I have become extra-sensitive to surveillance and reconnaissance issues since working for Goodrich SRS, but today caught me completely off guard. I was driving home from work and I noticed an SUV coming towards me with all kinds of strange equipment on it’s roof. It looked like two cameras 90 degrees from each other pointing towards the front corners of the car. It’s possible there was another pair of cameras pointing towards the rear corners of the car. The car was also equipped with some antennae, and had some companies’ logo on the sides that sported some text about surveying or somesuch.
After the car passed me I continued to look in my rear-view mirror and noticed that the entire back window had a huge Microsoft Windows Live Local logo across the back. My guess is that MS is doing some of their “Street Side” imaging of storefronts, etc.
Once again, I won two tickets for Monday’s Red Sox game at work! I’m taking the day off of work, since it is an 11am game, and I’m taking with me because he’s a huge baseball fan. So that should be a good time. I also found out that I get to delay my tax return by one more day and turn it in on the 18th due to the New England holiday Patriots’ Day, which also rocks.
For some reason I decided today to abuse myself and create an RSS feed for my CD collection. I was screwing around with some SQL and decided it would be a pretty easy thing to throw together. It is back-ended by my OpenDB installation, and just like my CD list, it caches the query results so it only queries the database when the table has been modified. Anyway, the feed gives you the last 15 albums I have purchased (or been given), I have no idea if anyone cares about this shit, I just thought it’d be fun. Let me know if you are using it, and let me know if you have any problems.
After work yesterday I met up with a few of the film club regulars to see “Slither” at the Boston Common theatre. It was great to see that Hollywood still knows how to make a great somewhat humorous but still scary horror film (not a self-referential irony-fest like the spawn of Scream). I don’t think this movie was flawed at all, to be honest. Even a little credit cookie for the really patient..
I’m about halfway done with fixing my journal entries to point to Flickr instead of Gallery. Found a few photos that I could have sworn I had uploaded but couldn’t find in my Flickr photos… Hopefully that was just a brain fart on my part and not some kind of dataloss in either the upload client or Flickr’s back end.
How fitting….. The check I wrote to pay my taxes is #666. :)
I used ljArchive to sync my entire journal to my PC and then exported it as XML files. I then grepped through those XML files looking for the the old gallery URL, so now I have an index of how many image links are broken (76, if you are curious, which is far better than I expected) with my move to Flickr. I will probably tackle these next weekend, but in the interim I added a mod_rewrite directive to redirect any traffic to the old Gallery URL (or any of it’s subdomains) to my Flickr photos (it won’t redirect to the proper photo or anything fancy like that, but at least it gives people a slightly better result than a 404.
Let’s take a moment to thank , who managed to send a million message undeliverable notifications today; one for each message he has saved in the past year or so (to the author of said message). I alone got 100+!
In other news, the Nintendo DS Zelda game looks badass.
Had a fairly laid back weekend…. Friday night I just stayed home with , who had a nasty cold (probably the same cold I had, although we had thought she had dodged that bullet). Saturday morning I decided to mount my Sirius radio in the car. It had been flopping around, kind of propped up in the ashtray while I waited for a nice mount to arrive in the mail (the radio came with a suction cup mount as well as velcro, but both those choices seemed ghetto). This mount required me taking the dashboard trim off, which was made easier by employing the dash trim removal tool I got with the new mount kit, but still sucked. I thought I could mount it without removing the car stereo, etc, but that was false hope. With the car stereo removed I was able to hide wires much easier, so they just pop out of the dashboard next to the mount. I also replaced the cigarette lighter adapter that came with the Sirius with some hard-wired power that tied into the car stereo’s wiring harness. I wired so the Sirius always has power, so that if I have to run out of the car quickly but want to finish what I am hearing I can pause the radio (it has a 45 minute live buffer) and shut the car off. I also moved the Sirius antenna from the trunk to the roof, as I was getting annoyed that the wires would move and get tugged whenever I opened the trunk. All in all it took me about 2 hours to finish the job, which includes running back up to the apartment to solder the power leads into the wiring harness, so it wasn’t that bad. The only downside of the experience was that it was pouring rain, so I did a lot of crawling around the inside of the car to avoid getting drenched.
Sunday we caught The Matador with the film club, which was pretty funny. A bunch of us are headed to Rochester after work on Friday for the first FUMN in ages… I’m really looking forward to that (but not particularly looking forward to the drive…).
pointed me at Suprglu, which is like a personal aggregator that combines all the various sites I post to (as configured by me).
If you get annoyed at keeping up with the various bits of info I post to different places (LiveJournal, del.icio.us, SNFC, etc), check out grahams.suprglu.com. Once I pick a new place to host my photos, I’ll add that to the mix as well.
My friend code is 141793 660807
So the account compromises I mentioned the other day seems to be a symptom of a bigger epidemic. Several friends’ machines had a rootkits installed on them, and it took a while for my friends to contain and repair the damage (some machines are still offline). I am feeling a little bit better because it is seeming less likely that I was the cause of these failures and more just a victim, but I still used the same password on multiple machines, which is bad news. It is comforting that several of my friends had the same bad habit, so at least I’m in good company. :P
I’ve reset my passwords on those boxes to random characters and am using ssh keys to authenticate instead. There are a few systems I can’t do this on, however. CSH, for example, requires me to password authenticate to retrieve my email and use other house resources, so I can’t set that to a random password. I have, however, picked a password that is unique to each system where I have to use password auth and have unique ssh keypairs (with unique passwords) to each machine I have physical access to. I’ve also decided to never jump out from one remote machine to another (for instance, log in to CSH, then from there log into Matt’s machine), so if the first machine is compromised I don’t have to worry about some rogue sshd snarfing my password (which was one “feature” of the rootkit used in these attacks). Finally, I will change all of my passwords every few months.
As far as I can tell this is about as good of a policy as I can come up with. Any suggestions are appreciated..
I had a strange question asked of me today… Matt Weaver asked me if I had tried to ‘su -‘ on his machine today… I hadn’t, which opened a huge can of worms that ended up with me (and others) believing that my password was somehow obtained and used without my knowledge by persons unknown. This problem was exacerbated by the fact that I was using the same password on many systems. If the person was a good cracker, they would have covered their tracks, so it’s difficult to tell how long they’ve been at this, but if we are to believe logs it seems like it was only today (er, wednesday).
I do my best to choose good passwords, but I guess I had one bad habit left, which was using the same password on multiple systems… I suspect that many of you reading do this, so I don’t feel so guilty, but still…
Anyway, I have gone through all the Unix systems I have access to (or, at least the ones I remember) and changed my passwords to something unique to each system. I’ve also deleted any ssh keys I had floating around as they can’t be trusted anymore. At least this way if this happens again, using unique passwords on all the various systems will limit the blast radius. If you’re reading, I hope that was fun for you.. (P.S. If I have an account on your machine and I haven’t mailed you, let me know because I might have forgotten about you).
In less aggravating news I saw Henry Rollins tonight doing his Spoken Word act… As always, a wonderful show (although the seats sucked).