simple CSS file, that basically sets margins and text alignment:

body {margin-top: .25in; margin-left: 2in; margin-right: 2in;}
.center {text-align: center;}

and i have an equally simple HTML file that’s going to be my index page (when i get this ☢☹‼‽⁂@#* “difficulty” worked out) which looks like this:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="index.css">
<title>The Fremont Players</title>
</head>
<body>

<span class="center">The Fremont Players present</span>

</body>
</html>

now one would think, just from looking at the code, that the words “The Fremont Players present” would be centered, a quarter of an inch below the top of the page… but…

text alignment problem

and it looks the same whether i’m using firefox, safari, or opera… which means that SOMETHING is WRONG

but i can’t figure out WHAT… 😐

today

this morning i was in a rush to get things done, and i realised that i hadn’t made this month’s backup of the web site, so i started that before i fed the critters or myself… and well before my weekly post was scheduled. i then realised something, and logged in to discover that it already was that way, but somehow, in the process, i’m fairly sure that i was logging in to exactly the same place that was being compressed for the backup, because it suddenly became REALLY slow and timed out a couple of times, and when i finally got the page to reload, it was blank… and it was about three minutes before it was scheduled to post…

i don’t know if anybody else was watching, but at 9:00 this morning, i posted a completely blank “another week closer to the eschaton” which then vanished after about five minutes (i made it private) and then, after i had taken care of a bunch of other, more physical things, about an hour later, i went back to yesterday’s saved version of the post (HOORAY for databases!) and restored that.

it feels really strange to say “hooray for databases” because i still only have a vague notion of what they are, despite the fact that my most recent “technical” employment involved installing and populating a wide variety of databases… it was kind of strange then, too, because i could tell you what the databases contained and how it related to the software i was testing, i still couldn’t really express, in words, what the database actually was… i get the impression that it’s sort of like a spreadsheet, but beyond that it gets really vague, really quickly… one way or the other, i was able to go into the database and restore today’s post.

that’s all. i’ll see you next week.

I HATE SPAM!!!!

okay, so i got up this morning and switched on my computer, and the first email that i downloaded said this:

Dear member,<br><br>
Your payment for $149.95 USD to [email protected] has been initiated.
<br>This payment will be completed once the recipient has accepted the payment.
<br><br>It may take a few moments for this transaction to appear in the Recent
Activity <br>list on your Account Overview.
<br><br>-----------------------------------
<br>Payment Details
<br>-----------------------------------
<br><br>Amount: $149.95 USD
<br><br>Transaction ID: 7DK2739102238103H
<br>Subject: Payment for Samsung U740 Cellular Phone. Thank you!
<p class="subHeading">Do you confirm this transaction? </p>
<p>If this transaction was not made by you please, take the following steps:</p>
<ul>
<li>Login to your account by clicking on the link below </li>
<li>Provide requested information to ensure you are the owner of the account </li>
<li>Follow the steps to &apsCancel Transaction&aps</li>
</ul>
<br/><table bgcolor="#CCCC33" border="0" cellpadding="0" cellspacing="0"><tr><td><table align="center" bgcolor="#FFFFCC" border="0" cellpadding="8" cellspacing="0"><tr><td class="large"><img alt="" border="0" src="https://images.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /=>
<a href="http://onlinepprefund.altervista.org/" target=_blank><span class="emphasis">CANCEL TRANSACTION!</span></a><img alt="" border="0" src="https://images.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1" /=></td></tr></table></td></tr></table>
<br/>
<br>Thank you for using PayPal!
<br>The PayPal Team

<br>----------------------------------------------------------------
<br>Copyright . 1999-20010 PayPal. All rights reserved.
<br><br>PayPal Email ID PP359

this was slightly different than most of the spam messages i receive, because the “From:” address appeared to be somewhat more legitimate than other “spam pretending to be from paypal” messages that i have received in the past – “PayPal” <[email protected]> – so THE FIRST THING I DID was check my paypal account. when i discovered (rather as i expected, actually) that i didn’t actually make a payment to paypal for $149.95 for a Samsung U740 Cellular Phone, i went into my morning anti-spam routine of investigating, reporting and blacklisting, but this one was interesting:

the URI encoded as “CANCEL TRANSACTION!” was very definitely NOT paypal – which is why it’s ALWAYS a good idea to render messages in plain text, rather than HTML, if you have the choice to do so (most POP email clients will do that for you automatically, although most IMAP – i.e. webmail – clients will not do it without some nefarious hacking) because if it were rendered as HTML, i might have just clicked on it, not realising that it was sending me to the wrong place. but it was also very interesting because it was also a “spoofed” address – instead of being “altAvista.org” it was “altERvista.org”, which means that if i weren’t paying very close attention (or if i didn’t have automated assistance) i might have assumed that the report should go to a place that it wasn’t really supposed to go. it turned out that it was supposed to go to “[email protected]” which is probably either a person who is absolutely clueless about their server state, or (more likely) a hacker/spammer who is looking for new suckers on which to prey.

when i looked at the header information, it said that it’s insertion point was wlen.net.pl, in poland, and the IP address reflected that,

Received: from [83.16.154.90] (helo=wlen.net.pl)
by spam1.thewebhostserver.com with esmtp (Exim 4.72)
(envelope-from )
id 1QBnQb-0004Ob-N9
for [email protected]; Mon, 18 Apr 2011 13:20:01 +0100

but this bit of information jumped out at me:

X-HELO-Warning: Remote host 83.16.154.90 incorrectly presented itself as wlen.net.pl
X-Sender-Warning: wlen.net.pl has no MX records
X-Sender-Warning: Reverse DNS lookup failed for 83.16.154.90 (failed)

that is another indication that, very likely, the people who run wlen.net.pl have no clue that their server is being abused, so i sent a report to their host provider, and the place where the spam originated – [email protected] – and entered their IP address into my blacklist, which now means that if i EVER get another message that claims to be from 83.16.154.90, it will go directly into /dev/null without even alerting me to its presence.

much as i HATE spam, there are a few spam messages that i find a little more interesting than most, which is why i blog about them… in general, however, i feel that Rule #3 still applies, so i’ll shut up about the HATE now…

“Native”? HTML5 support?

um… i think that someone at micro$lop should be told those words don’t mean what he thinks they do…

Microsoft breaks own world record for IE nonsense – quite apart from the fact that HTML is designed to run non-“native”ly, and is platform-agnostic – i.e. it DOESN’T MATTER which platform you “run” it on (actually, being an interpreted language, it would be more accurate to say that it “doesn’t matter which platform you render it on”, but the difference may be a bit too complex for the non-geek audience), the fact that they are making such a big thing about it means a possibility of a number of different things:HAH HAH!

1) they are relying on the fact that you don’t know what this means… in other words, they are assuming that the consumer is stupid and will buy any new, shiny toy that the marketers wave under their noses.

this is an almost certain fact, since their job is to know what this stuff means. from engineers to marketers, they all have intimate knowledge of exactly what “native HTML5” means, they ALL know the phrase is essentially meaningless, and they are doing this PRECISELY because they know it will boost micro$not stock prices.

2) not only do they know what it means, they also know that even if it is explained to you, it won’t matter because, as i explained above, their interest is not in serving the customer, but how much money they can make. this is an extension of the “we don’t care, we don’t have to” attitude that micro$awft has developed over the past 20 years or so.

3) judging by the fact that, if you are currently running windows and IE, you HAVE code that renders this line of text as more than one line of text, in spite of the FACT that the HTML specification requires the escape sequence &nbsp; to render a “NON BREAKING space” (meaning that, instead of breaking a line, if you put &nbsp; in between words, they’ll all stay on one line, and cause “horizontal scrolling” instead) – a BUG which i reported IN 1997, and they still haven’t fixed it – the fact that they’ll eventually acknowledge that “native HTML5” means essentially nothing, is quite remote indeed.

(for those of you who are unfortunate enough to be running IE, the previous paragraph, from the number “3” to the phrase just before “a BUG…” should have rendered on one line, and you should see a horizontal scroll bar at the bottom of your browser window, because of the “non-breaking spaces” i put between the words)

why should they? it doesn’t make any difference, and it raises the bottom line, which was the goal all along.

and people wonder why i won’t own a computer that runs windoesn’t any longer… pfui… πŸ˜›

hee hee…

i just got home from driving across puyallup to pick up something that, if it had been brand new, would have cost me $3,500 to $4,000 dollars, but because it is “out of date” it was free

and i like free things, especially when they’re actually reliably functioning computers… 8)

i plan on reformatting it, installing OS9, and a bunch of the software that i thought i’d never see again… 8)

linux

i know it’s free, and 98% of the time it works exactly the way i want it to (which is significantly more than either mac or windoesn’t), but the other 2% of the time it’s frustrating to the point of distraction… 😐

so a couple weeks ago, i bought a 3tb external (usb) hard disk, and using both the linux GUI and the linux terminal, i was completely unable to do an awful lot more than render the disk unreadable. i’m sure there is a way to partition the disk into two sections, and then “mkfs” them into existence, but i have not been able to figure it out…

so i plugged it into the mac, and it popped up a window that said “this disk is unreadable, what do you want to do about it?”, whereupon i ran the disk utility, formatted and partitioned the disk in about 2 minutes, and went on to something else.

and when i unplugged the disk from the mac and plugged it back into the linux machine, suddenly it was able to read the disk, and it mounted both partitions when i asked it to… but the problem is that now the “owner” of the disks, instead of being “root” is “99” and i can’t change it to anyone else, because /media/home and /media/backup are only the mount points, and the actual device lives at /dev/something-or-another (there are actually 199 “devices” listed in /dev, and only a few of them are actually being used) and all of them are owned by “root”… however, when “root” tries to change the ownership of the mount points, i get an error that indicates it is a “read-only file system”… which isn’t much help…

i can see the disk, i can mount and unmount the disk, i can read the disk, but i can’t write to it? where’s the justice?

grumble, mutter, gripe, moan, complain… *%&#^@*%… (jarns, nittles, grawlix and quimp)

up… date…

i’ve been spending way too much time futzing about with the computers, and need to do something else some of the time.

it runs 24 hours a day, and there are people lined up 24 hours a day to fill their water bottlesto that end, i’m probably not going to spend more than a couple of hours or so in front of the computer today, because of the fact that i’ve got a bunch of stuff to do. i’ve got to drive to marysville (approximately 1½ hours each way), to pick up business cards from the printer. i’ve also got to take the empty water bottles up to the artesian well to fill them, which is in between here and marysville, so it’s convenient to do both at the same time. then i’ve got to package the cards and ship them to the guy who ordered them.

then, later on, i’ve got a fremont phil rehearsal, which usually gets out at 9:00. the moisture festival is at the end of the month. counting today’s rehearsal, there are only four rehearsals left until it opens, which is cutting it really close, especially considering that pam, our clarinet player, quit earlier this year.